Notice of Password Change

I will test this out. It seems that it may be either a conflict with another plugin, or maybe with the recent change in WordPress with regards to secure passwords.

Hi Josh

Thanks for looking into it.

To help i deactivated all plugins (including your EDAR plugin) and logged in/out directly from WP (as my details are stored now locally as well as externally).

When i reactivated EDAR the ‘changed password’ message was received again. No other plugins active, and i’ve not changed my Theme.

So maybe an issue with the latest WP version (which is version 4.3 on my site).

Welcome further thoughts.

Cheers
Matt

i’m using MD5 password encryption method if that helps.

Hi Josh,

Any update on this as yet?

Thanks

@mattboden, I tested it with a database that uses the same encryption method. I don’t get the error message you are seeing.

Actually, I forgot to do one other thing. I will post again once I’ve done another test.

Ok. What the plugin does is updates the wp_users table each time the user logs in including the password. So, because the password is updated on each log in, the admin receives an email alerting him/her that a user has changed/updated his/her password.

I am hesitant in overriding this in a plugin update, so I think I have to leave this to the discretion of each person using this plugin. I am going to assume it is calling the action hook ‘password_reset’: https://core.trac.www.ads-software.com/browser/tags/4.3/src/wp-includes/user.php#L2520

So, adding this code in your theme’s function.php file might work, but I have not tested it.

remove_action('password_reset','__return_false');

Thanks for further support Josh!

Okay, so i’m a bit confused. I’ll check theme and plugins again.

I’ve another WP website also using the database auth plugin, and updated this site to WordPress 4.3 yesterday. And now that one is doing the same thing on that site too.

I’ve not tested your code above yet, but it has prompted a thought.

The original site that had this problem is an eCommerce site (woocommerce), and whilst “members” reside on an external DB and can login via your plugin, there are also “customers” who can create an account locally on the website. Wondering how this will affect password reseting for this user group? What should it be doing in this scenario?

Currently I can register and login as a “customer” directly onto my WP site/database (woocommerce) no problem, but I can’t reset the password for that customer using “password reset” /my-account/lost-password/ – just getting a blank white screen when EDAR is activated). Again should this work and bypass EDAR plugin?

Does that make sense?

I’ll do some testing again my end by deactivating plugins & theme.

Cheers
Matt

Hi Josh

The function code you provided doesn’t seem to work either (i know you said it was untested).

Thanks for ongoing help with this.

Cheers
Matt

Okay, you can remove the code that I told you before. After removing the code from functions.php, download and install this plugin: https://www.hightail.com/download/bXBiV0p6MGNRR2V2eE1UQw

Thanks Josh. That worked for me.

It did raise something i hadnt previously spotted though in terms of resetting passwords.

For the members i have on an external DB i can set up a redirect for this link as password resets have to happen outside of wordpress.

However i have an eCommerce setup (woocommerce platform) that allows customers to create an account when paying at the checkout page. This works fine and they can register, become “customers” and login from a separate “My Account” section of Woocommerce (so away from the main login that EDAR authenticates against).

To reset passwords for Woocommerce i can get as far as a /my-account/lost-password/ page, but on entering an email to send reset confirmation the page goes white. So i’m unable to enable password reset for this group only within Worpress. Is that as expected? And if so, is there any type of workaround to allow this group (the “customers” who sit on WordPress DB only) to reset their passwords locally within WordPress?

Hope that makes sense?

Cheers
Matt

Hello Matt,

Try this solution:

function donot_send_password_change_email($t,$old,$new) {return false;}

add_filter( ‘send_password_change_email’, ‘donot_send_password_change_email’, 1, 3 );
Regards,
Tom Miletics

Hi there,

I’d like to weigh in on this issue.
It seems that the plugin is calling wp_update_user() with a ‘password’ argument *every* *time* a user logs in. This is what is causing the notification emails to go out. It is described in detail here: https://www.ads-software.com/support/topic/read-this-first-%E2%80%93-wordpress-43-master-list?replies=4#post-7314894

I am going to use the add_filter() temporary fix, but it would be nice if the plugin could do a password check before trying to update it ??

Cheers
—
Romain