When and where is apply_filter called for pre_user_pass?

  • (sorry this was posted a few minutes ago in Plugins before finding this Hacks sub forum)

    Greetings

    The main user base for a new wordpress site is senior citizens, and after a quick user test yesterday, I found there is a huge, tremendous challenge for them to remember or copy down (hand-written in the test yesterday) the long multi-case hash password emailed out when registering.

    So I have added:
    add_filter(“pre_user_pass”, “myplugin_filter_pre_user_pass”)

    and it is not being called. So I have dug through the user.php file and cannot find any path through the wp_insert_user where that filter is applied. FYI, my approach is to not use a hash for the plain-text password, rather a simple noun out of a list of 20 words, appended by a 3-digit number. Kinda weak password, but for the sake of creating a new user for a senior, it would be much more appropriate.

    Thoughts? Help? Thanks.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator bcworkz

    (@bcworkz)

    It’s a variable tag filter, they can be quite difficult to locate since part of the tag is… well, variable. The call you are looking for is on line 1470 of user.php. The tag appears in code like this: "pre_user_{$field}"

    Your filter working is dependent on a field named “pass” being sanitized by the function.

    You bring up a significant usability issue for a rapidly growing segment of our populace. There needs to be a better answer to security issues than “use a strong password”.

    Thread Starter tomacpace

    (@tomacpace)

    Terrific, thank you Bcworkz for your response. I will look further into that! Although I’d looked at the sanitize function already, I will look at it again.

    And your note acknowledging the usability concern is encouraging. I am glad it’s something others may consider too. The team I’m part of is dealing with a collection of seniors for usability tests, and we’re making headway with our particular designs.

    Something we’ve come to, which isn’t wordpress specific but could influence design for seniors in the future, is a default font across the site that is at least 20 px. Light-strength (rather than weak) passwords, are unfortunately a like-to-have, wish it was a need-to-have. I have considered an immediate pass-through, as soon as registration is complete, the auto-authentication of the user, so they can get into the site and begin using without actually logging in… but still restricting most user-specific content to post-authentication.

    There are probably a dozen or more senior-citizen-specific design considerations.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘When and where is apply_filter called for pre_user_pass?’ is closed to new replies.