web-dev-qa-db-fra.com

Comment augmenter les exigences de mot de passe pour l'enregistrement

Ok, j'ai buddypress installé qui permet aux utilisateurs de choisir un mot de passe lors de l'enregistrement, mais il n'a aucune exigence pour cela, il demande seulement qu'il soit saisi deux fois. Vous pouvez donc avoir un mot de passe à caractère unique qui est ridicule. J'ai donc trouvé la fonction qui la valide lorsque le formulaire de registre est soumis, mais je ne peux pas comprendre comment s'y accrocher correctement pour ajouter une vérification simple afin de s'assurer qu'il y a au moins 6 caractères.

Donc, tout d’abord, voici la fonction principale de buddypress.

function bp_core_screen_signup() {
global $bp;

if ( !bp_is_current_component( 'register' ) )
    return;

// Not a directory
bp_update_is_directory( false, 'register' );

// If the user is logged in, redirect away from here
if ( is_user_logged_in() ) {
    if ( bp_is_component_front_page( 'register' ) )
        $redirect_to = trailingslashit( bp_get_root_domain() . '/' . bp_get_members_root_slug() );
    else
        $redirect_to = bp_get_root_domain();

    bp_core_redirect( apply_filters( 'bp_loggedin_register_page_redirect_to', $redirect_to ) );

    return;
}

$bp->signup->step = 'request-details';

if ( !bp_get_signup_allowed() ) {
    $bp->signup->step = 'registration-disabled';

// If the signup page is submitted, validate and save
} elseif ( isset( $_POST['signup_submit'] ) && bp_verify_nonce_request( 'bp_new_signup' ) ) {

    do_action( 'bp_signup_pre_validate' );

    // Check the base account details for problems
    $account_details = bp_core_validate_user_signup( $_POST['signup_username'], $_POST['signup_email'] );

    // If there are errors with account details, set them for display
    if ( !empty( $account_details['errors']->errors['user_name'] ) )
        $bp->signup->errors['signup_username'] = $account_details['errors']->errors['user_name'][0];

    if ( !empty( $account_details['errors']->errors['user_email'] ) )
        $bp->signup->errors['signup_email'] = $account_details['errors']->errors['user_email'][0];

    // Check that both password fields are filled in
    if ( empty( $_POST['signup_password'] ) || empty( $_POST['signup_password_confirm'] ) )
        $bp->signup->errors['signup_password'] = __( 'Please make sure you enter your password twice', 'buddypress' );

    // Check that the passwords match
    if ( ( !empty( $_POST['signup_password'] ) && !empty( $_POST['signup_password_confirm'] ) ) && $_POST['signup_password'] != $_POST['signup_password_confirm'] )
        $bp->signup->errors['signup_password'] = __( 'The passwords you entered do not match.', 'buddypress' );
    $pass = $_POST['signup_password'];

    $bp->signup->username = $_POST['signup_username'];
    $bp->signup->email = $_POST['signup_email'];

    // Now we've checked account details, we can check profile information
    if ( bp_is_active( 'xprofile' ) ) {

        // Make sure hidden field is passed and populated
        if ( isset( $_POST['signup_profile_field_ids'] ) && !empty( $_POST['signup_profile_field_ids'] ) ) {

            // Let's compact any profile field info into an array
            $profile_field_ids = explode( ',', $_POST['signup_profile_field_ids'] );

            // Loop through the posted fields formatting any datebox values then validate the field
            foreach ( (array) $profile_field_ids as $field_id ) {
                if ( !isset( $_POST['field_' . $field_id] ) ) {
                    if ( !empty( $_POST['field_' . $field_id . '_day'] ) && !empty( $_POST['field_' . $field_id . '_month'] ) && !empty( $_POST['field_' . $field_id . '_year'] ) )
                        $_POST['field_' . $field_id] = date( 'Y-m-d H:i:s', strtotime( $_POST['field_' . $field_id . '_day'] . $_POST['field_' . $field_id . '_month'] . $_POST['field_' . $field_id . '_year'] ) );
                }

                // Create errors for required fields without values
                if ( xprofile_check_is_required_field( $field_id ) && empty( $_POST['field_' . $field_id] ) )
                    $bp->signup->errors['field_' . $field_id] = __( 'This is a required field', 'buddypress' );
            }

        // This situation doesn't naturally occur so bounce to website root
        } else {
            bp_core_redirect( bp_get_root_domain() );
        }
    }

    // Finally, let's check the blog details, if the user wants a blog and blog creation is enabled
    if ( isset( $_POST['signup_with_blog'] ) ) {
        $active_signup = $bp->site_options['registration'];

        if ( 'blog' == $active_signup || 'all' == $active_signup ) {
            $blog_details = bp_core_validate_blog_signup( $_POST['signup_blog_url'], $_POST['signup_blog_title'] );

            // If there are errors with blog details, set them for display
            if ( !empty( $blog_details['errors']->errors['blogname'] ) )
                $bp->signup->errors['signup_blog_url'] = $blog_details['errors']->errors['blogname'][0];

            if ( !empty( $blog_details['errors']->errors['blog_title'] ) )
                $bp->signup->errors['signup_blog_title'] = $blog_details['errors']->errors['blog_title'][0];
        }
    }

    do_action( 'bp_signup_validate' );

    // Add any errors to the action for the field in the template for display.
    if ( !empty( $bp->signup->errors ) ) {
        foreach ( (array) $bp->signup->errors as $fieldname => $error_message ) {
            // addslashes() and stripslashes() to avoid create_function()
            // syntax errors when the $error_message contains quotes
            add_action( 'bp_' . $fieldname . '_errors', create_function( '', 'echo apply_filters(\'bp_members_signup_error_message\', "<div class=\"error\">" . stripslashes( \'' . addslashes( $error_message ) . '\' ) . "</div>" );' ) );
        }
    } else {
        $bp->signup->step = 'save-details';

        // No errors! Let's register those deets.
        $active_signup = !empty( $bp->site_options['registration'] ) ? $bp->site_options['registration'] : '';

        if ( 'none' != $active_signup ) {

            // Make sure the extended profiles module is enabled
            if ( bp_is_active( 'xprofile' ) ) {
                // Let's compact any profile field info into usermeta
                $profile_field_ids = explode( ',', $_POST['signup_profile_field_ids'] );

                // Loop through the posted fields formatting any datebox values then add to usermeta - @todo This logic should be shared with the same in xprofile_screen_edit_profile()
                foreach ( (array) $profile_field_ids as $field_id ) {
                    if ( ! isset( $_POST['field_' . $field_id] ) ) {

                        if ( ! empty( $_POST['field_' . $field_id . '_day'] ) && ! empty( $_POST['field_' . $field_id . '_month'] ) && ! empty( $_POST['field_' . $field_id . '_year'] ) ) {
                            // Concatenate the values
                            $date_value = $_POST['field_' . $field_id . '_day'] . ' ' . $_POST['field_' . $field_id . '_month'] . ' ' . $_POST['field_' . $field_id . '_year'];

                            // Turn the concatenated value into a timestamp
                            $_POST['field_' . $field_id] = date( 'Y-m-d H:i:s', strtotime( $date_value ) );
                        }
                    }

                    if ( !empty( $_POST['field_' . $field_id] ) )
                        $usermeta['field_' . $field_id] = $_POST['field_' . $field_id];

                    if ( !empty( $_POST['field_' . $field_id . '_visibility'] ) )
                        $usermeta['field_' . $field_id . '_visibility'] = $_POST['field_' . $field_id . '_visibility'];
                }

                // Store the profile field ID's in usermeta
                $usermeta['profile_field_ids'] = $_POST['signup_profile_field_ids'];
            }

            // Hash and store the password
            $usermeta['password'] = wp_hash_password( $_POST['signup_password'] );

            // If the user decided to create a blog, save those details to usermeta
            if ( 'blog' == $active_signup || 'all' == $active_signup )
                $usermeta['public'] = ( isset( $_POST['signup_blog_privacy'] ) && 'public' == $_POST['signup_blog_privacy'] ) ? true : false;

            $usermeta = apply_filters( 'bp_signup_usermeta', $usermeta );

            // Finally, sign up the user and/or blog
            if ( isset( $_POST['signup_with_blog'] ) && is_multisite() )
                $wp_user_id = bp_core_signup_blog( $blog_details['domain'], $blog_details['path'], $blog_details['blog_title'], $_POST['signup_username'], $_POST['signup_email'], $usermeta );
            else
                $wp_user_id = bp_core_signup_user( $_POST['signup_username'], $_POST['signup_password'], $_POST['signup_email'], $usermeta );

            if ( is_wp_error( $wp_user_id ) ) {
                $bp->signup->step = 'request-details';
                bp_core_add_message( $wp_user_id->get_error_message(), 'error' );
            } else {
                $bp->signup->step = 'completed-confirmation';
            }
        }

        do_action( 'bp_complete_signup' );
    }

}

do_action( 'bp_core_screen_signup' );
bp_core_load_template( apply_filters( 'bp_core_template_register', array( 'register', 'registration/register' ) ) );
}
   add_action( 'bp_screens', 'bp_core_screen_signup' );

C'est bien beau et énorme, mais à la ligne 90, la validation du mot de passe commence et vérifie simplement pour s'assurer qu'ils correspondent. J'ai essayé de m'y accrocher mais je ne comprends pas le concept.

function bp_password_beefing() {
 if ( !empty( $_POST['signup_password'] ) )
   if ( strlen( $_POST['signup_password'] ) < 6 )
    $bp->signup->errors['signup_password'] = __( 'Your password needs to be atleast 6 characters', 'buddypress' );  
 }
 add_action( 'bp_signup_pre_validate', 'bp_password_beefing');

Quelle est la bonne façon de faire cela?

1
user300979

Utilisez un hook qui se déclenche plus tard et ajoutez le $ bp global à la fonction. Essaye ça:

function bp_password_beefing() {
 global $bp;

 if ( !empty( $_POST['signup_password'] ) )
   if ( strlen( $_POST['signup_password'] ) < 6 )
    $bp->signup->errors['signup_password'] = __( 'Your password needs to be at least 6 characters', 'buddypress' );  
 }
 add_action( 'bp_signup_validate', 'bp_password_beefing');
1
shanebp