当前位置: 文江博客 话题详情

更改密码,而无需在我的帐户中输入当前一个;在WooCommerce中编辑帐户

发布于 2025-02-11 08:46:54 字数 5928 浏览 1 评论 0 原文

当用户试图更改其密码时,我想禁用“当前密码”字段。用户通常很难使用密码,而当被遗忘时,不可能询问当前密码。

用户编辑表格是: https://woocommerce.github.io/code-reference/files/woocommerce-templates-myaccount-myaccount-form-edit-account.html

我尝试删除与50至53行有关的内容这将是当前的密码字段,但这还不够,仍然需要当前密码。

然后,我考虑了围绕所需属性工作的工作,但它不存在于形式,显然WordPress要求以另一种方式验证。

该问题如何解决?

模板名称:form-edit-account.php

<?php
/**
 * Edit account form
 *
 * This template can be overridden by copying it to yourtheme/woocommerce/myaccount/form-edit-account.php.
 *
 * HOWEVER, on occasion WooCommerce will need to update template files and you
 * (the theme developer) will need to copy the new files to your theme to
 * maintain compatibility. We try to do this as little as possible, but it does
 * happen. When this occurs the version of the template file will be bumped and
 * the readme will list any important changes.
 *
 * @see https://docs.woocommerce.com/document/template-structure/
 * @package WooCommerce\Templates
 * @version 3.5.0
 */

defined( 'ABSPATH' ) || exit;

do_action( 'woocommerce_before_edit_account_form' ); ?>

<form class="woocommerce-EditAccountForm edit-account" action="" method="post" <?php do_action( 'woocommerce_edit_account_form_tag' ); ?> >

    <?php do_action( 'woocommerce_edit_account_form_start' ); ?>

    <p class="woocommerce-form-row woocommerce-form-row--first form-row form-row-first">
        <label for="account_first_name"><?php esc_html_e( 'First name', 'woocommerce' ); ?>&nbsp;<span class="required">*</span></label>
        <input type="text" class="woocommerce-Input woocommerce-Input--text input-text" name="account_first_name" id="account_first_name" autocomplete="given-name" value="<?php echo esc_attr( $user->first_name ); ?>" />
    </p>
    <p class="woocommerce-form-row woocommerce-form-row--last form-row form-row-last">
        <label for="account_last_name"><?php esc_html_e( 'Last name', 'woocommerce' ); ?>&nbsp;<span class="required">*</span></label>
        <input type="text" class="woocommerce-Input woocommerce-Input--text input-text" name="account_last_name" id="account_last_name" autocomplete="family-name" value="<?php echo esc_attr( $user->last_name ); ?>" />
    </p>
    <div class="clear"></div>

    <p class="woocommerce-form-row woocommerce-form-row--wide form-row form-row-wide">
        <label for="account_display_name"><?php esc_html_e( 'Display name', 'woocommerce' ); ?>&nbsp;<span class="required">*</span></label>
        <input type="text" class="woocommerce-Input woocommerce-Input--text input-text" name="account_display_name" id="account_display_name" value="<?php echo esc_attr( $user->display_name ); ?>" /> <span><em><?php esc_html_e( 'This will be how your name will be displayed in the account section and in reviews', 'woocommerce' ); ?></em></span>
    </p>
    <div class="clear"></div>

    <p class="woocommerce-form-row woocommerce-form-row--wide form-row form-row-wide">
        <label for="account_email"><?php esc_html_e( 'Email address', 'woocommerce' ); ?>&nbsp;<span class="required">*</span></label>
        <input type="email" class="woocommerce-Input woocommerce-Input--email input-text" name="account_email" id="account_email" autocomplete="email" value="<?php echo esc_attr( $user->user_email ); ?>" />
    </p>

    <fieldset>
        <legend><?php esc_html_e( 'Password change', 'woocommerce' ); ?></legend>

        <p class="woocommerce-form-row woocommerce-form-row--wide form-row form-row-wide">
            <label for="password_current"><?php esc_html_e( 'Current password (leave blank to leave unchanged)', 'woocommerce' ); ?></label>
            <input type="password" class="woocommerce-Input woocommerce-Input--password input-text" name="password_current" id="password_current" autocomplete="off" />
        </p>
        <p class="woocommerce-form-row woocommerce-form-row--wide form-row form-row-wide">
            <label for="password_1"><?php esc_html_e( 'New password (leave blank to leave unchanged)', 'woocommerce' ); ?></label>
            <input type="password" class="woocommerce-Input woocommerce-Input--password input-text" name="password_1" id="password_1" autocomplete="off" />
        </p>
        <p class="woocommerce-form-row woocommerce-form-row--wide form-row form-row-wide">
            <label for="password_2"><?php esc_html_e( 'Confirm new password', 'woocommerce' ); ?></label>
            <input type="password" class="woocommerce-Input woocommerce-Input--password input-text" name="password_2" id="password_2" autocomplete="off" />
        </p>
    </fieldset>
    <div class="clear"></div>

    <?php do_action( 'woocommerce_edit_account_form' ); ?>

    <p>
        <?php wp_nonce_field( 'save_account_details', 'save-account-details-nonce' ); ?>
        <button type="submit" class="woocommerce-Button button" name="save_account_details" value="<?php esc_attr_e( 'Save changes', 'woocommerce' ); ?>"><?php esc_html_e( 'Save changes', 'woocommerce' ); ?></button>
        <input type="hidden" name="action" value="save_account_details" />
    </p>

    <?php do_action( 'woocommerce_edit_account_form_end' ); ?>
</form>

<?php do_action( 'woocommerce_after_edit_account_form' ); ?>
原文

I would like to disable the "current password" field when a user tries to change their password. Often users have difficulty with passwords, when forgotten it is not possible to ask for the current password.

The user edit form is this: https://woocommerce.github.io/code-reference/files/woocommerce-templates-myaccount-form-edit-account.html

I tried deleting the content relating to line 50 to 53 which would be the current password field, but this is not enough, the current password is still needed.

Then I thought about working around the required attribute but it doesn't exist in the form, apparently wordpress asks for validation in another way.

How could the problem be solved?

Template name: form-edit-account.php

<?php
/**
 * Edit account form
 *
 * This template can be overridden by copying it to yourtheme/woocommerce/myaccount/form-edit-account.php.
 *
 * HOWEVER, on occasion WooCommerce will need to update template files and you
 * (the theme developer) will need to copy the new files to your theme to
 * maintain compatibility. We try to do this as little as possible, but it does
 * happen. When this occurs the version of the template file will be bumped and
 * the readme will list any important changes.
 *
 * @see https://docs.woocommerce.com/document/template-structure/
 * @package WooCommerce\Templates
 * @version 3.5.0
 */

defined( 'ABSPATH' ) || exit;

do_action( 'woocommerce_before_edit_account_form' ); ?>

<form class="woocommerce-EditAccountForm edit-account" action="" method="post" <?php do_action( 'woocommerce_edit_account_form_tag' ); ?> >

    <?php do_action( 'woocommerce_edit_account_form_start' ); ?>

    <p class="woocommerce-form-row woocommerce-form-row--first form-row form-row-first">
        <label for="account_first_name"><?php esc_html_e( 'First name', 'woocommerce' ); ?> <span class="required">*</span></label>
        <input type="text" class="woocommerce-Input woocommerce-Input--text input-text" name="account_first_name" id="account_first_name" autocomplete="given-name" value="<?php echo esc_attr( $user->first_name ); ?>" />
    </p>
    <p class="woocommerce-form-row woocommerce-form-row--last form-row form-row-last">
        <label for="account_last_name"><?php esc_html_e( 'Last name', 'woocommerce' ); ?> <span class="required">*</span></label>
        <input type="text" class="woocommerce-Input woocommerce-Input--text input-text" name="account_last_name" id="account_last_name" autocomplete="family-name" value="<?php echo esc_attr( $user->last_name ); ?>" />
    </p>
    <div class="clear"></div>

    <p class="woocommerce-form-row woocommerce-form-row--wide form-row form-row-wide">
        <label for="account_display_name"><?php esc_html_e( 'Display name', 'woocommerce' ); ?> <span class="required">*</span></label>
        <input type="text" class="woocommerce-Input woocommerce-Input--text input-text" name="account_display_name" id="account_display_name" value="<?php echo esc_attr( $user->display_name ); ?>" /> <span><em><?php esc_html_e( 'This will be how your name will be displayed in the account section and in reviews', 'woocommerce' ); ?></em></span>
    </p>
    <div class="clear"></div>

    <p class="woocommerce-form-row woocommerce-form-row--wide form-row form-row-wide">
        <label for="account_email"><?php esc_html_e( 'Email address', 'woocommerce' ); ?> <span class="required">*</span></label>
        <input type="email" class="woocommerce-Input woocommerce-Input--email input-text" name="account_email" id="account_email" autocomplete="email" value="<?php echo esc_attr( $user->user_email ); ?>" />
    </p>

    <fieldset>
        <legend><?php esc_html_e( 'Password change', 'woocommerce' ); ?></legend>

        <p class="woocommerce-form-row woocommerce-form-row--wide form-row form-row-wide">
            <label for="password_current"><?php esc_html_e( 'Current password (leave blank to leave unchanged)', 'woocommerce' ); ?></label>
            <input type="password" class="woocommerce-Input woocommerce-Input--password input-text" name="password_current" id="password_current" autocomplete="off" />
        </p>
        <p class="woocommerce-form-row woocommerce-form-row--wide form-row form-row-wide">
            <label for="password_1"><?php esc_html_e( 'New password (leave blank to leave unchanged)', 'woocommerce' ); ?></label>
            <input type="password" class="woocommerce-Input woocommerce-Input--password input-text" name="password_1" id="password_1" autocomplete="off" />
        </p>
        <p class="woocommerce-form-row woocommerce-form-row--wide form-row form-row-wide">
            <label for="password_2"><?php esc_html_e( 'Confirm new password', 'woocommerce' ); ?></label>
            <input type="password" class="woocommerce-Input woocommerce-Input--password input-text" name="password_2" id="password_2" autocomplete="off" />
        </p>
    </fieldset>
    <div class="clear"></div>

    <?php do_action( 'woocommerce_edit_account_form' ); ?>

    <p>
        <?php wp_nonce_field( 'save_account_details', 'save-account-details-nonce' ); ?>
        <button type="submit" class="woocommerce-Button button" name="save_account_details" value="<?php esc_attr_e( 'Save changes', 'woocommerce' ); ?>"><?php esc_html_e( 'Save changes', 'woocommerce' ); ?></button>
        <input type="hidden" name="action" value="save_account_details" />
    </p>

    <?php do_action( 'woocommerce_edit_account_form_end' ); ?>
</form>

<?php do_action( 'woocommerce_after_edit_account_form' ); ?>

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

怀里藏娇 2025-02-18 08:46:54

注意:如前所述,最好不要进行任何更改,因为这会使应用程序不太安全。但是,要回答您的问题:

虽然可以通过覆盖模板文件来轻松修改当前密码字段的输出,但验证是硬编码,并且可以在文件。

要绕过验证,我们必须传递2条错误消息,即:

  • 请输入您当前密码的
  • 当前密码

以解决此,我们不会使用真实的当前密码,但是我们是要创建/添加额外的自定义数据,并在此基础上允许用户更改他的密码。

1)要绕过第一个通知,您必须覆盖模板文件。

替换50-53 @version 3.5.0

<p class="woocommerce-form-row woocommerce-form-row--wide form-row form-row-wide">
    <label for="password_current"><?php esc_html_e( 'Current password (leave blank to leave unchanged)', 'woocommerce' ); ?></label>
    <input type="password" class="woocommerce-Input woocommerce-Input--password input-text" name="password_current" id="password_current" autocomplete="off" />
</p>


<?php
// Get userID
$user_id = $user->ID;

// Generate salt
$salt = md5( openssl_random_pseudo_bytes( 32, $cstrong ) . wp_generate_password( 32, true, true ) );
$enc = $user_id . '::' . crypt( $user_id, $salt );

// NOT empty
if ( ! empty ( $enc ) ) {
    update_user_meta( $user_id, '_enc', $enc );
}

// Encodes data with MIME base64
$value = base64_encode( $enc );

// NOT empty
if ( ! empty ( $value ) ) {
    ?>
    <input type="hidden" name="password_current" id="password_current" value="<?php echo $value; ?>" />
    <?php
} else {
    ?>
    <p class="woocommerce-form-row woocommerce-form-row--wide form-row form-row-wide">
        <label for="password_current"><?php esc_html_e( 'Current password (leave blank to leave unchanged)', 'woocommerce' ); ?></label>
        <input type="password" class="woocommerce-Input woocommerce-Input--password input-text" name="password_current" id="password_current" autocomplete="off" />
    </p>
    <?php
}
?>

这将用指定值替换当前密码字段。此值基于当前 userId 和盐,然后在请求页面时将其保存为 user_meta

2)要绕过第二个通知,您可以使用 WordPress过滤器挂钩

/**
 * Filters whether the plaintext password matches the encrypted password.
 *
 * @since 2.5.0
 *
 * @param bool       $check    Whether the passwords match.
 * @param string     $password The plaintext password.
 * @param string     $hash     The hashed password.
 * @param string|int $user_id  User ID. Can be empty.
 */
function filter_check_password( $check, $password, $hash, $user_id ) {
    // Only for WooCommerce edit-account endpoint
    if ( ! is_wc_endpoint_url( 'edit-account' ) ) return $check;

    // Get meta
    $enc = get_user_meta( $user_id, '_enc', true );

    // NOT empty
    if ( ! empty ( $enc ) ) {
        // Get parts
        $parts = explode( '::', base64_decode( $password ) );

        // Compare user ID and data
        if ( $parts[0] == $user_id && str_contains( $enc, $parts[1] ) ) {
            $check = true;
        }
    }
    
    return $check;
}
add_filter( 'check_password', 'filter_check_password', 10, 4 );

这将确保使用我们的自定义 user_meta 而不是使用真实的当前密码(已加密)。匹配时,我们允许更改密码

Note: as indicated it is better not to make any changes as this will make the application less secure. However, to answer your question:

While the output from the current password field can be easily modified by overwriting the template file, the validation is hard coded and can be found in the /includes/class-wc-form-handler.php file.

To bypass the validation we have to pass 2 error messages, namely:

  • Please enter your current password
  • Your current password is incorrect

To get around this, we are not going to use the real current password, but we are going to create/add extra custom data, and on that basis allow the user to change his password.

1) To bypass the first notice you will have to overwrite the /myaccount/form-edit-account.php template file.

Replace line 50 - 53 @version 3.5.0

<p class="woocommerce-form-row woocommerce-form-row--wide form-row form-row-wide">
    <label for="password_current"><?php esc_html_e( 'Current password (leave blank to leave unchanged)', 'woocommerce' ); ?></label>
    <input type="password" class="woocommerce-Input woocommerce-Input--password input-text" name="password_current" id="password_current" autocomplete="off" />
</p>

With

<?php
// Get userID
$user_id = $user->ID;

// Generate salt
$salt = md5( openssl_random_pseudo_bytes( 32, $cstrong ) . wp_generate_password( 32, true, true ) );
$enc = $user_id . '::' . crypt( $user_id, $salt );

// NOT empty
if ( ! empty ( $enc ) ) {
    update_user_meta( $user_id, '_enc', $enc );
}

// Encodes data with MIME base64
$value = base64_encode( $enc );

// NOT empty
if ( ! empty ( $value ) ) {
    ?>
    <input type="hidden" name="password_current" id="password_current" value="<?php echo $value; ?>" />
    <?php
} else {
    ?>
    <p class="woocommerce-form-row woocommerce-form-row--wide form-row form-row-wide">
        <label for="password_current"><?php esc_html_e( 'Current password (leave blank to leave unchanged)', 'woocommerce' ); ?></label>
        <input type="password" class="woocommerce-Input woocommerce-Input--password input-text" name="password_current" id="password_current" autocomplete="off" />
    </p>
    <?php
}
?>

This will replace the current password field with a hidden input field with a specified value. This value is based on the current userID and a salt, which is then saved as user_meta when the page is requested.

2) To bypass the second notification, you can use the check_password() WordPress filter hook

/**
 * Filters whether the plaintext password matches the encrypted password.
 *
 * @since 2.5.0
 *
 * @param bool       $check    Whether the passwords match.
 * @param string     $password The plaintext password.
 * @param string     $hash     The hashed password.
 * @param string|int $user_id  User ID. Can be empty.
 */
function filter_check_password( $check, $password, $hash, $user_id ) {
    // Only for WooCommerce edit-account endpoint
    if ( ! is_wc_endpoint_url( 'edit-account' ) ) return $check;

    // Get meta
    $enc = get_user_meta( $user_id, '_enc', true );

    // NOT empty
    if ( ! empty ( $enc ) ) {
        // Get parts
        $parts = explode( '::', base64_decode( $password ) );

        // Compare user ID and data
        if ( $parts[0] == $user_id && str_contains( $enc, $parts[1] ) ) {
            $check = true;
        }
    }
    
    return $check;
}
add_filter( 'check_password', 'filter_check_password', 10, 4 );

This will ensure that instead of using the real current password (which is encrypted), our custom user_meta is used. When it matches, we allow to change the password

回复 原文
~没有更多了~

关于作者

韬韬不绝

暂无简介

文章
评论
808 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

李珊平

文章 0 评论 0

Quxin

文章 0 评论 0

范无咎

文章 0 评论 0

github_ZOJ2N8YxBm

文章 0 评论 0

若言

文章 0 评论 0

南…巷孤猫

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文