[wp-trac] [WordPress Trac] #51879: wp_set_password() resets user registered date
WordPress Trac
noreply at wordpress.org
Thu Nov 26 14:52:27 UTC 2020
#51879: wp_set_password() resets user registered date
--------------------------+-----------------------------
Reporter: cantuaria | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version: 5.6
Severity: major | Keywords:
Focuses: |
--------------------------+-----------------------------
Even though this function is not really used internally to change
passwords, plugins and themes may rely on it to customize the password
change process, and doing so, it will also update the user_registered
column in the database, because the $wpdb->update() query used, doesn't
explicitly sets the current user registered date. This is problematic for
sites that needs to rely on user registered time, like social networks and
ecommerces... and WooCommerce is one of the plugins which relies on the
wp_set_password() function for the reset password functionality.
Below the code I'm using to fix this isse:
{{{#!php
<?php
if ( ! function_exists( 'wp_set_password' ) ) {
function wp_set_password( $password, $user_id ) {
global $wpdb;
$userdata = get_userdata($user_id);
$hash = wp_hash_password( $password );
$wpdb->update(
$wpdb->users,
array(
'user_pass' => $hash,
'user_activation_key' => '',
'user_registered' => $userdata->user_registered,
),
array( 'ID' => $user_id )
);
clean_user_cache( $user_id );
}
}
}}}
Note that, at minimum this behavior should be noted in the source code or
at the Codex. I'm also sending a similar ticket to WooCommerce.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/51879>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list