Comment augmenter les exigences de mot de passe pour l'enregistrement

Question

Ok, j'ai buddypress installé qui permet aux utilisateurs de choisir un mot de passe lors de l'enregistrement, mais il n'a aucune exigence pour cela, il demande seulement qu'il soit saisi deux fois. Vous pouvez donc avoir un mot de passe à caractère unique qui est ridicule. J'ai donc trouvé la fonction qui la valide lorsque le formulaire de registre est soumis, mais je ne peux pas comprendre comment s'y accrocher correctement pour ajouter une vérification simple afin de s'assurer qu'il y a au moins 6 caractères.

Donc, tout d’abord, voici la fonction principale de buddypress.

function bp_core_screen_signup() { global $bp; if ( !bp_is_current_component( 'register' ) ) return; // Not a directory bp_update_is_directory( false, 'register' ); // If the user is logged in, redirect away from here if ( is_user_logged_in() ) { if ( bp_is_component_front_page( 'register' ) ) $redirect_to = trailingslashit( bp_get_root_domain() . '/' . bp_get_members_root_slug() ); else $redirect_to = bp_get_root_domain(); bp_core_redirect( apply_filters( 'bp_loggedin_register_page_redirect_to', $redirect_to ) ); return; } $bp->signup->step = 'request-details'; if ( !bp_get_signup_allowed() ) { $bp->signup->step = 'registration-disabled'; // If the signup page is submitted, validate and save } elseif ( isset( $_POST['signup_submit'] ) && bp_verify_nonce_request( 'bp_new_signup' ) ) { do_action( 'bp_signup_pre_validate' ); // Check the base account details for problems $account_details = bp_core_validate_user_signup( $_POST['signup_username'], $_POST['signup_email'] ); // If there are errors with account details, set them for display if ( !empty( $account_details['errors']->errors['user_name'] ) ) $bp->signup->errors['signup_username'] = $account_details['errors']->errors['user_name'][0]; if ( !empty( $account_details['errors']->errors['user_email'] ) ) $bp->signup->errors['signup_email'] = $account_details['errors']->errors['user_email'][0]; // Check that both password fields are filled in if ( empty( $_POST['signup_password'] ) || empty( $_POST['signup_password_confirm'] ) ) $bp->signup->errors['signup_password'] = __( 'Please make sure you enter your password twice', 'buddypress' ); // Check that the passwords match if ( ( !empty( $_POST['signup_password'] ) && !empty( $_POST['signup_password_confirm'] ) ) && $_POST['signup_password'] != $_POST['signup_password_confirm'] ) $bp->signup->errors['signup_password'] = __( 'The passwords you entered do not match.', 'buddypress' ); $pass = $_POST['signup_password']; $bp->signup->username = $_POST['signup_username']; $bp->signup->email = $_POST['signup_email']; // Now we've checked account details, we can check profile information if ( bp_is_active( 'xprofile' ) ) { // Make sure hidden field is passed and populated if ( isset( $_POST['signup_profile_field_ids'] ) && !empty( $_POST['signup_profile_field_ids'] ) ) { // Let's compact any profile field info into an array $profile_field_ids = explode( ',', $_POST['signup_profile_field_ids'] ); // Loop through the posted fields formatting any datebox values then validate the field foreach ( (array) $profile_field_ids as $field_id ) { if ( !isset( $_POST['field_' . $field_id] ) ) { if ( !empty( $_POST['field_' . $field_id . '_day'] ) && !empty( $_POST['field_' . $field_id . '_month'] ) && !empty( $_POST['field_' . $field_id . '_year'] ) ) $_POST['field_' . $field_id] = date( 'Y-m-d H:i:s', strtotime( $_POST['field_' . $field_id . '_day'] . $_POST['field_' . $field_id . '_month'] . $_POST['field_' . $field_id . '_year'] ) ); } // Create errors for required fields without values if ( xprofile_check_is_required_field( $field_id ) && empty( $_POST['field_' . $field_id] ) ) $bp->signup->errors['field_' . $field_id] = __( 'This is a required field', 'buddypress' ); } // This situation doesn't naturally occur so bounce to website root } else { bp_core_redirect( bp_get_root_domain() ); } } // Finally, let's check the blog details, if the user wants a blog and blog creation is enabled if ( isset( $_POST['signup_with_blog'] ) ) { $active_signup = $bp->site_options['registration']; if ( 'blog' == $active_signup || 'all' == $active_signup ) { $blog_details = bp_core_validate_blog_signup( $_POST['signup_blog_url'], $_POST['signup_blog_title'] ); // If there are errors with blog details, set them for display if ( !empty( $blog_details['errors']->errors['blogname'] ) ) $bp->signup->errors['signup_blog_url'] = $blog_details['errors']->errors['blogname'][0]; if ( !empty( $blog_details['errors']->errors['blog_title'] ) ) $bp->signup->errors['signup_blog_title'] = $blog_details['errors']->errors['blog_title'][0]; } } do_action( 'bp_signup_validate' ); // Add any errors to the action for the field in the template for display. if ( !empty( $bp->signup->errors ) ) { foreach ( (array) $bp->signup->errors as $fieldname => $error_message ) { // addslashes() and stripslashes() to avoid create_function() // syntax errors when the $error_message contains quotes add_action( 'bp_' . $fieldname . '_errors', create_function( '', 'echo apply_filters(\'bp_members_signup_error_message\', "<div class=\"error\">" . stripslashes( \'' . addslashes( $error_message ) . '\' ) . "</div>" );' ) ); } } else { $bp->signup->step = 'save-details'; // No errors! Let's register those deets. $active_signup = !empty( $bp->site_options['registration'] ) ? $bp->site_options['registration'] : ''; if ( 'none' != $active_signup ) { // Make sure the extended profiles module is enabled if ( bp_is_active( 'xprofile' ) ) { // Let's compact any profile field info into usermeta $profile_field_ids = explode( ',', $_POST['signup_profile_field_ids'] ); // Loop through the posted fields formatting any datebox values then add to usermeta - @todo This logic should be shared with the same in xprofile_screen_edit_profile() foreach ( (array) $profile_field_ids as $field_id ) { if ( ! isset( $_POST['field_' . $field_id] ) ) { if ( ! empty( $_POST['field_' . $field_id . '_day'] ) && ! empty( $_POST['field_' . $field_id . '_month'] ) && ! empty( $_POST['field_' . $field_id . '_year'] ) ) { // Concatenate the values $date_value = $_POST['field_' . $field_id . '_day'] . ' ' . $_POST['field_' . $field_id . '_month'] . ' ' . $_POST['field_' . $field_id . '_year']; // Turn the concatenated value into a timestamp $_POST['field_' . $field_id] = date( 'Y-m-d H:i:s', strtotime( $date_value ) ); } } if ( !empty( $_POST['field_' . $field_id] ) ) $usermeta['field_' . $field_id] = $_POST['field_' . $field_id]; if ( !empty( $_POST['field_' . $field_id . '_visibility'] ) ) $usermeta['field_' . $field_id . '_visibility'] = $_POST['field_' . $field_id . '_visibility']; } // Store the profile field ID's in usermeta $usermeta['profile_field_ids'] = $_POST['signup_profile_field_ids']; } // Hash and store the password $usermeta['password'] = wp_hash_password( $_POST['signup_password'] ); // If the user decided to create a blog, save those details to usermeta if ( 'blog' == $active_signup || 'all' == $active_signup ) $usermeta['public'] = ( isset( $_POST['signup_blog_privacy'] ) && 'public' == $_POST['signup_blog_privacy'] ) ? true : false; $usermeta = apply_filters( 'bp_signup_usermeta', $usermeta ); // Finally, sign up the user and/or blog if ( isset( $_POST['signup_with_blog'] ) && is_multisite() ) $wp_user_id = bp_core_signup_blog( $blog_details['domain'], $blog_details['path'], $blog_details['blog_title'], $_POST['signup_username'], $_POST['signup_email'], $usermeta ); else $wp_user_id = bp_core_signup_user( $_POST['signup_username'], $_POST['signup_password'], $_POST['signup_email'], $usermeta ); if ( is_wp_error( $wp_user_id ) ) { $bp->signup->step = 'request-details'; bp_core_add_message( $wp_user_id->get_error_message(), 'error' ); } else { $bp->signup->step = 'completed-confirmation'; } } do_action( 'bp_complete_signup' ); } } do_action( 'bp_core_screen_signup' ); bp_core_load_template( apply_filters( 'bp_core_template_register', array( 'register', 'registration/register' ) ) ); } add_action( 'bp_screens', 'bp_core_screen_signup' );

C'est bien beau et énorme, mais à la ligne 90, la validation du mot de passe commence et vérifie simplement pour s'assurer qu'ils correspondent. J'ai essayé de m'y accrocher mais je ne comprends pas le concept.

function bp_password_beefing() { if ( !empty( $_POST['signup_password'] ) ) if ( strlen( $_POST['signup_password'] ) < 6 ) $bp->signup->errors['signup_password'] = __( 'Your password needs to be atleast 6 characters', 'buddypress' ); } add_action( 'bp_signup_pre_validate', 'bp_password_beefing');

Quelle est la bonne façon de faire cela?

shanebp · Accepted Answer

Utilisez un hook qui se déclenche plus tard et ajoutez le $ bp global à la fonction. Essaye ça:

function bp_password_beefing() { global $bp; if ( !empty( $_POST['signup_password'] ) ) if ( strlen( $_POST['signup_password'] ) < 6 ) $bp->signup->errors['signup_password'] = __( 'Your password needs to be at least 6 characters', 'buddypress' ); } add_action( 'bp_signup_validate', 'bp_password_beefing');