[wp-hackers] [Patch] Propagating password change in an action

Chloé Desoutter chloe.desoutter+wphackers at gmail.com
Fri Oct 5 21:27:41 UTC 2012

Hi folks,

I'm new on this list, my name is Chloé Desoutter, I work as a freelance
contractor to provide my customers with great WordPress-based solutions.

I'm currently working on using WordPress as an "accounts manager" for a
bigger back-end. This implies updating profile infos, password, and stuff
and reporting that to the big backend in real time.

I've hit a difficulty when it comes to updating the password, as the
profile_update hook does not allow me to get the new plaintext password.

So I've come up with a patch in wp_update_user()
chloe at ayodhya:~/opidev$ diff -uprN wordpress/wp-includes/user.php
--- wordpress/wp-includes/user.php      2012-04-27 17:57:51.000000000 +0200
+++ web/wp-includes/user.php    2012-10-04 17:36:12.382154680 +0200
@@ -1427,6 +1427,8 @@ function wp_update_user($userdata) {
        $current_user = wp_get_current_user();
        if ( $current_user->ID == $ID ) {
                if ( isset($plaintext_pass) ) {
+      // call password_updated to reflect that change elsewhere if needed
+      do_action('password_updated', $ID, $plaintext_pass);

pastebin: http://pastebin.com/FZfuLbxC

It's used quite simply:
add_action('password_updated', 'my_password_updated', 1, 2);

function my_password_update($id, $newpass)
file_put_contents("/tmp/log", "Password for user #${id} is now $newpass");

I've found no other way to retrieve that non-hashed password (I usually
hate touching the core, but this time, there's no choice)

Would be nice if that came up into the main source tree.

Any feedback on that?

Hope this helps


More information about the wp-hackers mailing list