I’ve been using WordPress for a couple of years, and have intended to learn how to make plugins properly for just about as long. I’m not quite there yet though, since whenever anything comes along which requires some form of thought and understanding, I convince myself that it doesn’t really need to be done at all and discard the idea. I can, however, spend 10 minutes editing a few php files and that’s what this hack involves. In the coming days and weeks, I intend to have a real attempt at making a WordPress plugin properly, so I’ll try to make a couple of simple ones and see if it is possible to implement the below hack as a plugin.
When someone registers on a WordPress site, they ordinarily have to enter a username and e-mail address, then WordPress generates a password and e-mails it to them. This hack allows the user to choose their own password when they register, rather than changing it later. Of course, this means that they don’t have to give a valid e-mail address anymore, since they needed one to receive their password. In addition, some may argue that letting users choose their own password is a security flaw, but if they can change their password anyway then I don’t see how that is so different, and it doesn’t really concern me anyway since I’m the only one who will have access to post on this blog.
When I wanted to do this, I Googled but all I found was an out of date file following from a discussion on the WordPress forums. My attempt involves editing wp-login.php directly, basically copying lines from some other files which dealt with the user changing their password. Since this involves editing a core WordPress file, it is probably not a good idea and could cause problems, but it does the job for me. Also, whenever you upgrade WordPress, wp-login.php will be overwritten, and you’ll have to make the changes again. The changes described are for WordPress 2.2.
Password Validation:
Between:
$user_email = apply_filters( 'user_registration_email', $_POST['user_email'] );
and
// Check the username
if ( $user_login == '' )
Insert:
if ( isset( $_POST['pass1'] ))
$pass1 = $_POST['pass1'];
if ( isset( $_POST['pass2'] ))
$pass2 = $_POST['pass2'];
Between:
$errors['user_email'] = __('<strong>ERROR</strong>: This email is already registered, please choose another one.');
and
do_action('register_post');
Insert:
/* Check for "\" in password */
if( strpos( " ".$pass1, "\\" ) )
$errors['pass'] = __( '<strong>ERROR</strong>: Passwords may not contain the character "\\".' );
/* checking the password has been typed twice the same */
if ( $pass1 != $pass2 )
$errors['pass'] = __( '<strong>ERROR</strong>: Please type the same password in the two password fields.' );
if ( empty($pass1) || $pass1 == '')
$errors['pass'] = __( '<strong>ERROR</strong>: Please enter a password.' );
if (!empty ( $pass1 ))
$user_pass = $pass1;
Password Form Fields:
Between
<input type="text" name="user_email" id="user_email" class="input" value="<?php echo attribute_escape(stripslashes($user_email)); ?>" size="25" tabindex="20" /></label>
</p>
and
<?php do_action('register_form'); ?>
Insert:
<p><label><?php _e('Password:'); ?><br />
<input type="password" name="pass1" class="input" size="16" value="" tabindex="30" />
</label></p>
<p><label><?php _e('Type it one more time:'); ?><br />
<input type="password" name="pass2" class="input" size="16" value="" tabindex="31" />
</label></p>
After
<?php do_action('register_form'); ?>
Delete:
<p id="reg_passmail"><php _e('A password will be e-mailed to you.') ?></p>
Between
if ( empty( $errors ) ) {
and
$user_id = wp_create_user( $user_login, $user_pass, $user_email );
Delete:
$user_pass = substr( md5( uniqid( microtime() ) ), 0, 7);
You can download my wp-login.php for WordPress 2.2, with the changes implemented already, here: wp-login-modified.zip (extract and rename to wp-login.php).
Just what I needed. Thanks!
the above site is still in beta. Don’t expect too much. Anyway:
Beautiful!!!!
Thank you. Thank you. Thank you.
super..thanks..just what i need..
a question…
—–
the above site is still in beta. Don’t expect too much. Anyway:
—–
what does it mean ..is it beta..
No idea – I assume he’s referring to his own page, which doesn’t seem to work properly just now. That’s what beta means, right? :p I’m not actually sure if it is a real comment or spam.
i used it now and i love it ..i mean it works..
sorry for my english
Pingback: 博客、论坛注册,让用户自己决定密码 | 随便说说SBTalk
Hi,
I was wondering if you’re able to hack a password protected entry?
Please email me, thanks!
Peter: No I can’t – that’s not really the theme of this post
This works great. Many thanks.
Has this been tested on 2.5 yet? Also.. would you happen to know of a way to also set this up for bbPress. I have one integrated with WP, but I need the user to be able to choose their own password whether they are registering from one or the other.
Thanks!
hi steve/author,
i see that the post is old but i am desperately looking for this solution. i tried this hack but isn’t working. i’m using wordpress MU latest version i guess its 2.6
can you please help??
Thanks
hey this works on v2.7 also. the last line you delete is a little different, but the hack is great. Check out my custom registration page I’m using it on
http://science-query.com/wp-login.php?action=register
ps. how come it is not being used on this site? many thanks!
Pingback: Useful WordPress Resources | Bui4Ever | Bui4Ever.com
gsawiris, it isn’t being used on this site because I updated wordpress causing my hack to be overwritten and never got round to reinstating it.
As for which versions this works on – I’ve not looked at it since v2.2 so can’t really offer any support. I suspect that the login form won’t have changed all that much between versions, but it might take a bit of figuring out to decide what needs changed.