admin管理员组

文章数量:1392110

I have user role "b2b_account". I want to prevent user who have role b2b_account to reset their password.

Here my code

add_filter( 'allow_password_reset', 'filter_function_name_2698', 10, 2 );
    function filter_function_name_2698( $allow, $ID ){

        $users = get_users(array(
            'role' => 'b2b_account',
        ));
        foreach($users as $user){
            if($user->ID){

                return false;

                }
            }
    }

I use filter allow_password_reset, but it prevent all user. Thank you for your help.

I have user role "b2b_account". I want to prevent user who have role b2b_account to reset their password.

Here my code

add_filter( 'allow_password_reset', 'filter_function_name_2698', 10, 2 );
    function filter_function_name_2698( $allow, $ID ){

        $users = get_users(array(
            'role' => 'b2b_account',
        ));
        foreach($users as $user){
            if($user->ID){

                return false;

                }
            }
    }

I use filter allow_password_reset, but it prevent all user. Thank you for your help.

  • filters
  • password
Share Improve this question asked Feb 5, 2020 at 9:33 Baim QuraisyBaim Quraisy 255 bronze badges 4
  • I don't know the filter, but you probably just need to return true if you don't find the user. (And possibly abort immediately if $allow is false?) However there must be better ways of doing this, e.g. look up the user ID we have and see what roles it has rather than fetching all users in the role? – Rup Commented Feb 5, 2020 at 9:54
  • Oh, you're also just testing if $user->ID has a value. You're not testing it against $ID – Rup Commented Feb 5, 2020 at 9:59
  • Would it work to prevent them from changing their profile altogether? Or do you need to limit it to only password changes? – Josh M Commented Feb 5, 2020 at 13:30
  • @JoshM I only prevent when password change only. tq – Baim Quraisy Commented Feb 6, 2020 at 1:39
Add a comment  | 

1 Answer 1

Reset to default 1

Your problems are

  • you're testing if($user->ID){, i.e. does the b2b_account user object we've found have an ID. Which it always will. You probably meant to compare it to $ID.
  • you need to return true in the success case, i.e. after your for loop if you didn't find the user.

However

  • you're ignoring the $allow parameter. You could end with return $allow instead, but it would make more sense to not even do the restricted group check if a previous filter left $allow = false or returned a WP_Error
  • it would make more sense to me to fetch the current groups for the user and see if b2b_account is included, rather than fetch all b2b_account users and check against that list of IDs.

So I'd suggest

add_filter( 'allow_password_reset', 'filter_function_name_2698', 10, 2 );
function filter_function_name_2698( $allow, $ID ) {
    if ( ( ! $allow ) || is_wp_error( $allow ) ) {
         // Rejected by a previous filter
         return $allow;
    }

    // Read the user's roles
    $user_data = get_userdata( $ID );
    if ( $user_data ) {
        $user_roles = $user_data->roles;

        if ( $user_roles && in_array( 'b2b_account', $user_roles, true ) ) {
            // b2b_accounts may not reset passwords
            return false;
        }
    }
    // else user doesn't exist

    return true;
}

(using the role check code from here, plus an extra probably-not-necessary null check)

本文标签: filtersPrevent reset password specific user role

版权声明:本文标题:filters - Prevent reset password specific user role 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1744775877a2624619.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。