Make WordPress Core

Opened 13 years ago

Closed 12 years ago

Last modified 12 years ago

#15601 closed defect (bug) (invalid)

Cannot overwrite wp_set_password in pluggable.php

Reported by: layotte's profile layotte Owned by:
Milestone: Priority: normal
Severity: trivial Version: 3.0.1
Component: Plugins Keywords:
Focuses: Cc:


I was trying to force lowercase passwords (for a client), so I created a plugin called (CIP - Case Insensitive Passwords) that overwrote wp_set_password to force the password string to lowercase. But wp_set_password wouldn't overwrite... I have a test site with 0 plugins activated and the default 2010 theme activated. I also didn't see any other place where the wp_set_password function was being set:

$ cd
$ grep -R wp_set_password *
wp-content/plugins/CIP/case-insensitive-passwords.php:if ( !function_exists('wp_set_password') ) {
wp-content/plugins/CIP/case-insensitive-passwords.php:  function wp_set_password( $password, $user_id ) {
wp-includes/pluggable.php:                      wp_set_password($password, $user_id);
wp-includes/pluggable.php:if ( !function_exists('wp_set_password') ) :
wp-includes/pluggable.php:function wp_set_password( $password, $user_id ) {
wp-login.php:   wp_set_password($new_pass, $user->ID);

In the plugin, without the function_exists check I get this error, "Plugin could not be activated because it triggered a fatal error.

Fatal error: Cannot redeclare wp_set_password() (previously declared in /homepages/3/d238924033/htdocs/ in /homepages/3/d238924033/htdocs/ on line 23"

function wp_set_password( $password, $user_id ) {
	global $wpdb;
	$password = strtolower( $password );
	$hash = wp_hash_password($password);
	$wpdb->update($wpdb->users, array('user_pass' => $hash, 'user_activation_key' => ''), array('ID' => $user_id) );

	wp_cache_delete($user_id, 'users');

I am able to achieve what I want by setting the password to lowercase when I overwrite wp_hash_password so the issue I'm facing is trivial, but I don't understand why I'm having this trouble when trying to overwrite wp_set_password.

This is the actual plugin code -

Change History (8)

#1 @westi
13 years ago

  • Keywords reporter-feedback added

Have you tried this with all other plugins and must use plugins removed.

It sounds like something else is pulling in pluggable.php early.

Pluggable.php is included in core after all the plugin files.

#2 @layotte
13 years ago

  • Cc lew@… added

As I said, the only plugin that was activated was the one I was creating and I am using the default 2010 theme. As you can see from the grep, no other files in all the WP directories mention wp_set_password().

#3 @layotte
13 years ago

  • Keywords reporter-feedback removed

#4 @nacin
12 years ago

You need to wrap your own definitions in a function_exists. Otherwise it unsuccessfully redeclares the original one during activation.

#5 @layotte
12 years ago

hrm, it was/is wrapped in a function_exists...

#6 @nacin
12 years ago

Then the other course of action is to test this again in 3.0.2. We fixed an old bug that regressed in 3.0.

#7 @layotte
12 years ago

  • Resolution set to invalid
  • Status changed from new to closed

Well, it turns out I'm an idiot.

I assumed wp_set_password() was called on the user password update in the user edit screen. It looks like wp_hash_password() is the function that's called. wp_set_password() is only called during the password reset if a User forgets his password. Not sure why this didn't occur to me before...

It is working after all. I just wasn't testing it properly.

Closing ticket.

#8 @ocean90
12 years ago

  • Milestone Awaiting Review deleted
Note: See TracTickets for help on using tickets.