WordPress.org

Make WordPress Core

Opened 11 months ago

Closed 11 months ago

Last modified 8 months ago

#51879 closed defect (bug) (invalid)

wp_set_password() resets user registered date

Reported by: cantuaria Owned by:
Milestone: Priority: normal
Severity: major Version: 5.6
Component: Users Keywords:
Focuses: Cc:

Description

Even though this function is not really used internally to change passwords, plugins and themes may rely on it to customize the password change process, and doing so, it will also update the user_registered column in the database, because the $wpdb->update() query used, doesn't explicitly sets the current user registered date. This is problematic for sites that needs to rely on user registered time, like social networks and ecommerces... and WooCommerce is one of the plugins which relies on the wp_set_password() function for the reset password functionality.

Below the code I'm using to fix this isse:

<?php
if ( ! function_exists( 'wp_set_password' ) ) {
    function wp_set_password( $password, $user_id ) {
        global $wpdb;

        $userdata = get_userdata($user_id);

        $hash = wp_hash_password( $password );
        $wpdb->update(
            $wpdb->users,
            array(
                'user_pass'           => $hash,
                'user_activation_key' => '',
                'user_registered' => $userdata->user_registered,
            ),
            array( 'ID' => $user_id )
        );

        clean_user_cache( $user_id );
    }
}

Note that, at minimum this behavior should be noted in the source code or at the Codex. I'm also sending a similar ticket to WooCommerce.

Change History (4)

#1 @donmhico
11 months ago

Hello @cantuaria,

Unfortunately, I cannot reproduce the error you are mentioned. My user_registered isn't updated after using wp_set_password() to change the password. If a column / key isn't provided in the $data params in $wpdb->update then that column won't be updated.

Maybe some other plugin is doing this behavior for you. Can you disable all your plugins and change to a default theme (twentytwentyone, etc) and try again if you still see this behavior?

Thank you.

#2 follow-up: @cantuaria
11 months ago

  • Resolution set to invalid
  • Status changed from new to closed

Just reviewed and checked that the registered column was set to auto update. Not sure what plugin changed that behavior, but it's clearly not WordPress fault. My mistake!

#3 in reply to: ↑ 2 @cantuaria
11 months ago

Replying to cantuaria:

Just reviewed and checked that the registered column was set to auto update at MySQL level. Not sure what plugin changed that behavior, but it's clearly not WordPress fault. My mistake!

#4 @desrosj
8 months ago

  • Milestone Awaiting Review deleted
Note: See TracTickets for help on using tickets.