Ask your WordPress questions! Pay money and get answers fast! (more info)

Looking For Ideas -- Require User Password Protect Content

  • SOLVED

Does anyone know of solutions for requiring users to re-login or re-enter their password to view pages?

If you want to write a coded solution I will raise the prize.

For some of my more sensitive pages/ or functions on the frontend I would like to require the user to enter their password to proceed.

For example:
-To change credit card info
-To change their password
-To update an order status
etc.

For all of those I would like a password requirement to proceed to stay secure as possible. Any plugins or solutions for this would be appreciated.

My thought on the code would be a pre-post check on desired pages for some kind of nonce or encoded validation, if not it redirects to a page for current user password input, and on correct submission it redirects to the previous page.

Answers (6)

2013-04-11

Arnav Joy answers:

see these two plugins:-

http://wordpress.org/extend/plugins/exclusive-content-password-protect/

http://wordpress.org/extend/plugins/password-protected/


Kyle comments:

Hi, thanks for the reply

Both of those use a global password. I am looking something that uses the User's Password

2013-04-11

Dbranes answers:

Hi, there is a Wordpress function called <strong>wp_check_password()</strong>.

Here is an example to play with, using this function:

add_action('template_redirect','pwd_check');
function pwd_check(){
if(is_page('some_page_slug')){
global $current_user;
get_currentuserinfo();
if ( isset($_POST['resubmit']) && wp_verify_nonce($_POST['repass_nonce'],'retypepasswd') && $current_user && wp_check_password( esc_html($_POST['repassword']),$current_user->user_pass, $current_user->ID) ){
}else{
get_header();
echo"<h1>Please retype your password:</h1>";
echo "<form action='' method='post'>";
wp_nonce_field('retypepasswd','repass_nonce');
echo "Password:<input type='password' name='repassword'>";
echo "<input type='submit' name='resubmit' value='submit'/>";
echo "</form>";
get_footer();
exit();

}
}
}



Kyle comments:

Thanks for the reply, this is very cool let me see what I can do with this.


Kyle comments:

That worked perfectly, thank you - didn't expect such a neat and quick solution :)

2013-04-11

Daniel Yoen answers:

try this :

http://en.support.wordpress.com/security/two-step-authentication/
http://www.wpbeginner.com/plugins/improve-wordpress-security-with-google-authenticator/

hope this help :-)


Daniel Yoen comments:

just idea :

1. use a token that is sent via email to confirm
2. create user meta for 2nd password

I can make this code, but it took more time. :-)


Kyle comments:

Hi, thanks for the reply

Two step authentication is a good idea for some extra security, thank you. This doesn't solve the problem I'm looking for though, of forcing the user to re-enter a password at certain points.

2013-04-11

Vasif Mustafayev answers:

When I worked on my one project we done this like as following:
When user register we force him to set pincode which is consist of 6 digits, and when he want access Secure page we show him Security Gate which ask user to type password and PinCode.
I think this is simple and secure solution for this problem.
Thanks.


Kyle comments:

This would be perfect. Is there a plugin or code snippet that can help with this?

2013-04-11

Gabriel Reguly answers:

Hi Kyle,

Add this code to a page template



if( isset( $_GET['my_logout_flag'] ) ) {
wp_logout();
$redirect = 'your-page-slug';
wp_redirect( wp_login_url( $redirect ) );
}


Regards,
Gabriel


Kyle comments:

Thanks for the reply, I'll give this a shot


Gabriel Reguly comments:

Hi Kyle,

Do you understand that code is just a starting point,right?

Basic idea is

1. log out user;
2. ask for login again, redirecting to current page after login;

Regards,
Gabriel


Gabriel Reguly comments:

Me again...

Forgot to mention that you should set a flag to make sure the user has not to login again.

It could be some session variable, a unique query string or even a transient.

Regards,
Gabriel

2013-04-11

daas answers:

Hi, I have created similar plugin. It uses PasswordHash class which is build in wordpress.

Here's the example:

$user_info = get_userdata( get_current_user_id() );
$wp_hasher = new PasswordHash( 8, TRUE );
$current_pass = $_POST['cp'];

if ($wp_hasher->CheckPassword($current_pass, $user_info->user_pass)) {
return true;
}

return false;


After checking the password it is possible to store extra data in session.

global $session;
$session->set_flashdata( 'double_auth', 1 );


Flashdata is stored only for the next server request.


Kyle comments:

Awesome, I like it. I will give this a shot and see how I do. If I need some help I'll raise the prize and come back