Hook into all password resets in Wordpress and get password before hashing?

I'm syncing my Wordpress authentication system with an secondary/external authentication system and my site has at least two ways of resetting the password, including:

  1. Password reset email
  2. User account screen password reset

There may be some third way I'm not recalling, as I've disallowed password resets thus far due to my inability to sync the systems.

The crux of my question: How can I hook into the password reset prior to hashing so that I can simultaneously set the new password on the secondary/external authentication system?

Non-essential additional info:

  • User resets password when using password reset email, not auto-generated
  • User account screen is not the Wordpress dashboard, but a plugin implementation

The two systems using different hashing mechanisms, so a post-hashing hook won't help. I know, it's inconvenient, but it's what I've got.

I can see ways to perhaps do it on a per form/method basis, but this would be really miserable to maintain as the platform grows.

Topic password functions actions php hooks Wordpress

Category Web

1
answered at

Use the password_reset hook.

function wpse_password_reset( $user, $new_pass ) {
  //* Do something useful with $new_pass
}
add_action( 'password_reset', 'wpse_password_reset', 10, 2 );

Edited to add after the comment:

Looks like the reason I can't use that is that the plugin uses wp_update_user to set the new password. Is there any way I can intercept the password prior to this?

Yes. You can use the send_password_change_email filter.

function wpse_send_password_change_email( $true, $user, $userdata ) {
  //* Do something useful with the new password
  wp_die(
    sprintf(
      '%1$s changed their password to %2$s.',
      $userdata[ 'user_login' ],
      $_POST[ 'pass1' ]
    )
  );

  //* Need to return $true since it's a filter
  return $true;
}
add_filter( 'send_password_change_email', 'wpse_send_password_change_email', 10, 3 );

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.