I'm trying to prevent users on my wordpress site from using the same password twice or resetting to a previously used password.
I've tried two methods;
add_action('password_reset', 'password_reset_action', 10, 2);
function password_reset_action($user, $new_pass) {
// Get the user's hashed password from the database
$hashed_password = $user->user_pass;
// Initialize the password hasher
require_once ABSPATH . WPINC . '/class-phpass.php'; // Include the password hashing library
$wp_hasher = new PasswordHash(8, true);
// Hash the new entered password
$new_hash_password = $wp_hasher->HashPassword(trim($new_pass));
// Check if the new password matches the current password
if ($wp_hasher->CheckPassword(trim($new_pass), $hashed_password)) {
// Passwords match, so enqueue a JavaScript script to display the error message
add_action('wp_footer', 'display_password_reset_error');
}
}
function display_password_reset_error() {
?>
<script type="text/javascript">
document.addEventListener("DOMContentLoaded", function() {
var errorParagraph = document.createElement("p");
errorParagraph.style.color = "red";
errorParagraph.textContent = "You cannot use your current password. Please choose a different one.";
document.getElementById("resetpassform").appendChild(errorParagraph);
});
</script>
<?php
}
I've tried checking if both passwords are the same and then using javascript to create a text which displays and tells the user that they can't use the same password but what it does is just redirect to the confirmation page telling the user their password has been successfully reset.