Contact Form 7 Add Password field

The plugin is to add a password filed to Contact form 7 plugin.
ex. [password example] (optional) / [password* example] (required)

*For support, please use the following forum: https://wordpress.org/support/plugin/cf7-add-password-field/

Contact Form 7 Add Password field

Latest

  • 3 May, 2024: Version 4.2

In this section, we will introduce the validation check using hooks implemented in 2.9.

How to use the hook

.
The following is an example of how to write the supported hooks in the functions.php function for the theme. Using hooks, you can change or add validation checks for this plugin from fucntions.php or plugins. Always consider the necessity of escaping when retrieving form data such as $_POST and $_GET.

Example 1. Check if the password is the same as the WordPress login user’s password (21 July, 2021)

Checks if the data entered in the password field of Contact Form 7 and the password of the WordPress login user match.

[password* password2]

Suppose you have set up the system as shown above.
Let’s compare it with the sample user’s password.

WordPress stores passwords in Hash format, but there are two types of passwords: one is unique to WordPress, and the other is hashed with MD5. Use the “wp_check_password” function to check for these.

What you need to understand.
1. Get the password data from the form you entered ($_POST[‘password2’]).
2. Get the hashed password and ID of the WordPress sample user.

$user_info = get_user_by( 'login', 'sample' );
$user_hash_pass = (string)$user_info->user_pass;
$user_ID = (string)$user_info->ID;
  1. Check your password
   if( wp_check_password($pass, $user_hash_pass, $user_ID ) === false ){
        // Warning Message if don't match.
        $result->invalidate( $tag, 'Do not match WordPress user password.' );
    }

Example of “functions.php” in the theme.

In the following example, the data obtained by $_POST is only compared, and the password is not escaped because it contains symbols.

add_filter('wpcf7_k_password_validation_filter', 'my_wpcf7_validate', 10, 2);

function my_wpcf7_validate($result,$tag){
    $pass = isset( $_POST['password2'] ) ? $_POST['password2']  : '';
    $user_info = get_user_by( 'login', 'sample' );
    $user_hash_pass = (string)$user_info->user_pass;
    $user_ID = (string)$user_info->ID;
    // 何らかの判別
    if( wp_check_password($pass, $user_hash_pass, $user_ID ) === false ){
        // Warning Message if don't match.
        $result->invalidate( $tag, 'Do not match WordPress user password.' );
    }
    return $result;
}

Below is TiPS using Contact Form 7.

Registering as a user on WordPress (22 July, 2021)

The following example shows how to make a user enter his/her username, password, and email address using Contact Form 7 and this plugin, and then register the user with WordPress using Contact Form 7’s wpcf7_mail_sent hook after pressing submit. Existing users, error messages when registering, and various other settings need to be replaced.

So don’t just copy and paste the following and use it, be sure to review the settings.
If you set a password too easily, you can create a WordPress user without permission. Please think about how to prevent people from setting easy passwords (e.g. [password* password2 maxlength:12 password_strength:4]). Please keep in mind that the following is just the simplest code example.

The following is the code that we expect to add to the functions.php of the theme.

  • Username: Obtained from [text* your-name] in Conctact Form 7.
  • Password: Obtained from [password* password2] by using this plugin.
  • Email address: Obtained from [text* your-email] in Conctact Form 7.
  • User role: contributor (See Summary of Roles at https://wordpress.org/support/article/roles-and-capabilities/. Set all lowercase when setting.

Assume that you have entered data with the above settings.

add_action('wpcf7_mail_sent', 'my_wpcf7_user_register', 10, 1);

function my_wpcf7_user_register(){
    $submission = WPCF7_Submission::get_instance();
    if( ! $submission ){
            return;
    }
    //  $send_to = "your e-mail address";  or the admin e-mail for WordPress in case of the following setting..
    $send_to = get_option('admin_email');
    $pass_field = "password2";      // In case of [password* password2] for the user password field
    $username_field = "your-name";    // In case of [text* your-name] for the username
    $email_field = "your-email";     // In case of [email* your-email] for the email

    $formdata = $submission->get_posted_data();
    $pass = isset( $formdata[$pass_field] ) ? trim($formdata[$pass_field]) : '';
    // Snitize the slashes and remove the newline mark.
    $username = isset( $formdata[$username_field] )
        ? trim( wp_unslash( strtr( (string) $formdata[$username_field], "\n", '' ) ) ) 
        : '';   
    $email = isset( $formdata[$email_field] )
        ? trim( wp_unslash( strtr( (string) $formdata[$email_field], "\n", '' ) ) ) 
        : '';       

    // Set the user information. 
    // About other items, please see https://developer.wordpress.org/reference/functions/wp_insert_user/ . 
    $user_args = array(
            'user_login' => $username,
            'user_pass' => $pass,
            'user_email' => $email,
            'role' => 'contributor', 
            ); 
    // If you already have a WordPress user, give an error.
    if (username_exists($username) !== false){
        /* In case that the user "$username" already exists in WordPress user*/
        wp_mail($send_to, "Cannot register", "The user ".$username." is already registered.");
    }else{
        // User registration
        $create_user = wp_insert_user($user_args);
        if(is_wp_error ($create_user)){
            wp_mail($send_to, "Create user is fault", "username:". $username );
        }else{
            wp_mail($send_to, "Created user", 
                "The following user is resgitered. \n"              
                . "username: ". $username . "\n"
                . "user_email: ". $email . "\n"
            );
        }
    }
}

Changing Contact Form 7 input values (28 January, 2023)

The following example is a TiPS to use when you want to keep passwords and other values secret. It cannot be embedded in this plugin but must be added to the functions.php of the theme.

  • Get the name of the item you want to change in Contact Form 7

Assume that you have had the data entered in the above settings.
*In following case, there are two fields to be changed here, “user-pass” and “check-user-pass” respectively. The entered values are hashed. This can be used to store passwords as hash values instead of using them as raw data.
Let’s assume that Contact Form 7 actually uses this plugin to create a password input and an input form to check it.

 

So, add the following code to your theme’s functions.php


add_filter('wpcf7_posted_data', 'my_wpcf7_posted_data', 10, 1);
 
function my_wpcf7_posted_data($posted_data){
	if( isset($posted_data['user-pass']) ){
	  	$posted_data['user-pass'] = wp_hash( $posted_data['user-pass'] );
	}			
	if( isset($posted_data['check-user-pass']) ){
	  	$posted_data['check-user-pass'] = wp_hash( $posted_data['check-user-pass'] );
	}			
    return $posted_data;
}

If you do not want the user to enter a value, the code would look something like this


function my_wpcf7_posted_data($posted_data){
	if( isset($posted_data['user-pass']) ){
	  	$posted_data['user-pass'] = "";
	}			
	if( isset($posted_data['check-user-pass']) ){
	  	$posted_data['check-user-pass'] = "";
	}			
    return $posted_data;
}

Created 21 July, 2021
Modified 28 January, 2023