diff --git a/includes/core/class-password.php b/includes/core/class-password.php index 92e88479..b2dc4053 100644 --- a/includes/core/class-password.php +++ b/includes/core/class-password.php @@ -556,10 +556,24 @@ if ( ! class_exists( 'um\core\Password' ) ) { } if ( UM()->options()->get( 'require_strongpass' ) ) { + wp_fix_server_vars(); + + $rp_cookie = 'wp-resetpass-' . COOKIEHASH; + if ( ! is_user_logged_in() && isset( $_COOKIE[ $rp_cookie ] ) && 0 < strpos( $_COOKIE[ $rp_cookie ], ':' ) ) { + list( $rp_login, $rp_key ) = explode( ':', wp_unslash( $_COOKIE[ $rp_cookie ] ), 2 ); + + $user = check_password_reset_key( $rp_key, $rp_login ); + um_fetch_user( $user->ID ); + } elseif ( is_user_logged_in() ) { + um_fetch_user( get_current_user_id() ); + } + $min_length = UM()->options()->get( 'password_min_chars' ); $min_length = ! empty( $min_length ) ? $min_length : 8; $max_length = UM()->options()->get( 'password_max_chars' ); $max_length = ! empty( $max_length ) ? $max_length : 30; + $user_login = um_user( 'user_login' ); + $user_email = um_user( 'user_email' ); if ( mb_strlen( wp_unslash( $args['user_password'] ) ) < $min_length ) { UM()->form()->add_error( 'user_password', sprintf( __( 'Your password must contain at least %d characters', 'ultimate-member' ), $min_length ) ); @@ -569,6 +583,14 @@ if ( ! class_exists( 'um\core\Password' ) ) { UM()->form()->add_error( 'user_password', sprintf( __( 'Your password must contain less than %d characters', 'ultimate-member' ), $max_length ) ); } + if ( strpos( strtolower( $user_login ), strtolower( $args['user_password'] ) ) > -1 ) { + UM()->form()->add_error( 'user_password', __( 'Your password cannot contain the part of your username', 'ultimate-member' ) ); + } + + if ( strpos( strtolower( $user_email ), strtolower( $args['user_password'] ) ) > -1 ) { + UM()->form()->add_error( 'user_password', __( 'Your password cannot contain the part of your email address', 'ultimate-member' ) ); + } + if ( ! UM()->validation()->strong_pass( $args['user_password'] ) ) { UM()->form()->add_error( 'user_password', __( 'Your password must contain at least one lowercase letter, one capital letter and one number', 'ultimate-member' ) ); } diff --git a/includes/core/um-actions-account.php b/includes/core/um-actions-account.php index 723663a5..84e099fd 100644 --- a/includes/core/um-actions-account.php +++ b/includes/core/um-actions-account.php @@ -93,6 +93,13 @@ function um_submit_account_errors_hook( $args ) { $max_length = UM()->options()->get( 'password_max_chars' ); $max_length = ! empty( $max_length ) ? $max_length : 30; + if ( is_user_logged_in() ) { + um_fetch_user( get_current_user_id() ); + } + + $user_login = um_user( 'user_login' ); + $user_email = um_user( 'user_email' ); + if ( mb_strlen( wp_unslash( $args['user_password'] ) ) < $min_length ) { UM()->form()->add_error( 'user_password', sprintf( __( 'Your password must contain at least %d characters', 'ultimate-member' ), $min_length ) ); } @@ -101,6 +108,14 @@ function um_submit_account_errors_hook( $args ) { UM()->form()->add_error( 'user_password', sprintf( __( 'Your password must contain less than %d characters', 'ultimate-member' ), $max_length ) ); } + if ( strpos( strtolower( $user_login ), strtolower( $args['user_password'] ) ) > -1 ) { + UM()->form()->add_error( 'user_password', __( 'Your password cannot contain the part of your username', 'ultimate-member' ) ); + } + + if ( strpos( strtolower( $user_email ), strtolower( $args['user_password'] ) ) > -1 ) { + UM()->form()->add_error( 'user_password', __( 'Your password cannot contain the part of your email address', 'ultimate-member' ) ); + } + if ( ! UM()->validation()->strong_pass( $args['user_password'] ) ) { UM()->form()->add_error( 'user_password', __( 'Your password must contain at least one lowercase letter, one capital letter and one number', 'ultimate-member' ) ); } diff --git a/includes/core/um-actions-form.php b/includes/core/um-actions-form.php index 15b1ae94..16adb5d5 100644 --- a/includes/core/um-actions-form.php +++ b/includes/core/um-actions-form.php @@ -621,6 +621,14 @@ function um_submit_form_errors_hook_( $args ) { } if ( isset( $array['force_good_pass'] ) && $array['force_good_pass'] == 1 ) { + if ( isset( $args['user_login'] ) && strpos( strtolower( $args['user_login'] ), strtolower( $args['user_password'] ) ) > -1 ) { + UM()->form()->add_error( 'user_password', __( 'Your password cannot contain the part of your username', 'ultimate-member' )); + } + + if ( isset( $args['user_email'] ) && strpos( strtolower( $args['user_email'] ), strtolower( $args['user_password'] ) ) > -1 ) { + UM()->form()->add_error( 'user_password', __( 'Your password cannot contain the part of your email address', 'ultimate-member' )); + } + if ( ! UM()->validation()->strong_pass( $args[ $key ] ) ) { UM()->form()->add_error( $key, __( 'Your password must contain at least one lowercase letter, one capital letter and one number', 'ultimate-member' ) ); }