Merge pull request #81 from jonfalcon/master

Fix validation for change password
This commit is contained in:
Ultimate Member
2016-01-31 17:09:27 +02:00
5 changed files with 167 additions and 161 deletions
+87 -85
View File
@@ -3,44 +3,44 @@
class UM_Account {
function __construct() {
add_shortcode('ultimatemember_account', array(&$this, 'ultimatemember_account'), 1);
add_filter('um_account_page_default_tabs_hook', array(&$this, 'core_tabs'), 1);
add_action('template_redirect', array(&$this, 'account'), 10001 );
add_action('template_redirect', array(&$this, 'form_init'), 10002);
add_filter('um_predefined_fields_hook', array(&$this,'predefined_fields_hook'),1 );
$this->current_tab = 'general';
}
/***
*** @get core account tabs
***/
function core_tabs() {
$tabs[100]['general']['icon'] = 'um-faicon-user';
$tabs[100]['general']['title'] = __('Account','ultimatemember');
$tabs[200]['password']['icon'] = 'um-faicon-asterisk';
$tabs[200]['password']['title'] = __('Change Password','ultimatemember');
$tabs[300]['privacy']['icon'] = 'um-faicon-lock';
$tabs[300]['privacy']['title'] = __('Privacy','ultimatemember');
$tabs[400]['notifications']['icon'] = 'um-faicon-envelope';
$tabs[400]['notifications']['title'] = __('Notifications','ultimatemember');
$tabs[9999]['delete']['icon'] = 'um-faicon-trash-o';
$tabs[9999]['delete']['title'] = __('Delete Account','ultimatemember');
return $tabs;
}
/***
*** @account page form
***/
@@ -48,17 +48,17 @@ class UM_Account {
global $ultimatemember;
if ( um_submitting_account_page() ) {
$ultimatemember->form->post_form = $_POST;
do_action('um_submit_account_errors_hook', $ultimatemember->form->post_form );
if ( !isset($ultimatemember->form->errors) ) {
if ( get_query_var('um_tab') ) {
$this->current_tab = get_query_var('um_tab');
}
do_action('um_submit_account_details', $ultimatemember->form->post_form );
}
@@ -66,177 +66,179 @@ class UM_Account {
}
}
/***
*** @can access account page
***/
function account(){
global $ultimatemember;
if ( um_is_core_page('account') && !is_user_logged_in() ) {
exit( wp_redirect( add_query_arg('redirect_to', urlencode( um_get_core_page('account') ) , um_get_core_page('login') ) ) );
}
if ( um_is_core_page('account') ) {
$ultimatemember->fields->set_mode = 'account';
$ultimatemember->fields->editing = true;
if ( get_query_var('um_tab') ) {
$this->current_tab = get_query_var('um_tab');
}
}
}
/***
*** @get tab link
***/
function tab_link( $id ) {
if ( get_option('permalink_structure') ) {
$url = trailingslashit( untrailingslashit( um_get_core_page('account') ) );
$url = $url . $id . '/';
} else {
$url = add_query_arg( 'um_tab', $id, um_get_core_page('account') );
}
return $url;
}
/***
*** @Add class based on shortcode
***/
function get_class( $mode ){
global $ultimatemember;
$classes = 'um-'.$mode;
if ( is_admin() ) {
$classes .= ' um-in-admin';
}
if ( $ultimatemember->fields->editing == true ) {
$classes .= ' um-editing';
}
if ( $ultimatemember->fields->viewing == true ) {
$classes .= ' um-viewing';
}
$classes = apply_filters('um_form_official_classes__hook', $classes);
return $classes;
}
/***
*** @get tab output
***/
function get_tab_output( $id ) {
global $ultimatemember;
$output = null;
switch( $id ) {
case 'notifications':
$output = apply_filters("um_account_content_hook_{$id}", $output);
return $output;
break;
case 'privacy':
$args = 'profile_privacy,hide_in_members';
$args = apply_filters('um_account_tab_privacy_fields', $args );
$fields = $ultimatemember->builtin->get_specific_fields( $args );
foreach( $fields as $key => $data ){
$output .= $ultimatemember->fields->edit_field( $key, $data );
}
return $output;
break;
case 'delete':
$args = 'single_user_password';
$fields = $ultimatemember->builtin->get_specific_fields( $args );
foreach( $fields as $key => $data ){
$output .= $ultimatemember->fields->edit_field( $key, $data );
}
return $output;
break;
case 'general':
$args = 'user_login,first_name,last_name,user_email';
if ( !um_get_option('account_name') ) {
$args = 'user_login,user_email';
}
if ( !um_get_option('account_email') && !um_user('can_edit_everyone') ) {
$args = str_replace(',user_email','', $args );
}
$fields = $ultimatemember->builtin->get_specific_fields( $args );
foreach( $fields as $key => $data ){
$output .= $ultimatemember->fields->edit_field( $key, $data );
}
return $output;
break;
case 'password':
$args = 'user_password';
$fields = $ultimatemember->builtin->get_specific_fields( $args );
foreach( $fields as $key => $data ){
$output .= $ultimatemember->fields->edit_field( $key, $data );
}
return $output;
break;
default :
$output = apply_filters("um_account_content_hook_{$id}", $output);
return $output;
break;
}
}
/***
*** @Shortcode
***/
function ultimatemember_account( $args = array() ) {
return $this->load( $args );
}
/***
*** @Load a module with global function
***/
function load( $args ) {
global $ultimatemember;
$ultimatemember->user->set( get_current_user_id() );
ob_start();
$defaults = array(
@@ -245,35 +247,35 @@ class UM_Account {
'form_id' => 'um_account_id',
);
$args = wp_parse_args( $args, $defaults );
if ( isset( $args['use_globals'] ) && $args['use_globals'] == 1 ) {
$args = array_merge( $args, $this->get_css_args( $args ) );
} else {
$args = array_merge( $this->get_css_args( $args ), $args );
}
$args = apply_filters('um_account_shortcode_args_filter', $args);
extract( $args, EXTR_SKIP );
do_action("um_pre_{$mode}_shortcode", $args);
do_action("um_before_form_is_loaded", $args);
do_action("um_before_{$mode}_form_is_loaded", $args);
$this->template_load( $template, $args );
if ( !is_admin() && !defined( 'DOING_AJAX' ) ) {
$this->dynamic_css( $args );
}
$output = ob_get_contents();
ob_end_clean();
return $output;
}
/***
*** @Get dynamic css args
***/
@@ -282,7 +284,7 @@ class UM_Account {
$arr = array_merge( $arr, array( 'form_id' => $args['form_id'], 'mode' => $args['mode'] ) );
return $arr;
}
/***
*** @Load dynamic css
***/
@@ -315,7 +317,7 @@ class UM_Account {
if( ! $account_hide_in_directory ){
unset( $predefined_fields['hide_in_members'] );
}
return $predefined_fields;
}
}
}
+2 -2
View File
@@ -101,8 +101,8 @@
$ultimatemember->account->current_tab = 'general';
// change password
if ( $_POST['current_user_password'] != '' ) {
if ( !wp_check_password( $_POST['current_user_password'], um_user('user_pass'), um_user('ID') ) ) {
if ( $_POST['current_user_password'] != '' || $_POST['user_password'] != '' || $_POST['confirm_user_password'] != '') {
if ( $_POST['current_user_password'] == '' || !wp_check_password( $_POST['current_user_password'], um_user('user_pass'), um_user('ID') ) ) {
$ultimatemember->form->add_error('current_user_password', __('This is not your password','ultimatemember') );
$ultimatemember->account->current_tab = 'password';
} else { // correct password
+16 -15
View File
@@ -1,55 +1,56 @@
<?php
/***
*** @adds a form identifier to form
***/
add_action('um_after_form_fields', 'um_add_form_identifier');
function um_add_form_identifier($args){ ?>
<input type="hidden" name="form_id" id="form_id" value="<?php echo $args['form_id']; ?>" />
<?php
}
/***
*** @adds a spam timestamp
***/
add_action('um_after_form_fields', 'um_add_security_checks');
add_action('um_account_page_hidden_fields', 'um_add_security_checks');
function um_add_security_checks($args){
global $ultimatemember;
if ( is_admin() ) return;
echo '<input type="hidden" name="timestamp" id="timestamp" value="'. current_time( 'timestamp' ) .'" />';
?>
<p class="<?php echo $ultimatemember->honeypot; ?>_name">
<label for="<?php echo $ultimatemember->honeypot; ?>"><?php _e( 'Only fill in if you are not human' ); ?></label>
<input type="text" name="<?php echo $ultimatemember->honeypot; ?>" id="<?php echo $ultimatemember->honeypot; ?>" class="input" value="" size="25" autocomplete="off" />
</p>
<?php
}
/***
*** @makes the honeypot invisible
***/
add_action('wp_head', 'um_add_form_honeypot_css');
function um_add_form_honeypot_css() { global $ultimatemember; ?>
<style type="text/css">.<?php echo $ultimatemember->honeypot; ?>_name { display: none !important; }</style>
<?php }
/***
*** @empty the honeypot value
***/
add_action('wp_footer', 'um_add_form_honeypot_js', 99999999999999999 );
function um_add_form_honeypot_js() { global $ultimatemember; ?>
<script type="text/javascript">jQuery( '#<?php echo $ultimatemember->honeypot; ?>' ).val( '' );</script>
<?php
}
}
+33 -33
View File
@@ -3,23 +3,23 @@
class UM_Form {
public $form_suffix;
function __construct() {
$this->post_form = null;
$this->form_suffix = null;
$this->errors = null;
$this->processing = null;
add_action('init', array(&$this, 'form_init'), 2);
add_action('init', array(&$this, 'field_declare'), 10);
}
/***
*** @add errors
***/
@@ -28,7 +28,7 @@ class UM_Form {
$this->errors[$key] = $error;
}
}
/***
*** @has error
***/
@@ -37,7 +37,7 @@ class UM_Form {
return true;
return false;
}
/***
*** @declare all fields
***/
@@ -49,38 +49,38 @@ class UM_Form {
$this->all_fields = null;
}
}
/***
*** @Checks that we've a form
***/
function form_init(){
global $ultimatemember;
if ( isset( $_SERVER['REQUEST_METHOD'] ) ) {
$http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
} else {
$http_post = 'POST';
}
if ( $http_post && !is_admin() && isset( $_POST['form_id'] ) && is_numeric($_POST['form_id']) ) {
$this->form_id = $_POST['form_id'];
$this->form_status = get_post_status( $this->form_id );
if ( $this->form_status == 'publish' ) {
/* save entire form as global */
$this->post_form = $_POST;
$this->post_form = $this->beautify( $this->post_form );
$this->form_data = $ultimatemember->query->post_data( $this->form_id );
$this->post_form['submitted'] = $this->post_form;
$this->post_form = array_merge( $this->form_data, $this->post_form );
if ( isset( $this->form_data['role'] ) && $_POST['role'] != $this->form_data['role'] ) {
if ( isset( $this->form_data['role'] ) && ( (boolean) $this->form_data['role'] ) && $_POST['role'] != $this->form_data['role'] ) {
wp_die( __( 'This is not possible for security reasons.','ultimatemember') );
} else {
if ( isset( $this->form_data['custom_fields'] ) && strstr( $this->form_data['custom_fields'], 'role_' ) ) {
@@ -99,10 +99,10 @@ class UM_Form {
wp_die('Hello, spam bot!');
if ( !in_array( $this->form_data['mode'], array('login') ) ) {
$form_timestamp = trim($_POST['timestamp']);
$live_timestamp = current_time( 'timestamp' );
if ( $form_timestamp == '' && um_get_option('enable_timebot') == 1 )
wp_die( __('Hello, spam bot!') );
@@ -110,30 +110,30 @@ class UM_Form {
wp_die( __('Whoa, slow down! You\'re seeing this message because you tried to submit a form too fast and we think you might be a spam bot. If you are a real human being please wait a few seconds before submitting the form. Thanks!') );
}
/* Continue based on form mode - pre-validation */
do_action('um_submit_form_errors_hook', $this->post_form );
do_action("um_submit_form_{$this->post_form['mode']}", $this->post_form );
}
}
}
/***
*** @Beautify form data
***/
function beautify( $form ){
if (isset($form['form_id'])){
$this->form_suffix = '-' . $form['form_id'];
$this->processing = $form['form_id'];
foreach($form as $key => $value){
if (strstr($key, $this->form_suffix) ) {
$a_key = str_replace( $this->form_suffix, '', $key);
@@ -141,12 +141,12 @@ class UM_Form {
unset($form[$key]);
}
}
}
return $form;
}
/***
*** @Display Form Type as Text
***/
@@ -165,5 +165,5 @@ class UM_Form {
}
return $output;
}
}
}
+29 -26
View File
@@ -5,39 +5,42 @@ class UM_Mail {
function __construct() {
add_filter('mandrill_nl2br', array(&$this, 'mandrill_nl2br') );
$this->force_plain_text = '';
}
/***
*** @mandrill compatibility
***/
function mandrill_nl2br($nl2br, $message = '') {
// text emails
if ( !um_get_option('email_html') ) {
$nl2br = true;
}
return $nl2br;
}
/***
*** @check If template exists
***/
function email_template( $template, $args = array() ) {
$lang = '';
$template_path = false;
if ( function_exists('icl_get_current_language') ) {
if ( icl_get_current_language() != 'en' ) {
$lang = icl_get_current_language() . '/';
}
} else {
$lang = get_locale();
}
if ( file_exists( get_stylesheet_directory() . '/ultimate-member/templates/email/' . $lang . $template . '.html' ) ) {
return get_stylesheet_directory() . '/ultimate-member/templates/email/' . $lang . $template . '.html';
$template_path = get_stylesheet_directory() . '/ultimate-member/templates/email/' . $lang . $template . '.html';
}
if ( isset( $args['path'] ) ) {
@@ -45,30 +48,30 @@ class UM_Mail {
} else {
$path = um_path . 'templates/email/' . $lang;
}
if ( file_exists( $path . $template . '.html' ) ) {
return $path . $template . '.html';
$template_path = $path . $template . '.html';
}
return false;
return apply_filters( 'um_email_template_path', $template_path, $template, $args );
}
/***
*** @sends an email to any user
***/
function send( $email, $template=null, $args = array() ) {
if ( !$template ) return;
if ( um_get_option( $template . '_on' ) != 1 ) return;
if ( !is_email( $email ) ) return;
$this->attachments = null;
$this->headers = 'From: '. um_get_option('mail_from') .' <'. um_get_option('mail_from_addr') .'>' . "\r\n";
$this->subject = um_get_option( $template . '_sub' );
$this->subject = um_convert_tags( $this->subject, $args );
if ( isset( $args['admin'] ) || isset( $args['plain_text'] ) ) {
$this->force_plain_text = 'forced';
}
@@ -80,31 +83,31 @@ class UM_Mail {
} else {
$this->message = um_get_option( $template );
}
// Convert tags in body
$this->message = um_convert_tags( $this->message, $args );
// Send mail
wp_mail( $email, $this->subject, $this->message, $this->headers, $this->attachments );
remove_filter( 'wp_mail_content_type', array(&$this, 'set_content_type') );
// reset globals
$this->force_plain_text = '';
}
/***
*** @maybe sending HTML emails
***/
function set_content_type( $content_type ) {
if ( $this->force_plain_text == 'forced' )
return 'text/plain';
if ( um_get_option('email_html') )
return 'text/html';
return 'text/plain';
}
}
}