- increase security via option for Password field in user account;

This commit is contained in:
nikitasinelnikov
2019-03-12 09:13:40 +02:00
parent 19ffd41e22
commit a199f35cc7
7 changed files with 120 additions and 84 deletions
+7 -1
View File
@@ -492,7 +492,13 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
'id' => 'account_email',
'type' => 'checkbox',
'label' => __( 'Allow users to change e-mail','ultimate-member' ),
'tooltip' => __('Whether to allow users changing their email in account page.','ultimate-member'),
'tooltip' => __( 'Whether to allow users changing their email in account page.', 'ultimate-member' ),
),
array(
'id' => 'account_general_password',
'type' => 'checkbox',
'label' => __( 'Password is required?','ultimate-member' ),
'tooltip' => __( 'Password is required to save account data.', 'ultimate-member' ),
),
array(
'id' => 'account_hide_in_directory',
+1
View File
@@ -498,6 +498,7 @@ if ( ! class_exists( 'um\Config' ) ) {
'account_name_disable' => 0,
'account_name_require' => 1,
'account_email' => 1,
'account_general_password' => 0,
'account_hide_in_directory' => 1,
'account_require_strongpass' => 0,
'photo_thumb_sizes' => array( 40, 80, 190 ),
+11 -4
View File
@@ -65,13 +65,15 @@ if ( ! class_exists( 'um\core\Account' ) ) {
foreach ( $arr as $id => $info ) {
if ( ! empty( $args['tab'] ) && $id != $args['tab'] )
if ( ! empty( $args['tab'] ) && $id != $args['tab'] ) {
continue;
}
$output = $this->get_tab_fields( $id, $args );
if ( ! empty( $output ) )
$tabs_structed[$id] = $info;
if ( ! empty( $output ) ) {
$tabs_structed[ $id ] = $info;
}
}
@@ -518,8 +520,9 @@ if ( ! class_exists( 'um\core\Account' ) ) {
UM()->fields()->editing = true;
if ( ! empty( $this->tab_output[$id]['content'] ) && ! empty( $this->tab_output[$id]['hash'] ) &&
$this->tab_output[$id]['hash'] == md5( json_encode( $shortcode_args ) ) )
$this->tab_output[$id]['hash'] == md5( json_encode( $shortcode_args ) ) ) {
return $this->tab_output[$id]['content'];
}
switch ( $id ) {
@@ -607,6 +610,10 @@ if ( ! class_exists( 'um\core\Account' ) ) {
$args = str_replace(',user_email','', $args );
}
if ( UM()->options()->get( 'account_general_password' ) ) {
$args .= ',single_user_password';
}
/**
* UM hook
*
+20 -5
View File
@@ -24,10 +24,10 @@ function um_submit_account_errors_hook( $args ) {
case 'delete': {
// delete account
if ( strlen(trim( $_POST['single_user_password'] ) ) == 0 ) {
UM()->form()->add_error('single_user_password', __('You must enter your password','ultimate-member') );
UM()->form()->add_error( 'single_user_password', __( 'You must enter your password', 'ultimate-member' ) );
} else {
if ( ! wp_check_password( $_POST['single_user_password'], $user->data->user_pass, $user->data->ID ) ) {
UM()->form()->add_error('single_user_password', __('This is not your password','ultimate-member') );
UM()->form()->add_error( 'single_user_password', __( 'This is not your password', 'ultimate-member' ) );
}
}
@@ -95,14 +95,29 @@ function um_submit_account_errors_hook( $args ) {
}
if ( isset( $_POST['user_email'] ) ) {
if ( strlen( trim( $_POST['user_email'] ) ) == 0 )
if ( strlen( trim( $_POST['user_email'] ) ) == 0 ) {
UM()->form()->add_error( 'user_email', __( 'You must provide your e-mail', 'ultimate-member' ) );
}
if ( ! is_email( $_POST['user_email'] ) )
if ( ! is_email( $_POST['user_email'] ) ) {
UM()->form()->add_error( 'user_email', __( 'Please provide a valid e-mail', 'ultimate-member' ) );
}
if ( email_exists( $_POST['user_email'] ) && email_exists( $_POST['user_email'] ) != get_current_user_id() )
if ( email_exists( $_POST['user_email'] ) && email_exists( $_POST['user_email'] ) != get_current_user_id() ) {
UM()->form()->add_error( 'user_email', __( 'Email already linked to another account', 'ultimate-member' ) );
}
}
// check account password
if ( UM()->options()->get( 'account_general_password' ) ) {
if ( strlen( trim( $_POST['single_user_password'] ) ) == 0 ) {
UM()->form()->add_error('single_user_password', __( 'You must enter your password', 'ultimate-member' ) );
} else {
if ( ! wp_check_password( $_POST['single_user_password'], $user->data->user_pass, $user->data->ID ) ) {
UM()->form()->add_error('single_user_password', __( 'This is not your password', 'ultimate-member' ) );
}
}
}
break;