mirror of
https://github.com/10h30/ultimatemember.git
synced 2026-07-20 07:04:06 +09:00
- increase security via option for Password field in user account;
This commit is contained in:
@@ -492,7 +492,13 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
|
||||
'id' => 'account_email',
|
||||
'type' => 'checkbox',
|
||||
'label' => __( 'Allow users to change e-mail','ultimate-member' ),
|
||||
'tooltip' => __('Whether to allow users changing their email in account page.','ultimate-member'),
|
||||
'tooltip' => __( 'Whether to allow users changing their email in account page.', 'ultimate-member' ),
|
||||
),
|
||||
array(
|
||||
'id' => 'account_general_password',
|
||||
'type' => 'checkbox',
|
||||
'label' => __( 'Password is required?','ultimate-member' ),
|
||||
'tooltip' => __( 'Password is required to save account data.', 'ultimate-member' ),
|
||||
),
|
||||
array(
|
||||
'id' => 'account_hide_in_directory',
|
||||
|
||||
@@ -498,6 +498,7 @@ if ( ! class_exists( 'um\Config' ) ) {
|
||||
'account_name_disable' => 0,
|
||||
'account_name_require' => 1,
|
||||
'account_email' => 1,
|
||||
'account_general_password' => 0,
|
||||
'account_hide_in_directory' => 1,
|
||||
'account_require_strongpass' => 0,
|
||||
'photo_thumb_sizes' => array( 40, 80, 190 ),
|
||||
|
||||
@@ -65,13 +65,15 @@ if ( ! class_exists( 'um\core\Account' ) ) {
|
||||
|
||||
foreach ( $arr as $id => $info ) {
|
||||
|
||||
if ( ! empty( $args['tab'] ) && $id != $args['tab'] )
|
||||
if ( ! empty( $args['tab'] ) && $id != $args['tab'] ) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$output = $this->get_tab_fields( $id, $args );
|
||||
|
||||
if ( ! empty( $output ) )
|
||||
$tabs_structed[$id] = $info;
|
||||
if ( ! empty( $output ) ) {
|
||||
$tabs_structed[ $id ] = $info;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -518,8 +520,9 @@ if ( ! class_exists( 'um\core\Account' ) ) {
|
||||
UM()->fields()->editing = true;
|
||||
|
||||
if ( ! empty( $this->tab_output[$id]['content'] ) && ! empty( $this->tab_output[$id]['hash'] ) &&
|
||||
$this->tab_output[$id]['hash'] == md5( json_encode( $shortcode_args ) ) )
|
||||
$this->tab_output[$id]['hash'] == md5( json_encode( $shortcode_args ) ) ) {
|
||||
return $this->tab_output[$id]['content'];
|
||||
}
|
||||
|
||||
switch ( $id ) {
|
||||
|
||||
@@ -607,6 +610,10 @@ if ( ! class_exists( 'um\core\Account' ) ) {
|
||||
$args = str_replace(',user_email','', $args );
|
||||
}
|
||||
|
||||
if ( UM()->options()->get( 'account_general_password' ) ) {
|
||||
$args .= ',single_user_password';
|
||||
}
|
||||
|
||||
/**
|
||||
* UM hook
|
||||
*
|
||||
|
||||
@@ -24,10 +24,10 @@ function um_submit_account_errors_hook( $args ) {
|
||||
case 'delete': {
|
||||
// delete account
|
||||
if ( strlen(trim( $_POST['single_user_password'] ) ) == 0 ) {
|
||||
UM()->form()->add_error('single_user_password', __('You must enter your password','ultimate-member') );
|
||||
UM()->form()->add_error( 'single_user_password', __( 'You must enter your password', 'ultimate-member' ) );
|
||||
} else {
|
||||
if ( ! wp_check_password( $_POST['single_user_password'], $user->data->user_pass, $user->data->ID ) ) {
|
||||
UM()->form()->add_error('single_user_password', __('This is not your password','ultimate-member') );
|
||||
UM()->form()->add_error( 'single_user_password', __( 'This is not your password', 'ultimate-member' ) );
|
||||
}
|
||||
}
|
||||
|
||||
@@ -95,14 +95,29 @@ function um_submit_account_errors_hook( $args ) {
|
||||
}
|
||||
|
||||
if ( isset( $_POST['user_email'] ) ) {
|
||||
if ( strlen( trim( $_POST['user_email'] ) ) == 0 )
|
||||
|
||||
if ( strlen( trim( $_POST['user_email'] ) ) == 0 ) {
|
||||
UM()->form()->add_error( 'user_email', __( 'You must provide your e-mail', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
if ( ! is_email( $_POST['user_email'] ) )
|
||||
if ( ! is_email( $_POST['user_email'] ) ) {
|
||||
UM()->form()->add_error( 'user_email', __( 'Please provide a valid e-mail', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
if ( email_exists( $_POST['user_email'] ) && email_exists( $_POST['user_email'] ) != get_current_user_id() )
|
||||
if ( email_exists( $_POST['user_email'] ) && email_exists( $_POST['user_email'] ) != get_current_user_id() ) {
|
||||
UM()->form()->add_error( 'user_email', __( 'Email already linked to another account', 'ultimate-member' ) );
|
||||
}
|
||||
}
|
||||
|
||||
// check account password
|
||||
if ( UM()->options()->get( 'account_general_password' ) ) {
|
||||
if ( strlen( trim( $_POST['single_user_password'] ) ) == 0 ) {
|
||||
UM()->form()->add_error('single_user_password', __( 'You must enter your password', 'ultimate-member' ) );
|
||||
} else {
|
||||
if ( ! wp_check_password( $_POST['single_user_password'], $user->data->user_pass, $user->data->ID ) ) {
|
||||
UM()->form()->add_error('single_user_password', __( 'This is not your password', 'ultimate-member' ) );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
break;
|
||||
|
||||
Reference in New Issue
Block a user