mirror of
https://github.com/10h30/ultimatemember.git
synced 2026-07-11 18:56:10 +09:00
Fix reset and set password validation
This commit is contained in:
@@ -170,9 +170,16 @@
|
||||
wp_die( __('Whoa, slow down! You\'re seeing this message because you tried to submit a form too fast and we think you might be a spam bot. If you are a real human being please wait a few seconds before submitting the form. Thanks!') );
|
||||
}
|
||||
|
||||
$reset_pass_hash = '';
|
||||
|
||||
if( isset( $_REQUEST['act'] ) && $_REQUEST['act'] == 'reset_password' && um_is_core_page('password-reset') ){
|
||||
$reset_pass_hash = get_user_meta( $args['user_id'], 'reset_pass_hash', true );
|
||||
|
||||
}
|
||||
|
||||
if( !is_user_logged_in() && isset( $args ) && ! um_is_core_page('password-reset') ||
|
||||
isset( $args['user_id'] ) && um_is_core_page('password-reset') ||
|
||||
is_user_logged_in() && isset( $args['user_id'] ) && $args['user_id'] != get_current_user_id()
|
||||
is_user_logged_in() && isset( $args['user_id'] ) && $args['user_id'] != get_current_user_id() ||
|
||||
!is_user_logged_in() && isset( $_REQUEST['hash'] ) && $reset_pass_hash != $_REQUEST['hash'] && um_is_core_page('password-reset')
|
||||
){
|
||||
wp_die( __( 'This is not possible for security reasons.','ultimatemember') );
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user