Fix reset and set password validation

This commit is contained in:
Champ Camba
2016-11-30 17:11:41 +08:00
parent 4bbc773cba
commit ad71b63dd1
+9 -2
View File
@@ -170,9 +170,16 @@
wp_die( __('Whoa, slow down! You\'re seeing this message because you tried to submit a form too fast and we think you might be a spam bot. If you are a real human being please wait a few seconds before submitting the form. Thanks!') );
}
$reset_pass_hash = '';
if( isset( $_REQUEST['act'] ) && $_REQUEST['act'] == 'reset_password' && um_is_core_page('password-reset') ){
$reset_pass_hash = get_user_meta( $args['user_id'], 'reset_pass_hash', true );
}
if( !is_user_logged_in() && isset( $args ) && ! um_is_core_page('password-reset') ||
isset( $args['user_id'] ) && um_is_core_page('password-reset') ||
is_user_logged_in() && isset( $args['user_id'] ) && $args['user_id'] != get_current_user_id()
is_user_logged_in() && isset( $args['user_id'] ) && $args['user_id'] != get_current_user_id() ||
!is_user_logged_in() && isset( $_REQUEST['hash'] ) && $reset_pass_hash != $_REQUEST['hash'] && um_is_core_page('password-reset')
){
wp_die( __( 'This is not possible for security reasons.','ultimatemember') );
}