diff --git a/core/um-actions-password.php b/core/um-actions-password.php index 79f8f37a..ed2c7a16 100644 --- a/core/um-actions-password.php +++ b/core/um-actions-password.php @@ -170,9 +170,16 @@ wp_die( __('Whoa, slow down! You\'re seeing this message because you tried to submit a form too fast and we think you might be a spam bot. If you are a real human being please wait a few seconds before submitting the form. Thanks!') ); } + $reset_pass_hash = ''; + + if( isset( $_REQUEST['act'] ) && $_REQUEST['act'] == 'reset_password' && um_is_core_page('password-reset') ){ + $reset_pass_hash = get_user_meta( $args['user_id'], 'reset_pass_hash', true ); + + } + if( !is_user_logged_in() && isset( $args ) && ! um_is_core_page('password-reset') || - isset( $args['user_id'] ) && um_is_core_page('password-reset') || - is_user_logged_in() && isset( $args['user_id'] ) && $args['user_id'] != get_current_user_id() + is_user_logged_in() && isset( $args['user_id'] ) && $args['user_id'] != get_current_user_id() || + !is_user_logged_in() && isset( $_REQUEST['hash'] ) && $reset_pass_hash != $_REQUEST['hash'] && um_is_core_page('password-reset') ){ wp_die( __( 'This is not possible for security reasons.','ultimatemember') ); }