diff --git a/core/um-actions-account.php b/core/um-actions-account.php index 40c694bd..977e52ef 100644 --- a/core/um-actions-account.php +++ b/core/um-actions-account.php @@ -129,7 +129,10 @@ $ultimatemember->account->current_tab = 'general'; // change password - if ( $_POST['current_user_password'] != '' || $_POST['user_password'] != '' || $_POST['confirm_user_password'] != '') { + if ( ( isset( $_POST['current_user_password'] ) && $_POST['current_user_password'] != '' ) || + ( isset( $_POST['user_password'] ) && $_POST['user_password'] != '' ) || + ( isset( $_POST['confirm_user_password'] ) && $_POST['confirm_user_password'] != '') ) { + if ( $_POST['current_user_password'] == '' || ! wp_check_password( $_POST['current_user_password'], $user->data->user_pass, $user->data->ID ) ) { $ultimatemember->form->add_error('current_user_password', __('This is not your password','ultimatemember') ); diff --git a/core/um-actions-password.php b/core/um-actions-password.php index 9795bc3c..b34fb457 100644 --- a/core/um-actions-password.php +++ b/core/um-actions-password.php @@ -161,7 +161,7 @@ if ( $live_timestamp - $form_timestamp < 3 && um_get_option('enable_timebot') == 1 ) wp_die( __('Whoa, slow down! You\'re seeing this message because you tried to submit a form too fast and we think you might be a spam bot. If you are a real human being please wait a few seconds before submitting the form. Thanks!') ); - if ( !$args['user_password'] ) { + if ( isset( $args['user_password'] ) && ! empty( $args['user_password'] ) ) { $ultimatemember->form->add_error('user_password', __('You must enter a new password','ultimatemember') ); } @@ -181,11 +181,11 @@ } - if ( !$args['confirm_user_password'] ) { + if ( isset( $args['confirm_user_password'] ) && ! empty( $args['confirm_user_password'] ) ) { $ultimatemember->form->add_error('confirm_user_password', __('You must confirm your new password','ultimatemember') ); } - if ( $args['user_password'] != $args['confirm_user_password'] ) { + if ( isset( $args['user_password'] ) && isset( $args['confirm_user_password'] ) && $args['user_password'] != $args['confirm_user_password'] ) { $ultimatemember->form->add_error('confirm_user_password', __('Your passwords do not match','ultimatemember') ); }