2014-12-22 01:45:24 +02:00
< ? php
2016-03-15 15:32:15 -07:00
2014-12-22 01:45:24 +02:00
/***
*** @process a new request
***/
add_action ( 'um_reset_password_process_hook' , 'um_reset_password_process_hook' );
function um_reset_password_process_hook ( $args ) {
2016-09-14 19:56:00 +08:00
$user = null ;
foreach ( $_POST as $key => $val ) {
if ( strstr ( $key , " username_b " ) ){
$user = trim ( $val );
}
}
2016-03-15 15:32:15 -07:00
2014-12-22 01:45:24 +02:00
if ( ! is_email ( $user ) ) {
$data = get_user_by ( 'login' , $user );
$user_email = $data -> user_email ;
} else {
$data = get_user_by ( 'email' , $user );
$user_email = $user ;
}
2017-07-26 14:57:52 +03:00
UM () -> password () -> reset_request [ 'user_id' ] = $data -> ID ;
UM () -> password () -> reset_request [ 'user_email' ] = $user_email ;
2016-03-15 15:32:15 -07:00
2014-12-22 01:45:24 +02:00
um_fetch_user ( $data -> ID );
2016-03-15 15:32:15 -07:00
2017-07-26 14:57:52 +03:00
UM () -> user () -> password_reset ();
2014-12-22 01:45:24 +02:00
um_reset_user ();
2016-03-15 15:32:15 -07:00
2014-12-22 01:45:24 +02:00
}
2016-03-15 15:32:15 -07:00
2014-12-22 01:45:24 +02:00
/***
*** @process a change request
***/
add_action ( 'um_change_password_process_hook' , 'um_change_password_process_hook' );
function um_change_password_process_hook ( $args ) {
2016-01-18 20:04:18 +08:00
extract ( $args );
2014-12-22 01:45:24 +02:00
wp_set_password ( $args [ 'user_password' ], $args [ 'user_id' ] );
2016-03-15 15:32:15 -07:00
2014-12-22 01:45:24 +02:00
delete_user_meta ( $args [ 'user_id' ], 'reset_pass_hash' );
delete_user_meta ( $args [ 'user_id' ], 'reset_pass_hash_token' );
2016-01-30 02:18:32 +02:00
delete_user_meta ( $args [ 'user_id' ], 'password_rst_attempts' );
2016-01-18 20:04:18 +08:00
2015-01-24 23:39:43 +02:00
do_action ( 'um_after_changing_user_password' , $args [ 'user_id' ] );
2016-03-15 15:32:15 -07:00
2014-12-22 01:45:24 +02:00
if ( is_user_logged_in () ) {
wp_logout ();
}
2016-03-15 15:32:15 -07:00
2014-12-22 01:45:24 +02:00
exit ( wp_redirect ( um_get_core_page ( 'login' , 'password_changed' ) ) );
2016-03-15 15:32:15 -07:00
2014-12-22 01:45:24 +02:00
}
2016-03-15 15:32:15 -07:00
2016-01-18 20:04:18 +08:00
/**
* Overrides password changed notification
2016-03-15 15:32:15 -07:00
*
2016-01-18 20:04:18 +08:00
*/
2017-06-06 13:26:11 +08:00
add_action ( 'send_password_change_email' , 'um_send_password_change_email' );
2017-08-07 16:30:12 +03:00
function um_send_password_change_email ( $args ) {
2016-01-18 20:04:18 +08:00
2017-08-07 16:30:12 +03:00
extract ( $args );
2016-01-18 20:04:18 +08:00
um_fetch_user ( $user_id );
2016-03-15 15:32:15 -07:00
2017-07-26 14:57:52 +03:00
UM () -> user () -> password_changed ();
2016-01-18 20:04:18 +08:00
um_reset_user ();
return false ;
}
2016-03-15 15:32:15 -07:00
2015-01-24 23:39:43 +02:00
/***
*** @This is executed after changing password
***/
add_action ( 'um_after_changing_user_password' , 'um_after_changing_user_password' );
function um_after_changing_user_password ( $user_id ) {
2016-01-18 20:04:18 +08:00
2015-01-24 23:39:43 +02:00
}
2016-03-15 15:32:15 -07:00
2014-12-22 01:45:24 +02:00
/***
*** @Error handler: reset password
***/
add_action ( 'um_reset_password_errors_hook' , 'um_reset_password_errors_hook' );
function um_reset_password_errors_hook ( $args ) {
2016-03-15 15:32:15 -07:00
2017-07-26 14:57:52 +03:00
if ( $_POST [ UM () -> honeypot ] != '' )
2017-06-06 22:37:55 +08:00
wp_die ( 'Hello, spam bot!' , 'ultimate-member' );
2014-12-22 01:45:24 +02:00
$form_timestamp = trim ( $_POST [ 'timestamp' ]);
2015-02-15 20:31:41 +02:00
$live_timestamp = current_time ( 'timestamp' );
2016-03-15 15:32:15 -07:00
2015-03-07 13:07:49 +02:00
if ( $form_timestamp == '' && um_get_option ( 'enable_timebot' ) == 1 )
2017-06-06 22:37:55 +08:00
wp_die ( __ ( 'Hello, spam bot!' , 'ultimate-member' ) );
2014-12-22 01:45:24 +02:00
2015-03-07 13:07:49 +02:00
if ( $live_timestamp - $form_timestamp < 3 && um_get_option ( 'enable_timebot' ) == 1 )
2017-06-06 22:37:55 +08:00
wp_die ( __ ( 'Whoa, slow down! You\'re seeing this message because you tried to submit a form too fast and we think you might be a spam bot. If you are a real human being please wait a few seconds before submitting the form. Thanks!' , 'ultimate-member' ) );
2016-08-21 16:05:29 +08:00
$user = " " ;
foreach ( $_POST as $key => $val ) {
if ( strstr ( $key , " username_b " ) ){
2016-08-25 22:54:19 +08:00
$user = trim ( $val );
2016-08-21 16:05:29 +08:00
}
}
2016-08-25 22:54:19 +08:00
if ( empty ( $user ) ) {
2017-07-26 14:57:52 +03:00
UM () -> form () -> add_error ( 'username_b' , __ ( 'Please provide your username or email' , 'ultimate-member' ) );
2014-12-22 01:45:24 +02:00
}
2016-03-15 15:32:15 -07:00
2014-12-22 01:45:24 +02:00
if ( ( ! is_email ( $user ) && ! username_exists ( $user ) ) || ( is_email ( $user ) && ! email_exists ( $user ) ) ) {
2017-07-26 14:57:52 +03:00
UM () -> form () -> add_error ( 'username_b' , __ ( 'We can\'t find an account registered with that address or username' , 'ultimate-member' ) );
2016-01-30 02:18:32 +02:00
} else {
2016-04-21 20:05:23 +08:00
2016-01-30 02:18:32 +02:00
if ( is_email ( $user ) ) {
$user_id = email_exists ( $user );
} else {
$user_id = username_exists ( $user );
}
2016-04-21 20:05:23 +08:00
2016-01-30 02:18:32 +02:00
$attempts = ( int ) get_user_meta ( $user_id , 'password_rst_attempts' , true );
2016-04-21 20:05:23 +08:00
$is_admin = user_can ( intval ( $user_id ), 'manage_options' );
if ( um_get_option ( 'enable_reset_password_limit' ) ){ // if reset password limit is set
if ( um_get_option ( 'disable_admin_reset_password_limit' ) && $is_admin ){
// Triggers this when a user has admin capabilities and when reset password limit is disabled for admins
} else {
$limit = um_get_option ( 'reset_password_limit_number' );
if ( $attempts >= $limit ) {
2017-07-26 14:57:52 +03:00
UM () -> form () -> add_error ( 'username_b' , __ ( 'You have reached the limit for requesting password change for this user already. Contact support if you cannot open the email' , 'ultimate-member' ) );
2016-04-21 20:05:23 +08:00
} else {
update_user_meta ( $user_id , 'password_rst_attempts' , $attempts + 1 );
}
}
2016-01-30 02:18:32 +02:00
}
2014-12-22 01:45:24 +02:00
}
2016-03-15 15:32:15 -07:00
2014-12-22 01:45:24 +02:00
}
2016-03-15 15:32:15 -07:00
2014-12-22 01:45:24 +02:00
/***
*** @Error handler: changing password
***/
add_action ( 'um_change_password_errors_hook' , 'um_change_password_errors_hook' );
function um_change_password_errors_hook ( $args ) {
2017-07-26 14:57:52 +03:00
if ( isset ( $_POST [ UM () -> honeypot ] ) && $_POST [ UM () -> honeypot ] != '' ){
2017-06-06 22:37:55 +08:00
wp_die ( 'Hello, spam bot!' , 'ultimate-member' );
2016-11-23 12:30:53 +08:00
}
2014-12-22 01:45:24 +02:00
$form_timestamp = trim ( $_POST [ 'timestamp' ]);
2015-02-15 20:31:41 +02:00
$live_timestamp = current_time ( 'timestamp' );
2016-03-15 15:32:15 -07:00
2015-03-07 13:07:49 +02:00
if ( $form_timestamp == '' && um_get_option ( 'enable_timebot' ) == 1 )
2017-06-06 22:37:55 +08:00
wp_die ( __ ( 'Hello, spam bot!' , 'ultimate-member' ) );
2014-12-22 01:45:24 +02:00
2016-09-09 20:31:16 +08:00
if ( $live_timestamp - $form_timestamp < 3 && um_get_option ( 'enable_timebot' ) == 1 ){
2017-06-06 22:37:55 +08:00
wp_die ( __ ( 'Whoa, slow down! You\'re seeing this message because you tried to submit a form too fast and we think you might be a spam bot. If you are a real human being please wait a few seconds before submitting the form. Thanks!' , 'ultimate-member' ) );
2016-09-09 20:31:16 +08:00
}
2016-11-23 12:30:53 +08:00
2016-11-30 17:11:41 +08:00
$reset_pass_hash = '' ;
if ( isset ( $_REQUEST [ 'act' ] ) && $_REQUEST [ 'act' ] == 'reset_password' && um_is_core_page ( 'password-reset' ) ){
$reset_pass_hash = get_user_meta ( $args [ 'user_id' ], 'reset_pass_hash' , true );
}
2016-11-30 13:28:31 +08:00
if ( ! is_user_logged_in () && isset ( $args ) && ! um_is_core_page ( 'password-reset' ) ||
2016-11-30 17:11:41 +08:00
is_user_logged_in () && isset ( $args [ 'user_id' ] ) && $args [ 'user_id' ] != get_current_user_id () ||
! is_user_logged_in () && isset ( $_REQUEST [ 'hash' ] ) && $reset_pass_hash != $_REQUEST [ 'hash' ] && um_is_core_page ( 'password-reset' )
2016-11-30 13:28:31 +08:00
){
2017-06-06 22:37:55 +08:00
wp_die ( __ ( 'This is not possible for security reasons.' , 'ultimate-member' ) );
2016-11-23 12:30:53 +08:00
}
2016-03-15 15:32:15 -07:00
2016-09-09 20:31:16 +08:00
if ( isset ( $args [ 'user_password' ] ) && empty ( $args [ 'user_password' ] ) ) {
2017-07-26 14:57:52 +03:00
UM () -> form () -> add_error ( 'user_password' , __ ( 'You must enter a new password' , 'ultimate-member' ) );
2014-12-22 01:45:24 +02:00
}
2015-03-12 18:22:29 +02:00
if ( um_get_option ( 'reset_require_strongpass' ) ) {
2016-03-15 15:32:15 -07:00
2015-03-12 18:22:29 +02:00
if ( strlen ( utf8_decode ( $args [ 'user_password' ] ) ) < 8 ) {
2017-07-26 14:57:52 +03:00
UM () -> form () -> add_error ( 'user_password' , __ ( 'Your password must contain at least 8 characters' , 'ultimate-member' ) );
2015-03-12 18:22:29 +02:00
}
2016-03-15 15:32:15 -07:00
2015-03-12 18:22:29 +02:00
if ( strlen ( utf8_decode ( $args [ 'user_password' ] ) ) > 30 ) {
2017-07-26 14:57:52 +03:00
UM () -> form () -> add_error ( 'user_password' , __ ( 'Your password must contain less than 30 characters' , 'ultimate-member' ) );
2015-03-12 18:22:29 +02:00
}
2014-12-22 01:45:24 +02:00
2017-07-26 14:57:52 +03:00
if ( ! UM () -> validation () -> strong_pass ( $args [ 'user_password' ] ) ) {
UM () -> form () -> add_error ( 'user_password' , __ ( 'Your password must contain at least one lowercase letter, one capital letter and one number' , 'ultimate-member' ) );
2015-03-12 18:22:29 +02:00
}
2016-03-15 15:32:15 -07:00
2014-12-22 01:45:24 +02:00
}
2016-09-09 20:31:16 +08:00
if ( isset ( $args [ 'confirm_user_password' ] ) && empty ( $args [ 'confirm_user_password' ] ) ) {
2017-07-26 14:57:52 +03:00
UM () -> form () -> add_error ( 'confirm_user_password' , __ ( 'You must confirm your new password' , 'ultimate-member' ) );
2014-12-22 01:45:24 +02:00
}
2016-03-15 15:32:15 -07:00
2016-09-07 21:20:51 +08:00
if ( isset ( $args [ 'user_password' ] ) && isset ( $args [ 'confirm_user_password' ] ) && $args [ 'user_password' ] != $args [ 'confirm_user_password' ] ) {
2017-07-26 14:57:52 +03:00
UM () -> form () -> add_error ( 'confirm_user_password' , __ ( 'Your passwords do not match' , 'ultimate-member' ) );
2014-12-22 01:45:24 +02:00
}
}
2016-03-15 15:32:15 -07:00
2014-12-22 01:45:24 +02:00
/***
*** @hidden fields
***/
add_action ( 'um_change_password_page_hidden_fields' , 'um_change_password_page_hidden_fields' );
function um_change_password_page_hidden_fields ( $args ) {
2016-03-15 15:32:15 -07:00
2014-12-22 01:45:24 +02:00
?>
2016-03-15 15:32:15 -07:00
2014-12-22 01:45:24 +02:00
<input type="hidden" name="_um_password_change" id="_um_password_change" value="1" />
2016-03-15 15:32:15 -07:00
2014-12-22 01:45:24 +02:00
<input type="hidden" name="user_id" id="user_id" value="<?php echo $args['user_id']; ?>" />
2016-03-15 15:32:15 -07:00
2014-12-22 01:45:24 +02:00
<?php
2016-03-15 15:32:15 -07:00
2014-12-22 01:45:24 +02:00
}
2016-03-15 15:32:15 -07:00
2014-12-22 01:45:24 +02:00
/***
*** @hidden fields
***/
add_action('um_reset_password_page_hidden_fields','um_reset_password_page_hidden_fields');
function um_reset_password_page_hidden_fields( $args ) {
2016-03-15 15:32:15 -07:00
2014-12-22 01:45:24 +02:00
?>
2016-03-15 15:32:15 -07:00
2014-12-22 01:45:24 +02:00
<input type="hidden" name="_um_password_reset" id="_um_password_reset" value="1" />
2016-03-15 15:32:15 -07:00
2014-12-22 01:45:24 +02:00
<?php
2016-03-15 15:32:15 -07:00
2014-12-22 01:45:24 +02:00
}
2016-03-15 15:32:15 -07:00
2014-12-22 01:45:24 +02:00
/***
*** @form content
***/
add_action('um_reset_password_form', 'um_reset_password_form');
2016-03-15 15:32:15 -07:00
function um_reset_password_form($args) {
2017-07-26 14:57:52 +03:00
$fields = UM()->builtin()->get_specific_fields('password_reset_text,username_b'); ?>
2016-03-15 15:32:15 -07:00
2014-12-22 01:45:24 +02:00
<?php $output = null;
foreach( $fields as $key => $data ) {
2017-07-26 14:57:52 +03:00
$output .= UM()->fields()->edit_field( $key, $data );
2014-12-22 01:45:24 +02:00
}echo $output; ?>
2016-03-15 15:32:15 -07:00
<?php do_action( 'um_after_password_reset_fields', $args ); ?>
2014-12-22 01:45:24 +02:00
<div class="um-col-alt um-col-alt-b">
2016-03-15 15:32:15 -07:00
2017-07-08 00:23:17 +08:00
<div class="um-center"><input type="submit" value="<?php _e('Reset my password','ultimate-member'); ?>" class="um-button" id="um-submit-btn" /></div>
2016-03-15 15:32:15 -07:00
2014-12-22 01:45:24 +02:00
<div class="um-clear"></div>
2016-03-15 15:32:15 -07:00
2014-12-22 01:45:24 +02:00
</div>
2016-03-15 15:32:15 -07:00
2014-12-22 01:45:24 +02:00
<?php
2016-03-15 15:32:15 -07:00
2014-12-22 01:45:24 +02:00
}
2016-03-15 15:32:15 -07:00
2014-12-22 01:45:24 +02:00
/***
*** @change password form
***/
add_action('um_change_password_form', 'um_change_password_form');
function um_change_password_form() {
2016-03-15 15:32:15 -07:00
2017-07-26 14:57:52 +03:00
$fields = UM()->builtin()->get_specific_fields('user_password'); ?>
2016-03-15 15:32:15 -07:00
2014-12-22 01:45:24 +02:00
<?php $output = null;
foreach( $fields as $key => $data ) {
2017-07-26 14:57:52 +03:00
$output .= UM()->fields()->edit_field( $key, $data );
2014-12-22 01:45:24 +02:00
}echo $output; ?>
2016-03-15 15:32:15 -07:00
2014-12-22 01:45:24 +02:00
<div class="um-col-alt um-col-alt-b">
2016-03-15 15:32:15 -07:00
2017-07-26 14:57:52 +03:00
<div class="um-center"><input type="submit" value="<?php _e('Change my password','ultimate-member'); ?>" class="um-button" id="um-submit-btn" /></div>
2016-03-15 15:32:15 -07:00
2014-12-22 01:45:24 +02:00
<div class="um-clear"></div>
2016-03-15 15:32:15 -07:00
2014-12-22 01:45:24 +02:00
</div>
2016-03-15 15:32:15 -07:00
2014-12-22 01:45:24 +02:00
<?php
2016-03-15 15:32:15 -07:00
}
