10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity

- closed #1101;

Browse Source
This commit is contained in:
Nikita Sinelnikov
2022-12-13 14:53:35 +02:00
parent 0a6b95edf2
commit 19c83933f2
3 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
includes/admin/core/class-admin-settings.php
+9
View File
@@ -759,6 +759,9 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
'reset_password_limit_number' => array(
'sanitize' => 'absint',
),
'change_password_request_limit' => array(
'sanitize' => 'bool',
),
'blocked_emails' => array(
'sanitize' => 'textarea',
),
@@ -1285,6 +1288,12 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
'conditional' => array( 'enable_reset_password_limit', '=', 1 ),
'size' => 'small',
),
array(
'id' => 'change_password_request_limit',
'type' => 'checkbox',
'label' => __( 'Change Password request limit', 'ultimate-member' ),
'tooltip' => __( 'This option adds rate limit when submitting the change password form in the Account page. Users are only allowed to submit 1 request per 30 minutes to prevent from any brute-force attacks or password guessing with the form.', 'ultimate-member' ),
),
array(
'id' => 'blocked_emails',
'type' => 'textarea',
includes/class-config.php
+1
View File
@@ -553,6 +553,7 @@ if ( ! class_exists( 'um\Config' ) ) {
'restricted_block_message' => '',
'enable_reset_password_limit' => 1,
'reset_password_limit_number' => 3,
'change_password_request_limit' => false,
'blocked_emails' => '',
'blocked_words' => 'admin' . "\r\n" . 'administrator' . "\r\n" . 'webmaster' . "\r\n" . 'support' . "\r\n" . 'staff',
'allowed_choice_callbacks' => '',
includes/core/class-password.php
+12
View File
@@ -526,6 +526,18 @@ if ( ! class_exists( 'um\core\Password' ) ) {
}
}
if ( ! empty( $args['user_password'] ) && UM()->options()->get( 'change_password_request_limit' ) && is_user_logged_in() ) {
$transient_id = '_um_change_password_rate_limit__' . um_user( 'ID' );
$last_request = get_transient( $transient_id );
$request_limit_time = apply_filters( 'um_change_password_attempt_limit_interval', 30 * MINUTE_IN_SECONDS );
if ( ! $last_request ) {
set_transient( $transient_id, time(), $request_limit_time );
} else {
UM()->form()->add_error( 'user_password', __( 'Unable to change password because of password change limit. Please try again later.', 'ultimate-member' ) );
return;
}
}
if ( isset( $args['user_password'] ) && empty( $args['user_password'] ) ) {
UM()->form()->add_error( 'user_password', __( 'You must enter a new password', 'ultimate-member' ) );
}