From 2a1499aa4d4d9244cc4a2d1f87500892b8bb5b08 Mon Sep 17 00:00:00 2001 From: nikitasinelnikov Date: Thu, 21 May 2020 16:41:21 +0300 Subject: [PATCH] - fixed wp-login error when use email with wrong password; --- includes/core/um-actions-form.php | 83 ++++++++++++++++-------------- includes/core/um-actions-login.php | 31 ++++------- includes/core/um-filters-login.php | 67 +++++------------------- readme.txt | 6 +++ 4 files changed, 73 insertions(+), 114 deletions(-) diff --git a/includes/core/um-actions-form.php b/includes/core/um-actions-form.php index 5306b6d7..baa868fb 100644 --- a/includes/core/um-actions-form.php +++ b/includes/core/um-actions-form.php @@ -1,4 +1,4 @@ -options()->get( 'blocked_emails' ); - if ( ! $emails ) + if ( ! $emails ) { return; + } - $emails = array_map("rtrim", explode("\n", $emails)); + $emails = array_map( 'rtrim', explode( "\n", $emails ) ); if ( isset( $args['user_email'] ) && is_email( $args['user_email'] ) ) { - $domain = explode('@', $args['user_email'] ); - $check_domain = str_replace($domain[0], '*', $args['user_email']); + $domain = explode( '@', $args['user_email'] ); + $check_domain = str_replace( $domain[0], '*', $args['user_email'] ); - if ( in_array( $args['user_email'], $emails ) ) - exit( wp_redirect( esc_url( add_query_arg('err', 'blocked_email') ) ) ); + if ( in_array( $args['user_email'], $emails ) ) { + exit( wp_redirect( esc_url( add_query_arg( 'err', 'blocked_email' ) ) ) ); + } - if ( in_array( $check_domain, $emails ) ) - exit( wp_redirect( esc_url( add_query_arg('err', 'blocked_domain') ) ) ); + if ( in_array( $check_domain, $emails ) ) { + exit( wp_redirect( esc_url( add_query_arg( 'err', 'blocked_domain' ) ) ) ); + } } if ( isset( $args['username'] ) && is_email( $args['username'] ) ) { - $domain = explode('@', $args['username'] ); - $check_domain = str_replace($domain[0], '*', $args['username']); + $domain = explode( '@', $args['username'] ); + $check_domain = str_replace( $domain[0], '*', $args['username'] ); - if ( in_array( $args['username'], $emails ) ) - exit( wp_redirect( esc_url( add_query_arg('err', 'blocked_email') ) ) ); + if ( in_array( $args['username'], $emails ) ) { + exit( wp_redirect( esc_url( add_query_arg( 'err', 'blocked_email' ) ) ) ); + } - if ( in_array( $check_domain, $emails ) ) - exit( wp_redirect( esc_url( add_query_arg('err', 'blocked_domain') ) ) ); + if ( in_array( $check_domain, $emails ) ) { + exit( wp_redirect( esc_url( add_query_arg( 'err', 'blocked_domain' ) ) ) ); + } } } @@ -47,18 +52,19 @@ add_action( 'um_submit_form_errors_hook__blockedemails', 'um_submit_form_errors_ * * @param $args */ -function um_submit_form_errors_hook__blockedips($args){ - $ips = UM()->options()->get('blocked_ips'); - if ( !$ips ) +function um_submit_form_errors_hook__blockedips( $args ) { + $ips = UM()->options()->get( 'blocked_ips' ); + if ( ! $ips ) { return; + } - $ips = array_map("rtrim", explode("\n", $ips)); + $ips = array_map( 'rtrim', explode( "\n", $ips ) ); $user_ip = um_user_ip(); - foreach($ips as $ip) { - $ip = str_replace('*','',$ip); - if ( !empty( $ip ) && strpos($user_ip, $ip) === 0) { - exit( wp_redirect( esc_url( add_query_arg('err', 'blocked_ip') ) ) ); + foreach ( $ips as $ip ) { + $ip = str_replace( '*', '', $ip ); + if ( ! empty( $ip ) && strpos( $user_ip, $ip ) === 0 ) { + exit( wp_redirect( esc_url( add_query_arg( 'err', 'blocked_ip' ) ) ) ); } } } @@ -71,24 +77,24 @@ add_action( 'um_submit_form_errors_hook__blockedips', 'um_submit_form_errors_hoo * @param $args */ function um_submit_form_errors_hook__blockedwords( $args ) { + $words = UM()->options()->get( 'blocked_words' ); + if ( empty( $words ) ) { + return; + } + $form_id = $args['form_id']; $mode = $args['mode']; $fields = unserialize( $args['custom_fields'] ); - $words = UM()->options()->get('blocked_words'); - if ( $words != '' ) { - - $words = array_map("rtrim", explode("\n", $words)); - if ( ! empty( $fields ) && is_array( $fields ) ) { - foreach ( $fields as $key => $array ) { - if ( isset($array['validate']) && in_array( $array['validate'], array('unique_username','unique_email','unique_username_or_email') ) ) { - if ( ! UM()->form()->has_error( $key ) && isset( $args[$key] ) && in_array( $args[$key], $words ) ) { - UM()->form()->add_error( $key, __('You are not allowed to use this word as your username.','ultimate-member') ); - } + $words = array_map( 'rtrim', explode( "\n", $words ) ); + if ( ! empty( $fields ) && is_array( $fields ) ) { + foreach ( $fields as $key => $array ) { + if ( isset( $array['validate'] ) && in_array( $array['validate'], array( 'unique_username', 'unique_email', 'unique_username_or_email' ) ) ) { + if ( ! UM()->form()->has_error( $key ) && isset( $args[ $key ] ) && in_array( $args[ $key ], $words ) ) { + UM()->form()->add_error( $key, __( 'You are not allowed to use this word as your username.', 'ultimate-member' ) ); } } } - } } add_action( 'um_submit_form_errors_hook__blockedwords', 'um_submit_form_errors_hook__blockedwords', 10 ); @@ -127,9 +133,10 @@ function um_submit_form_errors_hook( $args ) { * } * ?> */ - do_action( "um_submit_form_errors_hook__registration", $args ); + do_action( 'um_submit_form_errors_hook__registration', $args ); } + /** * UM hook * @@ -149,7 +156,7 @@ function um_submit_form_errors_hook( $args ) { * } * ?> */ - do_action( "um_submit_form_errors_hook__blockedips", $args ); + do_action( 'um_submit_form_errors_hook__blockedips', $args ); /** * UM hook * @@ -169,7 +176,7 @@ function um_submit_form_errors_hook( $args ) { * } * ?> */ - do_action( "um_submit_form_errors_hook__blockedemails", $args ); + do_action( 'um_submit_form_errors_hook__blockedemails', $args ); if ( $mode == 'login' ) { /** @@ -253,7 +260,7 @@ function um_submit_form_errors_hook( $args ) { * } * ?> */ - do_action( "um_submit_form_errors_hook__blockedwords", $args ); + do_action( 'um_submit_form_errors_hook__blockedwords', $args ); } diff --git a/includes/core/um-actions-login.php b/includes/core/um-actions-login.php index 48ed5cef..5c773012 100644 --- a/includes/core/um-actions-login.php +++ b/includes/core/um-actions-login.php @@ -27,22 +27,25 @@ function um_submit_form_errors_hook_login( $args ) { } if ( isset( $args['username'] ) ) { + $authenticate = $args['username']; $field = 'username'; if ( is_email( $args['username'] ) ) { $is_email = true; $data = get_user_by('email', $args['username'] ); - $user_name = (isset ( $data->user_login ) ) ? $data->user_login : null; + $user_name = isset( $data->user_login ) ? $data->user_login : null; } else { $user_name = $args['username']; } } elseif ( isset( $args['user_email'] ) ) { + $authenticate = $args['user_email']; $field = 'user_email'; $is_email = true; $data = get_user_by('email', $args['user_email'] ); - $user_name = (isset ( $data->user_login ) ) ? $data->user_login : null; + $user_name = isset( $data->user_login ) ? $data->user_login : null; } else { $field = 'user_login'; $user_name = $args['user_login']; + $authenticate = $args['user_login']; } if ( $args['user_password'] == '' ) { @@ -56,18 +59,16 @@ function um_submit_form_errors_hook_login( $args ) { UM()->form()->add_error( 'user_password', __( 'Password is incorrect. Please try again.', 'ultimate-member' ) ); } - $user = apply_filters( 'authenticate', null, $user_name, $args['user_password'] ); - - $authenticate_user = apply_filters( 'wp_authenticate_user', $user_name, $args['user_password'] ); - // @since 4.18 replacement for 'wp_login_failed' action hook // see WP function wp_authenticate() - $ignore_codes = array('empty_username', 'empty_password'); + $ignore_codes = array( 'empty_username', 'empty_password' ); + $user = apply_filters( 'authenticate', null, $authenticate, $args['user_password'] ); if ( is_wp_error( $user ) && ! in_array( $user->get_error_code(), $ignore_codes ) ) { UM()->form()->add_error( $user->get_error_code(), __( $user->get_error_message(), 'ultimate-member' ) ); } + $authenticate_user = apply_filters( 'wp_authenticate_user', $user_name, $args['user_password'] ); if ( is_wp_error( $authenticate_user ) && ! in_array( $authenticate_user->get_error_code(), $ignore_codes ) ) { UM()->form()->add_error( $authenticate_user->get_error_code(), __( $authenticate_user->get_error_message(), 'ultimate-member' ) ); } @@ -469,18 +470,4 @@ add_action( 'um_after_login_fields', 'um_after_login_submit', 1001 ); function um_add_login_fields( $args ) { echo UM()->fields()->display( 'login', $args ); } -add_action( 'um_main_login_fields', 'um_add_login_fields', 100 ); - - -/** - * Remove authenticate filter - * @uses 'wp_authenticate_username_password_before' - * - * @param $user - * @param $username - * @param $password - */ -function um_auth_username_password_before( $user, $username, $password ) { - remove_filter( 'authenticate', 'wp_authenticate_username_password', 20 ); -} -add_action( 'wp_authenticate_username_password_before', 'um_auth_username_password_before', 10, 3 ); \ No newline at end of file +add_action( 'um_main_login_fields', 'um_add_login_fields', 100 ); \ No newline at end of file diff --git a/includes/core/um-filters-login.php b/includes/core/um-filters-login.php index 515fea55..3a058378 100644 --- a/includes/core/um-filters-login.php +++ b/includes/core/um-filters-login.php @@ -55,7 +55,7 @@ add_filter( 'login_message', 'um_custom_wp_err_messages' ); /** - * Check for blocked ip + * Check for blocked IPs or Email on wp-login.php form * * @param $user * @param $username @@ -65,47 +65,8 @@ add_filter( 'login_message', 'um_custom_wp_err_messages' ); */ function um_wp_form_errors_hook_ip_test( $user, $username, $password ) { if ( ! empty( $username ) ) { - /** - * UM hook - * - * @type action - * @title um_submit_form_errors_hook__blockedips - * @description Hook that runs after user reset their password - * @input_vars - * [{"var":"$args","type":"array","desc":"Form data"}] - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_submit_form_errors_hook__blockedips', 'function_name', 10, 1 ); - * @example - * - */ - do_action( "um_submit_form_errors_hook__blockedips", $args = array() ); - /** - * UM hook - * - * @type action - * @title um_submit_form_errors_hook__blockedemails - * @description Hook that runs after user reset their password - * @input_vars - * [{"var":"$args","type":"array","desc":"Form data"}] - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_submit_form_errors_hook__blockedemails', 'function_name', 10, 1 ); - * @example - * - */ - do_action( "um_submit_form_errors_hook__blockedemails", $args = array( 'username' => $username ) ); - + do_action( 'um_submit_form_errors_hook__blockedips', array() ); + do_action( 'um_submit_form_errors_hook__blockedemails', array( 'username' => $username ) ); } return $user; @@ -124,35 +85,34 @@ add_filter( 'authenticate', 'um_wp_form_errors_hook_ip_test', 10, 3 ); */ function um_wp_form_errors_hook_logincheck( $user, $username, $password ) { - do_action( 'wp_authenticate_username_password_before', $user, $username, $password ); - if ( isset( $user->ID ) ) { um_fetch_user( $user->ID ); - $status = um_user('account_status'); + $status = um_user( 'account_status' ); switch( $status ) { case 'inactive': - return new WP_Error( $status, __('Your account has been disabled.','ultimate-member') ); + return new WP_Error( $status, __( 'Your account has been disabled.', 'ultimate-member' ) ); break; case 'awaiting_admin_review': - return new WP_Error( $status, __('Your account has not been approved yet.','ultimate-member') ); + return new WP_Error( $status, __( 'Your account has not been approved yet.', 'ultimate-member' ) ); break; case 'awaiting_email_confirmation': - return new WP_Error( $status, __('Your account is awaiting e-mail verification.','ultimate-member') ); + return new WP_Error( $status, __( 'Your account is awaiting e-mail verification.', 'ultimate-member' ) ); break; case 'rejected': - return new WP_Error( $status, __('Your membership request has been rejected.','ultimate-member') ); + return new WP_Error( $status, __( 'Your membership request has been rejected.', 'ultimate-member' ) ); break; } } - return wp_authenticate_username_password( $user, $username, $password ); + return $user; } add_filter( 'authenticate', 'um_wp_form_errors_hook_logincheck', 50, 3 ); + /** * Change lost password url in UM Login form * @param string $lostpassword_url @@ -160,11 +120,10 @@ add_filter( 'authenticate', 'um_wp_form_errors_hook_logincheck', 50, 3 ); */ function um_lostpassword_url( $lostpassword_url ) { - if( um_is_core_page("login") ){ - return um_get_core_page("password-reset"); + if ( um_is_core_page( 'login' ) ) { + return um_get_core_page( 'password-reset' ); } return $lostpassword_url; } -add_filter( 'lostpassword_url', 'um_lostpassword_url', 10, 1 ); - +add_filter( 'lostpassword_url', 'um_lostpassword_url', 10, 1 ); \ No newline at end of file diff --git a/readme.txt b/readme.txt index 4e071d02..b39fdbbc 100644 --- a/readme.txt +++ b/readme.txt @@ -145,6 +145,12 @@ The plugin works with popular caching plugins by automatically excluding Ultimat * To learn more about version 2.1 please see this [topic](https://wordpress.org/support/topic/version-2-1-4/) * UM2.1+ is a significant update to the Member Directories' code base from 2.0.x. Please make sure you take a full-site backup with restore point before updating the plugin += 2.1.6: June 1, 2020 = + +* Bugfixes: + + - Fixed wp-login.php and UM login form validation/errors triggers when using email for login + = 2.1.5: April 2, 2020 = * Enhancements: