diff --git a/includes/core/class-form.php b/includes/core/class-form.php
index 7a39efbf..ae7234d9 100644
--- a/includes/core/class-form.php
+++ b/includes/core/class-form.php
@@ -682,6 +682,7 @@ if ( ! class_exists( 'um\core\Form' ) ) {
/* Continue based on form mode - store data. */
/**
* Fires for make main actions on UM login, registration or profile form submission.
+ * Where $mode equals login, registration or profile
*
* Internal Ultimate Member callbacks (Priority -> Callback name -> Excerpt):
* ### um_submit_form_login:
@@ -696,16 +697,16 @@ if ( ! class_exists( 'um\core\Form' ) ) {
* * 10 - `um_submit_form_profile()` Profile form main handler.
*
* @since 1.3.x
- * @hook um_submit_form_errors_hook
+ * @hook um_submit_form_{$mode}
*
* @param {array} $post $_POST Submission array.
* @param {array} $form_data UM form data. Since 2.6.7
*
- * @example Make any custom action.
- * function my_custom_before_submit_form_post( $post, $form_data ) {
+ * @example Make any custom action on profile submission.
+ * function my_custom_submit_form_profile( $post, $form_data ) {
* // your code here
* }
- * add_action( 'um_submit_form_errors_hook', 'my_custom_submit_form_errors_hook', 10, 2 );
+ * add_action( 'um_submit_form_profile', 'my_custom_submit_form_profile', 10, 2 );
*/
do_action( "um_submit_form_{$this->form_data['mode']}", $this->post_form, $this->form_data );
}
diff --git a/includes/core/um-actions-login.php b/includes/core/um-actions-login.php
index 816f53e7..42cac3e0 100644
--- a/includes/core/um-actions-login.php
+++ b/includes/core/um-actions-login.php
@@ -129,7 +129,7 @@ function um_submit_form_errors_hook_logincheck( $submitted_data, $form_data ) {
wp_logout();
}
- $user_id = ( isset( UM()->login()->auth_id ) ) ? UM()->login()->auth_id : '';
+ $user_id = isset( UM()->login()->auth_id ) ? UM()->login()->auth_id : '';
$status = UM()->common()->users()->get_status( $user_id ); // account status
switch ( $status ) {
@@ -148,7 +148,6 @@ function um_submit_form_errors_hook_logincheck( $submitted_data, $form_data ) {
wp_safe_redirect( um_get_core_page( 'login' ) );
exit;
}
-
}
add_action( 'um_submit_form_errors_hook_logincheck', 'um_submit_form_errors_hook_logincheck', 9999, 2 );
@@ -192,6 +191,16 @@ function um_user_login( $submitted_data ) {
// phpcs:disable WordPress.Security.NonceVerification -- already verified here
$rememberme = ( isset( $_REQUEST['rememberme'], $submitted_data['rememberme'] ) && 1 === (int) $submitted_data['rememberme'] ) ? 1 : 0;
+ $user_id = isset( UM()->login()->auth_id ) ? UM()->login()->auth_id : '';
+ if ( empty( $user_id ) ) {
+ // refresh page if the user_id is empty
+ // Not `um_safe_redirect()` because UM()->permalinks()->get_current_url() is situated on the same host.
+ wp_safe_redirect( UM()->permalinks()->get_current_url() );
+ exit;
+ }
+
+ um_fetch_user( $user_id );
+
// @todo check using the 'deny_admin_frontend_login' option
if ( false !== strrpos( um_user( 'wp_roles' ), 'administrator' ) && ( ! isset( $_GET['provider'] ) && UM()->options()->get( 'deny_admin_frontend_login' ) ) ) {
wp_die( esc_html__( 'This action has been prevented for security measures.', 'ultimate-member' ) );
diff --git a/includes/frontend/class-secure.php b/includes/frontend/class-secure.php
index c3e05218..65304b1e 100644
--- a/includes/frontend/class-secure.php
+++ b/includes/frontend/class-secure.php
@@ -142,7 +142,12 @@ if ( ! class_exists( 'um\frontend\Secure' ) ) {
*/
public function login_validate_expired_pass() {
if ( UM()->options()->get( 'display_login_form_notice' ) ) {
- $expired_password_reset = get_user_meta( um_user( 'ID' ), 'um_secure_has_reset_password', true );
+ $user_id = isset( UM()->login()->auth_id ) ? UM()->login()->auth_id : '';
+ if ( empty( $user_id ) ) {
+ return;
+ }
+
+ $expired_password_reset = get_user_meta( $user_id, 'um_secure_has_reset_password', true );
if ( ! $expired_password_reset ) {
$login_url = add_query_arg( 'notice', 'expired_password', um_get_core_page( 'login' ) );
// Not `um_safe_redirect()` because predefined login page is situated on the same host.