* fixed login form after recent updates

* updated um_submit_form_{$mode} hook documentation

includes/core/class-form.php

@@ -682,6 +682,7 @@ if ( ! class_exists( 'um\core\Form' ) ) {
 				/* Continue based on form mode - store data. */
 				/**
 				 * Fires for make main actions on UM login, registration or profile form submission.
+				 * Where $mode equals login, registration or profile
 				 *
 				 * Internal Ultimate Member callbacks (Priority -> Callback name -> Excerpt):
 				 * ### um_submit_form_login:
@@ -696,16 +697,16 @@ if ( ! class_exists( 'um\core\Form' ) ) {
 				 * * 10 - `um_submit_form_profile()` Profile form main handler.
 				 *
 				 * @since 1.3.x
-				 * @hook um_submit_form_errors_hook
+				 * @hook um_submit_form_{$mode}
 				 *
 				 * @param {array} $post      $_POST Submission array.
 				 * @param {array} $form_data UM form data. Since 2.6.7
 				 *
-				 * @example <caption>Make any custom action.</caption>
-				 * function my_custom_before_submit_form_post( $post, $form_data ) {
+				 * @example <caption>Make any custom action on profile submission.</caption>
+				 * function my_custom_submit_form_profile( $post, $form_data ) {
 				 *     // your code here
 				 * }
-				 * add_action( 'um_submit_form_errors_hook', 'my_custom_submit_form_errors_hook', 10, 2 );
+				 * add_action( 'um_submit_form_profile', 'my_custom_submit_form_profile', 10, 2 );
 				 */
 				do_action( "um_submit_form_{$this->form_data['mode']}", $this->post_form, $this->form_data );
 			}

includes/core/um-actions-login.php

@@ -129,7 +129,7 @@ function um_submit_form_errors_hook_logincheck( $submitted_data, $form_data ) {
 		wp_logout();
 	}
 
-	$user_id = ( isset( UM()->login()->auth_id ) ) ? UM()->login()->auth_id : '';
+	$user_id = isset( UM()->login()->auth_id ) ? UM()->login()->auth_id : '';
 
 	$status = UM()->common()->users()->get_status( $user_id ); // account status
 	switch ( $status ) {
@@ -148,7 +148,6 @@ function um_submit_form_errors_hook_logincheck( $submitted_data, $form_data ) {
 		wp_safe_redirect( um_get_core_page( 'login' ) );
 		exit;
 	}
-
 }
 add_action( 'um_submit_form_errors_hook_logincheck', 'um_submit_form_errors_hook_logincheck', 9999, 2 );
 
@@ -192,6 +191,16 @@ function um_user_login( $submitted_data ) {
 	// phpcs:disable WordPress.Security.NonceVerification -- already verified here
 	$rememberme = ( isset( $_REQUEST['rememberme'], $submitted_data['rememberme'] ) && 1 === (int) $submitted_data['rememberme'] ) ? 1 : 0;
 
+	$user_id = isset( UM()->login()->auth_id ) ? UM()->login()->auth_id : '';
+	if ( empty( $user_id ) ) {
+		// refresh page if the user_id is empty
+		// Not `um_safe_redirect()` because UM()->permalinks()->get_current_url() is situated on the same host.
+		wp_safe_redirect( UM()->permalinks()->get_current_url() );
+		exit;
+	}
+
+	um_fetch_user( $user_id );
+
 	// @todo check using the 'deny_admin_frontend_login' option
 	if ( false !== strrpos( um_user( 'wp_roles' ), 'administrator' ) && ( ! isset( $_GET['provider'] ) && UM()->options()->get( 'deny_admin_frontend_login' ) ) ) {
 		wp_die( esc_html__( 'This action has been prevented for security measures.', 'ultimate-member' ) );

includes/frontend/class-secure.php

@@ -142,7 +142,12 @@ if ( ! class_exists( 'um\frontend\Secure' ) ) {
 		 */
 		public function login_validate_expired_pass() {
 			if ( UM()->options()->get( 'display_login_form_notice' ) ) {
-				$expired_password_reset = get_user_meta( um_user( 'ID' ), 'um_secure_has_reset_password', true );
+				$user_id = isset( UM()->login()->auth_id ) ? UM()->login()->auth_id : '';
+				if ( empty( $user_id ) ) {
+					return;
+				}
+
+				$expired_password_reset = get_user_meta( $user_id, 'um_secure_has_reset_password', true );
 				if ( ! $expired_password_reset ) {
 					$login_url = add_query_arg( 'notice', 'expired_password', um_get_core_page( 'login' ) );
 					// Not `um_safe_redirect()` because predefined login page is situated on the same host.