From 455f4ab34834ce10e765c1abbbb94ff643cb752d Mon Sep 17 00:00:00 2001
From: nikitasinelnikov <nsinelnikov.work@gmail.com>
Date: Tue, 28 Apr 2020 17:30:10 +0300
Subject: [PATCH] - added login form nonce;

---
 includes/core/class-login.php | 79 +++++++++++++++++++++++++++++++++--
 ultimate-member.php           |  2 +-
 2 files changed, 77 insertions(+), 4 deletions(-)

diff --git a/includes/core/class-login.php b/includes/core/class-login.php
index 80200740..178419d8 100644
--- a/includes/core/class-login.php
+++ b/includes/core/class-login.php
@@ -1,13 +1,86 @@
 <?php
 namespace um\core;
 
-// Exit if accessed directly
+
 if ( ! defined( 'ABSPATH' ) ) exit;
 
+
 if ( ! class_exists( 'um\core\Login' ) ) {
 
-    class Login {
 
-    }
+	/**
+	 * Class Login
+	 *
+	 * @package um\core
+	 */
+	class Login {
+
+
+		/**
+		 * Logged-in user ID
+		 */
+		var $auth_id = '';
+
+
+		/**
+		 * Register constructor.
+		 */
+		function __construct() {
+			add_action( 'um_after_login_fields',  array( $this, 'add_nonce' ) );
+			add_action( 'um_submit_form_login', array( $this, 'verify_nonce' ), 1, 1 );
+		}
+
+
+		/**
+		 * Add registration form notice
+		 */
+		function add_nonce() {
+			wp_nonce_field( 'um_login_form' );
+		}
+
+
+		/**
+		 * Verify nonce handler
+		 *
+		 * @param $args
+		 *
+		 * @return mixed
+		 */
+		function verify_nonce( $args ) {
+			/**
+			 * UM hook
+			 *
+			 * @type filter
+			 * @title um_login_allow_nonce_verification
+			 * @description Enable/Disable nonce verification of login
+			 * @input_vars
+			 * [{"var":"$allow_nonce","type":"bool","desc":"Enable nonce"}]
+			 * @change_log
+			 * ["Since: 2.0"]
+			 * @usage
+			 * <?php add_filter( 'um_login_allow_nonce_verification', 'function_name', 10, 1 ); ?>
+			 * @example
+			 * <?php
+			 * add_filter( 'um_login_allow_nonce_verification', 'my_login_allow_nonce_verification', 10, 1 );
+			 * function my_login_allow_nonce_verification( $allow_nonce ) {
+			 *     // your code here
+			 *     return $allow_nonce;
+			 * }
+			 * ?>
+			 */
+			$allow_nonce_verification = apply_filters( 'um_login_allow_nonce_verification', true );
+
+			if ( ! $allow_nonce_verification  ) {
+				return $args;
+			}
+
+			if ( ! wp_verify_nonce( $args['_wpnonce'], 'um_login_form' ) || empty( $args['_wpnonce'] ) || ! isset( $args['_wpnonce'] ) ) {
+				wp_die( __( 'Invalid Nonce.', 'ultimate-member' ) );
+			}
+
+			return $args;
+		}
+
+	}
 
 }
\ No newline at end of file
diff --git a/ultimate-member.php b/ultimate-member.php
index 4c425736..8f3edaec 100644
--- a/ultimate-member.php
+++ b/ultimate-member.php
@@ -3,7 +3,7 @@
 Plugin Name: Ultimate Member
 Plugin URI: http://ultimatemember.com/
 Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
-Version: 2.1.5
+Version: 2.1.6-beta1
 Author: Ultimate Member
 Author URI: http://ultimatemember.com/
 Text Domain: ultimate-member