- added login form nonce;

2026-06-05 15:09:37 +09:00 · 2020-04-28 17:30:10 +03:00
parent c9182e942d
commit 455f4ab348
2 changed files with 77 additions and 4 deletions
@@ -1,13 +1,86 @@
 <?php
 namespace um\core;

-// Exit if accessed directly
+
 if ( ! defined( 'ABSPATH' ) ) exit;

+
 if ( ! class_exists( 'um\core\Login' ) ) {

-    class Login {

-    }
+	/**
+	 * Class Login
+	 *
+	 * @package um\core
+	 */
+	class Login {
+
+
+		/**
+		 * Logged-in user ID
+		 */
+		var $auth_id = '';
+
+
+		/**
+		 * Register constructor.
+		 */
+		function __construct() {
+			add_action( 'um_after_login_fields',  array( $this, 'add_nonce' ) );
+			add_action( 'um_submit_form_login', array( $this, 'verify_nonce' ), 1, 1 );
+		}
+
+
+		/**
+		 * Add registration form notice
+		 */
+		function add_nonce() {
+			wp_nonce_field( 'um_login_form' );
+		}
+
+
+		/**
+		 * Verify nonce handler
+		 *
+		 * @param $args
+		 *
+		 * @return mixed
+		 */
+		function verify_nonce( $args ) {
+			/**
+			 * UM hook
+			 *
+			 * @type filter
+			 * @title um_login_allow_nonce_verification
+			 * @description Enable/Disable nonce verification of login
+			 * @input_vars
+			 * [{"var":"$allow_nonce","type":"bool","desc":"Enable nonce"}]
+			 * @change_log
+			 * ["Since: 2.0"]
+			 * @usage
+			 * <?php add_filter( 'um_login_allow_nonce_verification', 'function_name', 10, 1 ); ?>
+			 * @example
+			 * <?php
+			 * add_filter( 'um_login_allow_nonce_verification', 'my_login_allow_nonce_verification', 10, 1 );
+			 * function my_login_allow_nonce_verification( $allow_nonce ) {
+			 *     // your code here
+			 *     return $allow_nonce;
+			 * }
+			 * ?>
+			 */
+			$allow_nonce_verification = apply_filters( 'um_login_allow_nonce_verification', true );
+
+			if ( ! $allow_nonce_verification  ) {
+				return $args;
+			}
+
+			if ( ! wp_verify_nonce( $args['_wpnonce'], 'um_login_form' ) || empty( $args['_wpnonce'] ) || ! isset( $args['_wpnonce'] ) ) {
+				wp_die( __( 'Invalid Nonce.', 'ultimate-member' ) );
+			}
+
+			return $args;
+		}
+
+	}

 }