10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity

- make WP native password reset;

Browse Source 
- fixed password reset;
This commit is contained in:
nikitozzzzzzz
2018-09-16 00:26:32 +03:00
parent da74fa7000
commit 461cad6559
11 changed files with 622 additions and 671 deletions
Download Patch File Download Diff File Expand all files Collapse all files
includes/class-init.php
-1
View File
@@ -1325,7 +1325,6 @@ if ( ! class_exists( 'UM' ) ) {
require_once 'core/um-actions-register.php';
require_once 'core/um-actions-profile.php';
require_once 'core/um-actions-account.php';
require_once 'core/um-actions-password.php';
require_once 'core/um-actions-members.php';
require_once 'core/um-actions-global.php';
require_once 'core/um-actions-user.php';
includes/core/class-builtin.php
-7
View File
@@ -1088,13 +1088,6 @@ if ( ! class_exists( 'um\core\Builtin' ) ) {
'private_use' => true,
),
'password_reset_text' => array(
'title' => __('Password Reset','ultimate-member'),
'type' => 'block',
'content' => '<div style="text-align:center">' . __('To reset your password, please enter your email address or username below','ultimate-member'). '</div>',
'private_use' => true,
),
'username_b' => array(
'title' => __('Username or E-mail','ultimate-member'),
'metakey' => 'username_b',
includes/core/class-password.php
+414 -200
View File
@@ -14,212 +14,47 @@ if ( ! class_exists( 'um\core\Password' ) ) {
class Password {
/**
* @var
*/
var $reset_request;
/**
* Password constructor.
*/
function __construct() {
add_shortcode( 'ultimatemember_password', array( &$this, 'ultimatemember_password' ) );
add_shortcode('ultimatemember_password', array(&$this, 'ultimatemember_password'));
add_action( 'template_redirect', array( &$this, 'form_init' ), 10001 );
add_action('template_redirect', array(&$this, 'password_reset'), 10001 );
add_action('template_redirect', array(&$this, 'form_init'), 10002);
add_action('init', array(&$this, 'listen_to_password_reset_uri'), 1);
add_action( 'um_reset_password_errors_hook', array( &$this, 'um_reset_password_errors_hook' ) );
add_action( 'um_reset_password_process_hook', array( &$this,'um_reset_password_process_hook' ) );
add_action( 'um_change_password_errors_hook', array( &$this, 'um_change_password_errors_hook' ) );
add_action( 'um_change_password_process_hook', array( &$this,'um_change_password_process_hook' ) );
}
/**
* A listener to password reset uri
*/
function listen_to_password_reset_uri() {
if ( isset($_REQUEST['act']) && $_REQUEST['act'] == 'reset_password' && isset($_REQUEST['hash']) && strlen($_REQUEST['hash']) == 40 &&
isset($_REQUEST['user_id']) && is_numeric($_REQUEST['user_id']) ) {
$user_id = absint( $_REQUEST['user_id'] );
delete_option( "um_cache_userdata_{$user_id}" );
um_fetch_user( $user_id );
if ( $_REQUEST['hash'] != um_user('reset_pass_hash') ){
wp_die( __('This is not a valid hash, or it has expired.','ultimate-member') );
}
UM()->user()->profile['reset_pass_hash_token'] = current_time( 'timestamp' );
UM()->user()->update_usermeta_info('reset_pass_hash_token');
$this->change_password = true;
um_reset_user();
}
}
/**
* reset url
* Get Reset URL
*
* @return bool|string
*/
function reset_url(){
if ( !um_user('reset_pass_hash') ) return false;
$user_id = um_user('ID');
function reset_url() {
$user_id = um_user( 'ID' );
delete_option( "um_cache_userdata_{$user_id}" );
$url = add_query_arg( 'act', 'reset_password', um_get_core_page('password-reset') );
$url = add_query_arg( 'hash', esc_attr( um_user('reset_pass_hash') ), $url );
$url = add_query_arg( 'user_id', esc_attr( um_user('ID') ), $url );
//new reset password key via WP native field
$user_data = get_userdata( $user_id );
$key = get_password_reset_key( $user_data );
$url = add_query_arg( array( 'act' => 'reset_password', 'hash' => $key, 'user_id' => $user_id ), um_get_core_page( 'password-reset' ) );
return $url;
}
/**
* we are on password reset page
*/
function password_reset(){
if ( um_is_core_page('password-reset') ) {
UM()->fields()->set_mode = 'password';
}
}
/**
* Password page form
*/
function form_init() {
if ( um_requesting_password_reset() ) {
UM()->form()->post_form = $_POST;
if ( empty( UM()->form()->post_form['mode'] ) ) {
UM()->form()->post_form['mode'] = 'password';
}
/**
* UM hook
*
* @type action
* @title um_reset_password_errors_hook
* @description Action on reset password submit form
* @input_vars
* [{"var":"$post","type":"array","desc":"Form submitted"}]
* @change_log
* ["Since: 2.0"]
* @usage add_action( 'um_reset_password_errors_hook', 'function_name', 10, 1 );
* @example
* <?php
* add_action( 'um_reset_password_errors_hook', 'my_reset_password_errors', 10, 1 );
* function my_reset_password_errors( $post ) {
* // your code here
* }
* ?>
*/
do_action( 'um_reset_password_errors_hook', UM()->form()->post_form );
if ( ! isset( UM()->form()->errors ) ) {
/**
* UM hook
*
* @type action
* @title um_reset_password_process_hook
* @description Action on reset password success submit form
* @input_vars
* [{"var":"$post","type":"array","desc":"Form submitted"}]
* @change_log
* ["Since: 2.0"]
* @usage add_action( 'um_reset_password_process_hook', 'function_name', 10, 1 );
* @example
* <?php
* add_action( 'um_reset_password_process_hook', 'my_reset_password_process', 10, 1 );
* function my_reset_password_process( $post ) {
* // your code here
* }
* ?>
*/
do_action( 'um_reset_password_process_hook', UM()->form()->post_form );
}
}
if ( um_requesting_password_change() ) {
UM()->form()->post_form = $_POST;
/**
* UM hook
*
* @type action
* @title um_change_password_errors_hook
* @description Action on change password submit form
* @input_vars
* [{"var":"$post","type":"array","desc":"Form submitted"}]
* @change_log
* ["Since: 2.0"]
* @usage add_action( 'um_change_password_errors_hook', 'function_name', 10, 1 );
* @example
* <?php
* add_action( 'um_change_password_errors_hook', 'my_change_password_errors', 10, 1 );
* function my_change_password_errors( $post ) {
* // your code here
* }
* ?>
*/
do_action( 'um_change_password_errors_hook', UM()->form()->post_form );
if ( ! isset( UM()->form()->errors ) ) {
/**
* UM hook
*
* @type action
* @title um_change_password_process_hook
* @description Action on change password success submit form
* @input_vars
* [{"var":"$post","type":"array","desc":"Form submitted"}]
* @change_log
* ["Since: 2.0"]
* @usage add_action( 'um_change_password_process_hook', 'function_name', 10, 1 );
* @example
* <?php
* add_action( 'um_change_password_process_hook', 'my_change_password_process', 10, 1 );
* function my_change_password_process( $post ) {
* // your code here
* }
* ?>
*/
do_action( 'um_change_password_process_hook', UM()->form()->post_form );
}
}
}
/**
* Add class based on shortcode
*
* @param $mode
* @param string $mode
*
* @return mixed|string|void
* @return string
*/
function get_class( $mode ) {
@@ -262,6 +97,7 @@ if ( ! class_exists( 'um\core\Password' ) ) {
return $classes;
}
/**
* Shortcode
*
@@ -270,26 +106,14 @@ if ( ! class_exists( 'um\core\Password' ) ) {
* @return string
*/
function ultimatemember_password( $args = array() ) {
return $this->load( $args );
}
/**
* Load a module with global function
*
* @param $args
*
* @return string
*/
function load( $args ) {
ob_start();
$defaults = array(
'template' => 'password-reset',
'mode' => 'password',
'form_id' => 'um_password_id',
'template' => 'password-reset',
'mode' => 'password',
'form_id' => 'um_password_id',
'max_width' => '450px',
'align' => 'center',
'align' => 'center',
);
$args = wp_parse_args( $args, $defaults );
@@ -323,12 +147,22 @@ if ( ! class_exists( 'um\core\Password' ) ) {
$args = apply_filters( 'um_reset_password_shortcode_args_filter', $args );
if ( isset( $this->change_password ) ) {
$args['user_id'] = $_REQUEST['user_id'];
$args['template'] = 'password-change';
$args['rp_key'] = '';
$rp_cookie = 'wp-resetpass-' . COOKIEHASH;
if ( isset( $_COOKIE[ $rp_cookie ] ) && 0 < strpos( $_COOKIE[ $rp_cookie ], ':' ) ) {
list( $rp_login, $rp_key ) = explode( ':', wp_unslash( $_COOKIE[ $rp_cookie ] ), 2 );
$user = get_user_by( 'login', $rp_login );
$args['user_id'] = $user->ID;
$args['rp_key'] = $rp_key;
}
}
/**
* @var $mode
* @var $template
*/
extract( $args, EXTR_SKIP );
/**
@@ -398,11 +232,391 @@ if ( ! class_exists( 'um\core\Password' ) ) {
UM()->shortcodes()->dynamic_css( $args );
}
$output = ob_get_contents();
ob_end_clean();
$output = ob_get_clean();
return $output;
}
/**
* Check if a legitimate password reset request is in action
*
* @return bool
*/
function is_reset_request() {
if ( um_is_core_page( 'password-reset' ) && isset( $_POST['_um_password_reset'] ) == 1 ) {
return true;
}
return false;
}
/**
* Check if a legitimate password change request is in action
*
*
* @return bool
*/
function is_change_request() {
if ( um_is_core_page( 'account' ) && isset( $_POST['_um_account'] ) == 1 & isset( $_POST['_um_account_tab'] ) == 'password' ) {
return true;
} elseif ( isset( $_POST['_um_password_change'] ) && $_POST['_um_password_change'] == 1 ) {
return true;
}
return false;
}
/**
* Password page form
*/
function form_init() {
if ( um_is_core_page( 'password-reset' ) ) {
UM()->fields()->set_mode = 'password';
}
if ( um_is_core_page( 'password-reset' ) && isset( $_REQUEST['act'] ) && $_REQUEST['act'] == 'reset_password' ) {
list( $rp_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) );
$rp_cookie = 'wp-resetpass-' . COOKIEHASH;
if ( isset( $_GET['hash'] ) ) {
$userdata = get_userdata( wp_unslash( $_GET['user_id'] ) );
if ( ! $userdata || is_wp_error( $userdata ) ) {
wp_redirect( add_query_arg( array( 'act' => 'reset_password', 'error' => 'invalidkey' ), get_permalink() ) );
exit;
}
$rp_login = $userdata->user_login;
$value = sprintf( '%s:%s', $rp_login, wp_unslash( $_GET['hash'] ) );
setcookie( $rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
wp_safe_redirect( remove_query_arg( array( 'hash', 'user_id' ) ) );
exit;
}
if ( isset( $_COOKIE[ $rp_cookie ] ) && 0 < strpos( $_COOKIE[ $rp_cookie ], ':' ) ) {
list( $rp_login, $rp_key ) = explode( ':', wp_unslash( $_COOKIE[ $rp_cookie ] ), 2 );
$user = check_password_reset_key( $rp_key, $rp_login );
} else {
$user = false;
}
if ( ! $user || is_wp_error( $user ) ) {
setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
if ( $user && $user->get_error_code() === 'expired_key' ) {
wp_redirect( add_query_arg( array( 'updated' => 'expiredkey' ), get_permalink() ) );
} else {
wp_redirect( add_query_arg( array( 'updated' => 'invalidkey' ), get_permalink() ) );
}
exit;
}
$this->change_password = true;
}
if ( $this->is_reset_request() ) {
UM()->form()->post_form = $_POST;
if ( empty( UM()->form()->post_form['mode'] ) ) {
UM()->form()->post_form['mode'] = 'password';
}
/**
* UM hook
*
* @type action
* @title um_reset_password_errors_hook
* @description Action on reset password submit form
* @input_vars
* [{"var":"$post","type":"array","desc":"Form submitted"}]
* @change_log
* ["Since: 2.0"]
* @usage add_action( 'um_reset_password_errors_hook', 'function_name', 10, 1 );
* @example
* <?php
* add_action( 'um_reset_password_errors_hook', 'my_reset_password_errors', 10, 1 );
* function my_reset_password_errors( $post ) {
* // your code here
* }
* ?>
*/
do_action( 'um_reset_password_errors_hook', UM()->form()->post_form );
if ( ! isset( UM()->form()->errors ) ) {
/**
* UM hook
*
* @type action
* @title um_reset_password_process_hook
* @description Action on reset password success submit form
* @input_vars
* [{"var":"$post","type":"array","desc":"Form submitted"}]
* @change_log
* ["Since: 2.0"]
* @usage add_action( 'um_reset_password_process_hook', 'function_name', 10, 1 );
* @example
* <?php
* add_action( 'um_reset_password_process_hook', 'my_reset_password_process', 10, 1 );
* function my_reset_password_process( $post ) {
* // your code here
* }
* ?>
*/
do_action( 'um_reset_password_process_hook', UM()->form()->post_form );
}
}
if ( $this->is_change_request() ) {
UM()->form()->post_form = $_POST;
/**
* UM hook
*
* @type action
* @title um_change_password_errors_hook
* @description Action on change password submit form
* @input_vars
* [{"var":"$post","type":"array","desc":"Form submitted"}]
* @change_log
* ["Since: 2.0"]
* @usage add_action( 'um_change_password_errors_hook', 'function_name', 10, 1 );
* @example
* <?php
* add_action( 'um_change_password_errors_hook', 'my_change_password_errors', 10, 1 );
* function my_change_password_errors( $post ) {
* // your code here
* }
* ?>
*/
do_action( 'um_change_password_errors_hook', UM()->form()->post_form );
if ( ! isset( UM()->form()->errors ) ) {
/**
* UM hook
*
* @type action
* @title um_change_password_process_hook
* @description Action on change password success submit form
* @input_vars
* [{"var":"$post","type":"array","desc":"Form submitted"}]
* @change_log
* ["Since: 2.0"]
* @usage add_action( 'um_change_password_process_hook', 'function_name', 10, 1 );
* @example
* <?php
* add_action( 'um_change_password_process_hook', 'my_change_password_process', 10, 1 );
* function my_change_password_process( $post ) {
* // your code here
* }
* ?>
*/
do_action( 'um_change_password_process_hook', UM()->form()->post_form );
}
}
}
/**
* Error handler: reset password
*
* @param $args
*/
function um_reset_password_errors_hook( $args ) {
if ( $_POST[ UM()->honeypot ] != '' )
wp_die('Hello, spam bot!','ultimate-member');
$user = "";
foreach ( $_POST as $key => $val ) {
if( strstr( $key, "username_b") ){
$user = trim( $val );
}
}
if ( empty( $user ) ) {
UM()->form()->add_error('username_b', __('Please provide your username or email','ultimate-member') );
}
if ( ( !is_email( $user ) && !username_exists( $user ) ) || ( is_email( $user ) && !email_exists( $user ) ) ) {
UM()->form()->add_error('username_b', __('We can\'t find an account registered with that address or username','ultimate-member') );
} else {
if ( is_email( $user ) ) {
$user_id = email_exists( $user );
} else {
$user_id = username_exists( $user );
}
$attempts = (int)get_user_meta( $user_id, 'password_rst_attempts', true );
$is_admin = user_can( intval( $user_id ),'manage_options' );
if ( UM()->options()->get( 'enable_reset_password_limit' ) ) { // if reset password limit is set
if ( UM()->options()->get( 'disable_admin_reset_password_limit' ) && $is_admin ) {
// Triggers this when a user has admin capabilities and when reset password limit is disabled for admins
} else {
$limit = UM()->options()->get( 'reset_password_limit_number' );
if ( $attempts >= $limit ) {
UM()->form()->add_error('username_b', __('You have reached the limit for requesting password change for this user already. Contact support if you cannot open the email','ultimate-member') );
} else {
update_user_meta( $user_id, 'password_rst_attempts', $attempts + 1 );
}
}
}
}
}
/**
* Process a new request
*
* @param $args
*/
function um_reset_password_process_hook( $args ) {
$user = null;
foreach ( $_POST as $key => $val ) {
if ( strstr( $key, "username_b" ) ) {
$user = trim( $val );
}
}
if ( username_exists( $user ) ) {
$data = get_user_by( 'login', $user );
} elseif ( email_exists( $user ) ) {
$data = get_user_by( 'email', $user );
}
um_fetch_user( $data->ID );
UM()->user()->password_reset();
exit( wp_redirect( um_get_core_page('password-reset', 'checkemail' ) ) );
}
/**
* Error handler: changing password
*
* @param $args
*/
function um_change_password_errors_hook( $args ) {
if ( isset( $_POST[ UM()->honeypot ] ) && $_POST[ UM()->honeypot ] != '' ){
wp_die('Hello, spam bot!','ultimate-member');
}
$reset_pass_hash = '';
if ( isset( $_REQUEST['act'] ) && $_REQUEST['act'] == 'reset_password' && um_is_core_page( 'password-reset' ) ) {
$reset_pass_hash = get_user_meta( $args['user_id'], 'reset_pass_hash', true );
}
if ( ! is_user_logged_in() && isset( $args ) && ! um_is_core_page( 'password-reset' ) ||
is_user_logged_in() && isset( $args['user_id'] ) && $args['user_id'] != get_current_user_id() ||
!is_user_logged_in() && isset( $_REQUEST['hash'] ) && $reset_pass_hash != $_REQUEST['hash'] && um_is_core_page('password-reset')
){
wp_die( __( 'This is not possible for security reasons.','ultimate-member') );
}
if ( isset( $args['user_password'] ) && empty( $args['user_password'] ) ) {
UM()->form()->add_error('user_password', __('You must enter a new password','ultimate-member') );
}
if ( UM()->options()->get( 'reset_require_strongpass' ) ) {
if ( strlen( utf8_decode( $args['user_password'] ) ) < 8 ) {
UM()->form()->add_error('user_password', __('Your password must contain at least 8 characters','ultimate-member') );
}
if ( strlen( utf8_decode( $args['user_password'] ) ) > 30 ) {
UM()->form()->add_error('user_password', __('Your password must contain less than 30 characters','ultimate-member') );
}
if ( ! UM()->validation()->strong_pass( $args['user_password'] ) ) {
UM()->form()->add_error('user_password', __('Your password must contain at least one lowercase letter, one capital letter and one number','ultimate-member') );
}
}
if ( isset( $args['confirm_user_password'] ) && empty( $args['confirm_user_password'] ) ) {
UM()->form()->add_error('confirm_user_password', __('You must confirm your new password','ultimate-member') );
}
if ( isset( $args['user_password'] ) && isset( $args['confirm_user_password'] ) && $args['user_password'] != $args['confirm_user_password'] ) {
UM()->form()->add_error('confirm_user_password', __('Your passwords do not match','ultimate-member') );
}
}
/**
* Process a change request
*
* @param $args
*/
function um_change_password_process_hook( $args ) {
extract( $args );
//wp_set_password( $args['user_password'], $args['user_id'] );
//delete_user_meta( $args['user_id'], 'reset_pass_hash');
//delete_user_meta( $args['user_id'], 'reset_pass_hash_token');
/**
* UM hook
*
* @type action
* @title um_after_changing_user_password
* @description Hook that runs after user change their password
* @input_vars
* [{"var":"$user_id","type":"int","desc":"User ID"}]
* @change_log
* ["Since: 2.0"]
* @usage add_action( 'um_after_changing_user_password', 'function_name', 10, 1 );
* @example
* <?php
* add_action( 'um_after_changing_user_password', 'my_after_changing_user_password', 10, 1 );
* function my_user_login_extra( $user_id ) {
* // your code here
* }
* ?>
*/
do_action( 'um_after_changing_user_password', $args['user_id'] );
$user = get_userdata( $args['user_id'] );
$errors = new \WP_Error();
/**
* Fires before the password reset procedure is validated.
*
* @since 3.5.0
*
* @param object $errors WP Error object.
* @param \WP_User|\WP_Error $user WP_User object if the login and reset key match. WP_Error object otherwise.
*/
do_action( 'validate_password_reset', $errors, $user );
list( $rp_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) );
$rp_cookie = 'wp-resetpass-' . COOKIEHASH;
if ( ( ! $errors->get_error_code() ) ) {
reset_password( $user, $args['user_password'] );
setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
delete_user_meta( $args['user_id'], 'password_rst_attempts' );
if ( is_user_logged_in() ) {
wp_logout();
}
exit( wp_redirect( um_get_core_page('login', 'password_changed' ) ) );
}
}
}
}
includes/core/class-user.php
+6 -12
View File
@@ -1135,15 +1135,6 @@ if ( ! class_exists( 'um\core\User' ) ) {
}
/**
* Set user's hash for password reset
*/
function password_reset_hash() {
$this->profile['reset_pass_hash'] = UM()->validation()->generate();
$this->update_usermeta_info('reset_pass_hash');
}
/**
* Set user's hash
*/
@@ -1194,7 +1185,8 @@ if ( ! class_exists( 'um\core\User' ) ) {
* Password reset email
*/
function password_reset() {
$this->password_reset_hash();
$userdata = get_userdata( um_user('ID') );
get_password_reset_key( $userdata );
UM()->mail()->send( um_user('user_email'), 'resetpw_email' );
}
@@ -1227,11 +1219,13 @@ if ( ! class_exists( 'um\core\User' ) ) {
delete_option( "um_cache_userdata_{$user_id}" );
if ( um_user('account_status') == 'awaiting_admin_review' ) {
$this->password_reset_hash();
$userdata = get_userdata( $user_id );
get_password_reset_key( $userdata );
UM()->mail()->send( um_user('user_email'), 'approved_email' );
} else {
$this->password_reset_hash();
$userdata = get_userdata( $user_id );
get_password_reset_key( $userdata );
UM()->mail()->send( um_user('user_email'), 'welcome_email');
}
includes/core/um-actions-account.php
+6
View File
@@ -149,8 +149,14 @@ function um_submit_account_details( $args ) {
$args['user_id'] = um_user('ID');
UM()->user()->password_changed();
do_action( 'send_password_change_email', $args );
//clear all sessions with old passwords
$user = WP_Session_Tokens::get_instance( um_user( 'ID' ) );
$user->destroy_all();
wp_set_password( $changes['user_pass'], um_user( 'ID' ) );
wp_signon( array( 'user_login' => um_user( 'user_login' ), 'user_password' => $changes['user_pass'] ) );
includes/core/um-actions-password.php
-342
View File
@@ -1,342 +0,0 @@
<?php if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
/**
* Process a new request
*
* @param $args
*/
function um_reset_password_process_hook( $args ) {
$user = null;
foreach ( $_POST as $key => $val ) {
if( strstr( $key, "username_b") ){
$user = trim( $val );
}
}
if ( username_exists( $user ) ) {
$data = get_user_by( 'login', $user );
$user_email = $data->user_email;
} else if( email_exists( $user ) ) {
$data = get_user_by( 'email', $user );
$user_email = $user;
}
UM()->password()->reset_request['user_id'] = $data->ID;
UM()->password()->reset_request['user_email'] = $user_email;
um_fetch_user( $data->ID );
UM()->user()->password_reset();
um_reset_user();
}
add_action( 'um_reset_password_process_hook', 'um_reset_password_process_hook' );
/**
* Process a change request
*
* @param $args
*/
function um_change_password_process_hook( $args ) {
extract( $args );
wp_set_password( $args['user_password'], $args['user_id'] );
delete_user_meta( $args['user_id'], 'reset_pass_hash');
delete_user_meta( $args['user_id'], 'reset_pass_hash_token');
delete_user_meta( $args['user_id'], 'password_rst_attempts');
/**
* UM hook
*
* @type action
* @title um_after_changing_user_password
* @description Hook that runs after user change their password
* @input_vars
* [{"var":"$user_id","type":"int","desc":"User ID"}]
* @change_log
* ["Since: 2.0"]
* @usage add_action( 'um_after_changing_user_password', 'function_name', 10, 1 );
* @example
* <?php
* add_action( 'um_after_changing_user_password', 'my_after_changing_user_password', 10, 1 );
* function my_user_login_extra( $user_id ) {
* // your code here
* }
* ?>
*/
do_action( 'um_after_changing_user_password', $args['user_id'] );
if ( is_user_logged_in() ) {
wp_logout();
}
exit( wp_redirect( um_get_core_page('login', 'password_changed') ) );
}
add_action( 'um_change_password_process_hook','um_change_password_process_hook' );
/**
* Overrides password changed notification
*
* @param $args
*
* @return bool
*/
function um_send_password_change_email( $args ) {
if ( ! is_array( $args ) )
return false;
/**
* @var $user_id
*/
extract( $args );
if ( ! isset( $user_id ) )
return false;
um_fetch_user( $user_id );
UM()->user()->password_changed();
um_reset_user();
return false;
}
add_action( 'send_password_change_email','um_send_password_change_email', 10, 1 );
/**
* This is executed after changing password
*
* @param $user_id
*/
function um_after_changing_user_password( $user_id ) {
}
add_action( 'um_after_changing_user_password', 'um_after_changing_user_password' );
/**
* Error handler: reset password
*
* @param $args
*/
function um_reset_password_errors_hook( $args ) {
if ( $_POST[ UM()->honeypot ] != '' )
wp_die('Hello, spam bot!','ultimate-member');
$user = "";
foreach ( $_POST as $key => $val ) {
if( strstr( $key, "username_b") ){
$user = trim( $val );
}
}
if ( empty( $user ) ) {
UM()->form()->add_error('username_b', __('Please provide your username or email','ultimate-member') );
}
if ( ( !is_email( $user ) && !username_exists( $user ) ) || ( is_email( $user ) && !email_exists( $user ) ) ) {
UM()->form()->add_error('username_b', __('We can\'t find an account registered with that address or username','ultimate-member') );
} else {
if ( is_email( $user ) ) {
$user_id = email_exists( $user );
} else {
$user_id = username_exists( $user );
}
$attempts = (int)get_user_meta( $user_id, 'password_rst_attempts', true );
$is_admin = user_can( intval( $user_id ),'manage_options' );
if ( UM()->options()->get( 'enable_reset_password_limit' ) ) { // if reset password limit is set
if ( UM()->options()->get( 'disable_admin_reset_password_limit' ) && $is_admin ) {
// Triggers this when a user has admin capabilities and when reset password limit is disabled for admins
} else {
$limit = UM()->options()->get( 'reset_password_limit_number' );
if ( $attempts >= $limit ) {
UM()->form()->add_error('username_b', __('You have reached the limit for requesting password change for this user already. Contact support if you cannot open the email','ultimate-member') );
} else {
update_user_meta( $user_id, 'password_rst_attempts', $attempts + 1 );
}
}
}
}
}
add_action( 'um_reset_password_errors_hook', 'um_reset_password_errors_hook' );
/**
* Error handler: changing password
*
* @param $args
*/
function um_change_password_errors_hook( $args ) {
if ( isset( $_POST[ UM()->honeypot ] ) && $_POST[ UM()->honeypot ] != '' ){
wp_die('Hello, spam bot!','ultimate-member');
}
$reset_pass_hash = '';
if( isset( $_REQUEST['act'] ) && $_REQUEST['act'] == 'reset_password' && um_is_core_page('password-reset') ){
$reset_pass_hash = get_user_meta( $args['user_id'], 'reset_pass_hash', true );
}
if( !is_user_logged_in() && isset( $args ) && ! um_is_core_page('password-reset') ||
is_user_logged_in() && isset( $args['user_id'] ) && $args['user_id'] != get_current_user_id() ||
!is_user_logged_in() && isset( $_REQUEST['hash'] ) && $reset_pass_hash != $_REQUEST['hash'] && um_is_core_page('password-reset')
){
wp_die( __( 'This is not possible for security reasons.','ultimate-member') );
}
if ( isset( $args['user_password'] ) && empty( $args['user_password'] ) ) {
UM()->form()->add_error('user_password', __('You must enter a new password','ultimate-member') );
}
if ( UM()->options()->get( 'reset_require_strongpass' ) ) {
if ( strlen( utf8_decode( $args['user_password'] ) ) < 8 ) {
UM()->form()->add_error('user_password', __('Your password must contain at least 8 characters','ultimate-member') );
}
if ( strlen( utf8_decode( $args['user_password'] ) ) > 30 ) {
UM()->form()->add_error('user_password', __('Your password must contain less than 30 characters','ultimate-member') );
}
if ( ! UM()->validation()->strong_pass( $args['user_password'] ) ) {
UM()->form()->add_error('user_password', __('Your password must contain at least one lowercase letter, one capital letter and one number','ultimate-member') );
}
}
if ( isset( $args['confirm_user_password'] ) && empty( $args['confirm_user_password'] ) ) {
UM()->form()->add_error('confirm_user_password', __('You must confirm your new password','ultimate-member') );
}
if ( isset( $args['user_password'] ) && isset( $args['confirm_user_password'] ) && $args['user_password'] != $args['confirm_user_password'] ) {
UM()->form()->add_error('confirm_user_password', __('Your passwords do not match','ultimate-member') );
}
}
add_action( 'um_change_password_errors_hook', 'um_change_password_errors_hook' );
/**
* Hidden fields
*
* @param $args
*/
function um_change_password_page_hidden_fields( $args ) {
?>
<input type="hidden" name="_um_password_change" id="_um_password_change" value="1" />
<input type="hidden" name="user_id" id="user_id" value="<?php echo $args['user_id']; ?>" />
<?php
}
add_action( 'um_change_password_page_hidden_fields', 'um_change_password_page_hidden_fields' );
/**
* Hidden fields
*
* @param $args
*/
function um_reset_password_page_hidden_fields( $args ) {
?>
<input type="hidden" name="_um_password_reset" id="_um_password_reset" value="1" />
<?php
}
add_action( 'um_reset_password_page_hidden_fields', 'um_reset_password_page_hidden_fields' );
/**
* Form content
*
* @param $args
*/
function um_reset_password_form( $args ) {
$fields = UM()->builtin()->get_specific_fields('password_reset_text,username_b'); ?>
<?php $output = null;
foreach( $fields as $key => $data ) {
$output .= UM()->fields()->edit_field( $key, $data );
} echo $output; ?>
<?php
/**
* UM hook
*
* @type action
* @title um_after_password_reset_fields
* @description Hook that runs after user reset their password
* @input_vars
* [{"var":"$args","type":"array","desc":"Form data"}]
* @change_log
* ["Since: 2.0"]
* @usage add_action( 'um_after_password_reset_fields', 'function_name', 10, 1 );
* @example
* <?php
* add_action( 'um_after_password_reset_fields', 'my_after_password_reset_fields', 10, 1 );
* function my_after_password_reset_fields( $args ) {
* // your code here
* }
* ?>
*/
do_action( 'um_after_password_reset_fields', $args ); ?>
<div class="um-col-alt um-col-alt-b">
<div class="um-center"><input type="submit" value="<?php _e('Reset my password','ultimate-member'); ?>" class="um-button" id="um-submit-btn" /></div>
<div class="um-clear"></div>
</div>
<?php
}
add_action( 'um_reset_password_form', 'um_reset_password_form' );
/**
* Change password form
*/
function um_change_password_form() {
$fields = UM()->builtin()->get_specific_fields('user_password'); ?>
<?php $output = null;
foreach( $fields as $key => $data ) {
$output .= UM()->fields()->edit_field( $key, $data );
}echo $output; ?>
<div class="um-col-alt um-col-alt-b">
<div class="um-center"><input type="submit" value="<?php _e('Change my password','ultimate-member'); ?>" class="um-button" id="um-submit-btn" /></div>
<div class="um-clear"></div>
</div>
<?php
}
add_action( 'um_change_password_form', 'um_change_password_form' );
includes/um-deprecated-functions.php
+36
View File
@@ -363,4 +363,40 @@ function um_user_uploads_uri() {
UM()->files()->upload_baseurl = set_url_scheme( UM()->files()->upload_baseurl );
$uri = UM()->files()->upload_baseurl . um_user( 'ID' ) . '/';
return $uri;
}
/**
* Check if a legitimate password reset request is in action
*
* @deprecated 2.0.26
*
* @return bool
*/
function um_requesting_password_reset() {
//um_deprecated_function( 'um_requesting_password_reset', '2.0.26', 'UM()->password()->is_reset_request' );
if ( um_is_core_page( 'password-reset' ) && isset( $_POST['_um_password_reset'] ) == 1 )
return true;
return false;
}
/**
* Check if a legitimate password change request is in action
*
* @deprecated 2.0.26
*
* @return bool
*/
function um_requesting_password_change() {
//um_deprecated_function( 'um_requesting_password_change', '2.0.26', 'UM()->password()->is_change_request' );
if ( um_is_core_page( 'account' ) && isset( $_POST['_um_account'] ) == 1 & isset( $_POST['_um_account_tab'] ) == 'password' ) {
return true;
} elseif ( isset( $_POST['_um_password_change'] ) && $_POST['_um_password_change'] == 1 ) {
return true;
}
return false;
}
includes/um-short-functions.php
-30
View File
@@ -1090,36 +1090,6 @@ function um_get_metadefault( $id ) {
}
/**
* Check if a legitimate password reset request is in action
*
* @return bool
*/
function um_requesting_password_reset() {
if (um_is_core_page( 'password-reset' ) && isset( $_POST['_um_password_reset'] ) == 1)
return true;
return false;
}
/**
* Check if a legitimate password change request is in action
*
*
* @return bool
*/
function um_requesting_password_change() {
if ( um_is_core_page( 'account' ) && isset( $_POST['_um_account'] ) == 1 & isset( $_POST['_um_account_tab'] ) == 'password' ) {
return true;
} elseif ( isset( $_POST['_um_password_change'] ) && $_POST['_um_password_change'] == 1 ) {
return true;
}
return false;
}
/**
* boolean for account page editing
*
readme.txt
+2
View File
@@ -137,6 +137,8 @@ The plugin works with popular caching plugins by automatically excluding Ultimat
- File/Image email placeholders after registration form submitting
- File/Image forms fields values on submit/edit
- Fixed multisite file/image upload process
- Fixed clearing old user sessions after the changing a password
- Made reset password process via WP native functions
= 2.0.25: August 20, 2018 =
templates/password-change.php
+83 -64
View File
@@ -3,74 +3,93 @@
<div class="um-form">
<form method="post" action="">
<?php if ( !isset( UM()->password()->reset_request ) ) {
<input type="hidden" name="_um_password_change" id="_um_password_change" value="1" />
<input type="hidden" name="user_id" id="user_id" value="<?php echo esc_attr( $args['user_id'] ); ?>" />
<input type="hidden" name="rp_key" value="<?php echo esc_attr( $rp_key ); ?>">
/**
* UM hook
*
* @type action
* @title um_change_password_page_hidden_fields
* @description Password change hidden fields
* @input_vars
* [{"var":"$args","type":"array","desc":"Password change shortcode arguments"}]
* @change_log
* ["Since: 2.0"]
* @usage add_action( 'um_change_password_page_hidden_fields', 'function_name', 10, 1 );
* @example
* <?php
* add_action( 'um_change_password_page_hidden_fields', 'my_change_password_page_hidden_fields', 10, 1 );
* function my_change_password_page_hidden_fields( $args ) {
* // your code here
* }
* ?>
*/
do_action( 'um_change_password_page_hidden_fields', $args );
<?php
/**
* UM hook
*
* @type action
* @title um_change_password_page_hidden_fields
* @description Password change hidden fields
* @input_vars
* [{"var":"$args","type":"array","desc":"Password change shortcode arguments"}]
* @change_log
* ["Since: 2.0"]
* @usage add_action( 'um_change_password_page_hidden_fields', 'function_name', 10, 1 );
* @example
* <?php
* add_action( 'um_change_password_page_hidden_fields', 'my_change_password_page_hidden_fields', 10, 1 );
* function my_change_password_page_hidden_fields( $args ) {
* // your code here
* }
* ?>
*/
do_action( 'um_change_password_page_hidden_fields', $args );
/**
* UM hook
*
* @type action
* @title um_change_password_form
* @description Password change form content
* @input_vars
* [{"var":"$args","type":"array","desc":"Password change shortcode arguments"}]
* @change_log
* ["Since: 2.0"]
* @usage add_action( 'um_change_password_form', 'function_name', 10, 1 );
* @example
* <?php
* add_action( 'um_change_password_form', 'my_change_password_form', 10, 1 );
* function my_change_password_form( $args ) {
* // your code here
* }
* ?>
*/
do_action( 'um_change_password_form', $args );
$fields = UM()->builtin()->get_specific_fields( 'user_password' );
/**
* UM hook
*
* @type action
* @title um_after_form_fields
* @description Password change after form content
* @input_vars
* [{"var":"$args","type":"array","desc":"Password change shortcode arguments"}]
* @change_log
* ["Since: 2.0"]
* @usage add_action( 'um_after_form_fields', 'function_name', 10, 1 );
* @example
* <?php
* add_action( 'um_after_form_fields', 'my_after_form_fields', 10, 1 );
* function my_after_form_fields( $args ) {
* // your code here
* }
* ?>
*/
do_action( "um_after_form_fields", $args );
} ?>
$output = null;
foreach ( $fields as $key => $data ) {
$output .= UM()->fields()->edit_field( $key, $data );
}
echo $output; ?>
<div class="um-col-alt um-col-alt-b">
<div class="um-center">
<input type="submit" value="<?php esc_attr_e( 'Change my password', 'ultimate-member' ); ?>" class="um-button" id="um-submit-btn" />
</div>
<div class="um-clear"></div>
</div>
<?php
/**
* UM hook
*
* @type action
* @title um_change_password_form
* @description Password change form content
* @input_vars
* [{"var":"$args","type":"array","desc":"Password change shortcode arguments"}]
* @change_log
* ["Since: 2.0"]
* @usage add_action( 'um_change_password_form', 'function_name', 10, 1 );
* @example
* <?php
* add_action( 'um_change_password_form', 'my_change_password_form', 10, 1 );
* function my_change_password_form( $args ) {
* // your code here
* }
* ?>
*/
do_action( 'um_change_password_form', $args );
/**
* UM hook
*
* @type action
* @title um_after_form_fields
* @description Password change after form content
* @input_vars
* [{"var":"$args","type":"array","desc":"Password change shortcode arguments"}]
* @change_log
* ["Since: 2.0"]
* @usage add_action( 'um_after_form_fields', 'function_name', 10, 1 );
* @example
* <?php
* add_action( 'um_after_form_fields', 'my_after_form_fields', 10, 1 );
* function my_after_form_fields( $args ) {
* // your code here
* }
* ?>
*/
do_action( "um_after_form_fields", $args ); ?>
</form>
</div>
</div>
templates/password-reset.php
+75 -15
View File
@@ -1,13 +1,19 @@
<div class="um <?php echo $this->get_class( $mode ); ?> um-<?php echo esc_attr( $form_id ); ?>">
<div class="um-form">
<form method="post" action="">
<?php
if ( ! isset( UM()->password()->reset_request ) ) {
<?php if ( isset( $_GET['updated'] ) && 'checkemail' == $_GET['updated'] ) { ?>
<div class="um-field um-field-block um-field-type_block">
<div class="um-field-block">
<div style="text-align:center;">
<?php _e( 'We have sent you a password reset link to your e-mail. Please check your inbox.', 'ultimate-member' ); ?>
</div>
</div>
</div>
<?php } else { ?>
<input type="hidden" name="_um_password_reset" id="_um_password_reset" value="1" />
<?php
/**
* UM hook
*
@@ -29,6 +35,68 @@
*/
do_action( 'um_reset_password_page_hidden_fields', $args );
if ( ! empty( $_GET['updated'] ) ) { ?>
<div class="um-field um-field-block um-field-type_block">
<div class="um-field-block">
<div style="text-align:center;">
<?php if ( 'expiredkey' == $_GET['updated'] ) {
_e( 'Your password reset link has expired. Please request a new link below.', 'ultimate-member' );
} elseif ( 'invalidkey' == $_GET['updated'] ) {
_e( 'Your password reset link appears to be invalid. Please request a new link below.', 'ultimate-member' );
} ?>
</div>
</div>
</div>
<?php } else { ?>
<div class="um-field um-field-block um-field-type_block">
<div class="um-field-block">
<div style="text-align:center;">
<?php _e('To reset your password, please enter your email address or username below','ultimate-member'); ?>
</div>
</div>
</div>
<?php }
$fields = UM()->builtin()->get_specific_fields( 'username_b' );
$output = null;
foreach ( $fields as $key => $data ) {
$output .= UM()->fields()->edit_field( $key, $data );
}
echo $output;
/**
* UM hook
*
* @type action
* @title um_after_password_reset_fields
* @description Hook that runs after user reset their password
* @input_vars
* [{"var":"$args","type":"array","desc":"Form data"}]
* @change_log
* ["Since: 2.0"]
* @usage add_action( 'um_after_password_reset_fields', 'function_name', 10, 1 );
* @example
* <?php
* add_action( 'um_after_password_reset_fields', 'my_after_password_reset_fields', 10, 1 );
* function my_after_password_reset_fields( $args ) {
* // your code here
* }
* ?>
*/
do_action( 'um_after_password_reset_fields', $args ); ?>
<div class="um-col-alt um-col-alt-b">
<div class="um-center">
<input type="submit" value="<?php esc_attr_e('Reset my password','ultimate-member' ); ?>" class="um-button" id="um-submit-btn" />
</div>
<div class="um-clear"></div>
</div>
<?php
/**
* UM hook
*
@@ -70,15 +138,7 @@
* ?>
*/
do_action( "um_after_form_fields", $args );
} else { ?>
<div class="um-field-block">
<p><?php _e( 'We have sent you a password reset link to your e-mail. Please check your inbox.', 'ultimate-member' ) ?></p>
</div>
<?php } ?>
} ?>
</form>
</div>
</div>