From 461cad65597523ba47e7bb8bb78eb17ed2d8ba89 Mon Sep 17 00:00:00 2001 From: nikitozzzzzzz Date: Sun, 16 Sep 2018 00:26:32 +0300 Subject: [PATCH] - make WP native password reset; - fixed password reset; --- includes/class-init.php | 1 - includes/core/class-builtin.php | 7 - includes/core/class-password.php | 614 +++++++++++++++++--------- includes/core/class-user.php | 18 +- includes/core/um-actions-account.php | 6 + includes/core/um-actions-password.php | 342 -------------- includes/um-deprecated-functions.php | 36 ++ includes/um-short-functions.php | 30 -- readme.txt | 2 + templates/password-change.php | 147 +++--- templates/password-reset.php | 90 +++- 11 files changed, 622 insertions(+), 671 deletions(-) delete mode 100644 includes/core/um-actions-password.php diff --git a/includes/class-init.php b/includes/class-init.php index a8daa92d..2ffbbbb9 100644 --- a/includes/class-init.php +++ b/includes/class-init.php @@ -1325,7 +1325,6 @@ if ( ! class_exists( 'UM' ) ) { require_once 'core/um-actions-register.php'; require_once 'core/um-actions-profile.php'; require_once 'core/um-actions-account.php'; - require_once 'core/um-actions-password.php'; require_once 'core/um-actions-members.php'; require_once 'core/um-actions-global.php'; require_once 'core/um-actions-user.php'; diff --git a/includes/core/class-builtin.php b/includes/core/class-builtin.php index 197ae226..6870eceb 100644 --- a/includes/core/class-builtin.php +++ b/includes/core/class-builtin.php @@ -1088,13 +1088,6 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'private_use' => true, ), - 'password_reset_text' => array( - 'title' => __('Password Reset','ultimate-member'), - 'type' => 'block', - 'content' => '
' . __('To reset your password, please enter your email address or username below','ultimate-member'). '
', - 'private_use' => true, - ), - 'username_b' => array( 'title' => __('Username or E-mail','ultimate-member'), 'metakey' => 'username_b', diff --git a/includes/core/class-password.php b/includes/core/class-password.php index 25bb55a8..f94a3e3a 100644 --- a/includes/core/class-password.php +++ b/includes/core/class-password.php @@ -14,212 +14,47 @@ if ( ! class_exists( 'um\core\Password' ) ) { class Password { - /** - * @var - */ - var $reset_request; - - /** * Password constructor. */ function __construct() { + add_shortcode( 'ultimatemember_password', array( &$this, 'ultimatemember_password' ) ); - add_shortcode('ultimatemember_password', array(&$this, 'ultimatemember_password')); + add_action( 'template_redirect', array( &$this, 'form_init' ), 10001 ); - add_action('template_redirect', array(&$this, 'password_reset'), 10001 ); - - add_action('template_redirect', array(&$this, 'form_init'), 10002); - - add_action('init', array(&$this, 'listen_to_password_reset_uri'), 1); + add_action( 'um_reset_password_errors_hook', array( &$this, 'um_reset_password_errors_hook' ) ); + add_action( 'um_reset_password_process_hook', array( &$this,'um_reset_password_process_hook' ) ); + add_action( 'um_change_password_errors_hook', array( &$this, 'um_change_password_errors_hook' ) ); + add_action( 'um_change_password_process_hook', array( &$this,'um_change_password_process_hook' ) ); } /** - * A listener to password reset uri - */ - function listen_to_password_reset_uri() { - - if ( isset($_REQUEST['act']) && $_REQUEST['act'] == 'reset_password' && isset($_REQUEST['hash']) && strlen($_REQUEST['hash']) == 40 && - isset($_REQUEST['user_id']) && is_numeric($_REQUEST['user_id']) ) { - - $user_id = absint( $_REQUEST['user_id'] ); - delete_option( "um_cache_userdata_{$user_id}" ); - - um_fetch_user( $user_id ); - - if ( $_REQUEST['hash'] != um_user('reset_pass_hash') ){ - wp_die( __('This is not a valid hash, or it has expired.','ultimate-member') ); - } - - UM()->user()->profile['reset_pass_hash_token'] = current_time( 'timestamp' ); - UM()->user()->update_usermeta_info('reset_pass_hash_token'); - - $this->change_password = true; - - um_reset_user(); - - } - - } - - - /** - * reset url + * Get Reset URL * * @return bool|string */ - function reset_url(){ - if ( !um_user('reset_pass_hash') ) return false; - - $user_id = um_user('ID'); + function reset_url() { + $user_id = um_user( 'ID' ); delete_option( "um_cache_userdata_{$user_id}" ); - $url = add_query_arg( 'act', 'reset_password', um_get_core_page('password-reset') ); - $url = add_query_arg( 'hash', esc_attr( um_user('reset_pass_hash') ), $url ); - $url = add_query_arg( 'user_id', esc_attr( um_user('ID') ), $url ); + //new reset password key via WP native field + $user_data = get_userdata( $user_id ); + $key = get_password_reset_key( $user_data ); + $url = add_query_arg( array( 'act' => 'reset_password', 'hash' => $key, 'user_id' => $user_id ), um_get_core_page( 'password-reset' ) ); return $url; - - } - - - /** - * we are on password reset page - */ - function password_reset(){ - if ( um_is_core_page('password-reset') ) { - - UM()->fields()->set_mode = 'password'; - - } - - } - - - /** - * Password page form - */ - function form_init() { - if ( um_requesting_password_reset() ) { - - UM()->form()->post_form = $_POST; - - if ( empty( UM()->form()->post_form['mode'] ) ) { - UM()->form()->post_form['mode'] = 'password'; - } - - /** - * UM hook - * - * @type action - * @title um_reset_password_errors_hook - * @description Action on reset password submit form - * @input_vars - * [{"var":"$post","type":"array","desc":"Form submitted"}] - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_reset_password_errors_hook', 'function_name', 10, 1 ); - * @example - * - */ - do_action( 'um_reset_password_errors_hook', UM()->form()->post_form ); - - if ( ! isset( UM()->form()->errors ) ) { - - /** - * UM hook - * - * @type action - * @title um_reset_password_process_hook - * @description Action on reset password success submit form - * @input_vars - * [{"var":"$post","type":"array","desc":"Form submitted"}] - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_reset_password_process_hook', 'function_name', 10, 1 ); - * @example - * - */ - do_action( 'um_reset_password_process_hook', UM()->form()->post_form ); - - } - - } - - if ( um_requesting_password_change() ) { - - UM()->form()->post_form = $_POST; - - /** - * UM hook - * - * @type action - * @title um_change_password_errors_hook - * @description Action on change password submit form - * @input_vars - * [{"var":"$post","type":"array","desc":"Form submitted"}] - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_change_password_errors_hook', 'function_name', 10, 1 ); - * @example - * - */ - do_action( 'um_change_password_errors_hook', UM()->form()->post_form ); - - if ( ! isset( UM()->form()->errors ) ) { - - /** - * UM hook - * - * @type action - * @title um_change_password_process_hook - * @description Action on change password success submit form - * @input_vars - * [{"var":"$post","type":"array","desc":"Form submitted"}] - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_change_password_process_hook', 'function_name', 10, 1 ); - * @example - * - */ - do_action( 'um_change_password_process_hook', UM()->form()->post_form ); - - } - - } - } /** * Add class based on shortcode * - * @param $mode + * @param string $mode * - * @return mixed|string|void + * @return string */ function get_class( $mode ) { @@ -262,6 +97,7 @@ if ( ! class_exists( 'um\core\Password' ) ) { return $classes; } + /** * Shortcode * @@ -270,26 +106,14 @@ if ( ! class_exists( 'um\core\Password' ) ) { * @return string */ function ultimatemember_password( $args = array() ) { - return $this->load( $args ); - } - - /** - * Load a module with global function - * - * @param $args - * - * @return string - */ - function load( $args ) { - ob_start(); $defaults = array( - 'template' => 'password-reset', - 'mode' => 'password', - 'form_id' => 'um_password_id', + 'template' => 'password-reset', + 'mode' => 'password', + 'form_id' => 'um_password_id', 'max_width' => '450px', - 'align' => 'center', + 'align' => 'center', ); $args = wp_parse_args( $args, $defaults ); @@ -323,12 +147,22 @@ if ( ! class_exists( 'um\core\Password' ) ) { $args = apply_filters( 'um_reset_password_shortcode_args_filter', $args ); if ( isset( $this->change_password ) ) { - - $args['user_id'] = $_REQUEST['user_id']; $args['template'] = 'password-change'; + $args['rp_key'] = ''; + $rp_cookie = 'wp-resetpass-' . COOKIEHASH; + if ( isset( $_COOKIE[ $rp_cookie ] ) && 0 < strpos( $_COOKIE[ $rp_cookie ], ':' ) ) { + list( $rp_login, $rp_key ) = explode( ':', wp_unslash( $_COOKIE[ $rp_cookie ] ), 2 ); + $user = get_user_by( 'login', $rp_login ); + $args['user_id'] = $user->ID; + $args['rp_key'] = $rp_key; + } } + /** + * @var $mode + * @var $template + */ extract( $args, EXTR_SKIP ); /** @@ -398,11 +232,391 @@ if ( ! class_exists( 'um\core\Password' ) ) { UM()->shortcodes()->dynamic_css( $args ); } - $output = ob_get_contents(); - ob_end_clean(); + $output = ob_get_clean(); return $output; + } + + + /** + * Check if a legitimate password reset request is in action + * + * @return bool + */ + function is_reset_request() { + if ( um_is_core_page( 'password-reset' ) && isset( $_POST['_um_password_reset'] ) == 1 ) { + return true; + } + + return false; + } + + + /** + * Check if a legitimate password change request is in action + * + * + * @return bool + */ + function is_change_request() { + if ( um_is_core_page( 'account' ) && isset( $_POST['_um_account'] ) == 1 & isset( $_POST['_um_account_tab'] ) == 'password' ) { + return true; + } elseif ( isset( $_POST['_um_password_change'] ) && $_POST['_um_password_change'] == 1 ) { + return true; + } + + return false; + } + + + /** + * Password page form + */ + function form_init() { + if ( um_is_core_page( 'password-reset' ) ) { + UM()->fields()->set_mode = 'password'; + } + + if ( um_is_core_page( 'password-reset' ) && isset( $_REQUEST['act'] ) && $_REQUEST['act'] == 'reset_password' ) { + list( $rp_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) ); + $rp_cookie = 'wp-resetpass-' . COOKIEHASH; + if ( isset( $_GET['hash'] ) ) { + $userdata = get_userdata( wp_unslash( $_GET['user_id'] ) ); + if ( ! $userdata || is_wp_error( $userdata ) ) { + wp_redirect( add_query_arg( array( 'act' => 'reset_password', 'error' => 'invalidkey' ), get_permalink() ) ); + exit; + } + $rp_login = $userdata->user_login; + $value = sprintf( '%s:%s', $rp_login, wp_unslash( $_GET['hash'] ) ); + setcookie( $rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true ); + wp_safe_redirect( remove_query_arg( array( 'hash', 'user_id' ) ) ); + exit; + } + + if ( isset( $_COOKIE[ $rp_cookie ] ) && 0 < strpos( $_COOKIE[ $rp_cookie ], ':' ) ) { + list( $rp_login, $rp_key ) = explode( ':', wp_unslash( $_COOKIE[ $rp_cookie ] ), 2 ); + $user = check_password_reset_key( $rp_key, $rp_login ); + } else { + $user = false; + } + + if ( ! $user || is_wp_error( $user ) ) { + setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true ); + if ( $user && $user->get_error_code() === 'expired_key' ) { + wp_redirect( add_query_arg( array( 'updated' => 'expiredkey' ), get_permalink() ) ); + } else { + wp_redirect( add_query_arg( array( 'updated' => 'invalidkey' ), get_permalink() ) ); + } + exit; + } + + $this->change_password = true; + } + + if ( $this->is_reset_request() ) { + + UM()->form()->post_form = $_POST; + + if ( empty( UM()->form()->post_form['mode'] ) ) { + UM()->form()->post_form['mode'] = 'password'; + } + + /** + * UM hook + * + * @type action + * @title um_reset_password_errors_hook + * @description Action on reset password submit form + * @input_vars + * [{"var":"$post","type":"array","desc":"Form submitted"}] + * @change_log + * ["Since: 2.0"] + * @usage add_action( 'um_reset_password_errors_hook', 'function_name', 10, 1 ); + * @example + * + */ + do_action( 'um_reset_password_errors_hook', UM()->form()->post_form ); + + if ( ! isset( UM()->form()->errors ) ) { + + /** + * UM hook + * + * @type action + * @title um_reset_password_process_hook + * @description Action on reset password success submit form + * @input_vars + * [{"var":"$post","type":"array","desc":"Form submitted"}] + * @change_log + * ["Since: 2.0"] + * @usage add_action( 'um_reset_password_process_hook', 'function_name', 10, 1 ); + * @example + * + */ + do_action( 'um_reset_password_process_hook', UM()->form()->post_form ); + + } + + } + + if ( $this->is_change_request() ) { + + UM()->form()->post_form = $_POST; + + /** + * UM hook + * + * @type action + * @title um_change_password_errors_hook + * @description Action on change password submit form + * @input_vars + * [{"var":"$post","type":"array","desc":"Form submitted"}] + * @change_log + * ["Since: 2.0"] + * @usage add_action( 'um_change_password_errors_hook', 'function_name', 10, 1 ); + * @example + * + */ + do_action( 'um_change_password_errors_hook', UM()->form()->post_form ); + + if ( ! isset( UM()->form()->errors ) ) { + + /** + * UM hook + * + * @type action + * @title um_change_password_process_hook + * @description Action on change password success submit form + * @input_vars + * [{"var":"$post","type":"array","desc":"Form submitted"}] + * @change_log + * ["Since: 2.0"] + * @usage add_action( 'um_change_password_process_hook', 'function_name', 10, 1 ); + * @example + * + */ + do_action( 'um_change_password_process_hook', UM()->form()->post_form ); + + } + + } + } + + + /** + * Error handler: reset password + * + * @param $args + */ + function um_reset_password_errors_hook( $args ) { + + if ( $_POST[ UM()->honeypot ] != '' ) + wp_die('Hello, spam bot!','ultimate-member'); + + $user = ""; + + foreach ( $_POST as $key => $val ) { + if( strstr( $key, "username_b") ){ + $user = trim( $val ); + } + } + + if ( empty( $user ) ) { + UM()->form()->add_error('username_b', __('Please provide your username or email','ultimate-member') ); + } + + if ( ( !is_email( $user ) && !username_exists( $user ) ) || ( is_email( $user ) && !email_exists( $user ) ) ) { + UM()->form()->add_error('username_b', __('We can\'t find an account registered with that address or username','ultimate-member') ); + } else { + + if ( is_email( $user ) ) { + $user_id = email_exists( $user ); + } else { + $user_id = username_exists( $user ); + } + + $attempts = (int)get_user_meta( $user_id, 'password_rst_attempts', true ); + $is_admin = user_can( intval( $user_id ),'manage_options' ); + + if ( UM()->options()->get( 'enable_reset_password_limit' ) ) { // if reset password limit is set + + if ( UM()->options()->get( 'disable_admin_reset_password_limit' ) && $is_admin ) { + // Triggers this when a user has admin capabilities and when reset password limit is disabled for admins + } else { + $limit = UM()->options()->get( 'reset_password_limit_number' ); + if ( $attempts >= $limit ) { + UM()->form()->add_error('username_b', __('You have reached the limit for requesting password change for this user already. Contact support if you cannot open the email','ultimate-member') ); + } else { + update_user_meta( $user_id, 'password_rst_attempts', $attempts + 1 ); + } + } + + } + } } + + /** + * Process a new request + * + * @param $args + */ + function um_reset_password_process_hook( $args ) { + $user = null; + + foreach ( $_POST as $key => $val ) { + if ( strstr( $key, "username_b" ) ) { + $user = trim( $val ); + } + } + + if ( username_exists( $user ) ) { + $data = get_user_by( 'login', $user ); + } elseif ( email_exists( $user ) ) { + $data = get_user_by( 'email', $user ); + } + + um_fetch_user( $data->ID ); + + UM()->user()->password_reset(); + + exit( wp_redirect( um_get_core_page('password-reset', 'checkemail' ) ) ); + } + + + /** + * Error handler: changing password + * + * @param $args + */ + function um_change_password_errors_hook( $args ) { + if ( isset( $_POST[ UM()->honeypot ] ) && $_POST[ UM()->honeypot ] != '' ){ + wp_die('Hello, spam bot!','ultimate-member'); + } + + $reset_pass_hash = ''; + if ( isset( $_REQUEST['act'] ) && $_REQUEST['act'] == 'reset_password' && um_is_core_page( 'password-reset' ) ) { + $reset_pass_hash = get_user_meta( $args['user_id'], 'reset_pass_hash', true ); + } + + if ( ! is_user_logged_in() && isset( $args ) && ! um_is_core_page( 'password-reset' ) || + is_user_logged_in() && isset( $args['user_id'] ) && $args['user_id'] != get_current_user_id() || + !is_user_logged_in() && isset( $_REQUEST['hash'] ) && $reset_pass_hash != $_REQUEST['hash'] && um_is_core_page('password-reset') + ){ + wp_die( __( 'This is not possible for security reasons.','ultimate-member') ); + } + + if ( isset( $args['user_password'] ) && empty( $args['user_password'] ) ) { + UM()->form()->add_error('user_password', __('You must enter a new password','ultimate-member') ); + } + + if ( UM()->options()->get( 'reset_require_strongpass' ) ) { + + if ( strlen( utf8_decode( $args['user_password'] ) ) < 8 ) { + UM()->form()->add_error('user_password', __('Your password must contain at least 8 characters','ultimate-member') ); + } + + if ( strlen( utf8_decode( $args['user_password'] ) ) > 30 ) { + UM()->form()->add_error('user_password', __('Your password must contain less than 30 characters','ultimate-member') ); + } + + if ( ! UM()->validation()->strong_pass( $args['user_password'] ) ) { + UM()->form()->add_error('user_password', __('Your password must contain at least one lowercase letter, one capital letter and one number','ultimate-member') ); + } + + } + + if ( isset( $args['confirm_user_password'] ) && empty( $args['confirm_user_password'] ) ) { + UM()->form()->add_error('confirm_user_password', __('You must confirm your new password','ultimate-member') ); + } + + if ( isset( $args['user_password'] ) && isset( $args['confirm_user_password'] ) && $args['user_password'] != $args['confirm_user_password'] ) { + UM()->form()->add_error('confirm_user_password', __('Your passwords do not match','ultimate-member') ); + } + + } + + + /** + * Process a change request + * + * @param $args + */ + function um_change_password_process_hook( $args ) { + extract( $args ); + + //wp_set_password( $args['user_password'], $args['user_id'] ); + + //delete_user_meta( $args['user_id'], 'reset_pass_hash'); + //delete_user_meta( $args['user_id'], 'reset_pass_hash_token'); + + /** + * UM hook + * + * @type action + * @title um_after_changing_user_password + * @description Hook that runs after user change their password + * @input_vars + * [{"var":"$user_id","type":"int","desc":"User ID"}] + * @change_log + * ["Since: 2.0"] + * @usage add_action( 'um_after_changing_user_password', 'function_name', 10, 1 ); + * @example + * + */ + do_action( 'um_after_changing_user_password', $args['user_id'] ); + + $user = get_userdata( $args['user_id'] ); + $errors = new \WP_Error(); + /** + * Fires before the password reset procedure is validated. + * + * @since 3.5.0 + * + * @param object $errors WP Error object. + * @param \WP_User|\WP_Error $user WP_User object if the login and reset key match. WP_Error object otherwise. + */ + do_action( 'validate_password_reset', $errors, $user ); + + list( $rp_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) ); + $rp_cookie = 'wp-resetpass-' . COOKIEHASH; + + if ( ( ! $errors->get_error_code() ) ) { + reset_password( $user, $args['user_password'] ); + setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true ); + delete_user_meta( $args['user_id'], 'password_rst_attempts' ); + + if ( is_user_logged_in() ) { + wp_logout(); + } + + exit( wp_redirect( um_get_core_page('login', 'password_changed' ) ) ); + } + } } } \ No newline at end of file diff --git a/includes/core/class-user.php b/includes/core/class-user.php index ebb8fa9c..f6b4502a 100644 --- a/includes/core/class-user.php +++ b/includes/core/class-user.php @@ -1135,15 +1135,6 @@ if ( ! class_exists( 'um\core\User' ) ) { } - /** - * Set user's hash for password reset - */ - function password_reset_hash() { - $this->profile['reset_pass_hash'] = UM()->validation()->generate(); - $this->update_usermeta_info('reset_pass_hash'); - } - - /** * Set user's hash */ @@ -1194,7 +1185,8 @@ if ( ! class_exists( 'um\core\User' ) ) { * Password reset email */ function password_reset() { - $this->password_reset_hash(); + $userdata = get_userdata( um_user('ID') ); + get_password_reset_key( $userdata ); UM()->mail()->send( um_user('user_email'), 'resetpw_email' ); } @@ -1227,11 +1219,13 @@ if ( ! class_exists( 'um\core\User' ) ) { delete_option( "um_cache_userdata_{$user_id}" ); if ( um_user('account_status') == 'awaiting_admin_review' ) { - $this->password_reset_hash(); + $userdata = get_userdata( $user_id ); + get_password_reset_key( $userdata ); UM()->mail()->send( um_user('user_email'), 'approved_email' ); } else { - $this->password_reset_hash(); + $userdata = get_userdata( $user_id ); + get_password_reset_key( $userdata ); UM()->mail()->send( um_user('user_email'), 'welcome_email'); } diff --git a/includes/core/um-actions-account.php b/includes/core/um-actions-account.php index 7470f2bf..11965dfe 100644 --- a/includes/core/um-actions-account.php +++ b/includes/core/um-actions-account.php @@ -149,8 +149,14 @@ function um_submit_account_details( $args ) { $args['user_id'] = um_user('ID'); + UM()->user()->password_changed(); + do_action( 'send_password_change_email', $args ); + //clear all sessions with old passwords + $user = WP_Session_Tokens::get_instance( um_user( 'ID' ) ); + $user->destroy_all(); + wp_set_password( $changes['user_pass'], um_user( 'ID' ) ); wp_signon( array( 'user_login' => um_user( 'user_login' ), 'user_password' => $changes['user_pass'] ) ); diff --git a/includes/core/um-actions-password.php b/includes/core/um-actions-password.php deleted file mode 100644 index 041153e8..00000000 --- a/includes/core/um-actions-password.php +++ /dev/null @@ -1,342 +0,0 @@ - $val ) { - if( strstr( $key, "username_b") ){ - $user = trim( $val ); - } - } - - if ( username_exists( $user ) ) { - $data = get_user_by( 'login', $user ); - $user_email = $data->user_email; - } else if( email_exists( $user ) ) { - $data = get_user_by( 'email', $user ); - $user_email = $user; - } - - UM()->password()->reset_request['user_id'] = $data->ID; - UM()->password()->reset_request['user_email'] = $user_email; - - um_fetch_user( $data->ID ); - - UM()->user()->password_reset(); - - um_reset_user(); - -} -add_action( 'um_reset_password_process_hook', 'um_reset_password_process_hook' ); - - -/** - * Process a change request - * - * @param $args - */ -function um_change_password_process_hook( $args ) { - extract( $args ); - - wp_set_password( $args['user_password'], $args['user_id'] ); - - delete_user_meta( $args['user_id'], 'reset_pass_hash'); - delete_user_meta( $args['user_id'], 'reset_pass_hash_token'); - delete_user_meta( $args['user_id'], 'password_rst_attempts'); - - /** - * UM hook - * - * @type action - * @title um_after_changing_user_password - * @description Hook that runs after user change their password - * @input_vars - * [{"var":"$user_id","type":"int","desc":"User ID"}] - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_after_changing_user_password', 'function_name', 10, 1 ); - * @example - * - */ - do_action( 'um_after_changing_user_password', $args['user_id'] ); - - - if ( is_user_logged_in() ) { - wp_logout(); - } - - exit( wp_redirect( um_get_core_page('login', 'password_changed') ) ); -} -add_action( 'um_change_password_process_hook','um_change_password_process_hook' ); - - -/** - * Overrides password changed notification - * - * @param $args - * - * @return bool - */ -function um_send_password_change_email( $args ) { - - if ( ! is_array( $args ) ) - return false; - - /** - * @var $user_id - */ - extract( $args ); - - if ( ! isset( $user_id ) ) - return false; - - um_fetch_user( $user_id ); - - UM()->user()->password_changed(); - - um_reset_user(); - - return false; -} -add_action( 'send_password_change_email','um_send_password_change_email', 10, 1 ); - - -/** - * This is executed after changing password - * - * @param $user_id - */ -function um_after_changing_user_password( $user_id ) { - -} -add_action( 'um_after_changing_user_password', 'um_after_changing_user_password' ); - - -/** - * Error handler: reset password - * - * @param $args - */ -function um_reset_password_errors_hook( $args ) { - - if ( $_POST[ UM()->honeypot ] != '' ) - wp_die('Hello, spam bot!','ultimate-member'); - - $user = ""; - - foreach ( $_POST as $key => $val ) { - if( strstr( $key, "username_b") ){ - $user = trim( $val ); - } - } - - if ( empty( $user ) ) { - UM()->form()->add_error('username_b', __('Please provide your username or email','ultimate-member') ); - } - - if ( ( !is_email( $user ) && !username_exists( $user ) ) || ( is_email( $user ) && !email_exists( $user ) ) ) { - UM()->form()->add_error('username_b', __('We can\'t find an account registered with that address or username','ultimate-member') ); - } else { - - if ( is_email( $user ) ) { - $user_id = email_exists( $user ); - } else { - $user_id = username_exists( $user ); - } - - $attempts = (int)get_user_meta( $user_id, 'password_rst_attempts', true ); - $is_admin = user_can( intval( $user_id ),'manage_options' ); - - if ( UM()->options()->get( 'enable_reset_password_limit' ) ) { // if reset password limit is set - - if ( UM()->options()->get( 'disable_admin_reset_password_limit' ) && $is_admin ) { - // Triggers this when a user has admin capabilities and when reset password limit is disabled for admins - } else { - $limit = UM()->options()->get( 'reset_password_limit_number' ); - if ( $attempts >= $limit ) { - UM()->form()->add_error('username_b', __('You have reached the limit for requesting password change for this user already. Contact support if you cannot open the email','ultimate-member') ); - } else { - update_user_meta( $user_id, 'password_rst_attempts', $attempts + 1 ); - } - } - - } - } - -} -add_action( 'um_reset_password_errors_hook', 'um_reset_password_errors_hook' ); - - -/** - * Error handler: changing password - * - * @param $args - */ -function um_change_password_errors_hook( $args ) { - if ( isset( $_POST[ UM()->honeypot ] ) && $_POST[ UM()->honeypot ] != '' ){ - wp_die('Hello, spam bot!','ultimate-member'); - } - - $reset_pass_hash = ''; - - if( isset( $_REQUEST['act'] ) && $_REQUEST['act'] == 'reset_password' && um_is_core_page('password-reset') ){ - $reset_pass_hash = get_user_meta( $args['user_id'], 'reset_pass_hash', true ); - - } - - if( !is_user_logged_in() && isset( $args ) && ! um_is_core_page('password-reset') || - is_user_logged_in() && isset( $args['user_id'] ) && $args['user_id'] != get_current_user_id() || - !is_user_logged_in() && isset( $_REQUEST['hash'] ) && $reset_pass_hash != $_REQUEST['hash'] && um_is_core_page('password-reset') - ){ - wp_die( __( 'This is not possible for security reasons.','ultimate-member') ); - } - - if ( isset( $args['user_password'] ) && empty( $args['user_password'] ) ) { - UM()->form()->add_error('user_password', __('You must enter a new password','ultimate-member') ); - } - - if ( UM()->options()->get( 'reset_require_strongpass' ) ) { - - if ( strlen( utf8_decode( $args['user_password'] ) ) < 8 ) { - UM()->form()->add_error('user_password', __('Your password must contain at least 8 characters','ultimate-member') ); - } - - if ( strlen( utf8_decode( $args['user_password'] ) ) > 30 ) { - UM()->form()->add_error('user_password', __('Your password must contain less than 30 characters','ultimate-member') ); - } - - if ( ! UM()->validation()->strong_pass( $args['user_password'] ) ) { - UM()->form()->add_error('user_password', __('Your password must contain at least one lowercase letter, one capital letter and one number','ultimate-member') ); - } - - } - - if ( isset( $args['confirm_user_password'] ) && empty( $args['confirm_user_password'] ) ) { - UM()->form()->add_error('confirm_user_password', __('You must confirm your new password','ultimate-member') ); - } - - if ( isset( $args['user_password'] ) && isset( $args['confirm_user_password'] ) && $args['user_password'] != $args['confirm_user_password'] ) { - UM()->form()->add_error('confirm_user_password', __('Your passwords do not match','ultimate-member') ); - } - -} -add_action( 'um_change_password_errors_hook', 'um_change_password_errors_hook' ); - - -/** - * Hidden fields - * - * @param $args - */ -function um_change_password_page_hidden_fields( $args ) { - ?> - - - - - - - - - - builtin()->get_specific_fields('password_reset_text,username_b'); ?> - - $data ) { - $output .= UM()->fields()->edit_field( $key, $data ); - } echo $output; ?> - - - */ - do_action( 'um_after_password_reset_fields', $args ); ?> - -
- -
- -
- -
- - builtin()->get_specific_fields('user_password'); ?> - - $data ) { - $output .= UM()->fields()->edit_field( $key, $data ); - }echo $output; ?> - -
- -
- -
- -
- - files()->upload_baseurl = set_url_scheme( UM()->files()->upload_baseurl ); $uri = UM()->files()->upload_baseurl . um_user( 'ID' ) . '/'; return $uri; +} + +/** + * Check if a legitimate password reset request is in action + * + * @deprecated 2.0.26 + * + * @return bool + */ +function um_requesting_password_reset() { + //um_deprecated_function( 'um_requesting_password_reset', '2.0.26', 'UM()->password()->is_reset_request' ); + + if ( um_is_core_page( 'password-reset' ) && isset( $_POST['_um_password_reset'] ) == 1 ) + return true; + + return false; +} + + +/** + * Check if a legitimate password change request is in action + * + * @deprecated 2.0.26 + * + * @return bool + */ +function um_requesting_password_change() { + //um_deprecated_function( 'um_requesting_password_change', '2.0.26', 'UM()->password()->is_change_request' ); + + if ( um_is_core_page( 'account' ) && isset( $_POST['_um_account'] ) == 1 & isset( $_POST['_um_account_tab'] ) == 'password' ) { + return true; + } elseif ( isset( $_POST['_um_password_change'] ) && $_POST['_um_password_change'] == 1 ) { + return true; + } + + return false; } \ No newline at end of file diff --git a/includes/um-short-functions.php b/includes/um-short-functions.php index 784bbfba..0add7df5 100644 --- a/includes/um-short-functions.php +++ b/includes/um-short-functions.php @@ -1090,36 +1090,6 @@ function um_get_metadefault( $id ) { } -/** - * Check if a legitimate password reset request is in action - * - * @return bool - */ -function um_requesting_password_reset() { - if (um_is_core_page( 'password-reset' ) && isset( $_POST['_um_password_reset'] ) == 1) - return true; - - return false; -} - - -/** - * Check if a legitimate password change request is in action - * - * - * @return bool - */ -function um_requesting_password_change() { - if ( um_is_core_page( 'account' ) && isset( $_POST['_um_account'] ) == 1 & isset( $_POST['_um_account_tab'] ) == 'password' ) { - return true; - } elseif ( isset( $_POST['_um_password_change'] ) && $_POST['_um_password_change'] == 1 ) { - return true; - } - - return false; -} - - /** * boolean for account page editing * diff --git a/readme.txt b/readme.txt index 9da98c96..340af37f 100644 --- a/readme.txt +++ b/readme.txt @@ -137,6 +137,8 @@ The plugin works with popular caching plugins by automatically excluding Ultimat - File/Image email placeholders after registration form submitting - File/Image forms fields values on submit/edit - Fixed multisite file/image upload process + - Fixed clearing old user sessions after the changing a password + - Made reset password process via WP native functions = 2.0.25: August 20, 2018 = diff --git a/templates/password-change.php b/templates/password-change.php index 267ac462..f18b853a 100644 --- a/templates/password-change.php +++ b/templates/password-change.php @@ -3,74 +3,93 @@
- - password()->reset_request ) ) { + + + - /** - * UM hook - * - * @type action - * @title um_change_password_page_hidden_fields - * @description Password change hidden fields - * @input_vars - * [{"var":"$args","type":"array","desc":"Password change shortcode arguments"}] - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_change_password_page_hidden_fields', 'function_name', 10, 1 ); - * @example - * - */ - do_action( 'um_change_password_page_hidden_fields', $args ); + + */ + do_action( 'um_change_password_page_hidden_fields', $args ); - /** - * UM hook - * - * @type action - * @title um_change_password_form - * @description Password change form content - * @input_vars - * [{"var":"$args","type":"array","desc":"Password change shortcode arguments"}] - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_change_password_form', 'function_name', 10, 1 ); - * @example - * - */ - do_action( 'um_change_password_form', $args ); + $fields = UM()->builtin()->get_specific_fields( 'user_password' ); - /** - * UM hook - * - * @type action - * @title um_after_form_fields - * @description Password change after form content - * @input_vars - * [{"var":"$args","type":"array","desc":"Password change shortcode arguments"}] - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_after_form_fields', 'function_name', 10, 1 ); - * @example - * - */ - do_action( "um_after_form_fields", $args ); - - } ?> + $output = null; + foreach ( $fields as $key => $data ) { + $output .= UM()->fields()->edit_field( $key, $data ); + } + echo $output; ?> +
+ +
+ +
+ +
+ +
+ + + */ + do_action( 'um_change_password_form', $args ); + + /** + * UM hook + * + * @type action + * @title um_after_form_fields + * @description Password change after form content + * @input_vars + * [{"var":"$args","type":"array","desc":"Password change shortcode arguments"}] + * @change_log + * ["Since: 2.0"] + * @usage add_action( 'um_after_form_fields', 'function_name', 10, 1 ); + * @example + * + */ + do_action( "um_after_form_fields", $args ); ?>
\ No newline at end of file diff --git a/templates/password-reset.php b/templates/password-reset.php index 854669e9..ee79919d 100644 --- a/templates/password-reset.php +++ b/templates/password-reset.php @@ -1,13 +1,19 @@
-
-
- - password()->reset_request ) ) { + +
+
+
+ +
+
+
+ + + + +
+
+
+ +
+
+
+ +
+
+
+ +
+
+
+ builtin()->get_specific_fields( 'username_b' ); + + $output = null; + foreach ( $fields as $key => $data ) { + $output .= UM()->fields()->edit_field( $key, $data ); + } + echo $output; + + /** + * UM hook + * + * @type action + * @title um_after_password_reset_fields + * @description Hook that runs after user reset their password + * @input_vars + * [{"var":"$args","type":"array","desc":"Form data"}] + * @change_log + * ["Since: 2.0"] + * @usage add_action( 'um_after_password_reset_fields', 'function_name', 10, 1 ); + * @example + * + */ + do_action( 'um_after_password_reset_fields', $args ); ?> + +
+ +
+ +
+ +
+ +
+ + */ do_action( "um_after_form_fields", $args ); - - } else { ?> - -
-

-
- - - + } ?>
\ No newline at end of file