From f026f44323d37d9dfdf4bda20a6fefd8d0cbc2ce Mon Sep 17 00:00:00 2001
From: Mykyta Synelnikov <nsinelnikov.work@gmail.com>
Date: Thu, 18 Jan 2024 11:30:49 +0200
Subject: [PATCH] - reviewed #1428;

---
 includes/core/class-password.php   |  4 +-
 includes/core/class-permalinks.php | 10 ++++-
 includes/core/um-actions-core.php  |  3 +-
 templates/password-change.php      | 67 ++++++++++++------------------
 4 files changed, 40 insertions(+), 44 deletions(-)

diff --git a/includes/core/class-password.php b/includes/core/class-password.php
index b76de3b5..77f4c5cb 100644
--- a/includes/core/class-password.php
+++ b/includes/core/class-password.php
@@ -608,8 +608,8 @@ if ( ! class_exists( 'um\core\Password' ) ) {
 					}
 					$this->setcookie( $rp_cookie, false );
 
-					$password_generated = get_user_meta( $user->ID, 'um_set_password_required', true );
-					if ( ! empty( $password_generated ) ) {
+					$set_password_required = get_user_meta( $user->ID, 'um_set_password_required', true );
+					if ( ! empty( $set_password_required ) ) {
 						delete_user_meta( $user->ID, 'um_set_password_required' );
 					}
 
diff --git a/includes/core/class-permalinks.php b/includes/core/class-permalinks.php
index 48779ce8..5d66a799 100644
--- a/includes/core/class-permalinks.php
+++ b/includes/core/class-permalinks.php
@@ -125,8 +125,14 @@ if ( ! class_exists( 'um\core\Permalinks' ) ) {
 					wp_die( __( 'This activation link is expired.', 'ultimate-member' ) );
 				}
 
+				$redirect              = um_get_core_page( 'login', 'account_active' );
+				$set_password_required = get_user_meta( $user_id, 'um_set_password_required', true );
+
 				um_fetch_user( $user_id );
 				UM()->user()->approve();
+				if ( ! empty( $set_password_required ) ) {
+					$redirect = um_user( 'password_reset_link' );
+				}
 				um_reset_user();
 
 				$user_role = UM()->roles()->get_priority_user_role( $user_id );
@@ -167,7 +173,9 @@ if ( ! class_exists( 'um\core\Permalinks' ) ) {
 				 */
 				do_action( 'um_after_email_confirmation', $user_id );
 
-				$redirect = empty( $user_role_data['url_email_activate'] ) ? um_get_core_page( 'login', 'account_active' ) : trim( $user_role_data['url_email_activate'] ); // Role setting "URL redirect after e-mail activation"
+				if ( empty( $set_password_required ) ) {
+					$redirect = empty( $user_role_data['url_email_activate'] ) ? um_get_core_page( 'login', 'account_active' ) : trim( $user_role_data['url_email_activate'] ); // Role setting "URL redirect after e-mail activation"
+				}
 				$redirect = apply_filters( 'um_after_email_confirmation_redirect', $redirect, $user_id, $login );
 
 				exit( wp_redirect( $redirect ) );
diff --git a/includes/core/um-actions-core.php b/includes/core/um-actions-core.php
index 9c195a81..8779fafc 100644
--- a/includes/core/um-actions-core.php
+++ b/includes/core/um-actions-core.php
@@ -100,10 +100,11 @@ function um_action_request_process() {
 				wp_die( esc_html__( 'You do not have permission to make this action.', 'ultimate-member' ) );
 			}
 
+			um_fetch_user( $uid );
+
 			add_filter( 'um_template_tags_patterns_hook', array( UM()->password(), 'add_placeholder' ), 10, 1 );
 			add_filter( 'um_template_tags_replaces_hook', array( UM()->password(), 'add_replace_placeholder' ), 10, 1 );
 
-			um_fetch_user( $uid );
 			UM()->user()->approve();
 			exit( wp_redirect( UM()->permalinks()->get_current_url( true ) ) );
 			break;
diff --git a/templates/password-change.php b/templates/password-change.php
index 98c6e3b7..6ad5b9c1 100644
--- a/templates/password-change.php
+++ b/templates/password-change.php
@@ -8,18 +8,16 @@
  *
  * @version 2.8.3
  *
- * @var string $rp_mode
- * @var string $mode
- * @var string $rp_key
- * @var int    $form_id
- * @var array  $args
+ * @var string $rp_mode 'pw_set' or 'pw_change' for display it differently.
+ * @var string $rp_key  Reset password key.
+ * @var array  $args    Change password arguments
  */
 if ( ! defined( 'ABSPATH' ) ) {
 	exit;
 }
 ?>
 
-<div class="um <?php echo esc_attr( $this->get_class( $mode ) ); ?> um-<?php echo esc_attr( $form_id ); ?>">
+<div class="um <?php echo esc_attr( $this->get_class( 'password' ) ); ?> um-um_password_id">
 
 	<div class="um-form">
 
@@ -30,23 +28,18 @@ if ( ! defined( 'ABSPATH' ) ) {
 
 			<?php
 			/**
-			 * UM hook
+			 * Fires at the start of the password change form. Just after hiddens.
 			 *
-			 * @type action
-			 * @title um_change_password_page_hidden_fields
-			 * @description Password change hidden fields
-			 * @input_vars
-			 * [{"var":"$args","type":"array","desc":"Password change shortcode arguments"}]
-			 * @change_log
-			 * ["Since: 2.0"]
-			 * @usage add_action( 'um_change_password_page_hidden_fields', 'function_name', 10, 1 );
-			 * @example
-			 * <?php
-			 * add_action( 'um_change_password_page_hidden_fields', 'my_change_password_page_hidden_fields', 10, 1 );
-			 * function my_change_password_page_hidden_fields( $args ) {
-			 *     // your code here
+			 * @since 1.3.x
+			 * @hook um_change_password_page_hidden_fields
+			 *
+			 * @param {array} $cp_args Change password form arguments.
+			 *
+			 * @example <caption>Add hidden field at the start of the change password form.</caption>
+			 * function my_custom_change_password_page_hidden_fields( $cp_args ) {
+			 *     echo '<input type="hidden" name="my_custom_cp_input" value="1" />'
 			 * }
-			 * ?>
+			 * add_action( 'um_change_password_page_hidden_fields', 'my_custom_change_password_page_hidden_fields' );
 			 */
 			do_action( 'um_change_password_page_hidden_fields', $args );
 
@@ -58,11 +51,12 @@ if ( ! defined( 'ABSPATH' ) ) {
 			foreach ( $fields as $key => $data ) {
 				$output .= UM()->fields()->edit_field( $key, $data );
 			}
-			echo wp_kses( $output, UM()->get_allowed_html( 'templates' ) );
+			if ( $output ) {
+				echo wp_kses( $output, UM()->get_allowed_html( 'templates' ) );
+			}
 			?>
 
 			<div class="um-col-alt um-col-alt-b">
-
 				<div class="um-center">
 					<?php if ( 'pw_set' === $rp_mode ) { ?>
 						<input type="submit" value="<?php esc_attr_e( 'Set password', 'ultimate-member' ); ?>" class="um-button" id="um-submit-btn" />
@@ -72,29 +66,22 @@ if ( ! defined( 'ABSPATH' ) ) {
 				</div>
 
 				<div class="um-clear"></div>
-
 			</div>
 
 			<?php
-
 			/**
-			 * UM hook
+			 * Fires at the end of the password change form.
 			 *
-			 * @type action
-			 * @title um_change_password_form
-			 * @description Password change form content
-			 * @input_vars
-			 * [{"var":"$args","type":"array","desc":"Password change shortcode arguments"}]
-			 * @change_log
-			 * ["Since: 2.0"]
-			 * @usage add_action( 'um_change_password_form', 'function_name', 10, 1 );
-			 * @example
-			 * <?php
-			 * add_action( 'um_change_password_form', 'my_change_password_form', 10, 1 );
-			 * function my_change_password_form( $args ) {
-			 *     // your code here
+			 * @since 1.3.x
+			 * @hook um_change_password_form
+			 *
+			 * @param {array} $cp_args Change password form arguments.
+			 *
+			 * @example <caption>Add hidden field at the start of the change password form.</caption>
+			 * function my_custom_change_password_form( $cp_args ) {
+			 *     echo '<input type="hidden" name="my_custom_cp_input" value="1" />'
 			 * }
-			 * ?>
+			 * add_action( 'um_change_password_form', 'my_custom_change_password_form' );
 			 */
 			do_action( 'um_change_password_form', $args );
 			/** This action is documented in includes/core/um-actions-profile.php */