Skip to:
Content

BuddyPress.org

Changeset 3524


Ignore:
Timestamp:
12/11/2010 01:38:11 PM (14 years ago)
Author:
boonebgorges
Message:

Adds password verification before an email address or password change on the General Settings screen. Fixes #2517. Props nuprn1 and r-a-y

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/bp-core/bp-core-settings.php

    r3518 r3524  
    3232
    3333function bp_core_screen_general_settings() {
    34     global $current_user, $bp_settings_updated, $pass_error;
     34    global $current_user, $bp_settings_updated, $pass_error, $email_error, $pwd_error;
    3535
    3636    $bp_settings_updated = false;
    3737    $pass_error = false;
     38    $email_error = false;
     39    $pwd_error = false;
    3840
    3941    if ( isset($_POST['submit']) ) {
     
    4345
    4446        // Form has been submitted and nonce checks out, lets do it.
    45 
    46         if ( $_POST['email'] != '' )
    47             $current_user->user_email = esc_html( trim( $_POST['email'] ) );
    48 
    49         if ( $_POST['pass1'] != '' && $_POST['pass2'] != '' ) {
    50             if ( $_POST['pass1'] == $_POST['pass2'] && !strpos( " " . $_POST['pass1'], "\\" ) )
    51                 $current_user->user_pass = $_POST['pass1'];
    52             else
    53                 $pass_error = true;
    54         } else if ( empty( $_POST['pass1'] ) && !empty( $_POST['pass2'] ) || !empty( $_POST['pass1'] ) && empty( $_POST['pass2'] ) ) {
    55             $pass_error = true;
    56         } else {
    57             unset( $current_user->user_pass );
    58         }
    59 
    60         if ( !$pass_error && wp_update_user( get_object_vars( $current_user ) ) )
    61             $bp_settings_updated = true;
    62            
     47       
     48        // Validate the user again for the current password when making a big change
     49        if ( !empty( $_POST['pwd'] ) && $_POST['pwd'] != '' && wp_check_password($_POST['pwd'], $current_user->user_pass, $current_user->ID) ) {
     50 
     51            // Make sure changing an email address does not already exist
     52            if ( $_POST['email'] != '' ) {
     53 
     54                // What is missing from the profile page vs signup - lets double check the goodies
     55                $user_email = sanitize_email( wp_specialchars( trim( $_POST['email'] ) ) );
     56 
     57                if ( !is_email( $user_email ) )
     58                    $email_error = true;
     59 
     60                $limited_email_domains = get_site_option( 'limited_email_domains', 'buddypress' );
     61 
     62                if ( is_array( $limited_email_domains ) && empty( $limited_email_domains ) == false ) {
     63                    $emaildomain = substr( $user_email, 1 + strpos( $user_email, '@' ) );
     64 
     65                    if ( in_array( $emaildomain, (array)$limited_email_domains ) == false ) {
     66                        $email_error = true;
     67                       
     68                    }
     69                }
     70 
     71                if ( !$email_error && $current_user->user_email != $user_email  ) {
     72               
     73                    //we don't want email dups in the system
     74                    if ( email_exists( $user_email ) )
     75                        $email_error = true;
     76                       
     77                    if (!$email_error)
     78                        $current_user->user_email = $user_email;
     79                }
     80            }
     81 
     82            if ( $_POST['pass1'] != '' && $_POST['pass2'] != '' ) {
     83           
     84                if ( $_POST['pass1'] == $_POST['pass2'] && !strpos( " " . $_POST['pass1'], "\\" ) )
     85                    $current_user->user_pass = $_POST['pass1'];
     86                else
     87                    $pass_error = true;
     88 
     89            } else if ( empty( $_POST['pass1'] ) && !empty( $_POST['pass2'] ) || !empty( $_POST['pass1'] ) && empty( $_POST['pass2'] ) ) {
     90                $pass_error = true;
     91            } else {
     92                unset( $current_user->user_pass );
     93            }
     94 
     95            if ( !$email_error && !$pass_error && wp_update_user( get_object_vars( $current_user ) ) )
     96                $bp_settings_updated = true;
     97           
     98        } else {
     99            $pwd_error = true;
     100        }
     101       
    63102        do_action( 'bp_core_general_settings_after_save' );
    64103    }
     
    75114
    76115function bp_core_screen_general_settings_content() {
    77     global $bp, $current_user, $bp_settings_updated, $pass_error; ?>
     116    global $bp, $current_user, $bp_settings_updated, $pass_error, $pwd_error, $email_error; ?>
    78117
    79118    <?php if ( $bp_settings_updated && !$pass_error ) { ?>
     
    88127        </div>
    89128    <?php } ?>
     129   
     130    <?php if ( $pwd_error && !$bp_settings_updated ) { ?>
     131        <div id="message" class="error fade">
     132            <p><?php _e( 'Your password is incorrect', 'buddypress' ) ?></p>
     133        </div>
     134    <?php } ?>
     135
     136    <?php
     137    if ( $email_error && !$bp_settings_updated ) { ?>
     138        <div id="message" class="error fade">
     139            <p><?php _e( 'Sorry, that email address is already used or is invalid', 'buddypress' ) ?></p>
     140        </div>
     141    <?php } ?>
     142
    90143
    91144    <form action="<?php echo $bp->loggedin_user->domain . BP_SETTINGS_SLUG . '/general' ?>" method="post" class="standard-form" id="settings-form">
     145
     146        <label for="pwd"><?php _e( 'Current Password <span>(required to update email or change current password)</span>', 'buddypress' ) ?></label>
     147        <input type="password" name="pwd" id="pwd" size="16" value="" class="settings-input small" /> &nbsp;<a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a>
     148
    92149        <label for="email"><?php _e( 'Account Email', 'buddypress' ) ?></label>
    93150        <input type="text" name="email" id="email" value="<?php echo esc_attr( $current_user->user_email ); ?>" class="settings-input" />
     
    138195
    139196function bp_core_screen_notification_settings_title() {
    140     echo apply_filters( 'bp_core_notification_settings_title', __( 'Notification Settings', 'buddypress' ) );;
     197    echo apply_filters( 'bp_core_notification_settings_title', __( 'Email Notifications', 'buddypress' ) );;
    141198}
    142199
     
    151208
    152209    <form action="<?php echo $bp->loggedin_user->domain . BP_SETTINGS_SLUG . '/notifications' ?>" method="post" id="settings-form">
    153         <h3><?php _e( 'Email Notifications', 'buddypress' ) ?></h3>
    154210        <p><?php _e( 'Send a notification by email when:', 'buddypress' ) ?></p>
    155211
  • trunk/bp-themes/bp-default/members/single/plugins.php

    r3460 r3524  
    3131                </div><!-- .item-list-tabs -->
    3232
    33                 <?php do_action( 'bp_template_title' ) ?>
     33                <h3><?php do_action( 'bp_template_title' ) ?></h3>
    3434
    3535                <?php do_action( 'bp_template_content' ) ?>
Note: See TracChangeset for help on using the changeset viewer.