diff --git wp-login.php wp-login.php
index 268d2b3..0b5a061 100644
|
|
function retrieve_password() { |
271 | 271 | global $wpdb, $wp_hasher; |
272 | 272 | |
273 | 273 | $errors = new WP_Error(); |
| 274 | $current_time = time(); |
274 | 275 | |
275 | 276 | if ( empty( $_POST['user_login'] ) ) { |
276 | 277 | $errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or e-mail address.')); |
… |
… |
function retrieve_password() { |
283 | 284 | $user_data = get_user_by('login', $login); |
284 | 285 | } |
285 | 286 | |
| 287 | // Check if more than 5 password reset requests are made within 24 hours |
| 288 | $user_pass_requests = get_user_meta($user_data->ID, 'pass_requests', TRUE ); |
| 289 | |
| 290 | if ( empty( $user_pass_requests ) || is_null( $user_pass_requests ) || !is_array( $user_pass_requests ) ) |
| 291 | $user_pass_requests = array( 'count' => 0, 'recent' => 0 ); |
| 292 | |
| 293 | if ( ( $user_pass_requests['count'] >= 5 ) && ( $current_time - $user_pass_requests['recent'] < 86400 ) ) |
| 294 | $errors->add('request_exceeds', __('<strong>ERROR</strong>: You have exceeded password reset requests allowed in a today. Please try again after 24 hours')); |
| 295 | |
286 | 296 | /** |
287 | 297 | * Fires before errors are returned from a password reset request. |
288 | 298 | * |
… |
… |
function retrieve_password() { |
356 | 366 | $hashed = $wp_hasher->HashPassword( $key ); |
357 | 367 | $wpdb->update( $wpdb->users, array( 'user_activation_key' => $hashed ), array( 'user_login' => $user_login ) ); |
358 | 368 | |
| 369 | $user_pass_requests['count'] += 1; |
| 370 | if ( $user_pass_requests['recent'] == 0 ) |
| 371 | $user_pass_requests['recent'] = $current_time; |
| 372 | update_user_meta( $user_data->ID, 'pass_requests', $user_pass_requests ); |
| 373 | |
359 | 374 | $message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n"; |
360 | 375 | $message .= network_home_url( '/' ) . "\r\n\r\n"; |
361 | 376 | $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n"; |
… |
… |
case 'rp' : |
595 | 610 | exit; |
596 | 611 | } |
597 | 612 | |
| 613 | update_user_meta( $user->ID, 'pass_requests', array( 'count' => 0, 'recent' => 0 ) ); |
| 614 | |
598 | 615 | wp_enqueue_script('utils'); |
599 | 616 | wp_enqueue_script('user-profile'); |
600 | 617 | |