WordPress.org

Make WordPress Core

Ticket #12682: wp-login.php.diff

File wp-login.php.diff, 2.0 KB (added by VarunAgw, 7 years ago)

Patch Update #1 - Ignore earlier

  • wp-login.php

    diff --git wp-login.php wp-login.php
    index 268d2b3..0b5a061 100644
    function retrieve_password() { 
    271271        global $wpdb, $wp_hasher;
    272272
    273273        $errors = new WP_Error();
     274        $current_time = time();
    274275
    275276        if ( empty( $_POST['user_login'] ) ) {
    276277                $errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or e-mail address.'));
    function retrieve_password() { 
    283284                $user_data = get_user_by('login', $login);
    284285        }
    285286
     287        // Check if more than 5 password reset requests are made within 24 hours
     288        $user_pass_requests = get_user_meta($user_data->ID, 'pass_requests', TRUE );
     289
     290        if ( empty( $user_pass_requests ) || is_null( $user_pass_requests ) || !is_array( $user_pass_requests )  )
     291                $user_pass_requests = array( 'count' => 0, 'recent' => 0 );
     292
     293        if ( ( $user_pass_requests['count'] >= 5 ) && ( $current_time - $user_pass_requests['recent'] < 86400 ) )
     294                $errors->add('request_exceeds', __('<strong>ERROR</strong>: You have exceeded password reset requests allowed in a today. Please try again after 24 hours'));
     295
    286296        /**
    287297         * Fires before errors are returned from a password reset request.
    288298         *
    function retrieve_password() { 
    356366        $hashed = $wp_hasher->HashPassword( $key );
    357367        $wpdb->update( $wpdb->users, array( 'user_activation_key' => $hashed ), array( 'user_login' => $user_login ) );
    358368
     369        $user_pass_requests['count'] += 1;
     370        if ( $user_pass_requests['recent'] == 0 )
     371                $user_pass_requests['recent'] = $current_time;
     372        update_user_meta( $user_data->ID, 'pass_requests', $user_pass_requests );
     373
    359374        $message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n";
    360375        $message .= network_home_url( '/' ) . "\r\n\r\n";
    361376        $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
    case 'rp' : 
    595610                exit;
    596611        }
    597612
     613        update_user_meta( $user->ID, 'pass_requests', array( 'count' => 0, 'recent' => 0 ) );
     614
    598615        wp_enqueue_script('utils');
    599616        wp_enqueue_script('user-profile');
    600617