WordPress.org

Make WordPress Core

Ticket #20140: 20140.2.diff

File 20140.2.diff, 3.0 KB (added by iandunn, 6 years ago)
  • wp-admin/includes/user.php

     
    4242        if ( !$update && isset( $_POST['user_login'] ) )
    4343                $user->user_login = sanitize_user($_POST['user_login'], true);
    4444
    45         $pass1 = $pass2 = '';
     45        $current_pass = $pass1 = $pass2 = '';
     46        if ( isset( $_POST['current-pass'] ) )
     47                $current_pass = $_POST['current-pass'];
    4648        if ( isset( $_POST['pass1'] ) )
    4749                $pass1 = $_POST['pass1'];
    4850        if ( isset( $_POST['pass2'] ) )
     
    108110        if ( $user->user_login == '' )
    109111                $errors->add( 'user_login', __( '<strong>ERROR</strong>: Please enter a username.' ) );
    110112
     113        /* checking current password has been entered and is correct */
     114        if ( IS_PROFILE_PAGE ) {
     115                $user_data = get_userdata( $user->ID );
     116
     117                if ( $update && ! empty( $pass1 ) && ! empty( $pass2 ) ) {
     118                        if ( ! $current_pass ) {
     119                                $errors->add( 'pass', __( '<strong>ERROR</strong>: You must enter the current password.' ), array( 'form-field' => 'current-pass' ) );
     120                        } elseif ( ! wp_check_password( $current_pass, $user_data->user_pass ) ) {
     121                                $errors->add( 'pass', __( '<strong>ERROR</strong>: Current password is incorrect.' ), array( 'form-field' => 'current-pass' ) );
     122                        }
     123                }
     124        }
     125
    111126        /* checking the password has been typed twice */
    112127        do_action_ref_array( 'check_passwords', array( $user->user_login, &$pass1, &$pass2 ) );
    113128
  • wp-admin/user-edit.php

     
    374374$show_password_fields = apply_filters('show_password_fields', true, $profileuser);
    375375if ( $show_password_fields ) :
    376376?>
     377</table>
     378
     379<h3><?php _e( 'Change Password' ); ?></h3>
     380
     381<table class="form-table">
     382<?php if ( IS_PROFILE_PAGE ) : ?>
     383        <tr id="current-password">
     384                <th><label for="current-pass"><?php _e( 'Current Password' ); ?></label></th>
     385                <td>
     386                        <input type="password" name="current-pass" id="current-pass" size="16" value="" autocomplete="off" />
     387                        <span class="description"><?php _e( 'If you would like to set a new password, type the current one here. Otherwise leave this blank.' ); ?></span>
     388                </td>
     389        </tr>
     390<?php endif; ?>
    377391<tr id="password">
    378392        <th><label for="pass1"><?php _e('New Password'); ?></label></th>
    379393        <td>
    380394                <input class="hidden" value=" " /><!-- #24364 workaround -->
    381                 <input type="password" name="pass1" id="pass1" size="16" value="" autocomplete="off" /> <span class="description"><?php _e("If you would like to change the password type a new one. Otherwise leave this blank."); ?></span>
     395                <input type="password" name="pass1" id="pass1" size="16" value="" autocomplete="off" />
     396                <span class="description">
     397                        <?php echo IS_PROFILE_PAGE ? __( 'Type the new password here.' ) : __( 'If you would like to change the password type a new one. Otherwise leave this blank.' ); ?>
     398                </span>
    382399        </td>
    383400</tr>
    384401<tr>