WordPress.org

Make WordPress Core

Ticket #20140: 20140.2.diff

File 20140.2.diff, 3.0 KB (added by iandunn, 8 months ago)
  • wp-admin/includes/user.php

     
    4242        if ( !$update && isset( $_POST['user_login'] ) ) 
    4343                $user->user_login = sanitize_user($_POST['user_login'], true); 
    4444 
    45         $pass1 = $pass2 = ''; 
     45        $current_pass = $pass1 = $pass2 = ''; 
     46        if ( isset( $_POST['current-pass'] ) ) 
     47                $current_pass = $_POST['current-pass']; 
    4648        if ( isset( $_POST['pass1'] ) ) 
    4749                $pass1 = $_POST['pass1']; 
    4850        if ( isset( $_POST['pass2'] ) ) 
     
    108110        if ( $user->user_login == '' ) 
    109111                $errors->add( 'user_login', __( '<strong>ERROR</strong>: Please enter a username.' ) ); 
    110112 
     113        /* checking current password has been entered and is correct */ 
     114        if ( IS_PROFILE_PAGE ) { 
     115                $user_data = get_userdata( $user->ID ); 
     116 
     117                if ( $update && ! empty( $pass1 ) && ! empty( $pass2 ) ) { 
     118                        if ( ! $current_pass ) { 
     119                                $errors->add( 'pass', __( '<strong>ERROR</strong>: You must enter the current password.' ), array( 'form-field' => 'current-pass' ) ); 
     120                        } elseif ( ! wp_check_password( $current_pass, $user_data->user_pass ) ) { 
     121                                $errors->add( 'pass', __( '<strong>ERROR</strong>: Current password is incorrect.' ), array( 'form-field' => 'current-pass' ) ); 
     122                        } 
     123                } 
     124        } 
     125 
    111126        /* checking the password has been typed twice */ 
    112127        do_action_ref_array( 'check_passwords', array( $user->user_login, &$pass1, &$pass2 ) ); 
    113128 
  • wp-admin/user-edit.php

     
    374374$show_password_fields = apply_filters('show_password_fields', true, $profileuser); 
    375375if ( $show_password_fields ) : 
    376376?> 
     377</table> 
     378 
     379<h3><?php _e( 'Change Password' ); ?></h3> 
     380 
     381<table class="form-table"> 
     382<?php if ( IS_PROFILE_PAGE ) : ?> 
     383        <tr id="current-password"> 
     384                <th><label for="current-pass"><?php _e( 'Current Password' ); ?></label></th> 
     385                <td> 
     386                        <input type="password" name="current-pass" id="current-pass" size="16" value="" autocomplete="off" /> 
     387                        <span class="description"><?php _e( 'If you would like to set a new password, type the current one here. Otherwise leave this blank.' ); ?></span> 
     388                </td> 
     389        </tr> 
     390<?php endif; ?> 
    377391<tr id="password"> 
    378392        <th><label for="pass1"><?php _e('New Password'); ?></label></th> 
    379393        <td> 
    380394                <input class="hidden" value=" " /><!-- #24364 workaround --> 
    381                 <input type="password" name="pass1" id="pass1" size="16" value="" autocomplete="off" /> <span class="description"><?php _e("If you would like to change the password type a new one. Otherwise leave this blank."); ?></span> 
     395                <input type="password" name="pass1" id="pass1" size="16" value="" autocomplete="off" /> 
     396                <span class="description"> 
     397                        <?php echo IS_PROFILE_PAGE ? __( 'Type the new password here.' ) : __( 'If you would like to change the password type a new one. Otherwise leave this blank.' ); ?> 
     398                </span> 
    382399        </td> 
    383400</tr> 
    384401<tr>