Ticket #20140: 20140.2.diff

wp-admin/includes/user.php

@@ -42 +42 @@
         if ( !$update && isset( $_POST['user_login'] ) )
                 $user->user_login = sanitize_user($_POST['user_login'], true);
 
-        $pass1 = $pass2 = '';
+        $current_pass = $pass1 = $pass2 = '';
+        if ( isset( $_POST['current-pass'] ) )
+                $current_pass = $_POST['current-pass'];
         if ( isset( $_POST['pass1'] ) )
                 $pass1 = $_POST['pass1'];
         if ( isset( $_POST['pass2'] ) )
@@ -108 +110 @@
         if ( $user->user_login == '' )
                 $errors->add( 'user_login', __( '<strong>ERROR</strong>: Please enter a username.' ) );
 
+        /* checking current password has been entered and is correct */
+        if ( IS_PROFILE_PAGE ) {
+                $user_data = get_userdata( $user->ID );
+
+                if ( $update && ! empty( $pass1 ) && ! empty( $pass2 ) ) {
+                        if ( ! $current_pass ) {
+                                $errors->add( 'pass', __( '<strong>ERROR</strong>: You must enter the current password.' ), array( 'form-field' => 'current-pass' ) );
+                        } elseif ( ! wp_check_password( $current_pass, $user_data->user_pass ) ) {
+                                $errors->add( 'pass', __( '<strong>ERROR</strong>: Current password is incorrect.' ), array( 'form-field' => 'current-pass' ) );
+                        }
+                }
+        }
+
         /* checking the password has been typed twice */
         do_action_ref_array( 'check_passwords', array( $user->user_login, &$pass1, &$pass2 ) );
 

wp-admin/user-edit.php

@@ -374 +374 @@
 $show_password_fields = apply_filters('show_password_fields', true, $profileuser);
 if ( $show_password_fields ) :
 ?>
+</table>
+
+<h3><?php _e( 'Change Password' ); ?></h3>
+
+<table class="form-table">
+<?php if ( IS_PROFILE_PAGE ) : ?>
+        <tr id="current-password">
+                <th><label for="current-pass"><?php _e( 'Current Password' ); ?></label></th>
+                <td>
+                        <input type="password" name="current-pass" id="current-pass" size="16" value="" autocomplete="off" />
+                        <span class="description"><?php _e( 'If you would like to set a new password, type the current one here. Otherwise leave this blank.' ); ?></span>
+                </td>
+        </tr>
+<?php endif; ?>
 <tr id="password">
         <th><label for="pass1"><?php _e('New Password'); ?></label></th>
         <td>
                 <input class="hidden" value=" " /><!-- #24364 workaround -->
-                <input type="password" name="pass1" id="pass1" size="16" value="" autocomplete="off" /> <span class="description"><?php _e("If you would like to change the password type a new one. Otherwise leave this blank."); ?></span>
+                <input type="password" name="pass1" id="pass1" size="16" value="" autocomplete="off" />
+                <span class="description">
+                        <?php echo IS_PROFILE_PAGE ? __( 'Type the new password here.' ) : __( 'If you would like to change the password type a new one. Otherwise leave this blank.' ); ?>
+                </span>
         </td>
 </tr>
 <tr>