Make WordPress Core

Ticket #20140: 20140.diff

File 20140.diff, 3.7 KB (added by bootsz, 12 years ago)

Adds "Current Password" field to the profile & user-edit pages.

  • includes/user.php

     
    4242        if ( !$update && isset( $_POST['user_login'] ) )
    4343                $user->user_login = sanitize_user($_POST['user_login'], true);
    4444
     45        if ( isset( $_POST['old-pass'] ))
     46                $oldpass = $_POST['old-pass'];
     47
    4548        $pass1 = $pass2 = '';
    4649        if ( isset( $_POST['pass1'] ))
    4750                $pass1 = $_POST['pass1'];
     
    108111        if ( $user->user_login == '' )
    109112                $errors->add( 'user_login', __( '<strong>ERROR</strong>: Please enter a username.' ));
    110113
     114        /* checking old password has been entered and is correct */
     115        $user_data = get_userdata($user->ID);
     116
     117        if ( $update && !empty($pass1) && !empty($pass2) ) {
     118                if ( !$oldpass ) {
     119                        if ( IS_PROFILE_PAGE )
     120                                $errors->add( 'pass', __( '<strong>ERROR</strong>: You must enter your current password.' ), array( 'form-field' => 'old-pass' ) );
     121                        else
     122                                $errors->add( 'pass', __( '<strong>ERROR</strong>: You must enter the user\'s current password.' ), array( 'form-field' => 'old-pass' ) );
     123                }
     124                elseif ( !wp_check_password($oldpass, $user_data->user_pass) )
     125                        $errors->add( 'pass', __( '<strong>ERROR</strong>: Current password is incorrect.' ), array( 'form-field' => 'old-pass' ) );
     126        }
     127
    111128        /* checking the password has been typed twice */
    112129        do_action_ref_array( 'check_passwords', array ( $user->user_login, & $pass1, & $pass2 ));
    113130
  • user-edit.php

     
    370370        <td><textarea name="description" id="description" rows="5" cols="30"><?php echo $profileuser->description; // textarea_escaped ?></textarea><br />
    371371        <span class="description"><?php _e('Share a little biographical information to fill out your profile. This may be shown publicly.'); ?></span></td>
    372372</tr>
     373</table>
    373374
     375<h3><?php _e('Change Password'); ?></h3>
     376<table class="form-table">
    374377<?php
    375378$show_password_fields = apply_filters('show_password_fields', true, $profileuser);
     379( IS_PROFILE_PAGE ) ? $subject = 'your' : $subject = 'the user\'s';
    376380if ( $show_password_fields ) :
    377381?>
     382<tr id="old-password">
     383        <th><label for="old-pass"><?php _e('Current Password'); ?></label></th>
     384        <td><input type="password" name="old-pass" id="old-pass" size="16" value="" autocomplete="off" /> <span class="description"><?php _e("First type ".$subject." current password in order to set a new password. Otherwise leave this blank."); ?></span></td>
     385
     386
     387</tr>
    378388<tr id="password">
    379389        <th><label for="pass1"><?php _e('New Password'); ?></label></th>
    380         <td><input type="password" name="pass1" id="pass1" size="16" value="" autocomplete="off" /> <span class="description"><?php _e("If you would like to change the password type a new one. Otherwise leave this blank."); ?></span><br />
    381                 <input type="password" name="pass2" id="pass2" size="16" value="" autocomplete="off" /> <span class="description"><?php _e("Type your new password again."); ?></span><br />
     390        <td><input type="password" name="pass1" id="pass1" size="16" value="" autocomplete="off" /> <span class="description"><?php _e("Type a new password."); ?></span><br />
     391                <input type="password" name="pass2" id="pass2" size="16" value="" autocomplete="off" /> <span class="description"><?php _e("Type the new password again."); ?></span><br />
    382392                <div id="pass-strength-result"><?php _e('Strength indicator'); ?></div>
    383393                <p class="description indicator-hint"><?php _e('Hint: The password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers and symbols like ! " ? $ % ^ &amp; ).'); ?></p>
    384394        </td>