WordPress.org

Make WordPress Core

Ticket #20140: 20140.diff

File 20140.diff, 3.7 KB (added by bootsz, 23 months ago)

Adds "Current Password" field to the profile & user-edit pages.

  • includes/user.php

     
    4242        if ( !$update && isset( $_POST['user_login'] ) ) 
    4343                $user->user_login = sanitize_user($_POST['user_login'], true); 
    4444 
     45        if ( isset( $_POST['old-pass'] )) 
     46                $oldpass = $_POST['old-pass']; 
     47 
    4548        $pass1 = $pass2 = ''; 
    4649        if ( isset( $_POST['pass1'] )) 
    4750                $pass1 = $_POST['pass1']; 
     
    108111        if ( $user->user_login == '' ) 
    109112                $errors->add( 'user_login', __( '<strong>ERROR</strong>: Please enter a username.' )); 
    110113 
     114        /* checking old password has been entered and is correct */ 
     115        $user_data = get_userdata($user->ID); 
     116 
     117        if ( $update && !empty($pass1) && !empty($pass2) ) { 
     118                if ( !$oldpass ) { 
     119                        if ( IS_PROFILE_PAGE ) 
     120                                $errors->add( 'pass', __( '<strong>ERROR</strong>: You must enter your current password.' ), array( 'form-field' => 'old-pass' ) ); 
     121                        else  
     122                                $errors->add( 'pass', __( '<strong>ERROR</strong>: You must enter the user\'s current password.' ), array( 'form-field' => 'old-pass' ) ); 
     123                } 
     124                elseif ( !wp_check_password($oldpass, $user_data->user_pass) ) 
     125                        $errors->add( 'pass', __( '<strong>ERROR</strong>: Current password is incorrect.' ), array( 'form-field' => 'old-pass' ) ); 
     126        } 
     127 
    111128        /* checking the password has been typed twice */ 
    112129        do_action_ref_array( 'check_passwords', array ( $user->user_login, & $pass1, & $pass2 )); 
    113130 
  • user-edit.php

     
    370370        <td><textarea name="description" id="description" rows="5" cols="30"><?php echo $profileuser->description; // textarea_escaped ?></textarea><br /> 
    371371        <span class="description"><?php _e('Share a little biographical information to fill out your profile. This may be shown publicly.'); ?></span></td> 
    372372</tr> 
     373</table> 
    373374 
     375<h3><?php _e('Change Password'); ?></h3> 
     376<table class="form-table"> 
    374377<?php 
    375378$show_password_fields = apply_filters('show_password_fields', true, $profileuser); 
     379( IS_PROFILE_PAGE ) ? $subject = 'your' : $subject = 'the user\'s'; 
    376380if ( $show_password_fields ) : 
    377381?> 
     382<tr id="old-password"> 
     383        <th><label for="old-pass"><?php _e('Current Password'); ?></label></th> 
     384        <td><input type="password" name="old-pass" id="old-pass" size="16" value="" autocomplete="off" /> <span class="description"><?php _e("First type ".$subject." current password in order to set a new password. Otherwise leave this blank."); ?></span></td> 
     385 
     386 
     387</tr> 
    378388<tr id="password"> 
    379389        <th><label for="pass1"><?php _e('New Password'); ?></label></th> 
    380         <td><input type="password" name="pass1" id="pass1" size="16" value="" autocomplete="off" /> <span class="description"><?php _e("If you would like to change the password type a new one. Otherwise leave this blank."); ?></span><br /> 
    381                 <input type="password" name="pass2" id="pass2" size="16" value="" autocomplete="off" /> <span class="description"><?php _e("Type your new password again."); ?></span><br /> 
     390        <td><input type="password" name="pass1" id="pass1" size="16" value="" autocomplete="off" /> <span class="description"><?php _e("Type a new password."); ?></span><br /> 
     391                <input type="password" name="pass2" id="pass2" size="16" value="" autocomplete="off" /> <span class="description"><?php _e("Type the new password again."); ?></span><br /> 
    382392                <div id="pass-strength-result"><?php _e('Strength indicator'); ?></div> 
    383393                <p class="description indicator-hint"><?php _e('Hint: The password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers and symbols like ! " ? $ % ^ &amp; ).'); ?></p> 
    384394        </td>