Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

added a check for current password on password change closes #5177

This commit is contained in:
splashingpixels 2014-04-22 12:01:57 -07:00
parent cae3148d55
commit fde72164a4
2 changed files with 42 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
includes/class-wc-form-handler.php
View File

@ -164,18 +164,16 @@ class WC_Form_Handler {
$account_first_name = ! empty( $_POST[ 'account_first_name' ] ) ? wc_clean( $_POST[ 'account_first_name' ] ) : '';
$account_last_name = ! empty( $_POST[ 'account_last_name' ] ) ? wc_clean( $_POST[ 'account_last_name' ] ) : '';
$account_email = ! empty( $_POST[ 'account_email' ] ) ? sanitize_email( $_POST[ 'account_email' ] ) : '';
$pass_cur = ! empty( $_POST[ 'password_current' ] ) ? $_POST[ 'password_current' ] : '';
$pass1 = ! empty( $_POST[ 'password_1' ] ) ? $_POST[ 'password_1' ] : '';
$pass2 = ! empty( $_POST[ 'password_2' ] ) ? $_POST[ 'password_2' ] : '';
$save_pass = true;
$user->first_name = $account_first_name;
$user->last_name = $account_last_name;
$user->user_email = $account_email;
$user->display_name = $user->first_name;
if ( $pass1 ) {
$user->user_pass = $pass1;
}
if ( empty( $account_first_name ) || empty( $account_last_name ) ) {
wc_add_notice( __( 'Please enter your name.', 'woocommerce' ), 'error' );
}
@ -186,10 +184,31 @@ class WC_Form_Handler {
wc_add_notice( __( 'This email address is already registered.', 'woocommerce' ), 'error' );
}
if ( ! empty( $pass1 ) && empty( $pass2 ) ) {
if ( ! empty( $pass1 ) && ! wp_check_password( $pass_cur, $current_user->user_pass, $current_user->ID ) ) {
wc_add_notice( __( 'Your current password is incorrect.', 'woocommerce' ), 'error' );
$save_pass = false;
}
if ( ! empty( $pass_cur ) && empty( $pass1 ) && empty( $pass2 ) ) {
wc_add_notice( __( 'Please fill out all password fields.', 'woocommerce' ), 'error' );
$save_pass = false;
} elseif ( ! empty( $pass1 ) && empty( $pass_cur ) ) {
wc_add_notice( __( 'Please enter your current password.', 'woocommerce' ), 'error' );
$save_pass = false;
} elseif ( ! empty( $pass1 ) && empty( $pass2 ) ) {
wc_add_notice( __( 'Please re-enter your password.', 'woocommerce' ), 'error' );
$save_pass = false;
} elseif ( ! empty( $pass1 ) && $pass1 !== $pass2 ) {
wc_add_notice( __( 'Passwords do not match.', 'woocommerce' ), 'error' );
$save_pass = false;
}
if ( $pass1 && $save_pass ) {
$user->user_pass = $pass1;
}
// Allow plugins to return their own errors.
@ -201,7 +220,7 @@ class WC_Form_Handler {
}
}
if ( wc_notice_count( 'error' ) == 0 ) {
if ( wc_notice_count( 'error' ) === 0 ) {
wp_update_user( $user ) ;

25
templates/myaccount/form-edit-account.php
View File

@ -28,14 +28,23 @@ global $woocommerce;
<label for="account_email"><?php _e( 'Email address', 'woocommerce' ); ?> <span class="required">*</span></label>
<input type="email" class="input-text" name="account_email" id="account_email" value="<?php esc_attr_e( $user->user_email ); ?>" />
</p>
<p class="form-row form-row-first">
<label for="password_1"><?php _e( 'Password (leave blank to leave unchanged)', 'woocommerce' ); ?></label>
<input type="password" class="input-text" name="password_1" id="password_1" />
</p>
<p class="form-row form-row-last">
<label for="password_2"><?php _e( 'Confirm new password', 'woocommerce' ); ?></label>
<input type="password" class="input-text" name="password_2" id="password_2" />
</p>
<fieldset>
<legend><?php _e( 'Password Change', 'woocommerce' ); ?></legend>
<p class="form-row form-row-thirds">
<label for="password_current"><?php _e( 'Current Password (leave blank to leave unchanged)', 'woocommerce' ); ?></label>
<input type="password" class="input-text" name="password_current" id="password_current" />
</p>
<p class="form-row form-row-thirds">
<label for="password_1"><?php _e( 'New Password (leave blank to leave unchanged)', 'woocommerce' ); ?></label>
<input type="password" class="input-text" name="password_1" id="password_1" />
</p>
<p class="form-row form-row-thirds">
<label for="password_2"><?php _e( 'Confirm New Password', 'woocommerce' ); ?></label>
<input type="password" class="input-text" name="password_2" id="password_2" />
</p>
</fieldset>
<div class="clear"></div>
<p><input type="submit" class="button" name="save_account_details" value="<?php _e( 'Save changes', 'woocommerce' ); ?>" /></p>