<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" /><style type="text/css"><!--
#msg dl { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fc0 solid; padding: 6px; }
#msg ul, pre { overflow: auto; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<title>[BuddyPress] [3524] trunk:
Adds password verification before an email address or password change on the General Settings screen
.</title>
</head>
<body>
<div id="msg">
<dl>
<dt>Revision</dt> <dd>3524</dd>
<dt>Author</dt> <dd>boonebgorges</dd>
<dt>Date</dt> <dd>2010-12-11 13:38:11 +0000 (Sat, 11 Dec 2010)</dd>
</dl>
<h3>Log Message</h3>
<pre>Adds password verification before an email address or password change on the General Settings screen. Fixes #2517. Props nuprn1 and r-a-y</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkbpcorebpcoresettingsphp">trunk/bp-core/bp-core-settings.php</a></li>
<li><a href="#trunkbpthemesbpdefaultmemberssinglepluginsphp">trunk/bp-themes/bp-default/members/single/plugins.php</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkbpcorebpcoresettingsphp"></a>
<div class="modfile"><h4>Modified: trunk/bp-core/bp-core-settings.php (3523 => 3524)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/bp-core/bp-core-settings.php 2010-12-07 22:53:45 UTC (rev 3523)
+++ trunk/bp-core/bp-core-settings.php 2010-12-11 13:38:11 UTC (rev 3524)
</span><span class="lines">@@ -31,10 +31,12 @@
</span><span class="cx"> /**** GENERAL SETTINGS ****/
</span><span class="cx">
</span><span class="cx"> function bp_core_screen_general_settings() {
</span><del>- global $current_user, $bp_settings_updated, $pass_error;
</del><ins>+ global $current_user, $bp_settings_updated, $pass_error, $email_error, $pwd_error;
</ins><span class="cx">
</span><span class="cx"> $bp_settings_updated = false;
</span><span class="cx"> $pass_error = false;
</span><ins>+ $email_error = false;
+ $pwd_error = false;
</ins><span class="cx">
</span><span class="cx"> if ( isset($_POST['submit']) ) {
</span><span class="cx"> check_admin_referer('bp_settings_general');
</span><span class="lines">@@ -42,24 +44,61 @@
</span><span class="cx"> require_once( WPINC . '/registration.php' );
</span><span class="cx">
</span><span class="cx"> // Form has been submitted and nonce checks out, lets do it.
</span><del>-
- if ( $_POST['email'] != '' )
- $current_user->user_email = esc_html( trim( $_POST['email'] ) );
-
- if ( $_POST['pass1'] != '' && $_POST['pass2'] != '' ) {
- if ( $_POST['pass1'] == $_POST['pass2'] && !strpos( " " . $_POST['pass1'], "\\" ) )
- $current_user->user_pass = $_POST['pass1'];
- else
- $pass_error = true;
- } else if ( empty( $_POST['pass1'] ) && !empty( $_POST['pass2'] ) || !empty( $_POST['pass1'] ) && empty( $_POST['pass2'] ) ) {
- $pass_error = true;
- } else {
- unset( $current_user->user_pass );
- }
-
- if ( !$pass_error && wp_update_user( get_object_vars( $current_user ) ) )
- $bp_settings_updated = true;
-
</del><ins>+
+ // Validate the user again for the current password when making a big change
+ if ( !empty( $_POST['pwd'] ) && $_POST['pwd'] != '' && wp_check_password($_POST['pwd'], $current_user->user_pass, $current_user->ID) ) {
+
+ // Make sure changing an email address does not already exist
+ if ( $_POST['email'] != '' ) {
+
+ // What is missing from the profile page vs signup - lets double check the goodies
+ $user_email = sanitize_email( wp_specialchars( trim( $_POST['email'] ) ) );
+
+ if ( !is_email( $user_email ) )
+ $email_error = true;
+
+ $limited_email_domains = get_site_option( 'limited_email_domains', 'buddypress' );
+
+ if ( is_array( $limited_email_domains ) && empty( $limited_email_domains ) == false ) {
+ $emaildomain = substr( $user_email, 1 + strpos( $user_email, '@' ) );
+
+ if ( in_array( $emaildomain, (array)$limited_email_domains ) == false ) {
+ $email_error = true;
+
+ }
+ }
+
+ if ( !$email_error && $current_user->user_email != $user_email ) {
+
+ //we don't want email dups in the system
+ if ( email_exists( $user_email ) )
+ $email_error = true;
+
+ if (!$email_error)
+ $current_user->user_email = $user_email;
+ }
+ }
+
+ if ( $_POST['pass1'] != '' && $_POST['pass2'] != '' ) {
+
+ if ( $_POST['pass1'] == $_POST['pass2'] && !strpos( " " . $_POST['pass1'], "\\" ) )
+ $current_user->user_pass = $_POST['pass1'];
+ else
+ $pass_error = true;
+
+ } else if ( empty( $_POST['pass1'] ) && !empty( $_POST['pass2'] ) || !empty( $_POST['pass1'] ) && empty( $_POST['pass2'] ) ) {
+ $pass_error = true;
+ } else {
+ unset( $current_user->user_pass );
+ }
+
+ if ( !$email_error && !$pass_error && wp_update_user( get_object_vars( $current_user ) ) )
+ $bp_settings_updated = true;
+
+ } else {
+ $pwd_error = true;
+ }
+
</ins><span class="cx"> do_action( 'bp_core_general_settings_after_save' );
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -74,7 +113,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> function bp_core_screen_general_settings_content() {
</span><del>- global $bp, $current_user, $bp_settings_updated, $pass_error; ?>
</del><ins>+ global $bp, $current_user, $bp_settings_updated, $pass_error, $pwd_error, $email_error; ?>
</ins><span class="cx">
</span><span class="cx"> <?php if ( $bp_settings_updated && !$pass_error ) { ?>
</span><span class="cx"> <div id="message" class="updated fade">
</span><span class="lines">@@ -87,8 +126,26 @@
</span><span class="cx"> <p><?php _e( 'Your passwords did not match', 'buddypress' ) ?></p>
</span><span class="cx"> </div>
</span><span class="cx"> <?php } ?>
</span><ins>+
+ <?php if ( $pwd_error && !$bp_settings_updated ) { ?>
+ <div id="message" class="error fade">
+ <p><?php _e( 'Your password is incorrect', 'buddypress' ) ?></p>
+ </div>
+ <?php } ?>
</ins><span class="cx">
</span><ins>+ <?php
+ if ( $email_error && !$bp_settings_updated ) { ?>
+ <div id="message" class="error fade">
+ <p><?php _e( 'Sorry, that email address is already used or is invalid', 'buddypress' ) ?></p>
+ </div>
+ <?php } ?>
+
+
</ins><span class="cx"> <form action="<?php echo $bp->loggedin_user->domain . BP_SETTINGS_SLUG . '/general' ?>" method="post" class="standard-form" id="settings-form">
</span><ins>+
+ <label for="pwd"><?php _e( 'Current Password <span>(required to update email or change current password)</span>', 'buddypress' ) ?></label>
+ <input type="password" name="pwd" id="pwd" size="16" value="" class="settings-input small" /> &nbsp;<a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a>
+
</ins><span class="cx"> <label for="email"><?php _e( 'Account Email', 'buddypress' ) ?></label>
</span><span class="cx"> <input type="text" name="email" id="email" value="<?php echo esc_attr( $current_user->user_email ); ?>" class="settings-input" />
</span><span class="cx">
</span><span class="lines">@@ -137,7 +194,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> function bp_core_screen_notification_settings_title() {
</span><del>- echo apply_filters( 'bp_core_notification_settings_title', __( 'Notification Settings', 'buddypress' ) );;
</del><ins>+ echo apply_filters( 'bp_core_notification_settings_title', __( 'Email Notifications', 'buddypress' ) );;
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> function bp_core_screen_notification_settings_content() {
</span><span class="lines">@@ -150,7 +207,6 @@
</span><span class="cx"> <?php } ?>
</span><span class="cx">
</span><span class="cx"> <form action="<?php echo $bp->loggedin_user->domain . BP_SETTINGS_SLUG . '/notifications' ?>" method="post" id="settings-form">
</span><del>- <h3><?php _e( 'Email Notifications', 'buddypress' ) ?></h3>
</del><span class="cx"> <p><?php _e( 'Send a notification by email when:', 'buddypress' ) ?></p>
</span><span class="cx">
</span><span class="cx"> <?php do_action( 'bp_notification_settings' ) ?>
</span></span></pre></div>
<a id="trunkbpthemesbpdefaultmemberssinglepluginsphp"></a>
<div class="modfile"><h4>Modified: trunk/bp-themes/bp-default/members/single/plugins.php (3523 => 3524)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/bp-themes/bp-default/members/single/plugins.php 2010-12-07 22:53:45 UTC (rev 3523)
+++ trunk/bp-themes/bp-default/members/single/plugins.php 2010-12-11 13:38:11 UTC (rev 3524)
</span><span class="lines">@@ -30,7 +30,7 @@
</span><span class="cx"> </ul>
</span><span class="cx"> </div><!-- .item-list-tabs -->
</span><span class="cx">
</span><del>- <?php do_action( 'bp_template_title' ) ?>
</del><ins>+ <h3><?php do_action( 'bp_template_title' ) ?></h3>
</ins><span class="cx">
</span><span class="cx"> <?php do_action( 'bp_template_content' ) ?>
</span><span class="cx">
</span></span></pre>
</div>
</div>
</body>
</html>