"; echo wp_kses( sprintf( // translators: One-time change requires you to reset your password __( 'Important: Your password has expired. This (one-time) change requires you to reset your password. Please click here to reset your password via Email.', 'ultimate-member' ), um_get_core_page( 'password-reset' ) ), array( 'strong' => array(), 'a' => array( 'href' => array(), ), ) ); echo '
'; } /** * Add Login notice for Under Maintance * * @since 2.6.8 */ public function under_maintenance_notice() { if ( ! UM()->options()->get( 'lock_register_forms' ) ) { return; } // phpcs:disable WordPress.Security.NonceVerification if ( ! isset( $_GET['notice'] ) || 'maintenance' !== $_GET['notice'] ) { return; } // phpcs:enable WordPress.Security.NonceVerification echo ""; echo wp_kses( __( 'Important: Our website is currently under maintenance. Please check back soon.', 'ultimate-member' ), array( 'strong' => array(), 'a' => array( 'href' => array(), ), ) ); echo '
'; } /** * Block all UM Register form submissions. * * @since 2.6.8 */ public function block_register_forms() { if ( UM()->options()->get( 'lock_register_forms' ) ) { $login_url = add_query_arg( 'notice', 'maintenance', um_get_core_page( 'login' ) ); nocache_headers(); // Not `um_safe_redirect()` because predefined login page is situated on the same host. wp_safe_redirect( $login_url ); exit; } } /** * Validate when user has expired password * * @since 2.6.8 */ public function login_validate_expired_pass() { if ( UM()->options()->get( 'display_login_form_notice' ) ) { $user_id = isset( UM()->login()->auth_id ) ? UM()->login()->auth_id : ''; if ( empty( $user_id ) ) { return; } $expired_password_reset = get_user_meta( $user_id, 'um_secure_has_reset_password', true ); if ( ! $expired_password_reset ) { $login_url = add_query_arg( 'notice', 'expired_password', um_get_core_page( 'login' ) ); // Not `um_safe_redirect()` because predefined login page is situated on the same host. wp_safe_redirect( $login_url ); exit; } } } /** * Prevent users from using Old Passwords on UM Password Reset form. * * @param WP_Error $errors * @param WP_User|WP_Error $user * * @since 2.6.8 */ public function avoid_old_password( $errors, $user ) { if ( empty( $_POST['_um_password_change'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification return; } if ( ! UM()->options()->get( 'display_login_form_notice' ) ) { return; } if ( isset( $_REQUEST['user_password'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification $new_user_pass = wp_unslash( $_REQUEST['user_password'] ); // phpcs:ignore WordPress.Security.NonceVerification if ( wp_check_password( $new_user_pass, $user->data->user_pass, $user->ID ) ) { UM()->form()->add_error( 'user_password', __( 'Your new password cannot be same as old password.', 'ultimate-member' ) ); $errors->add( 'um_block_old_password', __( 'Your new password cannot be same as old password.', 'ultimate-member' ) ); } else { update_user_meta( $user->ID, 'um_secure_has_reset_password', true ); update_user_meta( $user->ID, 'um_secure_has_reset_password__timestamp', current_time( 'mysql', true ) ); } } } /** * Secure user capabilities and revoke administrative ones. * * @since 2.6.8 * * @param int $user_id */ public function secure_user_capabilities( $user_id ) { global $wpdb; $user = get_userdata( $user_id ); if ( empty( $user ) ) { return; } // Fetch the WP_User object of our user. um_fetch_user( $user_id ); $has_admin_cap = false; $arr_banned_caps = UM()->options()->get( 'banned_capabilities' ); if ( is_array( $arr_banned_caps ) ) { foreach ( $arr_banned_caps as $cap ) { /** * When there's at least one administrator cap added to the user, * immediately revoke caps and mark as rejected. */ if ( $user->has_cap( $cap ) ) { $has_admin_cap = true; break; } } } if ( ! $has_admin_cap ) { /** * Double-check if *_user_level has been modified with the highest level * when user has no administrative capabilities. */ $user_level = um_user( $wpdb->get_blog_prefix() . 'user_level' ); if ( ! empty( $user_level ) && 10 === absint( $user_level ) ) { $has_admin_cap = true; } } if ( ! $has_admin_cap ) { /** * Validate submitted raw data for banned metakeys. */ if ( ! empty( UM()->form()->post_form['submitted'] ) && is_array( UM()->form()->post_form['submitted'] ) ) { foreach ( array_keys( UM()->form()->post_form['submitted'] ) as $submitted_metakey ) { if ( UM()->user()->is_metakey_banned( $submitted_metakey ) ) { $has_admin_cap = true; break; } } } } if ( $has_admin_cap ) { UM()->common()->secure()->revoke_caps( $user ); /** * Notify Administrators Immediately */ if ( UM()->options()->get( 'secure_notify_admins_banned_accounts' ) ) { $interval = UM()->options()->get( 'secure_notify_admins_banned_accounts__interval' ); if ( 'instant' === $interval ) { UM()->common()->secure()->send_notification( array( $user_id ) ); } } // Destroy Sessions & Redirect. wp_destroy_current_session(); wp_logout(); session_unset(); $redirect = apply_filters( 'um_secure_blocked_user_redirect_immediately', true ); if ( $redirect ) { $login_url = add_query_arg( 'err', 'inactive', um_get_core_page( 'login' ) ); // Not `um_safe_redirect()` because predefined login page is situated on the same host. wp_safe_redirect( $login_url ); exit; } } } /** * Set meta (no need to reset his password) if the user is a new registered. * * @since 2.6.8 * * @param int $user_id */ public function maybe_set_whitelisted_password( $user_id ) { $user = get_userdata( $user_id ); if ( empty( $user ) ) { return; } if ( UM()->options()->get( 'display_login_form_notice' ) ) { update_user_meta( $user_id, 'um_secure_has_reset_password', true ); update_user_meta( $user_id, 'um_secure_has_reset_password__timestamp', current_time( 'mysql', true ) ); } } } }