Version Description
- Fixed some issues on the login form that prevented some users from logging in
- When changing/recovering password we now log out of all other/all sessions
- Increased the performance of the plugin on the frontend
Download this release
Release Info
| Developer | madalin.ungureanu |
| Plugin |  User registration & user profile – Profile Builder |
| Version | 2.7.6 |
| Comparing to | |
| See all releases | |
Code changes from version 2.7.5 to 2.7.6
- admin/manage-fields.php +13 -11
- assets/lib/wck-api/wordpress-creation-kit.js +12 -10
- front-end/edit-profile.php +10 -1
- front-end/login.php +8 -9
- front-end/recover.php +5 -0
- index.php +4 -2
- readme.txt +18 -13
admin/manage-fields.php
CHANGED
|
@@ -9,17 +9,19 @@
|
|
| 9 |
function wppb_manage_fields_submenu(){
|
| 10 |
// create a new sub_menu page which holds the data for the default + extra fields
|
| 11 |
$args = array(
|
| 12 |
-
|
| 13 |
-
|
| 14 |
-
|
| 15 |
-
|
| 16 |
-
|
| 17 |
-
|
| 18 |
-
|
| 19 |
-
|
| 20 |
-
$
|
|
|
|
|
|
|
| 21 |
|
| 22 |
-
|
| 23 |
// populate this page
|
| 24 |
$manage_field_types[] = 'Default - Name (Heading)';
|
| 25 |
$manage_field_types[] = 'Default - Contact Info (Heading)';
|
|
@@ -195,7 +197,7 @@ function wppb_manage_fields_submenu(){
|
|
| 195 |
);
|
| 196 |
new Wordpress_Creation_Kit_PB( $args );
|
| 197 |
}
|
| 198 |
-
add_action( '
|
| 199 |
|
| 200 |
/**
|
| 201 |
* Function that prepopulates the manage fields list with the default fields of WP
|
| 9 |
function wppb_manage_fields_submenu(){
|
| 10 |
// create a new sub_menu page which holds the data for the default + extra fields
|
| 11 |
$args = array(
|
| 12 |
+
'menu_title' => __('Manage Fields', 'profile-builder'),
|
| 13 |
+
'page_title' => __('Manage Default and Extra Fields', 'profile-builder'),
|
| 14 |
+
'menu_slug' => 'manage-fields',
|
| 15 |
+
'page_type' => 'submenu_page',
|
| 16 |
+
'capability' => 'manage_options',
|
| 17 |
+
'priority' => 5,
|
| 18 |
+
'parent_slug' => 'profile-builder'
|
| 19 |
+
);
|
| 20 |
+
$manage_fields_page = new WCK_Page_Creator_PB($args);
|
| 21 |
+
}
|
| 22 |
+
add_action( 'admin_menu', 'wppb_manage_fields_submenu', 1 );
|
| 23 |
|
| 24 |
+
function wppb_populate_manage_fields(){
|
| 25 |
// populate this page
|
| 26 |
$manage_field_types[] = 'Default - Name (Heading)';
|
| 27 |
$manage_field_types[] = 'Default - Contact Info (Heading)';
|
| 197 |
);
|
| 198 |
new Wordpress_Creation_Kit_PB( $args );
|
| 199 |
}
|
| 200 |
+
add_action( 'admin_init', 'wppb_populate_manage_fields', 1 );
|
| 201 |
|
| 202 |
/**
|
| 203 |
* Function that prepopulates the manage fields list with the default fields of WP
|
assets/lib/wck-api/wordpress-creation-kit.js
CHANGED
|
@@ -300,15 +300,6 @@ function updateMeta(value, id, element_id, nonce){
|
|
| 300 |
alert( response.error );
|
| 301 |
}
|
| 302 |
else{
|
| 303 |
-
jQuery('html, body').animate({
|
| 304 |
-
scrollTop: jQuery('#container_'+value+' #element_' + element_id).offset().top - 40 }, 700);
|
| 305 |
-
|
| 306 |
-
jQuery('#container_'+value+' #element_' + element_id).animate({
|
| 307 |
-
backgroundColor: '#FFFF9C'
|
| 308 |
-
}, 700);
|
| 309 |
-
jQuery('#container_'+value+' #element_' + element_id).animate({
|
| 310 |
-
backgroundColor: 'none'
|
| 311 |
-
}, 700);
|
| 312 |
|
| 313 |
jQuery('#update_container_'+value+'_'+element_id).remove();
|
| 314 |
|
|
@@ -321,7 +312,18 @@ function updateMeta(value, id, element_id, nonce){
|
|
| 321 |
jQuery( '#container_' + value + " tbody" ).sortable("enable");
|
| 322 |
|
| 323 |
jQuery('#container_'+value).parent().css('opacity','1');
|
| 324 |
-
jQuery('#mb-ajax-loading').remove();
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 325 |
}
|
| 326 |
});
|
| 327 |
}
|
| 300 |
alert( response.error );
|
| 301 |
}
|
| 302 |
else{
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 303 |
|
| 304 |
jQuery('#update_container_'+value+'_'+element_id).remove();
|
| 305 |
|
| 312 |
jQuery( '#container_' + value + " tbody" ).sortable("enable");
|
| 313 |
|
| 314 |
jQuery('#container_'+value).parent().css('opacity','1');
|
| 315 |
+
jQuery('#mb-ajax-loading').remove();
|
| 316 |
+
|
| 317 |
+
//the scroll works a little bit funny ( it goes way up then down, prob because we remove the update form ) so comment it out for now
|
| 318 |
+
/*jQuery('html, body').animate({
|
| 319 |
+
scrollTop: jQuery('#container_'+value+' #element_' + element_id).offset().top - 40 }, 700);*/
|
| 320 |
+
|
| 321 |
+
jQuery('#container_'+value+' #element_' + element_id).animate({
|
| 322 |
+
backgroundColor: '#FFFF9C'
|
| 323 |
+
}, 1000);
|
| 324 |
+
jQuery('#container_'+value+' #element_' + element_id).animate({
|
| 325 |
+
backgroundColor: 'none'
|
| 326 |
+
}, 1000);
|
| 327 |
}
|
| 328 |
});
|
| 329 |
}
|
front-end/edit-profile.php
CHANGED
|
@@ -50,11 +50,20 @@ function wppb_autologin_after_password_changed(){
|
|
| 50 |
$default_cookie_life = apply_filters('auth_cookie_expiration', (2 * DAY_IN_SECONDS), $user_id, false);
|
| 51 |
$remember = (($logged_in_cookie['expiration'] - time()) > $default_cookie_life);
|
| 52 |
|
| 53 |
-
wp_set_auth_cookie($user_id, $remember);
|
| 54 |
}
|
| 55 |
else{
|
| 56 |
wp_set_password($_POST['passw1'], $user_id);
|
| 57 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 58 |
}
|
| 59 |
}
|
| 60 |
}
|
| 50 |
$default_cookie_life = apply_filters('auth_cookie_expiration', (2 * DAY_IN_SECONDS), $user_id, false);
|
| 51 |
$remember = (($logged_in_cookie['expiration'] - time()) > $default_cookie_life);
|
| 52 |
|
| 53 |
+
wp_set_auth_cookie($user_id, $remember, '', wp_get_session_token() );
|
| 54 |
}
|
| 55 |
else{
|
| 56 |
wp_set_password($_POST['passw1'], $user_id);
|
| 57 |
}
|
| 58 |
+
|
| 59 |
+
/* log out of other sessions or all sessions if the admin is editing the profile */
|
| 60 |
+
$sessions = WP_Session_Tokens::get_instance( $user_id );
|
| 61 |
+
if ( $user_id === get_current_user_id() ) {
|
| 62 |
+
$sessions->destroy_others( wp_get_session_token() );
|
| 63 |
+
} else {
|
| 64 |
+
$sessions->destroy_all();
|
| 65 |
+
}
|
| 66 |
+
|
| 67 |
}
|
| 68 |
}
|
| 69 |
}
|
front-end/login.php
CHANGED
|
@@ -315,16 +315,15 @@ function wppb_front_end_login( $atts ){
|
|
| 315 |
}
|
| 316 |
|
| 317 |
function wppb_login_security_check( $user, $password ) {
|
| 318 |
-
|
| 319 |
-
|
| 320 |
-
|
| 321 |
-
|
| 322 |
-
|
| 323 |
-
|
| 324 |
-
|
| 325 |
-
|
| 326 |
|
| 327 |
return $user;
|
| 328 |
-
|
| 329 |
}
|
| 330 |
add_filter( 'wp_authenticate_user', 'wppb_login_security_check', 10, 2 );
|
| 315 |
}
|
| 316 |
|
| 317 |
function wppb_login_security_check( $user, $password ) {
|
| 318 |
+
if( apply_filters( 'wppb_enable_csrf_token_login_form', false ) ){
|
| 319 |
+
if (isset($_POST['wppb_login'])) {
|
| 320 |
+
if (!isset($_POST['CSRFToken-wppb']) || !wp_verify_nonce($_POST['CSRFToken-wppb'], 'wppb_login')) {
|
| 321 |
+
$errorMessage = __('You are not allowed to do this.', 'profile-builder');
|
| 322 |
+
return new WP_Error('wppb_login_csrf_token_error', $errorMessage);
|
| 323 |
+
}
|
| 324 |
+
}
|
| 325 |
+
}
|
| 326 |
|
| 327 |
return $user;
|
|
|
|
| 328 |
}
|
| 329 |
add_filter( 'wp_authenticate_user', 'wppb_login_security_check', 10, 2 );
|
front-end/recover.php
CHANGED
|
@@ -285,6 +285,11 @@ function wppb_front_end_password_recovery(){
|
|
| 285 |
|
| 286 |
wp_set_password( $new_pass, $userID );
|
| 287 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 288 |
$user_info = get_userdata( $userID );
|
| 289 |
|
| 290 |
if( $wppb_generalSettings['loginWith'] == 'username' || $wppb_generalSettings['loginWith'] == 'usernameemail' )
|
| 285 |
|
| 286 |
wp_set_password( $new_pass, $userID );
|
| 287 |
|
| 288 |
+
/* log out of all sessions on password reset */
|
| 289 |
+
$sessions = WP_Session_Tokens::get_instance( $userID );
|
| 290 |
+
$sessions->destroy_all();
|
| 291 |
+
|
| 292 |
+
|
| 293 |
$user_info = get_userdata( $userID );
|
| 294 |
|
| 295 |
if( $wppb_generalSettings['loginWith'] == 'username' || $wppb_generalSettings['loginWith'] == 'usernameemail' )
|
index.php
CHANGED
|
@@ -3,9 +3,11 @@
|
|
| 3 |
Plugin Name: Profile Builder
|
| 4 |
Plugin URI: https://www.cozmoslabs.com/wordpress-profile-builder/
|
| 5 |
Description: Login, registration and edit profile shortcodes for the front-end. Also you can chose what fields should be displayed or add new (custom) ones both in the front-end and in the dashboard.
|
| 6 |
-
Version: 2.7.
|
| 7 |
Author: Cozmoslabs, Madalin Ungureanu, Antohe Cristian, Barina Gabriel, Mihai Iova
|
| 8 |
Author URI: https://www.cozmoslabs.com/
|
|
|
|
|
|
|
| 9 |
License: GPL2
|
| 10 |
|
| 11 |
== Copyright ==
|
|
@@ -73,7 +75,7 @@ function wppb_free_plugin_init() {
|
|
| 73 |
*
|
| 74 |
*
|
| 75 |
*/
|
| 76 |
-
define('PROFILE_BUILDER_VERSION', '2.7.
|
| 77 |
define('WPPB_PLUGIN_DIR', plugin_dir_path(__FILE__));
|
| 78 |
define('WPPB_PLUGIN_URL', plugin_dir_url(__FILE__));
|
| 79 |
define('WPPB_SERVER_MAX_UPLOAD_SIZE_BYTE', apply_filters('wppb_server_max_upload_size_byte_constant', wppb_return_bytes(ini_get('upload_max_filesize'))));
|
| 3 |
Plugin Name: Profile Builder
|
| 4 |
Plugin URI: https://www.cozmoslabs.com/wordpress-profile-builder/
|
| 5 |
Description: Login, registration and edit profile shortcodes for the front-end. Also you can chose what fields should be displayed or add new (custom) ones both in the front-end and in the dashboard.
|
| 6 |
+
Version: 2.7.6
|
| 7 |
Author: Cozmoslabs, Madalin Ungureanu, Antohe Cristian, Barina Gabriel, Mihai Iova
|
| 8 |
Author URI: https://www.cozmoslabs.com/
|
| 9 |
+
Text Domain: profile-builder
|
| 10 |
+
Domain Path: /translation
|
| 11 |
License: GPL2
|
| 12 |
|
| 13 |
== Copyright ==
|
| 75 |
*
|
| 76 |
*
|
| 77 |
*/
|
| 78 |
+
define('PROFILE_BUILDER_VERSION', '2.7.6' );
|
| 79 |
define('WPPB_PLUGIN_DIR', plugin_dir_path(__FILE__));
|
| 80 |
define('WPPB_PLUGIN_URL', plugin_dir_url(__FILE__));
|
| 81 |
define('WPPB_SERVER_MAX_UPLOAD_SIZE_BYTE', apply_filters('wppb_server_max_upload_size_byte_constant', wppb_return_bytes(ini_get('upload_max_filesize'))));
|
readme.txt
CHANGED
|
@@ -3,8 +3,8 @@ Contributors: cozmoslabs, reflectionmedia, sareiodata, adispiac, madalin.ungurea
|
|
| 3 |
Donate link: http://www.cozmoslabs.com/wordpress-profile-builder/
|
| 4 |
Tags: user registration, user profile, user registration form, user fields, extra user fields, edit profile, user custom fields, front-end login, front-end edit profile, front-end user registration, email confirmation, login form, content restriction, restrict content
|
| 5 |
Requires at least: 3.1
|
| 6 |
-
Tested up to: 4.9.
|
| 7 |
-
Stable tag: 2.7.
|
| 8 |
License: GPLv2 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 10 |
|
|
@@ -40,27 +40,27 @@ You can use the following shortcode list:
|
|
| 40 |
Users with administrator rights have access to the following features:
|
| 41 |
|
| 42 |
* drag & drop to reorder user profile fields
|
| 43 |
-
* enable **Email Confirmation** (on registration users will receive a notification to confirm their email address)
|
| 44 |
-
*
|
| 45 |
* enforce a **minimum password length** and **minimum password strength** (using the default WordPress password strength meter)
|
| 46 |
* assign users a specific role at registration (using **[wppb-register role="desired_role"]** shortcode argument for the register form)
|
| 47 |
* redirect users after login, register and edit-profile using redirect_url shortcode argument ( e.g **[wppb-login redirect_url="www.example.com"]** )
|
| 48 |
* add register and lost password links below the login form (using **[wppb-login register_url="www.example.com" lostpassword_url="www.example.com"]** shortcode arguments)
|
| 49 |
* customizable user login widget
|
| 50 |
-
* add a custom stylesheet/inherit values from the current theme or use the default one built into this plugin
|
| 51 |
-
*
|
| 52 |
-
* select which profile fields users can use in frontend
|
| 53 |
* extended functionality available via [Add-ons](http://www.cozmoslabs.com/profile-builder-add-ons/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree)
|
| 54 |
-
*
|
| 55 |
-
*
|
| 56 |
-
*
|
| 57 |
-
*
|
| 58 |
|
| 59 |
**PROFILE BUILDER PRO**
|
| 60 |
|
| 61 |
The [Pro version](http://www.cozmoslabs.com/wordpress-profile-builder/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree) has the following extra features:
|
| 62 |
|
| 63 |
-
* Create Extra User Fields (Heading, Input, Hidden
|
| 64 |
* Add Avatar Upload for users
|
| 65 |
* Support for Conditional Fields
|
| 66 |
* Front-end User Listing (fully customizable, sorting included)
|
|
@@ -71,7 +71,7 @@ The [Pro version](http://www.cozmoslabs.com/wordpress-profile-builder/?utm_sourc
|
|
| 71 |
* Admin Approval
|
| 72 |
* Email Customizer (Personalize all emails sent to your users or admins; customize default WordPress registration email)
|
| 73 |
* Advanced Modules (e.g. custom redirects, user listing, multiple registration forms etc.)
|
| 74 |
-
* Access to support
|
| 75 |
* 1 Year of Updates / Priority Support
|
| 76 |
|
| 77 |
[Find out more about Profile Builder PRO](http://www.cozmoslabs.com/wordpress-profile-builder/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree)
|
|
@@ -163,6 +163,11 @@ This plugin adds/removes user fields in the front-end. Both default and extra pr
|
|
| 163 |
12. Role Editor
|
| 164 |
|
| 165 |
== Changelog ==
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 166 |
= 2.7.5 =
|
| 167 |
* Improved security on forms
|
| 168 |
* Implemented a better plugin notification system
|
| 3 |
Donate link: http://www.cozmoslabs.com/wordpress-profile-builder/
|
| 4 |
Tags: user registration, user profile, user registration form, user fields, extra user fields, edit profile, user custom fields, front-end login, front-end edit profile, front-end user registration, email confirmation, login form, content restriction, restrict content
|
| 5 |
Requires at least: 3.1
|
| 6 |
+
Tested up to: 4.9.4
|
| 7 |
+
Stable tag: 2.7.6
|
| 8 |
License: GPLv2 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 10 |
|
| 40 |
Users with administrator rights have access to the following features:
|
| 41 |
|
| 42 |
* drag & drop to reorder user profile fields
|
| 43 |
+
* enable **Email Confirmation** (on registration users will receive a notification to confirm their email address)
|
| 44 |
+
* choose between login with **only Username, Email** or **both**
|
| 45 |
* enforce a **minimum password length** and **minimum password strength** (using the default WordPress password strength meter)
|
| 46 |
* assign users a specific role at registration (using **[wppb-register role="desired_role"]** shortcode argument for the register form)
|
| 47 |
* redirect users after login, register and edit-profile using redirect_url shortcode argument ( e.g **[wppb-login redirect_url="www.example.com"]** )
|
| 48 |
* add register and lost password links below the login form (using **[wppb-login register_url="www.example.com" lostpassword_url="www.example.com"]** shortcode arguments)
|
| 49 |
* customizable user login widget
|
| 50 |
+
* add a custom stylesheet/inherit values from the current theme or use the default one built into this plugin
|
| 51 |
+
* **Admin Bar Settings**: choose which user roles view the admin bar in the front-end
|
| 52 |
+
* select which profile fields users can use in frontend
|
| 53 |
* extended functionality available via [Add-ons](http://www.cozmoslabs.com/profile-builder-add-ons/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree)
|
| 54 |
+
* **Roles Editor**: add, edit, remove or clone roles and capabilities
|
| 55 |
+
* **reCAPTCHA** support for Profile Builder and Wordpress default forms
|
| 56 |
+
* **User Role Select** field on register and edit profile forms
|
| 57 |
+
* **Content Restriction**: restrict content based on current users role or logged in status
|
| 58 |
|
| 59 |
**PROFILE BUILDER PRO**
|
| 60 |
|
| 61 |
The [Pro version](http://www.cozmoslabs.com/wordpress-profile-builder/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree) has the following extra features:
|
| 62 |
|
| 63 |
+
* Create Extra User Fields (Heading, Input, Hidden Input, Number, Checkbox, Agree to Terms Checkbox, Radio Buttons, , Textarea, WYSIWYG, reCAPTCHA, Upload fields, Selects, User Role Select, Country Select, Timezone Select, Avatar Upload, Map, HTML, Phone, Datepicker, Timepicker, Colorpicker, Custom Validation field, Currency Select, CPT Select)
|
| 64 |
* Add Avatar Upload for users
|
| 65 |
* Support for Conditional Fields
|
| 66 |
* Front-end User Listing (fully customizable, sorting included)
|
| 71 |
* Admin Approval
|
| 72 |
* Email Customizer (Personalize all emails sent to your users or admins; customize default WordPress registration email)
|
| 73 |
* Advanced Modules (e.g. custom redirects, user listing, multiple registration forms etc.)
|
| 74 |
+
* Access to support and documentation
|
| 75 |
* 1 Year of Updates / Priority Support
|
| 76 |
|
| 77 |
[Find out more about Profile Builder PRO](http://www.cozmoslabs.com/wordpress-profile-builder/?utm_source=wp.org&utm_medium=pb-description-page&utm_campaign=PBFree)
|
| 163 |
12. Role Editor
|
| 164 |
|
| 165 |
== Changelog ==
|
| 166 |
+
= 2.7.6 =
|
| 167 |
+
* Fixed some issues on the login form that prevented some users from logging in
|
| 168 |
+
* When changing/recovering password we now log out of all other/all sessions
|
| 169 |
+
* Increased the performance of the plugin on the frontend
|
| 170 |
+
|
| 171 |
= 2.7.5 =
|
| 172 |
* Improved security on forms
|
| 173 |
* Implemented a better plugin notification system
|
