Version Description
- Fixed a MAJOR security hole that allowed anyone to login without a password!!
Download this release
Release Info
Developer | jfarthing84 |
Plugin | Theme My Login |
Version | 4.3.1 |
Comparing to | |
See all releases |
Code changes from version 4.3 to 4.3.1
- readme.txt +3 -0
- theme-my-login.php +12 -10
readme.txt
CHANGED
@@ -39,6 +39,9 @@ None yet. Please visit http://www.jfarthing.com/forum for any support!
|
|
39 |
|
40 |
== Changelog ==
|
41 |
|
|
|
|
|
|
|
42 |
= 4.3 =
|
43 |
* Added the option to require approval for new registrations
|
44 |
* Added the option to enable/disable plugin stylesheet
|
39 |
|
40 |
== Changelog ==
|
41 |
|
42 |
+
= 4.3.1 =
|
43 |
+
* Fixed a MAJOR security hole that allowed anyone to login without a password!!
|
44 |
+
|
45 |
= 4.3 =
|
46 |
* Added the option to require approval for new registrations
|
47 |
* Added the option to enable/disable plugin stylesheet
|
theme-my-login.php
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
Plugin Name: Theme My Login
|
4 |
Plugin URI: http://www.jfarthing.com/wordpress-plugins/theme-my-login-plugin
|
5 |
Description: Themes the WordPress login, registration and forgot password pages according to your theme.
|
6 |
-
Version: 4.3
|
7 |
Author: Jeff Farthing
|
8 |
Author URI: http://www.jfarthing.com
|
9 |
Text Domain: theme-my-login
|
@@ -255,10 +255,10 @@ if (!class_exists('ThemeMyLogin')) {
|
|
255 |
function RegisterForm($instance) {
|
256 |
if ( $this->options['custom_pass'] ) {
|
257 |
?>
|
258 |
-
<p><label><?php _e('Password:')
|
259 |
-
<input autocomplete="off" name="pass1" id="pass1-<?php echo $instance; ?>" class="input" size="20" value="" type="password"
|
260 |
-
<label><?php _e('Confirm Password:')
|
261 |
-
<input autocomplete="off" name="pass2" id="pass2-<?php echo $instance; ?>" class="input" size="20" value="" type="password" /></
|
262 |
<?php
|
263 |
}
|
264 |
}
|
@@ -280,11 +280,13 @@ if (!class_exists('ThemeMyLogin')) {
|
|
280 |
}
|
281 |
|
282 |
function Authenticate($user, $username, $password) {
|
283 |
-
|
284 |
-
|
285 |
-
|
286 |
-
|
287 |
-
|
|
|
|
|
288 |
}
|
289 |
return $user;
|
290 |
}
|
3 |
Plugin Name: Theme My Login
|
4 |
Plugin URI: http://www.jfarthing.com/wordpress-plugins/theme-my-login-plugin
|
5 |
Description: Themes the WordPress login, registration and forgot password pages according to your theme.
|
6 |
+
Version: 4.3.1
|
7 |
Author: Jeff Farthing
|
8 |
Author URI: http://www.jfarthing.com
|
9 |
Text Domain: theme-my-login
|
255 |
function RegisterForm($instance) {
|
256 |
if ( $this->options['custom_pass'] ) {
|
257 |
?>
|
258 |
+
<p><label for="pass1"><?php _e('Password:');?></label>
|
259 |
+
<input autocomplete="off" name="pass1" id="pass1-<?php echo $instance; ?>" class="input" size="20" value="" type="password" /><br />
|
260 |
+
<label for="pass2"><?php _e('Confirm Password:');?></label>
|
261 |
+
<input autocomplete="off" name="pass2" id="pass2-<?php echo $instance; ?>" class="input" size="20" value="" type="password" /></p>
|
262 |
<?php
|
263 |
}
|
264 |
}
|
280 |
}
|
281 |
|
282 |
function Authenticate($user, $username, $password) {
|
283 |
+
global $wpdb;
|
284 |
+
|
285 |
+
if ( is_a($user, 'WP_User') ) {
|
286 |
+
$user_role = reset($user->roles);
|
287 |
+
if ( in_array($user_role, array('pending', 'denied')) ) {
|
288 |
+
return new WP_Error('pending', '<strong>ERROR</strong>: Your registration has not yet been approved.');
|
289 |
+
}
|
290 |
}
|
291 |
return $user;
|
292 |
}
|