Theme My Login - Version 4.3.1

Version Description

  • Fixed a MAJOR security hole that allowed anyone to login without a password!!
Download this release

Release Info

Developer jfarthing84
Plugin Icon 128x128 Theme My Login
Version 4.3.1
Comparing to
See all releases

Code changes from version 4.3 to 4.3.1

Files changed (2) hide show
  1. readme.txt +3 -0
  2. theme-my-login.php +12 -10
readme.txt CHANGED
@@ -39,6 +39,9 @@ None yet. Please visit http://www.jfarthing.com/forum for any support!
39
 
40
  == Changelog ==
41
 
 
 
 
42
  = 4.3 =
43
  * Added the option to require approval for new registrations
44
  * Added the option to enable/disable plugin stylesheet
39
 
40
  == Changelog ==
41
 
42
+ = 4.3.1 =
43
+ * Fixed a MAJOR security hole that allowed anyone to login without a password!!
44
+
45
  = 4.3 =
46
  * Added the option to require approval for new registrations
47
  * Added the option to enable/disable plugin stylesheet
theme-my-login.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: Theme My Login
4
  Plugin URI: http://www.jfarthing.com/wordpress-plugins/theme-my-login-plugin
5
  Description: Themes the WordPress login, registration and forgot password pages according to your theme.
6
- Version: 4.3
7
  Author: Jeff Farthing
8
  Author URI: http://www.jfarthing.com
9
  Text Domain: theme-my-login
@@ -255,10 +255,10 @@ if (!class_exists('ThemeMyLogin')) {
255
  function RegisterForm($instance) {
256
  if ( $this->options['custom_pass'] ) {
257
  ?>
258
- <p><label><?php _e('Password:');?> <br />
259
- <input autocomplete="off" name="pass1" id="pass1-<?php echo $instance; ?>" class="input" size="20" value="" type="password" /></label><br />
260
- <label><?php _e('Confirm Password:');?> <br />
261
- <input autocomplete="off" name="pass2" id="pass2-<?php echo $instance; ?>" class="input" size="20" value="" type="password" /></label></p>
262
  <?php
263
  }
264
  }
@@ -280,11 +280,13 @@ if (!class_exists('ThemeMyLogin')) {
280
  }
281
 
282
  function Authenticate($user, $username, $password) {
283
- $user_data = get_userdatabylogin($username);
284
- $user = new WP_User($user_data->ID);
285
- $user_role = reset($user->roles);
286
- if ( in_array($user_role, array('pending', 'denied')) ) {
287
- return new WP_Error('pending', 'Your registration has not yet been approved.');
 
 
288
  }
289
  return $user;
290
  }
3
  Plugin Name: Theme My Login
4
  Plugin URI: http://www.jfarthing.com/wordpress-plugins/theme-my-login-plugin
5
  Description: Themes the WordPress login, registration and forgot password pages according to your theme.
6
+ Version: 4.3.1
7
  Author: Jeff Farthing
8
  Author URI: http://www.jfarthing.com
9
  Text Domain: theme-my-login
255
  function RegisterForm($instance) {
256
  if ( $this->options['custom_pass'] ) {
257
  ?>
258
+ <p><label for="pass1"><?php _e('Password:');?></label>
259
+ <input autocomplete="off" name="pass1" id="pass1-<?php echo $instance; ?>" class="input" size="20" value="" type="password" /><br />
260
+ <label for="pass2"><?php _e('Confirm Password:');?></label>
261
+ <input autocomplete="off" name="pass2" id="pass2-<?php echo $instance; ?>" class="input" size="20" value="" type="password" /></p>
262
  <?php
263
  }
264
  }
280
  }
281
 
282
  function Authenticate($user, $username, $password) {
283
+ global $wpdb;
284
+
285
+ if ( is_a($user, 'WP_User') ) {
286
+ $user_role = reset($user->roles);
287
+ if ( in_array($user_role, array('pending', 'denied')) ) {
288
+ return new WP_Error('pending', '<strong>ERROR</strong>: Your registration has not yet been approved.');
289
+ }
290
  }
291
  return $user;
292
  }