Changeset 10579
- Timestamp:
- 01/14/2021 06:06:09 AM (4 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
sites/trunk/common/includes/wporg-sso/wp-plugin.php
r10317 r10579 56 56 57 57 add_filter( 'allow_password_reset', array( $this, 'disable_password_reset_for_blocked_users' ), 10, 2 ); 58 add_filter( 'authenticate', array( $this, 'authenticate_block_check' ), 30);58 add_filter( 'authenticate', array( $this, 'authenticate_block_check' ), 5, 2 ); 59 59 60 60 add_filter( 'password_change_email', array( $this, 'replace_admin_email_in_change_emails' ) ); … … 90 90 * @param WP_User|WP_Error|null $user WP_User or WP_Error object if a previous 91 91 * callback failed authentication. 92 * @param string $user_login The user login attmpting to login. 92 93 * @return WP_User|WP_Error WP_User on success, WP_Error on failure. 93 94 */ 94 public function authenticate_block_check( $user ) { 95 if ( $user instanceof WP_User && defined( 'WPORG_SUPPORT_FORUMS_BLOGID' ) ) { 96 $support_user = new WP_User( $user->ID, '', WPORG_SUPPORT_FORUMS_BLOGID ); 97 98 if ( ! empty( $support_user->allcaps['bbp_blocked'] ) ) { 95 public function authenticate_block_check( $user, $user_login ) { 96 97 $support_user = get_user_by( 'login', $user_login ); 98 if ( $support_user && defined( 'WPORG_SUPPORT_FORUMS_BLOGID' ) ) { 99 $support_user->for_site( WPORG_SUPPORT_FORUMS_BLOGID ); 100 101 if ( 102 'BLOCKED' === substr( $support_user->user_pass, 0, 7 ) || 103 ! empty( $support_user->allcaps['bbp_blocked'] ) 104 ) { 105 // Returning a WP_Error from an authenticate filter doesn't block auth, as a later hooked item can return truthful. 106 // By removing all actions, we can catch both the bbp_blocked role for old users, and those whose passwords were broken via https://meta.trac.wordpress.org/changeset/10578 107 remove_all_actions( 'authenticate' ); 108 99 109 return new WP_Error( 100 110 'blocked_account',
Note: See TracChangeset
for help on using the changeset viewer.