Context Navigation

Back to Ticket #15384

Ticket #15384: class-wp-login-20101222-r17107.php

File class-wp-login-20101222-r17107.php, 36.1 KB (added by norbertm, 2 years ago)
included comment:10 and merged everything from trunk up till r17107

Line
1	<?php
2	/**
3	* Classes for handling user registration, login and related actions.
4	*
5	* WP_Login is the main controller class that routes the request.
6	*
7	* WP_Login_* classes are controllers that handle a specific request.
8	* WP_Login_View_* classes are views that render HTML content.
9	*
10	* WP_Login's dispatch() method determines, instantiates and calls the
11	* process() method of the controller and the render() method of the view.
12	* A controller can pass parameters to the view in the view constructor.
13	*
14	* @package WordPress
15	* @since 3.2.0
16	*/
17
18	/**
19	* WordPress Login class
20	*/
21	class WP_Login {
22	/**
23	* Redirects to https if forced to use SSL.
24	*/
25	public function ensure_ssl_if_required() {
26	if ( force_ssl_admin() && !is_ssl() ) {
27	if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
28	wp_redirect(preg_replace('\|^http://\|', 'https://', $_SERVER['REQUEST_URI']));
29	exit();
30	} else {
31	wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
32	exit();
33	}
34	}
35	}
36
37	/**
38	* Sets some cookies for render_login() to see if the browser supports them.
39	*/
40	public function send_test_cookies() {
41	//Set a cookie now to see if they are supported by the browser.
42	setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN);
43	if ( SITECOOKIEPATH != COOKIEPATH )
44	setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN);
45	}
46
47	/**
48	* Checks for move flag.
49	*/
50	public function relocate_if_required() {
51	if ( defined('RELOCATE') ) { // Move flag is set
52	if ( isset( $_SERVER['PATH_INFO'] ) && ($_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) )
53	$_SERVER['PHP_SELF'] = str_replace( $_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF'] );
54
55	$schema = is_ssl() ? 'https://' : 'http://';
56	if ( dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != get_option('siteurl') )
57	update_option('siteurl', dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) );
58	}
59	}
60
61	/**
62	* Dispatches to a controller depending on the action requested.
63	*
64	* After determining the specific controller it calls the process() method
65	* that handles the request and returns a view or exit()s.
66	*
67	* If a view was returned, the render() method is called to display the HTML content.
68	*
69	* A controller can pass parameters to the view in the view constructor.
70	*/
71	public function dispatch( $action ) {
72	if ( empty( $action ) ) {
73	$action = 'login';
74	}
75
76	if ( isset($_GET['key']) )
77	$action = 'resetpass';
78
79	// aliases for backwards compatibility
80	$aliases = array(
81	'rp' => 'resetpass',
82	'retrievepassword' => 'lostpassword'
83	);
84	if ( array_key_exists( $action, $aliases ) ) {
85	$action = $aliases[$action];
86	}
87
88	// validate action so as to default to the login screen
89	if ( !in_array($action, array('logout', 'lostpassword', 'resetpass', 'register', 'login'), true) && false === has_filter('login_form_' . $action) )
90	$action = 'login';
91
92	// allow plugins to override the default actions, and to add extra actions if they want
93	do_action('login_form_' . $action);
94
95	$errors = new WP_Error();
96
97	$class_name = 'WP_Login_' . ucfirst($action);
98	if ( ! class_exists( $class_name )) {
99	// This should never happen.
100	echo "'Login class '" . $class_name . "' does not exist.";
101	exit();
102	}
103
104	$controller = new $class_name;
105
106	// execute the controller
107	$method = 'process';
108	if ( ! method_exists( $controller, $method ) ) {
109	// This should never happen.
110	echo "'Action handler '" . $class_name . '::' . $method . "()' does not exist.";
111	exit();
112	}
113
114	// render the view
115	$view = call_user_func( array( $controller, $method ) );
116	if ( ! $view instanceof WP_Login_View_Base ) {
117	echo "'Action handler '" . $class_name . '::' . $method . "()' returned an invalid view.";
118	exit();
119	}
120
121	$view->render();
122	exit();
123	}
124	}
125
126	/**
127	* The base class for all login-related classes.
128	*/
129	abstract class WP_Login_Base {
130	/**
131	* Redirects to the URL specified in the request.
132	* Defaults to the URL passed in the first parameter.
133	*
134	* @param string $url The URL to redirect to in case there was no URL specified in the request.
135	*/
136	protected function _do_safe_redirect( $url ) {
137	$redirect_to = !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : $url;
138	wp_safe_redirect( $redirect_to );
139	}
140
141	/**
142	* @return WP_Login_View_Base
143	*/
144	abstract public function process();
145	}
146
147	/**
148	* Logs the user out and redirects to the login page.
149	*/
150	class WP_Login_Logout extends WP_Login_Base {
151	/**
152	* Processes the logout request and redirects. Does not return.
153	*/
154	public function process() {
155	check_admin_referer('log-out');
156	wp_logout();
157
158	$this->_do_safe_redirect( 'wp-login.php?loggedout=true' );
159	exit();
160	}
161	}
162
163	class WP_Login_LostPassword extends WP_Login_Base {
164	/**
165	* Retrieves user password.
166	*
167	* @uses $wpdb WordPress Database object
168	*
169	* @return bool\|WP_Error True: when finish. WP_Error on error
170	*/
171	private function _retrieve_password() {
172	global $wpdb, $current_site;
173
174	$errors = new WP_Error();
175
176	if ( empty( $_POST['user_login'] ) && empty( $_POST['user_email'] ) )
177	$errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or e-mail address.'));
178
179	if ( strpos($_POST['user_login'], '@') ) {
180	$user_data = get_user_by_email(trim($_POST['user_login']));
181	if ( empty($user_data) )
182	$errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.'));
183	} else {
184	$login = trim($_POST['user_login']);
185	$user_data = get_userdatabylogin($login);
186	}
187
188	do_action('lostpassword_post');
189
190	if ( $errors->get_error_code() )
191	return $errors;
192
193	if ( !$user_data ) {
194	$errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or e-mail.'));
195	return $errors;
196	}
197
198	// redefining user_login ensures we return the right case in the email
199	$user_login = $user_data->user_login;
200	$user_email = $user_data->user_email;
201
202	do_action('retreive_password', $user_login); // Misspelled and deprecated
203	do_action('retrieve_password', $user_login);
204
205	$allow = apply_filters('allow_password_reset', true, $user_data->ID);
206
207	if ( ! $allow )
208	return new WP_Error('no_password_reset', __('Password reset is not allowed for this user'));
209
210	if ( is_wp_error($allow) )
211	return $allow;
212
213	$key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login));
214	if ( empty($key) ) {
215	// Generate something random for a key...
216	$key = wp_generate_password(20, false);
217	do_action('retrieve_password_key', $user_login, $key);
218	// Now insert the new md5 key into the db
219	$wpdb->update($wpdb->users, array('user_activation_key' => $key), array('user_login' => $user_login));
220	}
221
222	$this->_send_mail( $user_login, $user_email, $key );
223
224	return true;
225	}
226
227	/**
228	* Sends out the requested password retrieval email.
229	*
230	* @param string $user_login The user login
231	* @param string $user_email Email address to send to
232	* @param string $key Hash to include within the link
233	*/
234	private function _send_mail( $user_login, $user_email, $key ) {
235	$message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n";
236	$message .= network_site_url() . "\r\n\r\n";
237	$message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
238	$message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n";
239	$message .= __('To reset your password, visit the following address:') . "\r\n\r\n";
240	$message .= '<' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ">\r\n";
241
242	if ( is_multisite() )
243	$blogname = $GLOBALS['current_site']->site_name;
244	else
245	// The blogname option is escaped with esc_html on the way into the database in sanitize_option
246	// we want to reverse this for the plain text arena of emails.
247	$blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
248
249	$title = sprintf( __('[%s] Password Reset'), $blogname );
250
251	$title = apply_filters('retrieve_password_title', $title);
252	$message = apply_filters('retrieve_password_message', $message, $key);
253
254	if ( $message && !wp_mail($user_email, $title, $message) )
255	wp_die( __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') );
256	}
257
258	/**
259	* Processes the password retrieval request.
260	*
261	* @return WP_Login_View_LostPassword
262	*/
263	public function process() {
264	$errors = new WP_Error();
265
266	if ( 'POST' == $_SERVER['REQUEST_METHOD'] ) {
267	$errors = $this->_retrieve_password();
268	if ( !is_wp_error($errors) ) {
269	$this->_do_safe_redirect( 'wp-login.php?checkemail=confirm' );
270	exit();
271	}
272	}
273
274	if ( isset($_GET['error']) && 'invalidkey' == $_GET['error'] ) $errors->add('invalidkey', __('Sorry, that key does not appear to be valid.'));
275
276	do_action('lost_password');
277
278	$redirect_to = apply_filters( 'lostpassword_redirect', !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '' );
279
280	$user_login = isset($_POST['user_login']) ? stripslashes($_POST['user_login']) : '';
281
282	return new WP_Login_View_LostPassword( $user_login, $errors, $redirect_to );
283	}
284	}
285
286	/**
287	* Displays the login form and handles the login request.
288	*/
289	class WP_Login_Login extends WP_Login_Base {
290	/**
291	* Redirects the user after a successful login.
292	*
293	* @param WP_User $user
294	* @param string $redirect_to
295	*/
296	private function _redirect_after_login( $user, $redirect_to ) {
297	// If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
298	if ( is_multisite() && !get_active_blog_for_user($user->id) )
299	$redirect_to = user_admin_url();
300	elseif ( !is_multisite() && !$user->has_cap('read') )
301	$redirect_to = user_admin_url();
302	elseif ( !$user->has_cap('edit_posts') && ( empty( $redirect_to ) \|\| $redirect_to == 'wp-admin/' \|\| $redirect_to == admin_url() ) )
303	$redirect_to = admin_url('profile.php');
304
305	wp_safe_redirect($redirect_to);
306	}
307
308	/**
309	* Processes the login request.
310	*
311	* @return WP_Login_View_Login\|WP_Login_View_Interim
312	*/
313	public function process() {
314	$errors = new WP_Error();
315
316	$secure_cookie = '';
317	$interim_login = isset($_REQUEST['interim-login']);
318
319	// If the user wants ssl but the session is not ssl, force a secure cookie.
320	if ( !empty($_POST['log']) && !force_ssl_admin() ) {
321	$user_name = sanitize_user($_POST['log']);
322	if ( $user = get_userdatabylogin($user_name) ) {
323	if ( get_user_option('use_ssl', $user->ID) ) {
324	$secure_cookie = true;
325	force_ssl_admin(true);
326	}
327	}
328	}
329
330	if ( ! empty( $_REQUEST['redirect_to'] ) ) {
331	$redirect_to = $_REQUEST['redirect_to'];
332	// Redirect to https if user wants ssl
333	if ( $secure_cookie && false !== strpos($redirect_to, 'wp-admin') )
334	$redirect_to = preg_replace('\|^http://\|', 'https://', $redirect_to);
335	} else {
336	$redirect_to = admin_url();
337	}
338
339	$reauth = empty($_REQUEST['reauth']) ? false : true;
340
341	// If the user was redirected to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure
342	// cookie and redirect back to the referring non-secure admin page. This allows logins to always be POSTed over SSL while allowing the user to choose visiting
343	// the admin via http or https.
344	if ( !$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
345	$secure_cookie = false;
346
347	$user = wp_signon('', $secure_cookie);
348
349	$redirect_to = apply_filters('login_redirect', $redirect_to, ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '', $user);
350
351	if ( !is_wp_error($user) && !$reauth ) {
352	if ( $interim_login ) {
353	return new WP_Login_View_Interim();
354	}
355
356	$this->_redirect_after_login( $user, $redirect_to );
357	exit();
358	}
359
360	$errors = $user;
361	// Clear errors if loggedout is set.
362	if ( !empty($_GET['loggedout']) \|\| $reauth )
363	$errors = new WP_Error();
364
365	// If cookies are disabled we can't log in even with a valid user+pass
366	if ( isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE]) )
367	$errors->add('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress."));
368
369	// Some parts of this script use the main login form to display a message
370	if ( isset($_GET['loggedout']) && TRUE == $_GET['loggedout'] )
371	$errors->add('loggedout', __('You are now logged out.'), 'message');
372	elseif ( isset($_GET['registration']) && 'disabled' == $_GET['registration'] )
373	$errors->add('registerdisabled', __('User registration is currently not allowed.'));
374	elseif ( isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail'] )
375	$errors->add('confirm', __('Check your e-mail for the confirmation link.'), 'message');
376	elseif ( isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail'] )
377	$errors->add('newpass', __('Check your e-mail for your new password.'), 'message');
378	elseif ( isset($_GET['checkemail']) && 'registered' == $_GET['checkemail'] )
379	$errors->add('registered', __('Registration complete. Please check your e-mail.'), 'message');
380	elseif ( $interim_login )
381	$errors->add('expired', __('Your session has expired. Please log-in again.'), 'message');
382
383	// Clear any stale cookies.
384	if ( $reauth )
385	wp_clear_auth_cookie();
386
387	$user_login = '';
388
389	if ( isset($_POST['log']) )
390	$user_login = ( 'incorrect_password' == $errors->get_error_code() \|\| 'empty_password' == $errors->get_error_code() ) ? esc_attr(stripslashes($_POST['log'])) : '';
391
392	$rememberme = ! empty( $_POST['rememberme'] );
393
394	return new WP_Login_View_Login( '', $user_login, $rememberme, $interim_login, $redirect_to, $errors );
395	}
396	}
397
398	/**
399	* Displays the registration form, processes user registration request.
400	*/
401	class WP_Login_Register extends WP_Login_Base {
402	/**
403	* Handles new user registration.
404	*
405	* @param string $user_login User's username for logging in
406	* @param string $user_email User's email address to send password and add
407	* @return int\|WP_Error Either user's ID or error on failure.
408	*/
409	private function _register_new_user( $user_login, $user_email ) {
410	$errors = new WP_Error();
411
412	$sanitized_user_login = sanitize_user( $user_login );
413	$user_email = apply_filters( 'user_registration_email', $user_email );
414
415	// Check the username
416	if ( $sanitized_user_login == '' ) {
417	$errors->add( 'empty_username', __( '<strong>ERROR</strong>: Please enter a username.' ) );
418	} elseif ( ! validate_username( $user_login ) ) {
419	$errors->add( 'invalid_username', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ) );
420	$sanitized_user_login = '';
421	} elseif ( username_exists( $sanitized_user_login ) ) {
422	$errors->add( 'username_exists', __( '<strong>ERROR</strong>: This username is already registered, please choose another one.' ) );
423	}
424
425	// Check the e-mail address
426	if ( $user_email == '' ) {
427	$errors->add( 'empty_email', __( '<strong>ERROR</strong>: Please type your e-mail address.' ) );
428	} elseif ( ! is_email( $user_email ) ) {
429	$errors->add( 'invalid_email', __( '<strong>ERROR</strong>: The email address isn’t correct.' ) );
430	$user_email = '';
431	} elseif ( email_exists( $user_email ) ) {
432	$errors->add( 'email_exists', __( '<strong>ERROR</strong>: This email is already registered, please choose another one.' ) );
433	}
434
435	do_action( 'register_post', $sanitized_user_login, $user_email, $errors );
436
437	$errors = apply_filters( 'registration_errors', $errors, $sanitized_user_login, $user_email );
438
439	if ( $errors->get_error_code() )
440	return $errors;
441
442	$user_pass = wp_generate_password( 12, false);
443	$user_id = wp_create_user( $sanitized_user_login, $user_pass, $user_email );
444	if ( ! $user_id ) {
445	$errors->add( 'registerfail', sprintf( __( '<strong>ERROR</strong>: Couldn’t register you... please contact the <a href="mailto:%s">webmaster</a> !' ), get_option( 'admin_email' ) ) );
446	return $errors;
447	}
448
449	update_user_option( $user_id, 'default_password_nag', true, true ); //Set up the Password change nag.
450
451	wp_new_user_notification( $user_id, $user_pass );
452
453	return $user_id;
454	}
455
456	/**
457	* Displays registration form and processes the user registration request.
458	*
459	* @return WP_Login_View_Register
460	*/
461	public function process() {
462	if ( is_multisite() ) {
463	// Multisite uses wp-signup.php
464	wp_redirect( apply_filters( 'wp_signup_location', site_url('wp-signup.php') ) );
465	exit;
466	}
467
468	if ( !get_option('users_can_register') ) {
469	wp_redirect( site_url('wp-login.php?registration=disabled') );
470	exit();
471	}
472
473	$errors = new WP_Error();
474
475	$user_login = '';
476	$user_email = '';
477
478	if ( 'POST' == $_SERVER['REQUEST_METHOD'] ) {
479	$user_login = $_POST['user_login'];
480	$user_email = $_POST['user_email'];
481
482	$errors = $this->_register_new_user( $user_login, $user_email );
483	if ( !is_wp_error($errors) ) {
484	$redirect_to = !empty( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : 'wp-login.php?checkemail=registered';
485	wp_safe_redirect( $redirect_to );
486	exit();
487	}
488	}
489
490	$redirect_to = apply_filters( 'registration_redirect', !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '' );
491
492	return new WP_Login_View_Register( $user_login, $user_email, $redirect_to, $errors );
493	}
494	}
495
496	/**
497	* Displays the password reset form and handles password reset request.
498	*/
499	class WP_Login_ResetPass extends WP_Login_Base {
500	/**
501	* Retrieves a user row based on password reset key and login
502	*
503	* @uses $wpdb WordPress Database object
504	*
505	* @param string $key Hash to validate sending user's password
506	* @param string $login The user login
507	*
508	* @return object\|WP_Error
509	*/
510	private function _check_password_reset_key($key, $login) {
511	global $wpdb;
512
513	$key = preg_replace('/[^a-z0-9]/i', '', $key);
514
515	if ( empty( $key ) \|\| !is_string( $key ) )
516	return new WP_Error('invalid_key', __('Invalid key'));
517
518	if ( empty($login) \|\| !is_string($login) )
519	return new WP_Error('invalid_key', __('Invalid key'));
520
521	$user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_activation_key = %s AND user_login = %s", $key, $login));
522
523	if ( empty( $user ) )
524	return new WP_Error('invalid_key', __('Invalid key'));
525
526	return $user;
527	}
528
529	/**
530	* Handles resetting the user's password.
531	*
532	* @uses $wpdb WordPress Database object
533	*
534	* @param string $key Hash to validate sending user's password
535	*/
536	private function _reset_password($user, $new_pass) {
537	do_action('password_reset', $user, $new_pass);
538
539	wp_set_password($new_pass, $user->ID);
540
541	wp_password_change_notification($user);
542	}
543
544	/**
545	* Processes the reset password request.
546	*
547	* @return WP_Login_View_ResetPass\|WP_Login_View_ResetPass_Completed
548	*/
549	public function process() {
550	$user = $this->_check_password_reset_key($_GET['key'], $_GET['login']);
551	if ( is_wp_error($user) ) {
552	wp_redirect( site_url('wp-login.php?action=lostpassword&error=invalidkey') );
553	exit;
554	}
555
556	$errors = '';
557
558	if ( isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2'] ) {
559	$errors = new WP_Error('password_reset_mismatch', __('The passwords do not match.'));
560	} elseif ( isset($_POST['pass1']) && !empty($_POST['pass1']) ) {
561	$this->_reset_password($user, $_POST['pass1']);
562
563	return new WP_Login_View_ResetPass_Completed();
564	}
565
566	wp_enqueue_script('utils');
567	wp_enqueue_script('user-profile');
568
569	return new WP_Login_View_ResetPass( $errors );
570	}
571	}
572
573	/**
574	* Base class for all WP_Login_View classes.
575	*/
576	class WP_Login_View_Base {
577	private $header_title;
578	private $header_message;
579	private $header_wp_error;
580
581	private $focus_input_id = '';
582
583	/**
584	* @param string $title Optional. WordPress Log In Page title to display in
585	* <title/> element.
586	* @param string $message Optional. Message to display in header.
587	* @param WP_Error $wp_error Optional. WordPress Error Object
588	*/
589	public function __construct( $title = 'Log In', $message = '', $wp_error = '' ) {
590	$this->header_title = $title;
591	$this->header_message = $message;
592
593	if ( ! empty($wp_error) ) {
594	$this->header_wp_error = $wp_error;
595	} else {
596	$this->header_wp_error = new WP_Error();
597	}
598	}
599
600	/**
601	* @param string $input_id Which input to autofocus
602	*/
603	protected function set_focus_input_id( $focus_input_id ) {
604	$this->focus_input_id = $focus_input_id;
605	}
606
607	/**
608	* Outputs the header for the login page.
609	*
610	* @uses do_action() Calls the 'login_head' for outputting HTML in the Log In
611	* header.
612	* @uses apply_filters() Calls 'login_headerurl' for the top login link.
613	* @uses apply_filters() Calls 'login_headertitle' for the top login title.
614	* @uses apply_filters() Calls 'login_message' on the message to display in the
615	* header.
616	* @uses $error The error global, which is checked for displaying errors.
617	*/
618	protected function paint_header() {
619	global $error, $is_iphone, $interim_login, $current_site;
620
621	// Don't index any of these forms
622	add_filter( 'pre_option_blog_public', '__return_zero' );
623	add_action( 'login_head', 'noindex' );
624
625	// Shake it!
626	$shake_error_codes = array( 'empty_password', 'empty_email', 'invalid_email', 'invalidcombo', 'empty_username', 'invalid_username', 'incorrect_password' );
627	$shake_error_codes = apply_filters( 'shake_error_codes', $shake_error_codes );
628
629	if ( $shake_error_codes && $this->header_wp_error->get_error_code() && in_array( $this->header_wp_error->get_error_code(), $shake_error_codes ) )
630	add_action( 'login_head', array($this, 'paint_shake_js'), 12 );
631	?>
632	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
633	<html xmlns="http://www.w3.org/1999/xhtml" <?php language_attributes(); ?>>
634	<head>
635	<title><?php bloginfo('name'); ?> &rsaquo; <?php echo $this->header_title; ?></title>
636	<meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" />
637	<?php
638	wp_admin_css( 'login', true );
639	wp_admin_css( 'colors-fresh', true );
640
641	if ( $is_iphone ) { ?>
642	<meta name="viewport" content="width=320; initial-scale=0.9; maximum-scale=1.0; user-scalable=0;" />
643	<style type="text/css" media="screen">
644	form { margin-left: 0px; }
645	#login { margin-top: 20px; }
646	</style>
647	<?php
648	} elseif ( isset($interim_login) && $interim_login ) { ?>
649	<style type="text/css" media="all">
650	.login #login { margin: 20px auto; }
651	</style>
652	<?php
653	}
654
655	do_action('login_head'); ?>
656	</head>
657	<body class="login">
658	<?php if ( !is_multisite() ) { ?>
659	<div id="login"><h1><a href="<?php echo apply_filters('login_headerurl', 'http://wordpress.org/'); ?>" title="<?php echo apply_filters('login_headertitle', esc_attr__('Powered by WordPress')); ?>"><?php bloginfo('name'); ?></a></h1>
660	<?php } else { ?>
661	<div id="login"><h1><a href="<?php echo apply_filters('login_headerurl', network_home_url() ); ?>" title="<?php echo apply_filters('login_headertitle', esc_attr($current_site->site_name) ); ?>"><span class="hide"><?php bloginfo('name'); ?></span></a></h1>
662	<?php }
663
664	$message = apply_filters('login_message', $this->header_message);
665	if ( !empty( $message ) ) echo $message . "\n";
666
667	// Incase a plugin uses $error rather than the $errors object
668	if ( !empty( $error ) ) {
669	$this->header_wp_error->add('error', $error);
670	unset($error);
671	}
672
673	if ( $this->header_wp_error->get_error_code() ) {
674	$errors = '';
675	$messages = '';
676	foreach ( $this->header_wp_error->get_error_codes() as $code ) {
677	$severity = $this->header_wp_error->get_error_data($code);
678	foreach ( $this->header_wp_error->get_error_messages($code) as $error ) {
679	if ( 'message' == $severity )
680	$messages .= ' ' . $error . "<br />\n";
681	else
682	$errors .= ' ' . $error . "<br />\n";
683	}
684	}
685	if ( !empty($errors) )
686	echo '<div id="login_error">' . apply_filters('login_errors', $errors) . "</div>\n";
687	if ( !empty($messages) )
688	echo '<p class="message">' . apply_filters('login_messages', $messages) . "</p>\n";
689	}
690	}
691
692	/**
693	* Outputs the footer for the login page.
694	*/
695	protected function paint_footer() {
696	echo "</div>\n";
697
698	if ( !empty($this->focus_input_id) ) {
699	?>
700	<script type="text/javascript">
701	try{document.getElementById('<?php echo $this->focus_input_id; ?>').focus();}catch(e){}
702	if(typeof wpOnload=='function')wpOnload();
703	</script>
704	<?php
705	}
706	?>
707	<p id="backtoblog"><a href="<?php bloginfo('url'); ?>/" title="<?php esc_attr_e('Are you lost?') ?>"><?php printf(__('← Back to %s'), get_bloginfo('title', 'display' )); ?></a></p>
708	<?php do_action('login_footer'); ?>
709	</body>
710	</html>
711	<?php
712	}
713
714	/**
715	* Shakes the entire page for the user to see there was an error.
716	* Needs public visibility because it will be called by a filter hook.
717	*/
718	public function paint_shake_js() {
719	global $is_iphone;
720	if ( $is_iphone )
721	return;
722	?>
723	<script type="text/javascript">
724	addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
725	function s(id,pos){g(id).left=pos+'px';}
726	function g(id){return document.getElementById(id).style;}
727	function shake(id,a,d){c=a.shift();s(id,c);if(a.length>0){setTimeout(function(){shake(id,a,d);},d);}else{try{g(id).position='static';wp_attempt_focus();}catch(e){}}}
728	addLoadEvent(function(){ var p=new Array(15,30,15,0,-15,-30,-15,0);p=p.concat(p.concat(p));var i=document.forms[0].id;g(i).position='relative';shake(i,p,20);});
729	</script>
730	<?php
731	}
732
733	/**
734	* Empty function to be overriden by children to paint HTML content,
735	* although this is not a requirement.
736	*/
737	protected function paint() {
738	}
739
740	/**
741	* May or may not be overridden.
742	*/
743	public function render() {
744	$this->paint_header();
745	$this->paint();
746	$this->paint_footer();
747	}
748	}
749
750	/**
751	* Displays interim login screen.
752	*/
753	class WP_Login_View_Interim extends WP_Login_View_Base {
754	/**
755	* Class constructor.
756	*/
757	public function __construct() {
758	$message = '<p class="message">' . __('You have logged in successfully.') . '</p>';
759	parent::__construct( '', $message );
760	}
761
762	/**
763	* Overriding to skip paint_footer() as we're about to draw a custom footer in paint().
764	*/
765	public function render() {
766	$this->paint_header();
767	$this->paint();
768	}
769
770	/**
771	* Paint HTML contents.
772	*/
773	protected function paint() {
774	?>
775	<script type="text/javascript">setTimeout( function(){window.close()}, 8000);</script>
776	<p class="alignright">
777	<input type="button" class="button-primary" value="<?php esc_attr_e('Close'); ?>" onclick="window.close()" /></p>
778	</div></body></html>
779	<?php
780	}
781	}
782
783	/**
784	* Renders the login form.
785	*/
786	class WP_Login_View_Login extends WP_Login_View_Base {
787	private $user_login;
788	private $remember_me;
789	private $interim_login;
790	private $redirect_to;
791	private $errors;
792
793	/**
794	* Class constructor.
795	*
796	* @param string $user_login User name
797	* @param boolean $rememberme
798	* @param boolean $interim_login
799	* @param string $redirect_to URL to redirect to.
800	* @param WP_Error $errors Errors, if any.
801	*/
802	public function __construct( $message = '', $user_login = '', $remember_me = false, $interim_login = false, $redirect_to = '', $errors = null ) {
803	parent::__construct( __('Log In'), $message, $errors );
804
805	$this->user_login = $user_login;
806	$this->remember_me = $remember_me;
807	$this->interim_login = $interim_login;
808	$this->redirect_to = $redirect_to;
809	if ( ! empty($errors) ) {
810	$this->errors = $errors;
811	} else {
812	$this->errors = new WP_Error();
813	}
814	}
815
816	/**
817	* Overriding to skip paint_footer() as we're about to draw a custom footer in paint().
818	*/
819	public function render() {
820	$this->paint_header();
821	$this->paint();
822	}
823
824	/**
825	* Renders the login form.
826	*/
827	protected function paint() {
828	?>
829	<form name="loginform" id="loginform" action="<?php echo site_url('wp-login.php', 'login_post') ?>" method="post">
830	<p>
831	<label><?php _e('Username') ?><br />
832	<input type="text" name="log" id="user_login" class="input" value="<?php echo esc_attr($this->user_login); ?>" size="20" tabindex="10" /></label>
833	</p>
834	<p>
835	<label><?php _e('Password') ?><br />
836	<input type="password" name="pwd" id="user_pass" class="input" value="" size="20" tabindex="20" /></label>
837	</p>
838	<?php do_action('login_form'); ?>
839	<p class="forgetmenot"><label><input name="rememberme" type="checkbox" id="rememberme" value="forever" tabindex="90"<?php checked( $this->remember_me ); ?> /> <?php esc_attr_e('Remember Me'); ?></label></p>
840	<p class="submit">
841	<input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Log In'); ?>" tabindex="100" />
842	<?php if ( $this->interim_login ) { ?>
843	<input type="hidden" name="interim-login" value="1" />
844	<?php } else { ?>
845	<input type="hidden" name="redirect_to" value="<?php echo esc_attr($this->redirect_to); ?>" />
846	<?php } ?>
847	<input type="hidden" name="testcookie" value="1" />
848	</p>
849	</form>
850
851	<?php if ( !$this->interim_login ) { ?>
852	<p id="nav">
853	<?php if ( isset($_GET['checkemail']) && in_array( $_GET['checkemail'], array('confirm', 'newpass') ) ) : ?>
854	<?php elseif ( get_option('users_can_register') ) : ?>
855	<a href="<?php echo site_url('wp-login.php?action=register', 'login') ?>"><?php _e('Register') ?></a> \|
856	<a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a>
857	<?php else : ?>
858	<a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a>
859	<?php endif; ?>
860	</p>
861	</div>
862	<p id="backtoblog"><a href="<?php bloginfo('url'); ?>/" title="<?php esc_attr_e('Are you lost?') ?>"><?php printf(__('← Back to %s'), get_bloginfo('title', 'display' )); ?></a></p>
863	<?php } else { ?>
864	</div>
865	<?php } ?>
866
867	<script type="text/javascript">
868	function wp_attempt_focus(){
869	setTimeout( function(){ try{
870	<?php if ( $this->user_login \|\| $this->interim_login ) { ?>
871	d = document.getElementById('user_pass');
872	d.value = '';
873	<?php } else { ?>
874	d = document.getElementById('user_login');
875	<?php if ( 'invalid_username' == $this->errors->get_error_code() ) { ?>
876	if( d.value != '' )
877	d.value = '';
878	<?php
879	}
880	}?>
881	d.focus();
882	d.select();
883	} catch(e){}
884	}, 200);
885	}
886
887	<?php if ( !$error ) { ?>
888	wp_attempt_focus();
889	<?php } ?>
890	if(typeof wpOnload=='function')wpOnload();
891	</script>
892	<?php do_action( 'login_footer' ); ?>
893	</body>
894	</html>
895	<?php
896	}
897	}
898
899	/**
900	* Renders the register form.
901	*/
902	class WP_Login_View_Register extends WP_Login_View_Base {
903	private $user_login;
904	private $user_email;
905	private $redirect_to;
906
907	/**
908	* Class constructor.
909	*
910	* @param string $user_login User name
911	* @param string $user_email User email
912	* @param string $redirect_to URL to redirect to after login.
913	* @param WP_Error $errors Errors, if any.
914	*/
915	public function __construct( $user_login, $user_email, $redirect_to, $errors ) {
916	parent::__construct( __('Registration Form'), '<p class="message register">' . __('Register For This Site') . '</p>', $errors );
917
918	$this->user_login = $user_login;
919	$this->user_email = $user_email;
920	$this->redirect_to = $redirect_to;
921
922	$this->set_focus_input_id( 'user_login' );
923	}
924
925	/**
926	* Outputs the registration form.
927	*/
928	protected function paint() {
929	?>
930	<form name="registerform" id="registerform" action="<?php echo site_url('wp-login.php?action=register', 'login_post') ?>" method="post">
931	<p>
932	<label><?php _e('Username') ?><br />
933	<input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr(stripslashes($this->user_login)); ?>" size="20" tabindex="10" /></label>
934	</p>
935	<p>
936	<label><?php _e('E-mail') ?><br />
937	<input type="text" name="user_email" id="user_email" class="input" value="<?php echo esc_attr(stripslashes($this->user_email)); ?>" size="25" tabindex="20" /></label>
938	</p>
939	<?php do_action('register_form'); ?>
940	<p id="reg_passmail"><?php _e('A password will be e-mailed to you.') ?></p>
941	<br class="clear" />
942	<input type="hidden" name="redirect_to" value="<?php echo esc_attr( $this->redirect_to ); ?>" />
943	<p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Register'); ?>" tabindex="100" /></p>
944	</form>
945
946	<p id="nav">
947	<a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a> \|
948	<a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a>
949	</p>
950	<?php
951	}
952	}
953
954	/**
955	* Renders the password retrieval form.
956	*/
957	class WP_Login_View_LostPassword extends WP_Login_View_Base {
958	private $user_login;
959	private $errors;
960	private $redirect_to;
961
962	/**
963	* @param string $user_login User name
964	* @param WP_Error $errors Errors, if any.
965	* @param $redirect_to URL to redirect to.
966	*/
967	public function __construct( $user_login, $errors, $redirect_to ) {
968	parent::__construct( __('Lost Password'), '<p class="message">' . __('Please enter your username or email address. You will receive a link to create a new password via email.') . '</p>', $errors );
969
970	$this->user_login = $user_login;
971	$this->errors = $errors;
972	$this->redirect_to = $redirect_to;
973
974	$this->set_focus_input_id('user_login');
975	}
976
977	/**
978	* Outputs the password retrieval form.
979	*/
980	protected function paint() {
981	?>
982	<form name="lostpasswordform" id="lostpasswordform" action="<?php echo site_url('wp-login.php?action=lostpassword', 'login_post') ?>" method="post">
983	<p>
984	<label><?php _e('Username or E-mail:') ?><br />
985	<input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr($this->user_login); ?>" size="20" tabindex="10" /></label>
986	</p>
987	<?php do_action('lostpassword_form'); ?>
988	<input type="hidden" name="redirect_to" value="<?php echo esc_attr( $this->redirect_to ); ?>" />
989	<p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Get New Password'); ?>" tabindex="100" /></p>
990	</form>
991
992	<p id="nav">
993	<a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a>
994	<?php if (get_option('users_can_register')) : ?>
995	\| <a href="<?php echo site_url('wp-login.php?action=register', 'login') ?>"><?php _e('Register') ?></a>
996	<?php endif; ?>
997	</p>
998	<?php
999	}
1000	}
1001
1002	/**
1003	* Outputs the password change form.
1004	*/
1005	class WP_Login_View_ResetPass extends WP_Login_View_Base {
1006	/**
1007	* Class constructor.
1008	*/
1009	public function __construct( $errors ) {
1010	parent::__construct( __('Reset Password'), '<p class="message reset-pass">' . __('Enter your new password below.') . '</p>', $errors );
1011
1012	$this->set_focus_input_id('user_pass');
1013	}
1014
1015	/**
1016	* Renders the password change form.
1017	*/
1018	protected function paint() {
1019	?>
1020	<form name="resetpassform" id="resetpassform" action="<?php echo site_url('wp-login.php?action=resetpass&key=' . urlencode($_GET['key']) . '&login=' . urlencode($_GET['login']), 'login_post') ?>" method="post">
1021	<input type="hidden" id="user_login" value="<?php echo esc_attr( $_GET['login'] ); ?>" autocomplete="off" />
1022
1023	<p>
1024	<label><?php _e('New password') ?><br />
1025	<input type="password" name="pass1" id="pass1" class="input" size="20" value="" autocomplete="off" /></label>
1026	</p>
1027	<p>
1028	<label><?php _e('Confirm new password') ?><br />
1029	<input type="password" name="pass2" id="pass2" class="input" size="20" value="" autocomplete="off" /></label>
1030	</p>
1031
1032	<div id="pass-strength-result" class="hide-if-no-js"><?php _e('Strength indicator'); ?></div>
1033	<p class="description indicator-hint"><?php _e('Hint: The password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers and symbols like ! " ? $ % ^ & ).'); ?></p>
1034
1035	<br class="clear" />
1036	<p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Reset Password'); ?>" tabindex="100" /></p>
1037	</form>
1038
1039	<p id="nav">
1040	<a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a>
1041	<?php if (get_option('users_can_register')) : ?>
1042	\| <a href="<?php echo site_url('wp-login.php?action=register', 'login') ?>"><?php _e('Register') ?></a>
1043	<?php endif; ?>
1044	</p>
1045	<?php
1046	}
1047	}
1048
1049	/**
1050	* Outputs the login form with the password successfully changed message.
1051	*/
1052	class WP_Login_View_ResetPass_Completed extends WP_Login_View_Login {
1053	/**
1054	* Class constructor.
1055	*/
1056	public function __construct() {
1057	// to make this work, I needed to change isset() to !empty() in WP_Login_Login::process() for checking $_REQUEST['redirect_to']
1058	parent::__construct( '<p class="message reset-pass">' . __('Your password has been reset.') . '</p>' );
1059	}
1060	}
1061
1062	?>

Download in other formats:

Original Format

WordPress.org

Make WordPress Core

Context Navigation

Ticket #15384: class-wp-login-20101222-r17107.php

Download in other formats:

Code is Poetry