Ticket #8938: wp-auth.diff
| File wp-auth.diff, 5.8 KB (added by wnorris, 3 years ago) |
|---|
-
wp-includes/user.php
32 32 $credentials['remember'] = $_POST['rememberme']; 33 33 } 34 34 35 if ( !empty($credentials['user_login']) )36 $credentials['user_login'] = sanitize_user($credentials['user_login']);37 if ( !empty($credentials['user_password']) )38 $credentials['user_password'] = trim($credentials['user_password']);39 35 if ( !empty($credentials['remember']) ) 40 36 $credentials['remember'] = true; 41 37 else 42 38 $credentials['remember'] = false; 43 39 40 // TODO do we deprecate the wp_authentication action? 44 41 do_action_ref_array('wp_authenticate', array(&$credentials['user_login'], &$credentials['user_password'])); 45 42 46 43 if ( '' === $secure_cookie ) 47 44 $secure_cookie = is_ssl() ? true : false; 48 45 49 // If no credential info provided, check cookie. 50 if ( empty($credentials['user_login']) && empty($credentials['user_password']) ) { 51 $user = wp_validate_auth_cookie(); 52 if ( $user ) 53 return new WP_User($user); 46 global $auth_secure_cookie; // XXX ugly hack to pass this to wp_authenticate_cookie 47 $auth_secure_cookie = $secure_cookie; 54 48 55 if ( $secure_cookie ) 56 $auth_cookie = SECURE_AUTH_COOKIE; 57 else 58 $auth_cookie = AUTH_COOKIE; 49 add_filter('authenticate', 'wp_authenticate_cookie', 30, 3); 59 50 60 if ( !empty($_COOKIE[$auth_cookie]) ) 61 return new WP_Error('expired_session', __('Please log in again.')); 51 $user = wp_authenticate($credentials['user_login'], $credentials['user_password']); 62 52 63 // If the cookie is not set, be silent. 64 return new WP_Error(); 53 if ( is_wp_error($user) ) 54 return $user; 55 56 wp_set_auth_cookie($user->ID, $credentials['remember'], $secure_cookie); 57 do_action('wp_login', $credentials['user_login']); 58 return $user; 59 } 60 61 62 /** 63 * Authenticate the user using the username and password. 64 */ 65 add_filter('authenticate', 'wp_authenticate_username_password', 20, 3); 66 function wp_authenticate_username_password($user, $username, $password) { 67 if ( is_a($user, 'WP_User') ) { return $user; } 68 69 // XXX slight hack to handle initial load of wp-login.php 70 if ( (empty($username) && empty($password)) && $GLOBALS['pagenow'] == 'wp-login.php' ) { 71 return $user; 65 72 } 66 73 67 if ( empty($ credentials['user_login']) || empty($credentials['user_password']) ) {74 if ( empty($username) || empty($password) ) { 68 75 $error = new WP_Error(); 69 76 70 if ( empty($ credentials['user_login']) )77 if ( empty($username) ) 71 78 $error->add('empty_username', __('<strong>ERROR</strong>: The username field is empty.')); 72 if ( empty($credentials['user_password']) ) 79 80 if ( empty($password) ) 73 81 $error->add('empty_password', __('<strong>ERROR</strong>: The password field is empty.')); 82 74 83 return $error; 75 84 } 76 85 77 $user = wp_authenticate($credentials['user_login'], $credentials['user_password']); 78 if ( is_wp_error($user) ) 86 $userdata = get_userdatabylogin($username); 87 88 if ( !$userdata || ($userdata->user_login != $username) ) { 89 return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Invalid username.')); 90 } 91 92 $user = apply_filters('wp_authenticate_user', $user, $password); 93 if ( is_wp_error($user) ) { 79 94 return $user; 95 } 80 96 81 wp_set_auth_cookie($user->ID, $credentials['remember'], $secure_cookie); 82 do_action('wp_login', $credentials['user_login']); 97 if ( !wp_check_password($password, $userdata->user_pass, $userdata->ID) ) { 98 return new WP_Error('incorrect_password', __('<strong>ERROR</strong>: Incorrect password.')); 99 } 100 101 $user = new WP_User($userdata->ID); 83 102 return $user; 84 103 } 85 104 86 105 /** 106 * Authenticate the user using the WordPress auth cookie. 107 */ 108 function wp_authenticate_cookie($user, $username, $password) { 109 if ( is_a($user, 'WP_User') ) { return $user; } 110 111 if ( empty($username) && empty($password) ) { 112 $user_id = wp_validate_auth_cookie(); 113 if ( $user_id ) 114 return new WP_User($user_id); 115 116 global $auth_secure_cookie; 117 118 if ( $auth_secure_cookie ) 119 $auth_cookie = SECURE_AUTH_COOKIE; 120 else 121 $auth_cookie = AUTH_COOKIE; 122 123 if ( !empty($_COOKIE[$auth_cookie]) ) 124 return new WP_Error('expired_session', __('Please log in again.')); 125 126 // If the cookie is not set, be silent. 127 } 128 129 return $user; 130 } 131 132 /** 87 133 * Retrieve user data based on field. 88 134 * 89 135 * Use get_profile() will make a database query to get the value of the table -
wp-includes/pluggable.php
437 437 */ 438 438 function wp_authenticate($username, $password) { 439 439 $username = sanitize_user($username); 440 $password = trim($password); 440 441 441 if ( '' == $username ) 442 return new WP_Error('empty_username', __('<strong>ERROR</strong>: The username field is empty.')); 442 $user = apply_filters('authenticate', null, $username, $password); 443 443 444 if ( '' == $password ) 445 return new WP_Error('empty_password', __('<strong>ERROR</strong>: The password field is empty.')); 446 447 $user = get_userdatabylogin($username); 448 449 if ( !$user || ($user->user_login != $username) ) { 450 do_action( 'wp_login_failed', $username ); 451 return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Invalid username.')); 444 if ($user == null) { 445 $user = new WP_Error(); // TODO what should the error message be? (Or would these even happen?) 452 446 } 453 447 454 $user = apply_filters('wp_authenticate_user', $user, $password); 455 if ( is_wp_error($user) ) { 456 do_action( 'wp_login_failed', $username ); 457 return $user; 448 if (is_wp_error($user)) { 449 do_action('wp_login_failed', $username); 458 450 } 459 451 460 if ( !wp_check_password($password, $user->user_pass, $user->ID) ) { 461 do_action( 'wp_login_failed', $username ); 462 return new WP_Error('incorrect_password', __('<strong>ERROR</strong>: Incorrect password.')); 463 } 464 465 return new WP_User($user->ID); 452 return $user; 466 453 } 467 454 endif; 468 455
