Ticket #13045: 13045.diff
| File 13045.diff, 18.6 KB (added by , 15 years ago) |
|---|
-
wp-login.php
39 39 * @param WP_Error $wp_error Optional. WordPress Error Object 40 40 */ 41 41 function login_header($title = 'Log In', $message = '', $wp_error = '') { 42 global $error, $is_iphone, $interim_login , $current_site;42 global $error, $is_iphone, $interim_login; 43 43 44 44 // Don't index any of these forms 45 45 add_filter( 'pre_option_blog_public', create_function( '$a', 'return 0;' ) ); … … 47 47 48 48 if ( empty($wp_error) ) 49 49 $wp_error = new WP_Error(); 50 51 // Shake it!52 $shake_error_codes = array( 'empty_password', 'empty_email', 'invalid_email', 'invalidcombo', 'empty_username', 'invalid_username', 'incorrect_password' );53 $shake_error_codes = apply_filters( 'shake_error_codes', $shake_error_codes );54 55 if ( $shake_error_codes && $wp_error->get_error_code() && in_array( $wp_error->get_error_code(), $shake_error_codes ) )56 add_action( 'login_head', 'wp_shake_js', 12 );57 58 50 ?> 59 51 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 60 52 <html xmlns="http://www.w3.org/1999/xhtml" <?php language_attributes(); ?>> … … 63 55 <meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" /> 64 56 <?php 65 57 wp_admin_css( 'login', true ); 66 wp_admin_css( 'colors-fresh', true );67 58 68 59 if ( $is_iphone ) { ?> 69 60 <meta name="viewport" content="width=320; initial-scale=0.9; maximum-scale=1.0; user-scalable=0;" /> … … 82 73 do_action('login_head'); ?> 83 74 </head> 84 75 <body class="login"> 85 <?php if ( !is_multisite() ) { ?>86 <div id="login"><h1><a href="<?php echo apply_filters('login_headerurl', 'http://wordpress.org/'); ?>" title="<?php echo apply_filters('login_headertitle', __('Powered by WordPress')); ?>"><?php bloginfo('name'); ?></a></h1>87 <?php } else { ?>88 <div id="login"><h1><a href="<?php echo apply_filters('login_headerurl', network_home_url() ); ?>" title="<?php echo apply_filters('login_headertitle', $current_site->site_name ); ?>"><span class="hide"><?php bloginfo('name'); ?></span></a></h1>89 <?php }90 76 77 <div id="login"><h1><a href="<?php echo apply_filters('login_headerurl', 'http://wordpress.org/'); ?>" title="<?php echo apply_filters('login_headertitle', __('Powered by WordPress')); ?>"><?php bloginfo('name'); ?></a></h1> 78 <?php 91 79 $message = apply_filters('login_message', $message); 92 80 if ( !empty( $message ) ) echo $message . "\n"; 93 81 … … 110 98 } 111 99 } 112 100 if ( !empty($errors) ) 113 echo '<div id="login_error" >' . apply_filters('login_errors', $errors) . "</div>\n";101 echo '<div id="login_error" class="login_error">' . apply_filters('login_errors', $errors) . "</div>\n"; 114 102 if ( !empty($messages) ) 115 echo '< p class="message">' . apply_filters('login_messages', $messages) . "</p>\n";103 echo '<div class="message">' . apply_filters('login_messages', $messages) . "</div>\n"; 116 104 } 117 105 } // End of login_header() 118 function wp_shake_js() {119 ?>120 <script type="text/javascript">121 addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};122 function s(id,pos){g(id).left=pos+'px';}123 function g(id){return document.getElementById(id).style;}124 function shake(id,a,d){c=a.shift();s(id,c);if(a.length>0){setTimeout(function(){shake(id,a,d);},d);}else{try{wp_attempt_focus();}catch(e){}}}125 addLoadEvent(function(){ var p=new Array(15,30,15,0,-15,-30,-15,0);p=p.concat(p.concat(p));var i=document.forms[0].id;g(i).position='relative';shake(i,p,20);});126 </script>127 <?php128 }129 106 130 107 /** 131 108 * Handles sending password retrieval email to user. … … 135 112 * @return bool|WP_Error True: when finish. WP_Error on error 136 113 */ 137 114 function retrieve_password() { 138 global $wpdb , $current_site;115 global $wpdb; 139 116 140 117 $errors = new WP_Error(); 141 118 … … 184 161 $wpdb->update($wpdb->users, array('user_activation_key' => $key), array('user_login' => $user_login)); 185 162 } 186 163 $message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n"; 187 $message .= network_site_url() . "\r\n\r\n";164 $message .= get_option('siteurl') . "\r\n\r\n"; 188 165 $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n"; 189 166 $message .= __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.') . "\r\n\r\n"; 190 $message .= network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . "\r\n";167 $message .= site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . "\r\n"; 191 168 192 if ( is_multisite() ) 193 $blogname = $GLOBALS['current_site']->site_name; 194 else 195 // The blogname option is escaped with esc_html on the way into the database in sanitize_option 196 // we want to reverse this for the plain text arena of emails. 197 $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES); 169 // The blogname option is escaped with esc_html on the way into the database in sanitize_option 170 // we want to reverse this for the plain text arena of emails. 171 $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES); 198 172 199 $title = sprintf( __('[%s] Password Reset'), $blogname);173 $title = sprintf(__('[%s] Password Reset'), $blogname); 200 174 201 175 $title = apply_filters('retrieve_password_title', $title); 202 176 $message = apply_filters('retrieve_password_message', $message, $key); 203 177 204 178 if ( $message && !wp_mail($user_email, $title, $message) ) 205 wp_die( __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...'));179 die('<p>' . __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') . '</p>'); 206 180 207 181 return true; 208 182 } … … 236 210 do_action('password_reset', $user, $new_pass); 237 211 238 212 wp_set_password($new_pass, $user->ID); 239 update_user _option($user->ID, 'default_password_nag', true, true); //Set up the Password change nag.213 update_usermeta($user->ID, 'default_password_nag', true); //Set up the Password change nag. 240 214 $message = sprintf(__('Username: %s'), $user->user_login) . "\r\n"; 241 215 $message .= sprintf(__('Password: %s'), $new_pass) . "\r\n"; 242 216 $message .= site_url('wp-login.php', 'login') . "\r\n"; 243 217 244 if ( is_multisite() ) 245 $blogname = $GLOBALS['current_site']->site_name; 246 else 247 // The blogname option is escaped with esc_html on the way into the database in sanitize_option 248 // we want to reverse this for the plain text arena of emails. 249 $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES); 218 // The blogname option is escaped with esc_html on the way into the database in sanitize_option 219 // we want to reverse this for the plain text arena of emails. 220 $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES); 250 221 251 $title = sprintf( __('[%s] Your new password'), $blogname);222 $title = sprintf(__('[%s] Your new password'), $blogname); 252 223 253 224 $title = apply_filters('password_reset_title', $title); 254 225 $message = apply_filters('password_reset_message', $message, $new_pass); 255 226 256 227 if ( $message && !wp_mail($user->user_email, $title, $message) ) 257 wp_die( __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...'));228 die('<p>' . __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') . '</p>'); 258 229 259 230 wp_password_change_notification($user); 260 231 … … 306 277 return $errors; 307 278 } 308 279 309 update_user_option($user_id, 'default_password_nag', true, true); //Set up the Password change nag.310 311 280 wp_new_user_notification($user_id, $user_pass); 312 281 313 282 return $user_id; … … 335 304 if ( isset( $_SERVER['PATH_INFO'] ) && ($_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) ) 336 305 $_SERVER['PHP_SELF'] = str_replace( $_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF'] ); 337 306 338 $schema = is_ssl() ? 'https://' : 'http://';307 $schema = ( isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on' ) ? 'https://' : 'http://'; 339 308 if ( dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != get_option('siteurl') ) 340 309 update_option('siteurl', dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) ); 341 310 } … … 355 324 check_admin_referer('log-out'); 356 325 wp_logout(); 357 326 358 $redirect_to = !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : 'wp-login.php?loggedout=true'; 359 wp_safe_redirect( $redirect_to ); 327 $redirect_to = 'wp-login.php?loggedout=true'; 328 if ( isset( $_REQUEST['redirect_to'] ) ) 329 $redirect_to = $_REQUEST['redirect_to']; 330 331 wp_safe_redirect($redirect_to); 360 332 exit(); 361 333 362 334 break; … … 366 338 if ( $http_post ) { 367 339 $errors = retrieve_password(); 368 340 if ( !is_wp_error($errors) ) { 369 $redirect_to = !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : 'wp-login.php?checkemail=confirm'; 370 wp_safe_redirect( $redirect_to ); 341 wp_redirect('wp-login.php?checkemail=confirm'); 371 342 exit(); 372 343 } 373 344 } 374 345 375 346 if ( isset($_GET['error']) && 'invalidkey' == $_GET['error'] ) $errors->add('invalidkey', __('Sorry, that key does not appear to be valid.')); 376 $redirect_to = apply_filters( 'lostpassword_redirect', !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '' );377 347 378 348 do_action('lost_password'); 379 login_header(__('Lost Password'), '< p class="message">' . __('Please enter your username or e-mail address. You will receive a new password via e-mail.') . '</p>', $errors);349 login_header(__('Lost Password'), '<div class="message">' . __('Please enter your username or e-mail address. You will receive a new password via e-mail.') . '</div>', $errors); 380 350 381 351 $user_login = isset($_POST['user_login']) ? stripslashes($_POST['user_login']) : ''; 382 352 … … 385 355 <form name="lostpasswordform" id="lostpasswordform" action="<?php echo site_url('wp-login.php?action=lostpassword', 'login_post') ?>" method="post"> 386 356 <p> 387 357 <label><?php _e('Username or E-mail:') ?><br /> 388 <input type="text" name="user_login" id="user_login" class="input " value="<?php echo esc_attr($user_login); ?>" size="20" tabindex="10" /></label>358 <input type="text" name="user_login" id="user_login" class="input user_data" value="<?php echo esc_attr($user_login); ?>" size="20" tabindex="10" /></label> 389 359 </p> 390 360 <?php do_action('lostpassword_form'); ?> 391 <input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />392 361 <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Get New Password'); ?>" tabindex="100" /></p> 393 362 </form> 394 363 395 < p id="nav">364 <div id="nav" class="login_link"> 396 365 <?php if (get_option('users_can_register')) : ?> 397 366 <a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a> | 398 367 <a href="<?php echo site_url('wp-login.php?action=register', 'login') ?>"><?php _e('Register') ?></a> … … 403 372 404 373 </div> 405 374 406 < p id="backtoblog"><a href="<?php bloginfo('url'); ?>/" title="<?php _e('Are you lost?') ?>"><?php printf(__('← Back to %s'), get_bloginfo('title', 'display' )); ?></a></p>375 <div id="backtoblog"><a href="<?php bloginfo('url'); ?>/" title="<?php _e('Are you lost?') ?>"><?php printf(__('← Back to %s'), get_bloginfo('title', 'display' )); ?></a></div> 407 376 408 377 <script type="text/javascript"> 409 378 try{document.getElementById('user_login').focus();}catch(e){} 410 if(typeof wpOnload=='function')wpOnload();411 379 </script> 412 380 </body> 413 381 </html> … … 429 397 break; 430 398 431 399 case 'register' : 432 if ( is_multisite() ) {433 // Multisite uses wp-signup.php434 wp_redirect( apply_filters( 'wp_signup_location', get_bloginfo('wpurl') . '/wp-signup.php' ) );435 exit;436 }437 438 400 if ( !get_option('users_can_register') ) { 439 401 wp_redirect('wp-login.php?registration=disabled'); 440 402 exit(); … … 449 411 $user_email = $_POST['user_email']; 450 412 $errors = register_new_user($user_login, $user_email); 451 413 if ( !is_wp_error($errors) ) { 452 $redirect_to = !empty( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : 'wp-login.php?checkemail=registered'; 453 wp_safe_redirect( $redirect_to ); 414 wp_redirect('wp-login.php?checkemail=registered'); 454 415 exit(); 455 416 } 456 417 } 457 418 458 $redirect_to = apply_filters( 'registration_redirect', !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '' ); 459 login_header(__('Registration Form'), '<p class="message register">' . __('Register For This Site') . '</p>', $errors); 419 login_header(__('Registration Form'), '<div class="message register">' . __('Register For This Site') . '</div>', $errors); 460 420 ?> 461 421 462 422 <form name="registerform" id="registerform" action="<?php echo site_url('wp-login.php?action=register', 'login_post') ?>" method="post"> 463 423 <p> 464 424 <label><?php _e('Username') ?><br /> 465 <input type="text" name="user_login" id="user_login" class="input " value="<?php echo esc_attr(stripslashes($user_login)); ?>" size="20" tabindex="10" /></label>425 <input type="text" name="user_login" id="user_login" class="input user_data" value="<?php echo esc_attr(stripslashes($user_login)); ?>" size="20" tabindex="10" /></label> 466 426 </p> 467 427 <p> 468 428 <label><?php _e('E-mail') ?><br /> 469 <input type="text" name="user_email" id="user_email" class="input " value="<?php echo esc_attr(stripslashes($user_email)); ?>" size="25" tabindex="20" /></label>429 <input type="text" name="user_email" id="user_email" class="input user_data" value="<?php echo esc_attr(stripslashes($user_email)); ?>" size="25" tabindex="20" /></label> 470 430 </p> 471 431 <?php do_action('register_form'); ?> 472 432 <p id="reg_passmail"><?php _e('A password will be e-mailed to you.') ?></p> 473 433 <br class="clear" /> 474 <input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />475 434 <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Register'); ?>" tabindex="100" /></p> 476 435 </form> 477 436 478 < p id="nav">437 <div id="nav" class="login_link"> 479 438 <a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a> | 480 439 <a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a> 481 440 </p> 482 441 483 442 </div> 484 443 485 < p id="backtoblog"><a href="<?php bloginfo('url'); ?>/" title="<?php _e('Are you lost?') ?>"><?php printf(__('← Back to %s'), get_bloginfo('title', 'display' )); ?></a></p>444 <div id="backtoblog"><a href="<?php bloginfo('url'); ?>/" title="<?php _e('Are you lost?') ?>"><?php printf(__('← Back to %s'), get_bloginfo('title', 'display' )); ?></a></div> 486 445 487 446 <script type="text/javascript"> 488 447 try{document.getElementById('user_login').focus();}catch(e){} 489 if(typeof wpOnload=='function')wpOnload();490 448 </script> 491 449 </body> 492 450 </html> … … 518 476 $redirect_to = admin_url(); 519 477 } 520 478 521 // If the user was redirected to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure522 // cookie and redirect back to the referring non-secure admin page. This allows logins to always be POSTed over SSL while allowing the user to choose visiting523 // the admin via http or https.524 479 if ( !$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) ) 525 480 $secure_cookie = false; 526 481 … … 530 485 531 486 if ( !is_wp_error($user) ) { 532 487 if ( $interim_login ) { 533 $message = '< p class="message">' . __('You have logged in successfully.') . '</p>';488 $message = '<div class="message">' . __('You have logged in successfully.') . '</div>'; 534 489 login_header( '', $message ); ?> 535 490 <script type="text/javascript">setTimeout( function(){window.close()}, 8000);</script> 536 491 <p class="alignright"> … … 574 529 $user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? esc_attr(stripslashes($_POST['log'])) : ''; 575 530 ?> 576 531 532 <?php if ( !isset($_GET['checkemail']) || !in_array( $_GET['checkemail'], array('confirm', 'newpass') ) ) : ?> 577 533 <form name="loginform" id="loginform" action="<?php echo site_url('wp-login.php', 'login_post') ?>" method="post"> 578 534 <p> 579 535 <label><?php _e('Username') ?><br /> 580 <input type="text" name="log" id="user_login" class="input " value="<?php echo esc_attr($user_login); ?>" size="20" tabindex="10" /></label>536 <input type="text" name="log" id="user_login" class="input user_data" value="<?php echo esc_attr($user_login); ?>" size="20" tabindex="10" /></label> 581 537 </p> 582 538 <p> 583 539 <label><?php _e('Password') ?><br /> 584 <input type="password" name="pwd" id="user_pass" class="input " value="" size="20" tabindex="20" /></label>540 <input type="password" name="pwd" id="user_pass" class="input user_data" value="" size="20" tabindex="20" /></label> 585 541 </p> 586 542 <?php do_action('login_form'); ?> 587 543 <p class="forgetmenot"><label><input name="rememberme" type="checkbox" id="rememberme" value="forever" tabindex="90" /> <?php esc_attr_e('Remember Me'); ?></label></p> … … 595 551 <input type="hidden" name="testcookie" value="1" /> 596 552 </p> 597 553 </form> 554 <?php endif; ?> 598 555 599 556 <?php if ( !$interim_login ) { ?> 600 < p id="nav">557 <div id="nav" class="login_link"> 601 558 <?php if ( isset($_GET['checkemail']) && in_array( $_GET['checkemail'], array('confirm', 'newpass') ) ) : ?> 602 <?php elseif ( get_option('users_can_register')) : ?>559 <?php elseif (get_option('users_can_register')) : ?> 603 560 <a href="<?php echo site_url('wp-login.php?action=register', 'login') ?>"><?php _e('Register') ?></a> | 604 561 <a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a> 605 562 <?php else : ?> … … 607 564 <?php endif; ?> 608 565 </p> 609 566 610 < p id="backtoblog"><a href="<?php bloginfo('url'); ?>/" title="<?php _e('Are you lost?') ?>"><?php printf(__('← Back to %s'), get_bloginfo('title', 'display' )); ?></a></p>567 <div id="backtoblog"><a href="<?php bloginfo('url'); ?>/" title="<?php _e('Are you lost?') ?>"><?php printf(__('← Back to %s'), get_bloginfo('title', 'display' )); ?></a></div> 611 568 <?php } ?> 612 569 </div> 613 570 614 571 <script type="text/javascript"> 615 function wp_attempt_focus(){616 setTimeout( function(){ try{617 572 <?php if ( $user_login || $interim_login ) { ?> 573 setTimeout( function(){ try{ 618 574 d = document.getElementById('user_pass'); 619 <?php } else { ?>620 d = document.getElementById('user_login');621 <?php } ?>622 575 d.value = ''; 623 576 d.focus(); 624 577 } catch(e){} 625 578 }, 200); 626 } 627 628 <?php if ( !$error ) { ?> 629 wp_attempt_focus(); 579 <?php } else { ?> 580 try{document.getElementById('user_login').focus();}catch(e){} 630 581 <?php } ?> 631 if(typeof wpOnload=='function')wpOnload();632 582 </script> 633 583 </body> 634 584 </html>