WordPress.org

Make WordPress Core

Ticket #15384: 15384-2010-12-17.diff

File 15384-2010-12-17.diff, 59.3 KB (added by norbertm, 10 years ago)
  • wp-login.php

     
    1111/** Make sure that the WordPress bootstrap has run before continuing. */
    1212require( dirname(__FILE__) . '/wp-load.php' );
    1313
    14 // Redirect to https login if forced to use SSL
    15 if ( force_ssl_admin() && !is_ssl() ) {
    16         if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
    17                 wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
    18                 exit();
    19         } else {
    20                 wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
    21                 exit();
    22         }
    23 }
     14/** Include the login class. */
     15require( ABSPATH . WPINC . '/class-wp-login.php' );
    2416
    25 /**
    26  * Outputs the header for the login page.
    27  *
    28  * @uses do_action() Calls the 'login_head' for outputting HTML in the Log In
    29  *              header.
    30  * @uses apply_filters() Calls 'login_headerurl' for the top login link.
    31  * @uses apply_filters() Calls 'login_headertitle' for the top login title.
    32  * @uses apply_filters() Calls 'login_message' on the message to display in the
    33  *              header.
    34  * @uses $error The error global, which is checked for displaying errors.
    35  *
    36  * @param string $title Optional. WordPress Log In Page title to display in
    37  *              <title/> element.
    38  * @param string $message Optional. Message to display in header.
    39  * @param WP_Error $wp_error Optional. WordPress Error Object
    40  */
    41 function login_header($title = 'Log In', $message = '', $wp_error = '') {
    42         global $error, $is_iphone, $interim_login, $current_site;
     17WP_Login::ensure_ssl_if_required();
    4318
    44         // Don't index any of these forms
    45         add_filter( 'pre_option_blog_public', '__return_zero' );
    46         add_action( 'login_head', 'noindex' );
    47 
    48         if ( empty($wp_error) )
    49                 $wp_error = new WP_Error();
    50 
    51         // Shake it!
    52         $shake_error_codes = array( 'empty_password', 'empty_email', 'invalid_email', 'invalidcombo', 'empty_username', 'invalid_username', 'incorrect_password' );
    53         $shake_error_codes = apply_filters( 'shake_error_codes', $shake_error_codes );
    54 
    55         if ( $shake_error_codes && $wp_error->get_error_code() && in_array( $wp_error->get_error_code(), $shake_error_codes ) )
    56                 add_action( 'login_head', 'wp_shake_js', 12 );
    57 
    58         ?>
    59 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    60 <html xmlns="http://www.w3.org/1999/xhtml" <?php language_attributes(); ?>>
    61 <head>
    62         <title><?php bloginfo('name'); ?> &rsaquo; <?php echo $title; ?></title>
    63         <meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" />
    64 <?php
    65         wp_admin_css( 'login', true );
    66         wp_admin_css( 'colors-fresh', true );
    67 
    68         if ( $is_iphone ) { ?>
    69         <meta name="viewport" content="width=320; initial-scale=0.9; maximum-scale=1.0; user-scalable=0;" />
    70         <style type="text/css" media="screen">
    71         form { margin-left: 0px; }
    72         #login { margin-top: 20px; }
    73         </style>
    74 <?php
    75         } elseif ( isset($interim_login) && $interim_login ) { ?>
    76         <style type="text/css" media="all">
    77         .login #login { margin: 20px auto; }
    78         </style>
    79 <?php
    80         }
    81 
    82         do_action('login_head'); ?>
    83 </head>
    84 <body class="login">
    85 <?php   if ( !is_multisite() ) { ?>
    86 <div id="login"><h1><a href="<?php echo apply_filters('login_headerurl', 'http://wordpress.org/'); ?>" title="<?php echo apply_filters('login_headertitle', __('Powered by WordPress')); ?>"><?php bloginfo('name'); ?></a></h1>
    87 <?php   } else { ?>
    88 <div id="login"><h1><a href="<?php echo apply_filters('login_headerurl', network_home_url() ); ?>" title="<?php echo apply_filters('login_headertitle', $current_site->site_name ); ?>"><span class="hide"><?php bloginfo('name'); ?></span></a></h1>
    89 <?php   }
    90 
    91         $message = apply_filters('login_message', $message);
    92         if ( !empty( $message ) ) echo $message . "\n";
    93 
    94         // Incase a plugin uses $error rather than the $errors object
    95         if ( !empty( $error ) ) {
    96                 $wp_error->add('error', $error);
    97                 unset($error);
    98         }
    99 
    100         if ( $wp_error->get_error_code() ) {
    101                 $errors = '';
    102                 $messages = '';
    103                 foreach ( $wp_error->get_error_codes() as $code ) {
    104                         $severity = $wp_error->get_error_data($code);
    105                         foreach ( $wp_error->get_error_messages($code) as $error ) {
    106                                 if ( 'message' == $severity )
    107                                         $messages .= '  ' . $error . "<br />\n";
    108                                 else
    109                                         $errors .= '    ' . $error . "<br />\n";
    110                         }
    111                 }
    112                 if ( !empty($errors) )
    113                         echo '<div id="login_error">' . apply_filters('login_errors', $errors) . "</div>\n";
    114                 if ( !empty($messages) )
    115                         echo '<p class="message">' . apply_filters('login_messages', $messages) . "</p>\n";
    116         }
    117 } // End of login_header()
    118 
    119 /**
    120  * Outputs the footer for the login page.
    121  *
    122  * @param string $input_id Which input to auto-focus
    123  */
    124 function login_footer($input_id = '') {
    125         echo "</div>\n";
    126 
    127         if ( !empty($input_id) ) {
    128 ?>
    129 <script type="text/javascript">
    130 try{document.getElementById('<?php echo $input_id; ?>').focus();}catch(e){}
    131 if(typeof wpOnload=='function')wpOnload();
    132 </script>
    133 <?php
    134         }
    135 ?>
    136 <p id="backtoblog"><a href="<?php bloginfo('url'); ?>/" title="<?php _e('Are you lost?') ?>"><?php printf(__('&larr; Back to %s'), get_bloginfo('title', 'display' )); ?></a></p>
    137 <?php do_action('login_footer'); ?>
    138 </body>
    139 </html>
    140 <?php
    141 }
    142 
    143 function wp_shake_js() {
    144         global $is_iphone;
    145         if ( $is_iphone )
    146                 return;
    147 ?>
    148 <script type="text/javascript">
    149 addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
    150 function s(id,pos){g(id).left=pos+'px';}
    151 function g(id){return document.getElementById(id).style;}
    152 function shake(id,a,d){c=a.shift();s(id,c);if(a.length>0){setTimeout(function(){shake(id,a,d);},d);}else{try{g(id).position='static';wp_attempt_focus();}catch(e){}}}
    153 addLoadEvent(function(){ var p=new Array(15,30,15,0,-15,-30,-15,0);p=p.concat(p.concat(p));var i=document.forms[0].id;g(i).position='relative';shake(i,p,20);});
    154 </script>
    155 <?php
    156 }
    157 
    158 /**
    159  * Handles sending password retrieval email to user.
    160  *
    161  * @uses $wpdb WordPress Database object
    162  *
    163  * @return bool|WP_Error True: when finish. WP_Error on error
    164  */
    165 function retrieve_password() {
    166         global $wpdb, $current_site;
    167 
    168         $errors = new WP_Error();
    169 
    170         if ( empty( $_POST['user_login'] ) && empty( $_POST['user_email'] ) )
    171                 $errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or e-mail address.'));
    172 
    173         if ( strpos($_POST['user_login'], '@') ) {
    174                 $user_data = get_user_by_email(trim($_POST['user_login']));
    175                 if ( empty($user_data) )
    176                         $errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.'));
    177         } else {
    178                 $login = trim($_POST['user_login']);
    179                 $user_data = get_userdatabylogin($login);
    180         }
    181 
    182         do_action('lostpassword_post');
    183 
    184         if ( $errors->get_error_code() )
    185                 return $errors;
    186 
    187         if ( !$user_data ) {
    188                 $errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or e-mail.'));
    189                 return $errors;
    190         }
    191 
    192         // redefining user_login ensures we return the right case in the email
    193         $user_login = $user_data->user_login;
    194         $user_email = $user_data->user_email;
    195 
    196         do_action('retreive_password', $user_login);  // Misspelled and deprecated
    197         do_action('retrieve_password', $user_login);
    198 
    199         $allow = apply_filters('allow_password_reset', true, $user_data->ID);
    200 
    201         if ( ! $allow )
    202                 return new WP_Error('no_password_reset', __('Password reset is not allowed for this user'));
    203         else if ( is_wp_error($allow) )
    204                 return $allow;
    205 
    206         $key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login));
    207         if ( empty($key) ) {
    208                 // Generate something random for a key...
    209                 $key = wp_generate_password(20, false);
    210                 do_action('retrieve_password_key', $user_login, $key);
    211                 // Now insert the new md5 key into the db
    212                 $wpdb->update($wpdb->users, array('user_activation_key' => $key), array('user_login' => $user_login));
    213         }
    214         $message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n";
    215         $message .= network_site_url() . "\r\n\r\n";
    216         $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
    217         $message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n";
    218         $message .= __('To reset your password, visit the following address:') . "\r\n\r\n";
    219         $message .= '<' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ">\r\n";
    220 
    221         if ( is_multisite() )
    222                 $blogname = $GLOBALS['current_site']->site_name;
    223         else
    224                 // The blogname option is escaped with esc_html on the way into the database in sanitize_option
    225                 // we want to reverse this for the plain text arena of emails.
    226                 $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
    227 
    228         $title = sprintf( __('[%s] Password Reset'), $blogname );
    229 
    230         $title = apply_filters('retrieve_password_title', $title);
    231         $message = apply_filters('retrieve_password_message', $message, $key);
    232 
    233         if ( $message && !wp_mail($user_email, $title, $message) )
    234                 wp_die( __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') );
    235 
    236         return true;
    237 }
    238 
    239 /**
    240  * Retrieves a user row based on password reset key and login
    241  *
    242  * @uses $wpdb WordPress Database object
    243  *
    244  * @param string $key Hash to validate sending user's password
    245  * @param string $login The user login
    246  *
    247  * @return object|WP_Error
    248  */
    249 function check_password_reset_key($key, $login) {
    250         global $wpdb;
    251 
    252         $key = preg_replace('/[^a-z0-9]/i', '', $key);
    253 
    254         if ( empty( $key ) || !is_string( $key ) )
    255                 return new WP_Error('invalid_key', __('Invalid key'));
    256 
    257         if ( empty($login) || !is_string($login) )
    258                 return new WP_Error('invalid_key', __('Invalid key'));
    259 
    260         $user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_activation_key = %s AND user_login = %s", $key, $login));
    261 
    262         if ( empty( $user ) )
    263                 return new WP_Error('invalid_key', __('Invalid key'));
    264 
    265         return $user;
    266 }
    267 
    268 /**
    269  * Handles resetting the user's password.
    270  *
    271  * @uses $wpdb WordPress Database object
    272  *
    273  * @param string $key Hash to validate sending user's password
    274  */
    275 function reset_password($user, $new_pass) {
    276         do_action('password_reset', $user, $new_pass);
    277 
    278         wp_set_password($new_pass, $user->ID);
    279 
    280         wp_password_change_notification($user);
    281 }
    282 
    283 /**
    284  * Handles registering a new user.
    285  *
    286  * @param string $user_login User's username for logging in
    287  * @param string $user_email User's email address to send password and add
    288  * @return int|WP_Error Either user's ID or error on failure.
    289  */
    290 function register_new_user( $user_login, $user_email ) {
    291         $errors = new WP_Error();
    292 
    293         $sanitized_user_login = sanitize_user( $user_login );
    294         $user_email = apply_filters( 'user_registration_email', $user_email );
    295 
    296         // Check the username
    297         if ( $sanitized_user_login == '' ) {
    298                 $errors->add( 'empty_username', __( '<strong>ERROR</strong>: Please enter a username.' ) );
    299         } elseif ( ! validate_username( $user_login ) ) {
    300                 $errors->add( 'invalid_username', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ) );
    301                 $sanitized_user_login = '';
    302         } elseif ( username_exists( $sanitized_user_login ) ) {
    303                 $errors->add( 'username_exists', __( '<strong>ERROR</strong>: This username is already registered, please choose another one.' ) );
    304         }
    305 
    306         // Check the e-mail address
    307         if ( $user_email == '' ) {
    308                 $errors->add( 'empty_email', __( '<strong>ERROR</strong>: Please type your e-mail address.' ) );
    309         } elseif ( ! is_email( $user_email ) ) {
    310                 $errors->add( 'invalid_email', __( '<strong>ERROR</strong>: The email address isn&#8217;t correct.' ) );
    311                 $user_email = '';
    312         } elseif ( email_exists( $user_email ) ) {
    313                 $errors->add( 'email_exists', __( '<strong>ERROR</strong>: This email is already registered, please choose another one.' ) );
    314         }
    315 
    316         do_action( 'register_post', $sanitized_user_login, $user_email, $errors );
    317 
    318         $errors = apply_filters( 'registration_errors', $errors, $sanitized_user_login, $user_email );
    319 
    320         if ( $errors->get_error_code() )
    321                 return $errors;
    322 
    323         $user_pass = wp_generate_password( 12, false);
    324         $user_id = wp_create_user( $sanitized_user_login, $user_pass, $user_email );
    325         if ( ! $user_id ) {
    326                 $errors->add( 'registerfail', sprintf( __( '<strong>ERROR</strong>: Couldn&#8217;t register you... please contact the <a href="mailto:%s">webmaster</a> !' ), get_option( 'admin_email' ) ) );
    327                 return $errors;
    328         }
    329 
    330         update_user_option( $user_id, 'default_password_nag', true, true ); //Set up the Password change nag.
    331 
    332         wp_new_user_notification( $user_id, $user_pass );
    333 
    334         return $user_id;
    335 }
    336 
    337 //
    338 // Main
    339 //
    340 
    341 $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'login';
    342 $errors = new WP_Error();
    343 
    344 if ( isset($_GET['key']) )
    345         $action = 'resetpass';
    346 
    347 // validate action so as to default to the login screen
    348 if ( !in_array($action, array('logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login'), true) && false === has_filter('login_form_' . $action) )
    349         $action = 'login';
    350 
    35119nocache_headers();
    352 
    35320header('Content-Type: '.get_bloginfo('html_type').'; charset='.get_bloginfo('charset'));
    35421
    355 if ( defined('RELOCATE') ) { // Move flag is set
    356         if ( isset( $_SERVER['PATH_INFO'] ) && ($_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) )
    357                 $_SERVER['PHP_SELF'] = str_replace( $_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF'] );
     22WP_Login::relocate_if_required();
    35823
    359         $schema = is_ssl() ? 'https://' : 'http://';
    360         if ( dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != get_option('siteurl') )
    361                 update_option('siteurl', dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) );
    362 }
     24WP_Login::send_test_cookies();
    36325
    364 //Set a cookie now to see if they are supported by the browser.
    365 setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN);
    366 if ( SITECOOKIEPATH != COOKIEPATH )
    367         setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN);
     26WP_Login::dispatch();
    36827
    369 // allow plugins to override the default actions, and to add extra actions if they want
    370 do_action('login_form_' . $action);
     28/*
    37129
    372 $http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
    373 switch ($action) {
     30// TODO possible bug in the original file: if ( !$error ) instead of $errors
    37431
    375 case 'logout' :
    376         check_admin_referer('log-out');
    377         wp_logout();
    378 
    379         $redirect_to = !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : 'wp-login.php?loggedout=true';
    380         wp_safe_redirect( $redirect_to );
    381         exit();
    382 
    383 break;
    384 
    385 case 'lostpassword' :
    386 case 'retrievepassword' :
    387 
    388         if ( $http_post ) {
    389                 $errors = retrieve_password();
    390                 if ( !is_wp_error($errors) ) {
    391                         $redirect_to = !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : 'wp-login.php?checkemail=confirm';
    392                         wp_safe_redirect( $redirect_to );
    393                         exit();
    394                 }
    395         }
    396 
    397         if ( isset($_GET['error']) && 'invalidkey' == $_GET['error'] ) $errors->add('invalidkey', __('Sorry, that key does not appear to be valid.'));
    398         $redirect_to = apply_filters( 'lostpassword_redirect', !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '' );
    399 
    400         do_action('lost_password');
    401         login_header(__('Lost Password'), '<p class="message">' . __('Please enter your username or email address. You will receive a link to create a new password via email.') . '</p>', $errors);
    402 
    403         $user_login = isset($_POST['user_login']) ? stripslashes($_POST['user_login']) : '';
    404 
    405 ?>
    406 
    407 <form name="lostpasswordform" id="lostpasswordform" action="<?php echo site_url('wp-login.php?action=lostpassword', 'login_post') ?>" method="post">
    408         <p>
    409                 <label><?php _e('Username or E-mail:') ?><br />
    410                 <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" tabindex="10" /></label>
    411         </p>
    412 <?php do_action('lostpassword_form'); ?>
    413         <input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />
    414         <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Get New Password'); ?>" tabindex="100" /></p>
    415 </form>
    416 
    417 <p id="nav">
    418 <a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a>
    419 <?php if (get_option('users_can_register')) : ?>
    420  | <a href="<?php echo site_url('wp-login.php?action=register', 'login') ?>"><?php _e('Register') ?></a>
    421 <?php endif; ?>
    422 </p>
    423 
    424 <?php
    425 login_footer('user_login');
    426 break;
    427 
    428 case 'resetpass' :
    429 case 'rp' :
    430         $user = check_password_reset_key($_GET['key'], $_GET['login']);
    431 
    432         if ( is_wp_error($user) ) {
    433                 wp_redirect( site_url('wp-login.php?action=lostpassword&error=invalidkey') );
    434                 exit;
    435         }
    436 
    437         $errors = '';
    438 
    439         if ( isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2'] ) {
    440                 $errors = new WP_Error('password_reset_mismatch', __('The passwords do not match.'));
    441         } elseif ( isset($_POST['pass1']) && !empty($_POST['pass1']) ) {
    442                 reset_password($user, $_POST['pass1']);
    443                 login_header(__('Password Reset'), '<p class="message reset-pass">' . __('Your password has been reset.') . ' <a href="' . site_url('wp-login.php', 'login') . '">' . __('Log in') . '</a></p>');
    444                 login_footer();
    445                 exit;
    446         }
    447 
    448         wp_enqueue_script('utils');
    449         wp_enqueue_script('user-profile');
    450 
    451         login_header(__('Reset Password'), '<p class="message reset-pass">' . __('Enter your new password below.') . '</p>', $errors );
    452 
    453 ?>
    454 <form name="resetpassform" id="resetpassform" action="<?php echo site_url('wp-login.php?action=resetpass&key=' . urlencode($_GET['key']) . '&login=' . urlencode($_GET['login']), 'login_post') ?>" method="post">
    455         <input type="hidden" id="user_login" value="<?php echo esc_attr( $_GET['login'] ); ?>" autocomplete="off" />
    456 
    457         <p>
    458                 <label><?php _e('New password') ?><br />
    459                 <input type="password" name="pass1" id="pass1" class="input" size="20" value="" autocomplete="off" /></label>
    460         </p>
    461         <p>
    462                 <label><?php _e('Confirm new password') ?><br />
    463                 <input type="password" name="pass2" id="pass2" class="input" size="20" value="" autocomplete="off" /></label>
    464         </p>
    465 
    466         <div id="pass-strength-result" class="hide-if-no-js"><?php _e('Strength indicator'); ?></div>
    467         <p class="description indicator-hint"><?php _e('Hint: The password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers and symbols like ! " ? $ % ^ &amp; ).'); ?></p>
    468 
    469         <br class="clear" />
    470         <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Reset Password'); ?>" tabindex="100" /></p>
    471 </form>
    472 
    473 <p id="nav">
    474 <a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a>
    475 <?php if (get_option('users_can_register')) : ?>
    476  | <a href="<?php echo site_url('wp-login.php?action=register', 'login') ?>"><?php _e('Register') ?></a>
    477 <?php endif; ?>
    478 </p>
    479 
    480 <?php
    481 login_footer('user_pass');
    482 break;
    483 
    484 case 'register' :
    485         if ( is_multisite() ) {
    486                 // Multisite uses wp-signup.php
    487                 wp_redirect( apply_filters( 'wp_signup_location', site_url('wp-signup.php') ) );
    488                 exit;
    489         }
    490 
    491         if ( !get_option('users_can_register') ) {
    492                 wp_redirect( site_url('wp-login.php?registration=disabled') );
    493                 exit();
    494         }
    495 
    496         $user_login = '';
    497         $user_email = '';
    498         if ( $http_post ) {
    499                 $user_login = $_POST['user_login'];
    500                 $user_email = $_POST['user_email'];
    501                 $errors = register_new_user($user_login, $user_email);
    502                 if ( !is_wp_error($errors) ) {
    503                         $redirect_to = !empty( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : 'wp-login.php?checkemail=registered';
    504                         wp_safe_redirect( $redirect_to );
    505                         exit();
    506                 }
    507         }
    508 
    509         $redirect_to = apply_filters( 'registration_redirect', !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '' );
    510         login_header(__('Registration Form'), '<p class="message register">' . __('Register For This Site') . '</p>', $errors);
    511 ?>
    512 
    513 <form name="registerform" id="registerform" action="<?php echo site_url('wp-login.php?action=register', 'login_post') ?>" method="post">
    514         <p>
    515                 <label><?php _e('Username') ?><br />
    516                 <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr(stripslashes($user_login)); ?>" size="20" tabindex="10" /></label>
    517         </p>
    518         <p>
    519                 <label><?php _e('E-mail') ?><br />
    520                 <input type="text" name="user_email" id="user_email" class="input" value="<?php echo esc_attr(stripslashes($user_email)); ?>" size="25" tabindex="20" /></label>
    521         </p>
    522 <?php do_action('register_form'); ?>
    523         <p id="reg_passmail"><?php _e('A password will be e-mailed to you.') ?></p>
    524         <br class="clear" />
    525         <input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />
    526         <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Register'); ?>" tabindex="100" /></p>
    527 </form>
    528 
    529 <p id="nav">
    530 <a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a> |
    531 <a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a>
    532 </p>
    533 
    534 <?php
    535 login_footer('user_login');
    536 break;
    537 
     32// TODO make sure to include the default callback
    53833case 'login' :
    53934default:
    540         $secure_cookie = '';
    541         $interim_login = isset($_REQUEST['interim-login']);
    54235
    543         // If the user wants ssl but the session is not ssl, force a secure cookie.
    544         if ( !empty($_POST['log']) && !force_ssl_admin() ) {
    545                 $user_name = sanitize_user($_POST['log']);
    546                 if ( $user = get_userdatabylogin($user_name) ) {
    547                         if ( get_user_option('use_ssl', $user->ID) ) {
    548                                 $secure_cookie = true;
    549                                 force_ssl_admin(true);
    550                         }
    551                 }
    552         }
    553 
    554         if ( isset( $_REQUEST['redirect_to'] ) ) {
    555                 $redirect_to = $_REQUEST['redirect_to'];
    556                 // Redirect to https if user wants ssl
    557                 if ( $secure_cookie && false !== strpos($redirect_to, 'wp-admin') )
    558                         $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
    559         } else {
    560                 $redirect_to = admin_url();
    561         }
    562 
    563         $reauth = empty($_REQUEST['reauth']) ? false : true;
    564 
    565         // If the user was redirected to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure
    566         // cookie and redirect back to the referring non-secure admin page.  This allows logins to always be POSTed over SSL while allowing the user to choose visiting
    567         // the admin via http or https.
    568         if ( !$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
    569                 $secure_cookie = false;
    570 
    571         $user = wp_signon('', $secure_cookie);
    572 
    573         $redirect_to = apply_filters('login_redirect', $redirect_to, isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '', $user);
    574 
    575         if ( !is_wp_error($user) && !$reauth ) {
    576                 if ( $interim_login ) {
    577                         $message = '<p class="message">' . __('You have logged in successfully.') . '</p>';
    578                         login_header( '', $message ); ?>
    579                         <script type="text/javascript">setTimeout( function(){window.close()}, 8000);</script>
    580                         <p class="alignright">
    581                         <input type="button" class="button-primary" value="<?php esc_attr_e('Close'); ?>" onclick="window.close()" /></p>
    582                         </div></body></html>
    583 <?php           exit;
    584                 }
    585 
    586                 // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
    587                 if ( is_multisite() && !get_active_blog_for_user($user->id) )
    588                         $redirect_to = user_admin_url();
    589                 elseif ( !is_multisite() && !$user->has_cap('read') )
    590                         $redirect_to = user_admin_url();
    591                 elseif ( !$user->has_cap('edit_posts') && ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url() ) )
    592                         $redirect_to = admin_url('profile.php');
    593                 wp_safe_redirect($redirect_to);
    594                 exit();
    595         }
    596 
    597         $errors = $user;
    598         // Clear errors if loggedout is set.
    599         if ( !empty($_GET['loggedout']) || $reauth )
    600                 $errors = new WP_Error();
    601 
    602         // If cookies are disabled we can't log in even with a valid user+pass
    603         if ( isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE]) )
    604                 $errors->add('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress."));
    605 
    606         // Some parts of this script use the main login form to display a message
    607         if              ( isset($_GET['loggedout']) && TRUE == $_GET['loggedout'] )
    608                 $errors->add('loggedout', __('You are now logged out.'), 'message');
    609         elseif  ( isset($_GET['registration']) && 'disabled' == $_GET['registration'] )
    610                 $errors->add('registerdisabled', __('User registration is currently not allowed.'));
    611         elseif  ( isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail'] )
    612                 $errors->add('confirm', __('Check your e-mail for the confirmation link.'), 'message');
    613         elseif  ( isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail'] )
    614                 $errors->add('newpass', __('Check your e-mail for your new password.'), 'message');
    615         elseif  ( isset($_GET['checkemail']) && 'registered' == $_GET['checkemail'] )
    616                 $errors->add('registered', __('Registration complete. Please check your e-mail.'), 'message');
    617         elseif  ( $interim_login )
    618                 $errors->add('expired', __('Your session has expired. Please log-in again.'), 'message');
    619 
    620         // Clear any stale cookies.
    621         if ( $reauth )
    622                 wp_clear_auth_cookie();
    623 
    624         login_header(__('Log In'), '', $errors);
    625 
    626         if ( isset($_POST['log']) )
    627                 $user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? esc_attr(stripslashes($_POST['log'])) : '';
    628         $rememberme = ! empty( $_POST['rememberme'] );
    629 ?>
    630 
    631 <form name="loginform" id="loginform" action="<?php echo site_url('wp-login.php', 'login_post') ?>" method="post">
    632         <p>
    633                 <label><?php _e('Username') ?><br />
    634                 <input type="text" name="log" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" tabindex="10" /></label>
    635         </p>
    636         <p>
    637                 <label><?php _e('Password') ?><br />
    638                 <input type="password" name="pwd" id="user_pass" class="input" value="" size="20" tabindex="20" /></label>
    639         </p>
    640 <?php do_action('login_form'); ?>
    641         <p class="forgetmenot"><label><input name="rememberme" type="checkbox" id="rememberme" value="forever" tabindex="90"<?php checked( $rememberme ); ?> /> <?php esc_attr_e('Remember Me'); ?></label></p>
    642         <p class="submit">
    643                 <input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Log In'); ?>" tabindex="100" />
    644 <?php   if ( $interim_login ) { ?>
    645                 <input type="hidden" name="interim-login" value="1" />
    646 <?php   } else { ?>
    647                 <input type="hidden" name="redirect_to" value="<?php echo esc_attr($redirect_to); ?>" />
    648 <?php   } ?>
    649                 <input type="hidden" name="testcookie" value="1" />
    650         </p>
    651 </form>
    652 
    653 <?php if ( !$interim_login ) { ?>
    654 <p id="nav">
    655 <?php if ( isset($_GET['checkemail']) && in_array( $_GET['checkemail'], array('confirm', 'newpass') ) ) : ?>
    656 <?php elseif ( get_option('users_can_register') ) : ?>
    657 <a href="<?php echo site_url('wp-login.php?action=register', 'login') ?>"><?php _e('Register') ?></a> |
    658 <a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a>
    659 <?php else : ?>
    660 <a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a>
    661 <?php endif; ?>
    662 </p>
    663 </div>
    664 <p id="backtoblog"><a href="<?php bloginfo('url'); ?>/" title="<?php _e('Are you lost?') ?>"><?php printf(__('&larr; Back to %s'), get_bloginfo('title', 'display' )); ?></a></p>
    665 <?php } else { ?>
    666 </div>
    667 <?php } ?>
    668 
    669 <script type="text/javascript">
    670 function wp_attempt_focus(){
    671 setTimeout( function(){ try{
    672 <?php if ( $user_login || $interim_login ) { ?>
    673 d = document.getElementById('user_pass');
    674 d.value = '';
    675 <?php } else { ?>
    676 d = document.getElementById('user_login');
    677 <?php if ( 'invalid_username' == $errors->get_error_code() ) { ?>
    678 if( d.value != '' )
    679 d.value = '';
    680 <?php
    681 }
    682 }?>
    683 d.focus();
    684 d.select();
    685 } catch(e){}
    686 }, 200);
    687 }
    688 
    689 <?php if ( !$error ) { ?>
    690 wp_attempt_focus();
    691 <?php } ?>
    692 if(typeof wpOnload=='function')wpOnload();
    693 </script>
    694 </body>
    695 </html>
    696 <?php
    697 
    698 break;
    699 } // end action switch
    700 ?>
     36*/
     37       
     38?>
     39 No newline at end of file
  • wp-includes/class-wp-login.php

     
     1<?php
     2/**
     3 * Class for handling user registration, login and related actions.
     4 *
     5 * @package WordPress
     6 * @since 3.2.0
     7 */
     8class WP_Login {
     9        /**
     10         * Redirects to https login if forced to use SSL.
     11         */
     12        function ensure_ssl_if_required() {
     13                if ( force_ssl_admin() && !is_ssl() ) {
     14                        if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
     15                                wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
     16                                exit();
     17                        } else {
     18                                wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
     19                                exit();
     20                        }
     21                }
     22        }
     23       
     24        /**
     25         * Sets some cookies for render_login() to see if the browser supports them.
     26         */
     27        function send_test_cookies() {
     28                //Set a cookie now to see if they are supported by the browser.
     29                setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN);
     30                if ( SITECOOKIEPATH != COOKIEPATH )
     31                        setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN);
     32        }
     33       
     34        /**
     35         *
     36         */
     37        function relocate_if_required() {
     38                if ( defined('RELOCATE') ) { // Move flag is set
     39                        if ( isset( $_SERVER['PATH_INFO'] ) && ($_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) )
     40                                $_SERVER['PHP_SELF'] = str_replace( $_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF'] );
     41               
     42                        $schema = is_ssl() ? 'https://' : 'http://';
     43                        if ( dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != get_option('siteurl') )
     44                                update_option('siteurl', dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) );
     45                }
     46        }
     47       
     48        /**
     49         * Dispatches to a controller based on the request action received in a GET or POST parameter.
     50         */
     51        function dispatch() {
     52                $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'login';
     53               
     54                if ( isset($_GET['key']) )
     55                        $action = 'resetpass';
     56               
     57                // aliases for actions mostly for backwards compatibility
     58                $aliases = array(
     59                        'rp' => 'resetpass',
     60                        'retrievepassword' => 'lostpassword'
     61                );
     62                if ( array_key_exists( $action, $aliases ) ) {
     63                        $action = $aliases[$action];
     64                }
     65               
     66                // validate action so as to default to the login screen
     67                if ( !in_array($action, array('logout', 'lostpassword', 'resetpass', 'register', 'login'), true) && false === has_filter('login_form_' . $action) )
     68                        $action = 'login';
     69
     70                // allow plugins to override the default actions, and to add extra actions if they want
     71                do_action('login_form_' . $action);
     72               
     73                $errors = new WP_Error();
     74               
     75                // if this is a POST request and there is a separate method for processing, let's call that first
     76                if ( 'POST' == $_SERVER['REQUEST_METHOD'] ) {
     77                        $method = 'process_' . $action;
     78                        if ( method_exists( __CLASS__, $method ) ) {
     79                                $errors = call_user_func( array( __CLASS__, $method ) );
     80                        }
     81                }
     82               
     83                // render the output with any errors during processing
     84                $method = 'handle_' . $action;
     85                if ( !method_exists( __CLASS__, $method ) ) {
     86                        echo "'Action handler '" . __CLASS__ . '::' . $method . "()' does not exist.";
     87                        exit();
     88                }
     89               
     90                call_user_func( array( __CLASS__, $method ), $errors );
     91                exit();
     92        }
     93       
     94        /**
     95         * Handles user logout.
     96         *
     97         * @param $errors
     98         */
     99        function handle_logout( $errors ) {
     100                check_admin_referer('log-out');
     101                wp_logout();
     102       
     103                $redirect_to = !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : 'wp-login.php?loggedout=true';
     104                wp_safe_redirect( $redirect_to );
     105                exit();
     106        }
     107       
     108        /**
     109         * Handles password retrieval request.
     110         */
     111        function process_lostpassword() {
     112                $errors = WP_Login::do_retrieve_password();
     113               
     114                if ( !is_wp_error($errors) ) {
     115                        $redirect_to = !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : 'wp-login.php?checkemail=confirm';
     116                        wp_safe_redirect( $redirect_to );
     117                        exit();
     118                }
     119               
     120                return $errors;
     121        }
     122       
     123        /**
     124         *
     125         * @param $errors
     126         */
     127        function handle_lostpassword( $errors ) {
     128                if ( isset($_GET['error']) && 'invalidkey' == $_GET['error'] ) $errors->add('invalidkey', __('Sorry, that key does not appear to be valid.'));
     129                $redirect_to = apply_filters( 'lostpassword_redirect', !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '' );
     130       
     131                do_action('lost_password');
     132               
     133                $user_login = isset($_POST['user_login']) ? stripslashes($_POST['user_login']) : '';
     134               
     135                WP_Login::render_lostpassword_form_html($user_login, $errors, $redirect_to);
     136        }
     137       
     138        /**
     139         *
     140         * @param $errors
     141         */
     142        function handle_resetpass( $errors ) {
     143                $user = WP_Login::do_check_password_reset_key($_GET['key'], $_GET['login']);
     144       
     145                if ( is_wp_error($user) ) {
     146                        wp_redirect( site_url('wp-login.php?action=lostpassword&error=invalidkey') );
     147                        exit;
     148                }
     149       
     150                $errors = '';
     151       
     152                if ( isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2'] ) {
     153                        $errors = new WP_Error('password_reset_mismatch', __('The passwords do not match.'));
     154                } elseif ( isset($_POST['pass1']) && !empty($_POST['pass1']) ) {
     155                        WP_Login::do_reset_password($user, $_POST['pass1']);
     156                        WP_Login::render_resetpass_completed_html();
     157                        exit();
     158                }
     159       
     160                wp_enqueue_script('utils');
     161                wp_enqueue_script('user-profile');
     162               
     163                WP_Login::render_resetpass_form_html( $errors );
     164        }
     165       
     166        /**
     167         *
     168         * @param $errors
     169         */
     170        function handle_register( $errors ) {
     171                if ( is_multisite() ) {
     172                        // Multisite uses wp-signup.php
     173                        wp_redirect( apply_filters( 'wp_signup_location', site_url('wp-signup.php') ) );
     174                        exit;
     175                }
     176       
     177                if ( !get_option('users_can_register') ) {
     178                        wp_redirect( site_url('wp-login.php?registration=disabled') );
     179                        exit();
     180                }
     181               
     182                $user_login = '';
     183                $user_email = '';
     184                if ( 'POST' == $_SERVER['REQUEST_METHOD'] ) {
     185                        $user_login = $_POST['user_login'];
     186                        $user_email = $_POST['user_email'];
     187                        $errors = WP_Login::do_register_new_user($user_login, $user_email);
     188                        if ( !is_wp_error($errors) ) {
     189                                $redirect_to = !empty( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : 'wp-login.php?checkemail=registered';
     190                                wp_safe_redirect( $redirect_to );
     191                                exit();
     192                        }
     193                }
     194       
     195                $redirect_to = apply_filters( 'registration_redirect', !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '' );
     196
     197                WP_Login::render_register_form_html( $user_login, $user_email, $redirect_to, $errors );
     198        }
     199       
     200        /**
     201         *
     202         * @param $errors
     203         */
     204        function handle_login( $errors ) {
     205                $secure_cookie = '';
     206                $interim_login = isset($_REQUEST['interim-login']);
     207       
     208                // If the user wants ssl but the session is not ssl, force a secure cookie.
     209                if ( !empty($_POST['log']) && !force_ssl_admin() ) {
     210                        $user_name = sanitize_user($_POST['log']);
     211                        if ( $user = get_userdatabylogin($user_name) ) {
     212                                if ( get_user_option('use_ssl', $user->ID) ) {
     213                                        $secure_cookie = true;
     214                                        force_ssl_admin(true);
     215                                }
     216                        }
     217                }
     218       
     219                if ( isset( $_REQUEST['redirect_to'] ) ) {
     220                        $redirect_to = $_REQUEST['redirect_to'];
     221                        // Redirect to https if user wants ssl
     222                        if ( $secure_cookie && false !== strpos($redirect_to, 'wp-admin') )
     223                                $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
     224                } else {
     225                        $redirect_to = admin_url();
     226                }
     227       
     228                $reauth = empty($_REQUEST['reauth']) ? false : true;
     229       
     230                // If the user was redirected to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure
     231                // cookie and redirect back to the referring non-secure admin page.  This allows logins to always be POSTed over SSL while allowing the user to choose visiting
     232                // the admin via http or https.
     233                if ( !$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
     234                        $secure_cookie = false;
     235       
     236                $user = wp_signon('', $secure_cookie);
     237       
     238                $redirect_to = apply_filters('login_redirect', $redirect_to, isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '', $user);
     239       
     240                if ( !is_wp_error($user) && !$reauth ) {
     241                        if ( $interim_login ) {
     242                                WP_Login::render_login_interim_html();
     243                                exit();
     244                        }
     245       
     246                        // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
     247                        if ( is_multisite() && !get_active_blog_for_user($user->id) )
     248                                $redirect_to = user_admin_url();
     249                        elseif ( !is_multisite() && !$user->has_cap('read') )
     250                                $redirect_to = user_admin_url();
     251                        elseif ( !$user->has_cap('edit_posts') && ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url() ) )
     252                                $redirect_to = admin_url('profile.php');
     253                        wp_safe_redirect($redirect_to);
     254                        exit();
     255                }
     256       
     257                $errors = $user;
     258                // Clear errors if loggedout is set.
     259                if ( !empty($_GET['loggedout']) || $reauth )
     260                        $errors = new WP_Error();
     261       
     262                // If cookies are disabled we can't log in even with a valid user+pass
     263                if ( isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE]) )
     264                        $errors->add('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress."));
     265       
     266                // Some parts of this script use the main login form to display a message
     267                if              ( isset($_GET['loggedout']) && TRUE == $_GET['loggedout'] )
     268                        $errors->add('loggedout', __('You are now logged out.'), 'message');
     269                elseif  ( isset($_GET['registration']) && 'disabled' == $_GET['registration'] )
     270                        $errors->add('registerdisabled', __('User registration is currently not allowed.'));
     271                elseif  ( isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail'] )
     272                        $errors->add('confirm', __('Check your e-mail for the confirmation link.'), 'message');
     273                elseif  ( isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail'] )
     274                        $errors->add('newpass', __('Check your e-mail for your new password.'), 'message');
     275                elseif  ( isset($_GET['checkemail']) && 'registered' == $_GET['checkemail'] )
     276                        $errors->add('registered', __('Registration complete. Please check your e-mail.'), 'message');
     277                elseif  ( $interim_login )
     278                        $errors->add('expired', __('Your session has expired. Please log-in again.'), 'message');
     279       
     280                // Clear any stale cookies.
     281                if ( $reauth )
     282                        wp_clear_auth_cookie();
     283       
     284                WP_Login::render_page_header_html(__('Log In'), '', $errors);
     285       
     286                if ( isset($_POST['log']) )
     287                        $user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? esc_attr(stripslashes($_POST['log'])) : '';
     288                $rememberme = ! empty( $_POST['rememberme'] );
     289       
     290                WP_Login::render_login_form_html( $user_login, $rememberme, $interim_login, $redirect_to, $errors);
     291        }
     292       
     293       
     294        /**
     295         * Handles sending password retrieval email to user.
     296         *
     297         * @uses $wpdb WordPress Database object
     298         *
     299         * @return bool|WP_Error True: when finish. WP_Error on error
     300         */
     301        function do_retrieve_password() {
     302                global $wpdb, $current_site;
     303       
     304                $errors = new WP_Error();
     305       
     306                if ( empty( $_POST['user_login'] ) && empty( $_POST['user_email'] ) )
     307                        $errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or e-mail address.'));
     308       
     309                if ( strpos($_POST['user_login'], '@') ) {
     310                        $user_data = get_user_by_email(trim($_POST['user_login']));
     311                        if ( empty($user_data) )
     312                                $errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.'));
     313                } else {
     314                        $login = trim($_POST['user_login']);
     315                        $user_data = get_userdatabylogin($login);
     316                }
     317       
     318                do_action('lostpassword_post');
     319       
     320                if ( $errors->get_error_code() )
     321                        return $errors;
     322       
     323                if ( !$user_data ) {
     324                        $errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or e-mail.'));
     325                        return $errors;
     326                }
     327       
     328                // redefining user_login ensures we return the right case in the email
     329                $user_login = $user_data->user_login;
     330                $user_email = $user_data->user_email;
     331       
     332                do_action('retreive_password', $user_login);  // Misspelled and deprecated
     333                do_action('retrieve_password', $user_login);
     334       
     335                $allow = apply_filters('allow_password_reset', true, $user_data->ID);
     336       
     337                if ( ! $allow )
     338                        return new WP_Error('no_password_reset', __('Password reset is not allowed for this user'));
     339                else if ( is_wp_error($allow) )
     340                        return $allow;
     341       
     342                $key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login));
     343                if ( empty($key) ) {
     344                        // Generate something random for a key...
     345                        $key = wp_generate_password(20, false);
     346                        do_action('retrieve_password_key', $user_login, $key);
     347                        // Now insert the new md5 key into the db
     348                        $wpdb->update($wpdb->users, array('user_activation_key' => $key), array('user_login' => $user_login));
     349                }
     350                $message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n";
     351                $message .= network_site_url() . "\r\n\r\n";
     352                $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
     353                $message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n";
     354                $message .= __('To reset your password, visit the following address:') . "\r\n\r\n";
     355                $message .= '<' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ">\r\n";
     356       
     357                if ( is_multisite() )
     358                        $blogname = $GLOBALS['current_site']->site_name;
     359                else
     360                        // The blogname option is escaped with esc_html on the way into the database in sanitize_option
     361                        // we want to reverse this for the plain text arena of emails.
     362                        $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
     363       
     364                $title = sprintf( __('[%s] Password Reset'), $blogname );
     365       
     366                $title = apply_filters('retrieve_password_title', $title);
     367                $message = apply_filters('retrieve_password_message', $message, $key);
     368       
     369                if ( $message && !wp_mail($user_email, $title, $message) )
     370                        wp_die( __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') );
     371       
     372                return true;
     373        }
     374       
     375        /**
     376         * Retrieves a user row based on password reset key and login
     377         *
     378         * @uses $wpdb WordPress Database object
     379         *
     380         * @param string $key Hash to validate sending user's password
     381         * @param string $login The user login
     382         *
     383         * @return object|WP_Error
     384         */
     385        function do_check_password_reset_key($key, $login) {
     386                global $wpdb;
     387       
     388                $key = preg_replace('/[^a-z0-9]/i', '', $key);
     389       
     390                if ( empty( $key ) || !is_string( $key ) )
     391                        return new WP_Error('invalid_key', __('Invalid key'));
     392       
     393                if ( empty($login) || !is_string($login) )
     394                        return new WP_Error('invalid_key', __('Invalid key'));
     395       
     396                $user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_activation_key = %s AND user_login = %s", $key, $login));
     397       
     398                if ( empty( $user ) )
     399                        return new WP_Error('invalid_key', __('Invalid key'));
     400       
     401                return $user;
     402        }
     403       
     404        /**
     405         * Handles resetting the user's password.
     406         *
     407         * @uses $wpdb WordPress Database object
     408         *
     409         * @param string $key Hash to validate sending user's password
     410         */
     411        function do_reset_password($user, $new_pass) {
     412                do_action('password_reset', $user, $new_pass);
     413       
     414                wp_set_password($new_pass, $user->ID);
     415       
     416                wp_password_change_notification($user);
     417        }
     418       
     419        /**
     420         * Handles registering a new user.
     421         *
     422         * @param string $user_login User's username for logging in
     423         * @param string $user_email User's email address to send password and add
     424         * @return int|WP_Error Either user's ID or error on failure.
     425         */
     426        function do_register_new_user( $user_login, $user_email ) {
     427                $errors = new WP_Error();
     428       
     429                $sanitized_user_login = sanitize_user( $user_login );
     430                $user_email = apply_filters( 'user_registration_email', $user_email );
     431       
     432                // Check the username
     433                if ( $sanitized_user_login == '' ) {
     434                        $errors->add( 'empty_username', __( '<strong>ERROR</strong>: Please enter a username.' ) );
     435                } elseif ( ! validate_username( $user_login ) ) {
     436                        $errors->add( 'invalid_username', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ) );
     437                        $sanitized_user_login = '';
     438                } elseif ( username_exists( $sanitized_user_login ) ) {
     439                        $errors->add( 'username_exists', __( '<strong>ERROR</strong>: This username is already registered, please choose another one.' ) );
     440                }
     441       
     442                // Check the e-mail address
     443                if ( $user_email == '' ) {
     444                        $errors->add( 'empty_email', __( '<strong>ERROR</strong>: Please type your e-mail address.' ) );
     445                } elseif ( ! is_email( $user_email ) ) {
     446                        $errors->add( 'invalid_email', __( '<strong>ERROR</strong>: The email address isn&#8217;t correct.' ) );
     447                        $user_email = '';
     448                } elseif ( email_exists( $user_email ) ) {
     449                        $errors->add( 'email_exists', __( '<strong>ERROR</strong>: This email is already registered, please choose another one.' ) );
     450                }
     451       
     452                do_action( 'register_post', $sanitized_user_login, $user_email, $errors );
     453       
     454                $errors = apply_filters( 'registration_errors', $errors, $sanitized_user_login, $user_email );
     455       
     456                if ( $errors->get_error_code() )
     457                        return $errors;
     458       
     459                $user_pass = wp_generate_password( 12, false);
     460                $user_id = wp_create_user( $sanitized_user_login, $user_pass, $user_email );
     461                if ( ! $user_id ) {
     462                        $errors->add( 'registerfail', sprintf( __( '<strong>ERROR</strong>: Couldn&#8217;t register you... please contact the <a href="mailto:%s">webmaster</a> !' ), get_option( 'admin_email' ) ) );
     463                        return $errors;
     464                }
     465       
     466                update_user_option( $user_id, 'default_password_nag', true, true ); //Set up the Password change nag.
     467       
     468                wp_new_user_notification( $user_id, $user_pass );
     469       
     470                return $user_id;
     471        }
     472       
     473        /**
     474         * Outputs the header for the login page.
     475         *
     476         * @uses do_action() Calls the 'login_head' for outputting HTML in the Log In
     477         *              header.
     478         * @uses apply_filters() Calls 'login_headerurl' for the top login link.
     479         * @uses apply_filters() Calls 'login_headertitle' for the top login title.
     480         * @uses apply_filters() Calls 'login_message' on the message to display in the
     481         *              header.
     482         * @uses $error The error global, which is checked for displaying errors.
     483         *
     484         * @param string $title Optional. WordPress Log In Page title to display in
     485         *              <title/> element.
     486         * @param string $message Optional. Message to display in header.
     487         * @param WP_Error $wp_error Optional. WordPress Error Object
     488         */
     489        function render_page_header_html($title = 'Log In', $message = '', $wp_error = '') {
     490                global $error, $is_iphone, $interim_login, $current_site;
     491       
     492                // Don't index any of these forms
     493                add_filter( 'pre_option_blog_public', '__return_zero' );
     494                add_action( 'login_head', 'noindex' );
     495       
     496                if ( empty($wp_error) )
     497                        $wp_error = new WP_Error();
     498       
     499                // Shake it!
     500                $shake_error_codes = array( 'empty_password', 'empty_email', 'invalid_email', 'invalidcombo', 'empty_username', 'invalid_username', 'incorrect_password' );
     501                $shake_error_codes = apply_filters( 'shake_error_codes', $shake_error_codes );
     502       
     503                if ( $shake_error_codes && $wp_error->get_error_code() && in_array( $wp_error->get_error_code(), $shake_error_codes ) )
     504                        add_action( 'login_head', array('WP_Login', 'render_page_shake_js'), 12 );
     505       
     506?>
     507<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
     508<html xmlns="http://www.w3.org/1999/xhtml" <?php language_attributes(); ?>>
     509<head>
     510        <title><?php bloginfo('name'); ?> &rsaquo; <?php echo $title; ?></title>
     511        <meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" />
     512<?php
     513        wp_admin_css( 'login', true );
     514        wp_admin_css( 'colors-fresh', true );
     515
     516        if ( $is_iphone ) { ?>
     517        <meta name="viewport" content="width=320; initial-scale=0.9; maximum-scale=1.0; user-scalable=0;" />
     518        <style type="text/css" media="screen">
     519        form { margin-left: 0px; }
     520        #login { margin-top: 20px; }
     521        </style>
     522<?php
     523        } elseif ( isset($interim_login) && $interim_login ) { ?>
     524        <style type="text/css" media="all">
     525        .login #login { margin: 20px auto; }
     526        </style>
     527<?php
     528        }
     529
     530        do_action('login_head'); ?>
     531</head>
     532<body class="login">
     533<?php   if ( !is_multisite() ) { ?>
     534<div id="login"><h1><a href="<?php echo apply_filters('login_headerurl', 'http://wordpress.org/'); ?>" title="<?php echo apply_filters('login_headertitle', __('Powered by WordPress')); ?>"><?php bloginfo('name'); ?></a></h1>
     535<?php   } else { ?>
     536<div id="login"><h1><a href="<?php echo apply_filters('login_headerurl', network_home_url() ); ?>" title="<?php echo apply_filters('login_headertitle', $current_site->site_name ); ?>"><span class="hide"><?php bloginfo('name'); ?></span></a></h1>
     537<?php   }
     538       
     539                $message = apply_filters('login_message', $message);
     540                if ( !empty( $message ) ) echo $message . "\n";
     541       
     542                // Incase a plugin uses $error rather than the $errors object
     543                if ( !empty( $error ) ) {
     544                        $wp_error->add('error', $error);
     545                        unset($error);
     546                }
     547       
     548                if ( $wp_error->get_error_code() ) {
     549                        $errors = '';
     550                        $messages = '';
     551                        foreach ( $wp_error->get_error_codes() as $code ) {
     552                                $severity = $wp_error->get_error_data($code);
     553                                foreach ( $wp_error->get_error_messages($code) as $error ) {
     554                                        if ( 'message' == $severity )
     555                                                $messages .= '  ' . $error . "<br />\n";
     556                                        else
     557                                                $errors .= '    ' . $error . "<br />\n";
     558                                }
     559                        }
     560                        if ( !empty($errors) )
     561                                echo '<div id="login_error">' . apply_filters('login_errors', $errors) . "</div>\n";
     562                        if ( !empty($messages) )
     563                                echo '<p class="message">' . apply_filters('login_messages', $messages) . "</p>\n";
     564                }
     565        }
     566       
     567        /**
     568         *
     569         */
     570        function render_login_interim_html() {
     571                $message = '<p class="message">' . __('You have logged in successfully.') . '</p>';
     572                WP_Login::render_page_header_html( '', $message ); ?>
     573<script type="text/javascript">setTimeout( function(){window.close()}, 8000);</script>
     574<p class="alignright">
     575<input type="button" class="button-primary" value="<?php esc_attr_e('Close'); ?>" onclick="window.close()" /></p>
     576</div></body></html>
     577<?php
     578        }
     579       
     580        /**
     581         * Renders the login form.
     582         *
     583         * @param $user_login
     584         * @param $rememberme
     585         * @param $interim_login
     586         * @param $redirect_to
     587         * @param $errors
     588         */
     589        function render_login_form_html( $user_login, $rememberme, $interim_login, $redirect_to, $errors ) {
     590?>
     591
     592<form name="loginform" id="loginform" action="<?php echo site_url('wp-login.php', 'login_post') ?>" method="post">
     593        <p>
     594                <label><?php _e('Username') ?><br />
     595                <input type="text" name="log" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" tabindex="10" /></label>
     596        </p>
     597        <p>
     598                <label><?php _e('Password') ?><br />
     599                <input type="password" name="pwd" id="user_pass" class="input" value="" size="20" tabindex="20" /></label>
     600        </p>
     601<?php do_action('login_form'); ?>
     602        <p class="forgetmenot"><label><input name="rememberme" type="checkbox" id="rememberme" value="forever" tabindex="90"<?php checked( $rememberme ); ?> /> <?php esc_attr_e('Remember Me'); ?></label></p>
     603        <p class="submit">
     604                <input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Log In'); ?>" tabindex="100" />
     605<?php   if ( $interim_login ) { ?>
     606                <input type="hidden" name="interim-login" value="1" />
     607<?php   } else { ?>
     608                <input type="hidden" name="redirect_to" value="<?php echo esc_attr($redirect_to); ?>" />
     609<?php   } ?>
     610                <input type="hidden" name="testcookie" value="1" />
     611        </p>
     612</form>
     613
     614<?php if ( !$interim_login ) { ?>
     615<p id="nav">
     616<?php if ( isset($_GET['checkemail']) && in_array( $_GET['checkemail'], array('confirm', 'newpass') ) ) : ?>
     617<?php elseif ( get_option('users_can_register') ) : ?>
     618<a href="<?php echo site_url('wp-login.php?action=register', 'login') ?>"><?php _e('Register') ?></a> |
     619<a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a>
     620<?php else : ?>
     621<a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a>
     622<?php endif; ?>
     623</p>
     624</div>
     625<p id="backtoblog"><a href="<?php bloginfo('url'); ?>/" title="<?php _e('Are you lost?') ?>"><?php printf(__('&larr; Back to %s'), get_bloginfo('title', 'display' )); ?></a></p>
     626<?php } else { ?>
     627</div>
     628<?php } ?>
     629
     630<script type="text/javascript">
     631function wp_attempt_focus(){
     632setTimeout( function(){ try{
     633<?php if ( $user_login || $interim_login ) { ?>
     634d = document.getElementById('user_pass');
     635d.value = '';
     636<?php } else { ?>
     637d = document.getElementById('user_login');
     638<?php if ( 'invalid_username' == $errors->get_error_code() ) { ?>
     639if( d.value != '' )
     640d.value = '';
     641<?php
     642}
     643}?>
     644d.focus();
     645d.select();
     646} catch(e){}
     647}, 200);
     648}
     649
     650<?php if ( !$error ) { ?>
     651wp_attempt_focus();
     652<?php } ?>
     653if(typeof wpOnload=='function')wpOnload();
     654</script>
     655</body>
     656</html>
     657<?php
     658        }
     659       
     660        /**
     661         *
     662         * @param $user_login
     663         * @param $errors
     664         * @param $redirect_to
     665         */
     666        function render_lostpassword_form_html( $user_login, $errors, $redirect_to ) {
     667                WP_Login::render_page_header_html(__('Lost Password'), '<p class="message">' . __('Please enter your username or email address. You will receive a link to create a new password via email.') . '</p>', $errors);
     668?>
     669<form name="lostpasswordform" id="lostpasswordform" action="<?php echo site_url('wp-login.php?action=lostpassword', 'login_post') ?>" method="post">
     670        <p>
     671                <label><?php _e('Username or E-mail:') ?><br />
     672                <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" tabindex="10" /></label>
     673        </p>
     674<?php do_action('lostpassword_form'); ?>
     675        <input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />
     676        <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Get New Password'); ?>" tabindex="100" /></p>
     677</form>
     678
     679<p id="nav">
     680<a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a>
     681<?php if (get_option('users_can_register')) : ?>
     682 | <a href="<?php echo site_url('wp-login.php?action=register', 'login') ?>"><?php _e('Register') ?></a>
     683<?php endif; ?>
     684</p>
     685
     686<?php
     687                WP_Login::render_page_footer_html('user_login');
     688        }
     689       
     690        /**
     691         *
     692         */
     693        function render_resetpass_completed_html() {
     694                WP_Login::render_page_header_html(__('Password Reset'), '<p class="message reset-pass">' . __('Your password has been reset.') . ' <a href="' . site_url('wp-login.php', 'login') . '">' . __('Log in') . '</a></p>');
     695                WP_Login::render_page_footer_html();
     696        }
     697       
     698        /**
     699         *
     700         * @param $errors
     701         */
     702        function render_resetpass_form_html( $errors ) {
     703                WP_Login::render_page_header_html(__('Reset Password'), '<p class="message reset-pass">' . __('Enter your new password below.') . '</p>', $errors );
     704?>
     705<form name="resetpassform" id="resetpassform" action="<?php echo site_url('wp-login.php?action=resetpass&key=' . urlencode($_GET['key']) . '&login=' . urlencode($_GET['login']), 'login_post') ?>" method="post">
     706        <input type="hidden" id="user_login" value="<?php echo esc_attr( $_GET['login'] ); ?>" autocomplete="off" />
     707
     708        <p>
     709                <label><?php _e('New password') ?><br />
     710                <input type="password" name="pass1" id="pass1" class="input" size="20" value="" autocomplete="off" /></label>
     711        </p>
     712        <p>
     713                <label><?php _e('Confirm new password') ?><br />
     714                <input type="password" name="pass2" id="pass2" class="input" size="20" value="" autocomplete="off" /></label>
     715        </p>
     716
     717        <div id="pass-strength-result" class="hide-if-no-js"><?php _e('Strength indicator'); ?></div>
     718        <p class="description indicator-hint"><?php _e('Hint: The password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers and symbols like ! " ? $ % ^ &amp; ).'); ?></p>
     719
     720        <br class="clear" />
     721        <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Reset Password'); ?>" tabindex="100" /></p>
     722</form>
     723
     724<p id="nav">
     725<a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a>
     726<?php if (get_option('users_can_register')) : ?>
     727 | <a href="<?php echo site_url('wp-login.php?action=register', 'login') ?>"><?php _e('Register') ?></a>
     728<?php endif; ?>
     729</p>
     730
     731<?php
     732                WP_Login::render_page_footer_html('user_pass');
     733        }
     734       
     735        /**
     736         *
     737         * @param $user_login
     738         * @param $user_email
     739         * @param $redirect_to
     740         * @param $errors
     741         */
     742        function render_register_form_html( $user_login, $user_email, $redirect_to, $errors ) {
     743                WP_Login::render_page_header_html(__('Registration Form'), '<p class="message register">' . __('Register For This Site') . '</p>', $errors);
     744?>
     745
     746<form name="registerform" id="registerform" action="<?php echo site_url('wp-login.php?action=register', 'login_post') ?>" method="post">
     747        <p>
     748                <label><?php _e('Username') ?><br />
     749                <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr(stripslashes($user_login)); ?>" size="20" tabindex="10" /></label>
     750        </p>
     751        <p>
     752                <label><?php _e('E-mail') ?><br />
     753                <input type="text" name="user_email" id="user_email" class="input" value="<?php echo esc_attr(stripslashes($user_email)); ?>" size="25" tabindex="20" /></label>
     754        </p>
     755<?php do_action('register_form'); ?>
     756        <p id="reg_passmail"><?php _e('A password will be e-mailed to you.') ?></p>
     757        <br class="clear" />
     758        <input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />
     759        <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Register'); ?>" tabindex="100" /></p>
     760</form>
     761
     762<p id="nav">
     763<a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a> |
     764<a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a>
     765</p>
     766
     767<?php
     768                WP_Login::render_page_footer_html('user_login');
     769        }
     770       
     771        /**
     772         * Outputs the footer for the login page.
     773         *
     774         * @param string $input_id Which input to auto-focus
     775         */
     776        function render_page_footer_html( $input_id = '' ) {
     777                echo "</div>\n";
     778       
     779                if ( !empty($input_id) ) {
     780        ?>
     781        <script type="text/javascript">
     782        try{document.getElementById('<?php echo $input_id; ?>').focus();}catch(e){}
     783        if(typeof wpOnload=='function')wpOnload();
     784        </script>
     785        <?php
     786                }
     787        ?>
     788        <p id="backtoblog"><a href="<?php bloginfo('url'); ?>/" title="<?php _e('Are you lost?') ?>"><?php printf(__('&larr; Back to %s'), get_bloginfo('title', 'display' )); ?></a></p>
     789        <?php do_action('login_footer'); ?>
     790        </body>
     791        </html>
     792        <?php
     793        }
     794       
     795        /**
     796         * Shakes the entire page for the user to see there was an error.
     797         */
     798        function render_page_shake_js() {
     799                global $is_iphone;
     800                if ( $is_iphone )
     801                        return;
     802        ?>
     803<script type="text/javascript">
     804addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
     805function s(id,pos){g(id).left=pos+'px';}
     806function g(id){return document.getElementById(id).style;}
     807function shake(id,a,d){c=a.shift();s(id,c);if(a.length>0){setTimeout(function(){shake(id,a,d);},d);}else{try{g(id).position='static';wp_attempt_focus();}catch(e){}}}
     808addLoadEvent(function(){ var p=new Array(15,30,15,0,-15,-30,-15,0);p=p.concat(p.concat(p));var i=document.forms[0].id;g(i).position='relative';shake(i,p,20);});
     809</script>
     810        <?php
     811        }
     812}
     813?>
     814 No newline at end of file