1 | <?php |
---|
2 | /** |
---|
3 | * Classes for handling user registration, login and related actions. |
---|
4 | * |
---|
5 | * WP_Login is the main controller class that routes the request. |
---|
6 | * |
---|
7 | * WP_Login_* classes are controllers that handle a specific request. |
---|
8 | * WP_Login_View_* classes are views that render HTML content. |
---|
9 | * |
---|
10 | * WP_Login's dispatch() method determines, instantiates and calls the |
---|
11 | * process() method of the controller and the render() method of the view. |
---|
12 | * A controller can pass parameters to the view in the view constructor. |
---|
13 | * |
---|
14 | * @package WordPress |
---|
15 | * @since 3.2.0 |
---|
16 | */ |
---|
17 | |
---|
18 | /** |
---|
19 | * WordPress Login class |
---|
20 | */ |
---|
21 | class WP_Login { |
---|
22 | /** |
---|
23 | * Redirects to https if forced to use SSL. |
---|
24 | */ |
---|
25 | public function ensure_ssl_if_required() { |
---|
26 | if ( force_ssl_admin() && !is_ssl() ) { |
---|
27 | if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) { |
---|
28 | wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI'])); |
---|
29 | exit(); |
---|
30 | } else { |
---|
31 | wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); |
---|
32 | exit(); |
---|
33 | } |
---|
34 | } |
---|
35 | } |
---|
36 | |
---|
37 | /** |
---|
38 | * Sets some cookies for render_login() to see if the browser supports them. |
---|
39 | */ |
---|
40 | public function send_test_cookies() { |
---|
41 | //Set a cookie now to see if they are supported by the browser. |
---|
42 | setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN); |
---|
43 | if ( SITECOOKIEPATH != COOKIEPATH ) |
---|
44 | setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN); |
---|
45 | } |
---|
46 | |
---|
47 | /** |
---|
48 | * Checks for move flag. |
---|
49 | */ |
---|
50 | public function relocate_if_required() { |
---|
51 | if ( defined('RELOCATE') ) { // Move flag is set |
---|
52 | if ( isset( $_SERVER['PATH_INFO'] ) && ($_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) ) |
---|
53 | $_SERVER['PHP_SELF'] = str_replace( $_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF'] ); |
---|
54 | |
---|
55 | $schema = is_ssl() ? 'https://' : 'http://'; |
---|
56 | if ( dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != get_option('siteurl') ) |
---|
57 | update_option('siteurl', dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) ); |
---|
58 | } |
---|
59 | } |
---|
60 | |
---|
61 | /** |
---|
62 | * Dispatches to a controller depending on the action requested. |
---|
63 | * |
---|
64 | * After determining the specific controller it calls the process() method |
---|
65 | * that handles the request and returns a view or exit()s. |
---|
66 | * |
---|
67 | * If a view was returned, the render() method is called to display the HTML content. |
---|
68 | * |
---|
69 | * A controller can pass parameters to the view in the view constructor. |
---|
70 | */ |
---|
71 | public function dispatch( $action ) { |
---|
72 | if ( empty( $action ) ) { |
---|
73 | $action = 'login'; |
---|
74 | } |
---|
75 | |
---|
76 | if ( isset($_GET['key']) ) |
---|
77 | $action = 'resetpass'; |
---|
78 | |
---|
79 | // aliases for backwards compatibility |
---|
80 | $aliases = array( |
---|
81 | 'rp' => 'resetpass', |
---|
82 | 'retrievepassword' => 'lostpassword' |
---|
83 | ); |
---|
84 | if ( array_key_exists( $action, $aliases ) ) { |
---|
85 | $action = $aliases[$action]; |
---|
86 | } |
---|
87 | |
---|
88 | // validate action so as to default to the login screen |
---|
89 | if ( !in_array($action, array('logout', 'lostpassword', 'resetpass', 'register', 'login'), true) && false === has_filter('login_form_' . $action) ) |
---|
90 | $action = 'login'; |
---|
91 | |
---|
92 | // allow plugins to override the default actions, and to add extra actions if they want |
---|
93 | do_action('login_form_' . $action); |
---|
94 | |
---|
95 | $errors = new WP_Error(); |
---|
96 | |
---|
97 | $class_name = 'WP_Login_' . ucfirst($action); |
---|
98 | if ( ! class_exists( $class_name )) { |
---|
99 | // This should never happen. |
---|
100 | echo "'Login class '" . $class_name . "' does not exist."; |
---|
101 | exit(); |
---|
102 | } |
---|
103 | |
---|
104 | $controller = new $class_name; |
---|
105 | |
---|
106 | // execute the controller |
---|
107 | $method = 'process'; |
---|
108 | if ( ! method_exists( $controller, $method ) ) { |
---|
109 | // This should never happen. |
---|
110 | echo "'Action handler '" . $class_name . '::' . $method . "()' does not exist."; |
---|
111 | exit(); |
---|
112 | } |
---|
113 | |
---|
114 | // render the view |
---|
115 | $view = call_user_func( array( $controller, $method ) ); |
---|
116 | if ( ! $view instanceof WP_Login_View_Base ) { |
---|
117 | echo "'Action handler '" . $class_name . '::' . $method . "()' returned an invalid view."; |
---|
118 | exit(); |
---|
119 | } |
---|
120 | |
---|
121 | $view->render(); |
---|
122 | exit(); |
---|
123 | } |
---|
124 | } |
---|
125 | |
---|
126 | /** |
---|
127 | * The base class for all login-related classes. |
---|
128 | */ |
---|
129 | abstract class WP_Login_Base { |
---|
130 | /** |
---|
131 | * Redirects to the URL specified in the request. |
---|
132 | * Defaults to the URL passed in the first parameter. |
---|
133 | * |
---|
134 | * @param string $url The URL to redirect to in case there was no URL specified in the request. |
---|
135 | */ |
---|
136 | protected function _do_safe_redirect( $url ) { |
---|
137 | $redirect_to = !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : $url; |
---|
138 | wp_safe_redirect( $redirect_to ); |
---|
139 | } |
---|
140 | |
---|
141 | /** |
---|
142 | * @return WP_Login_View_Base |
---|
143 | */ |
---|
144 | abstract public function process(); |
---|
145 | } |
---|
146 | |
---|
147 | /** |
---|
148 | * Logs the user out and redirects to the login page. |
---|
149 | */ |
---|
150 | class WP_Login_Logout extends WP_Login_Base { |
---|
151 | /** |
---|
152 | * Processes the logout request and redirects. Does not return. |
---|
153 | */ |
---|
154 | public function process() { |
---|
155 | check_admin_referer('log-out'); |
---|
156 | wp_logout(); |
---|
157 | |
---|
158 | $this->_do_safe_redirect( 'wp-login.php?loggedout=true' ); |
---|
159 | exit(); |
---|
160 | } |
---|
161 | } |
---|
162 | |
---|
163 | class WP_Login_LostPassword extends WP_Login_Base { |
---|
164 | /** |
---|
165 | * Retrieves user password. |
---|
166 | * |
---|
167 | * @uses $wpdb WordPress Database object |
---|
168 | * |
---|
169 | * @return bool|WP_Error True: when finish. WP_Error on error |
---|
170 | */ |
---|
171 | private function _retrieve_password() { |
---|
172 | global $wpdb, $current_site; |
---|
173 | |
---|
174 | $errors = new WP_Error(); |
---|
175 | |
---|
176 | if ( empty( $_POST['user_login'] ) && empty( $_POST['user_email'] ) ) |
---|
177 | $errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or e-mail address.')); |
---|
178 | |
---|
179 | if ( strpos($_POST['user_login'], '@') ) { |
---|
180 | $user_data = get_user_by_email(trim($_POST['user_login'])); |
---|
181 | if ( empty($user_data) ) |
---|
182 | $errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.')); |
---|
183 | } else { |
---|
184 | $login = trim($_POST['user_login']); |
---|
185 | $user_data = get_userdatabylogin($login); |
---|
186 | } |
---|
187 | |
---|
188 | do_action('lostpassword_post'); |
---|
189 | |
---|
190 | if ( $errors->get_error_code() ) |
---|
191 | return $errors; |
---|
192 | |
---|
193 | if ( !$user_data ) { |
---|
194 | $errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or e-mail.')); |
---|
195 | return $errors; |
---|
196 | } |
---|
197 | |
---|
198 | // redefining user_login ensures we return the right case in the email |
---|
199 | $user_login = $user_data->user_login; |
---|
200 | $user_email = $user_data->user_email; |
---|
201 | |
---|
202 | do_action('retreive_password', $user_login); // Misspelled and deprecated |
---|
203 | do_action('retrieve_password', $user_login); |
---|
204 | |
---|
205 | $allow = apply_filters('allow_password_reset', true, $user_data->ID); |
---|
206 | |
---|
207 | if ( ! $allow ) |
---|
208 | return new WP_Error('no_password_reset', __('Password reset is not allowed for this user')); |
---|
209 | |
---|
210 | if ( is_wp_error($allow) ) |
---|
211 | return $allow; |
---|
212 | |
---|
213 | $key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login)); |
---|
214 | if ( empty($key) ) { |
---|
215 | // Generate something random for a key... |
---|
216 | $key = wp_generate_password(20, false); |
---|
217 | do_action('retrieve_password_key', $user_login, $key); |
---|
218 | // Now insert the new md5 key into the db |
---|
219 | $wpdb->update($wpdb->users, array('user_activation_key' => $key), array('user_login' => $user_login)); |
---|
220 | } |
---|
221 | |
---|
222 | $this->_send_mail( $user_login, $user_email, $key ); |
---|
223 | |
---|
224 | return true; |
---|
225 | } |
---|
226 | |
---|
227 | /** |
---|
228 | * Sends out the requested password retrieval email. |
---|
229 | * |
---|
230 | * @param string $user_login The user login |
---|
231 | * @param string $user_email Email address to send to |
---|
232 | * @param string $key Hash to include within the link |
---|
233 | */ |
---|
234 | private function _send_mail( $user_login, $user_email, $key ) { |
---|
235 | $message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n"; |
---|
236 | $message .= network_site_url() . "\r\n\r\n"; |
---|
237 | $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n"; |
---|
238 | $message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n"; |
---|
239 | $message .= __('To reset your password, visit the following address:') . "\r\n\r\n"; |
---|
240 | $message .= '<' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ">\r\n"; |
---|
241 | |
---|
242 | if ( is_multisite() ) |
---|
243 | $blogname = $GLOBALS['current_site']->site_name; |
---|
244 | else |
---|
245 | // The blogname option is escaped with esc_html on the way into the database in sanitize_option |
---|
246 | // we want to reverse this for the plain text arena of emails. |
---|
247 | $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES); |
---|
248 | |
---|
249 | $title = sprintf( __('[%s] Password Reset'), $blogname ); |
---|
250 | |
---|
251 | $title = apply_filters('retrieve_password_title', $title); |
---|
252 | $message = apply_filters('retrieve_password_message', $message, $key); |
---|
253 | |
---|
254 | if ( $message && !wp_mail($user_email, $title, $message) ) |
---|
255 | wp_die( __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') ); |
---|
256 | } |
---|
257 | |
---|
258 | /** |
---|
259 | * Processes the password retrieval request. |
---|
260 | * |
---|
261 | * @return WP_Login_View_LostPassword |
---|
262 | */ |
---|
263 | public function process() { |
---|
264 | $errors = new WP_Error(); |
---|
265 | |
---|
266 | if ( 'POST' == $_SERVER['REQUEST_METHOD'] ) { |
---|
267 | $errors = $this->_retrieve_password(); |
---|
268 | if ( !is_wp_error($errors) ) { |
---|
269 | $this->_do_safe_redirect( 'wp-login.php?checkemail=confirm' ); |
---|
270 | exit(); |
---|
271 | } |
---|
272 | } |
---|
273 | |
---|
274 | if ( isset($_GET['error']) && 'invalidkey' == $_GET['error'] ) $errors->add('invalidkey', __('Sorry, that key does not appear to be valid.')); |
---|
275 | |
---|
276 | do_action('lost_password'); |
---|
277 | |
---|
278 | $redirect_to = apply_filters( 'lostpassword_redirect', !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '' ); |
---|
279 | |
---|
280 | $user_login = isset($_POST['user_login']) ? stripslashes($_POST['user_login']) : ''; |
---|
281 | |
---|
282 | return new WP_Login_View_LostPassword( $user_login, $errors, $redirect_to ); |
---|
283 | } |
---|
284 | } |
---|
285 | |
---|
286 | /** |
---|
287 | * Displays the login form and handles the login request. |
---|
288 | */ |
---|
289 | class WP_Login_Login extends WP_Login_Base { |
---|
290 | /** |
---|
291 | * Redirects the user after a successful login. |
---|
292 | * |
---|
293 | * @param WP_User $user |
---|
294 | * @param string $redirect_to |
---|
295 | */ |
---|
296 | private function _redirect_after_login( $user, $redirect_to ) { |
---|
297 | // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile. |
---|
298 | if ( is_multisite() && !get_active_blog_for_user($user->id) ) |
---|
299 | $redirect_to = user_admin_url(); |
---|
300 | elseif ( !is_multisite() && !$user->has_cap('read') ) |
---|
301 | $redirect_to = user_admin_url(); |
---|
302 | elseif ( !$user->has_cap('edit_posts') && ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url() ) ) |
---|
303 | $redirect_to = admin_url('profile.php'); |
---|
304 | |
---|
305 | wp_safe_redirect($redirect_to); |
---|
306 | } |
---|
307 | |
---|
308 | /** |
---|
309 | * Processes the login request. |
---|
310 | * |
---|
311 | * @return WP_Login_View_Login|WP_Login_View_Interim |
---|
312 | */ |
---|
313 | public function process() { |
---|
314 | $errors = new WP_Error(); |
---|
315 | |
---|
316 | $secure_cookie = ''; |
---|
317 | $interim_login = isset($_REQUEST['interim-login']); |
---|
318 | |
---|
319 | // If the user wants ssl but the session is not ssl, force a secure cookie. |
---|
320 | if ( !empty($_POST['log']) && !force_ssl_admin() ) { |
---|
321 | $user_name = sanitize_user($_POST['log']); |
---|
322 | if ( $user = get_userdatabylogin($user_name) ) { |
---|
323 | if ( get_user_option('use_ssl', $user->ID) ) { |
---|
324 | $secure_cookie = true; |
---|
325 | force_ssl_admin(true); |
---|
326 | } |
---|
327 | } |
---|
328 | } |
---|
329 | |
---|
330 | if ( ! empty( $_REQUEST['redirect_to'] ) ) { |
---|
331 | $redirect_to = $_REQUEST['redirect_to']; |
---|
332 | // Redirect to https if user wants ssl |
---|
333 | if ( $secure_cookie && false !== strpos($redirect_to, 'wp-admin') ) |
---|
334 | $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to); |
---|
335 | } else { |
---|
336 | $redirect_to = admin_url(); |
---|
337 | } |
---|
338 | |
---|
339 | $reauth = empty($_REQUEST['reauth']) ? false : true; |
---|
340 | |
---|
341 | // If the user was redirected to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure |
---|
342 | // cookie and redirect back to the referring non-secure admin page. This allows logins to always be POSTed over SSL while allowing the user to choose visiting |
---|
343 | // the admin via http or https. |
---|
344 | if ( !$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) ) |
---|
345 | $secure_cookie = false; |
---|
346 | |
---|
347 | $user = wp_signon('', $secure_cookie); |
---|
348 | |
---|
349 | $redirect_to = apply_filters('login_redirect', $redirect_to, ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '', $user); |
---|
350 | |
---|
351 | if ( !is_wp_error($user) && !$reauth ) { |
---|
352 | if ( $interim_login ) { |
---|
353 | return new WP_Login_View_Interim(); |
---|
354 | } |
---|
355 | |
---|
356 | $this->_redirect_after_login( $user, $redirect_to ); |
---|
357 | exit(); |
---|
358 | } |
---|
359 | |
---|
360 | $errors = $user; |
---|
361 | // Clear errors if loggedout is set. |
---|
362 | if ( !empty($_GET['loggedout']) || $reauth ) |
---|
363 | $errors = new WP_Error(); |
---|
364 | |
---|
365 | // If cookies are disabled we can't log in even with a valid user+pass |
---|
366 | if ( isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE]) ) |
---|
367 | $errors->add('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress.")); |
---|
368 | |
---|
369 | // Some parts of this script use the main login form to display a message |
---|
370 | if ( isset($_GET['loggedout']) && TRUE == $_GET['loggedout'] ) |
---|
371 | $errors->add('loggedout', __('You are now logged out.'), 'message'); |
---|
372 | elseif ( isset($_GET['registration']) && 'disabled' == $_GET['registration'] ) |
---|
373 | $errors->add('registerdisabled', __('User registration is currently not allowed.')); |
---|
374 | elseif ( isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail'] ) |
---|
375 | $errors->add('confirm', __('Check your e-mail for the confirmation link.'), 'message'); |
---|
376 | elseif ( isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail'] ) |
---|
377 | $errors->add('newpass', __('Check your e-mail for your new password.'), 'message'); |
---|
378 | elseif ( isset($_GET['checkemail']) && 'registered' == $_GET['checkemail'] ) |
---|
379 | $errors->add('registered', __('Registration complete. Please check your e-mail.'), 'message'); |
---|
380 | elseif ( $interim_login ) |
---|
381 | $errors->add('expired', __('Your session has expired. Please log-in again.'), 'message'); |
---|
382 | |
---|
383 | // Clear any stale cookies. |
---|
384 | if ( $reauth ) |
---|
385 | wp_clear_auth_cookie(); |
---|
386 | |
---|
387 | $user_login = ''; |
---|
388 | |
---|
389 | if ( isset($_POST['log']) ) |
---|
390 | $user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? esc_attr(stripslashes($_POST['log'])) : ''; |
---|
391 | |
---|
392 | $rememberme = ! empty( $_POST['rememberme'] ); |
---|
393 | |
---|
394 | return new WP_Login_View_Login( '', $user_login, $rememberme, $interim_login, $redirect_to, $errors ); |
---|
395 | } |
---|
396 | } |
---|
397 | |
---|
398 | /** |
---|
399 | * Displays the registration form, processes user registration request. |
---|
400 | */ |
---|
401 | class WP_Login_Register extends WP_Login_Base { |
---|
402 | /** |
---|
403 | * Handles new user registration. |
---|
404 | * |
---|
405 | * @param string $user_login User's username for logging in |
---|
406 | * @param string $user_email User's email address to send password and add |
---|
407 | * @return int|WP_Error Either user's ID or error on failure. |
---|
408 | */ |
---|
409 | private function _register_new_user( $user_login, $user_email ) { |
---|
410 | $errors = new WP_Error(); |
---|
411 | |
---|
412 | $sanitized_user_login = sanitize_user( $user_login ); |
---|
413 | $user_email = apply_filters( 'user_registration_email', $user_email ); |
---|
414 | |
---|
415 | // Check the username |
---|
416 | if ( $sanitized_user_login == '' ) { |
---|
417 | $errors->add( 'empty_username', __( '<strong>ERROR</strong>: Please enter a username.' ) ); |
---|
418 | } elseif ( ! validate_username( $user_login ) ) { |
---|
419 | $errors->add( 'invalid_username', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ) ); |
---|
420 | $sanitized_user_login = ''; |
---|
421 | } elseif ( username_exists( $sanitized_user_login ) ) { |
---|
422 | $errors->add( 'username_exists', __( '<strong>ERROR</strong>: This username is already registered, please choose another one.' ) ); |
---|
423 | } |
---|
424 | |
---|
425 | // Check the e-mail address |
---|
426 | if ( $user_email == '' ) { |
---|
427 | $errors->add( 'empty_email', __( '<strong>ERROR</strong>: Please type your e-mail address.' ) ); |
---|
428 | } elseif ( ! is_email( $user_email ) ) { |
---|
429 | $errors->add( 'invalid_email', __( '<strong>ERROR</strong>: The email address isn’t correct.' ) ); |
---|
430 | $user_email = ''; |
---|
431 | } elseif ( email_exists( $user_email ) ) { |
---|
432 | $errors->add( 'email_exists', __( '<strong>ERROR</strong>: This email is already registered, please choose another one.' ) ); |
---|
433 | } |
---|
434 | |
---|
435 | do_action( 'register_post', $sanitized_user_login, $user_email, $errors ); |
---|
436 | |
---|
437 | $errors = apply_filters( 'registration_errors', $errors, $sanitized_user_login, $user_email ); |
---|
438 | |
---|
439 | if ( $errors->get_error_code() ) |
---|
440 | return $errors; |
---|
441 | |
---|
442 | $user_pass = wp_generate_password( 12, false); |
---|
443 | $user_id = wp_create_user( $sanitized_user_login, $user_pass, $user_email ); |
---|
444 | if ( ! $user_id ) { |
---|
445 | $errors->add( 'registerfail', sprintf( __( '<strong>ERROR</strong>: Couldn’t register you... please contact the <a href="mailto:%s">webmaster</a> !' ), get_option( 'admin_email' ) ) ); |
---|
446 | return $errors; |
---|
447 | } |
---|
448 | |
---|
449 | update_user_option( $user_id, 'default_password_nag', true, true ); //Set up the Password change nag. |
---|
450 | |
---|
451 | wp_new_user_notification( $user_id, $user_pass ); |
---|
452 | |
---|
453 | return $user_id; |
---|
454 | } |
---|
455 | |
---|
456 | /** |
---|
457 | * Displays registration form and processes the user registration request. |
---|
458 | * |
---|
459 | * @return WP_Login_View_Register |
---|
460 | */ |
---|
461 | public function process() { |
---|
462 | if ( is_multisite() ) { |
---|
463 | // Multisite uses wp-signup.php |
---|
464 | wp_redirect( apply_filters( 'wp_signup_location', site_url('wp-signup.php') ) ); |
---|
465 | exit; |
---|
466 | } |
---|
467 | |
---|
468 | if ( !get_option('users_can_register') ) { |
---|
469 | wp_redirect( site_url('wp-login.php?registration=disabled') ); |
---|
470 | exit(); |
---|
471 | } |
---|
472 | |
---|
473 | $errors = new WP_Error(); |
---|
474 | |
---|
475 | $user_login = ''; |
---|
476 | $user_email = ''; |
---|
477 | |
---|
478 | if ( 'POST' == $_SERVER['REQUEST_METHOD'] ) { |
---|
479 | $user_login = $_POST['user_login']; |
---|
480 | $user_email = $_POST['user_email']; |
---|
481 | |
---|
482 | $errors = $this->_register_new_user( $user_login, $user_email ); |
---|
483 | if ( !is_wp_error($errors) ) { |
---|
484 | $redirect_to = !empty( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : 'wp-login.php?checkemail=registered'; |
---|
485 | wp_safe_redirect( $redirect_to ); |
---|
486 | exit(); |
---|
487 | } |
---|
488 | } |
---|
489 | |
---|
490 | $redirect_to = apply_filters( 'registration_redirect', !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '' ); |
---|
491 | |
---|
492 | return new WP_Login_View_Register( $user_login, $user_email, $redirect_to, $errors ); |
---|
493 | } |
---|
494 | } |
---|
495 | |
---|
496 | /** |
---|
497 | * Displays the password reset form and handles password reset request. |
---|
498 | */ |
---|
499 | class WP_Login_ResetPass extends WP_Login_Base { |
---|
500 | /** |
---|
501 | * Retrieves a user row based on password reset key and login |
---|
502 | * |
---|
503 | * @uses $wpdb WordPress Database object |
---|
504 | * |
---|
505 | * @param string $key Hash to validate sending user's password |
---|
506 | * @param string $login The user login |
---|
507 | * |
---|
508 | * @return object|WP_Error |
---|
509 | */ |
---|
510 | private function _check_password_reset_key($key, $login) { |
---|
511 | global $wpdb; |
---|
512 | |
---|
513 | $key = preg_replace('/[^a-z0-9]/i', '', $key); |
---|
514 | |
---|
515 | if ( empty( $key ) || !is_string( $key ) ) |
---|
516 | return new WP_Error('invalid_key', __('Invalid key')); |
---|
517 | |
---|
518 | if ( empty($login) || !is_string($login) ) |
---|
519 | return new WP_Error('invalid_key', __('Invalid key')); |
---|
520 | |
---|
521 | $user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_activation_key = %s AND user_login = %s", $key, $login)); |
---|
522 | |
---|
523 | if ( empty( $user ) ) |
---|
524 | return new WP_Error('invalid_key', __('Invalid key')); |
---|
525 | |
---|
526 | return $user; |
---|
527 | } |
---|
528 | |
---|
529 | /** |
---|
530 | * Handles resetting the user's password. |
---|
531 | * |
---|
532 | * @uses $wpdb WordPress Database object |
---|
533 | * |
---|
534 | * @param string $key Hash to validate sending user's password |
---|
535 | */ |
---|
536 | private function _reset_password($user, $new_pass) { |
---|
537 | do_action('password_reset', $user, $new_pass); |
---|
538 | |
---|
539 | wp_set_password($new_pass, $user->ID); |
---|
540 | |
---|
541 | wp_password_change_notification($user); |
---|
542 | } |
---|
543 | |
---|
544 | /** |
---|
545 | * Processes the reset password request. |
---|
546 | * |
---|
547 | * @return WP_Login_View_ResetPass|WP_Login_View_ResetPass_Completed |
---|
548 | */ |
---|
549 | public function process() { |
---|
550 | $user = $this->_check_password_reset_key($_GET['key'], $_GET['login']); |
---|
551 | if ( is_wp_error($user) ) { |
---|
552 | wp_redirect( site_url('wp-login.php?action=lostpassword&error=invalidkey') ); |
---|
553 | exit; |
---|
554 | } |
---|
555 | |
---|
556 | $errors = ''; |
---|
557 | |
---|
558 | if ( isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2'] ) { |
---|
559 | $errors = new WP_Error('password_reset_mismatch', __('The passwords do not match.')); |
---|
560 | } elseif ( isset($_POST['pass1']) && !empty($_POST['pass1']) ) { |
---|
561 | $this->_reset_password($user, $_POST['pass1']); |
---|
562 | |
---|
563 | return new WP_Login_View_ResetPass_Completed(); |
---|
564 | } |
---|
565 | |
---|
566 | wp_enqueue_script('utils'); |
---|
567 | wp_enqueue_script('user-profile'); |
---|
568 | |
---|
569 | return new WP_Login_View_ResetPass( $errors ); |
---|
570 | } |
---|
571 | } |
---|
572 | |
---|
573 | /** |
---|
574 | * Base class for all WP_Login_View classes. |
---|
575 | */ |
---|
576 | class WP_Login_View_Base { |
---|
577 | private $header_title; |
---|
578 | private $header_message; |
---|
579 | private $header_wp_error; |
---|
580 | |
---|
581 | private $focus_input_id = ''; |
---|
582 | |
---|
583 | /** |
---|
584 | * @param string $title Optional. WordPress Log In Page title to display in |
---|
585 | * <title/> element. |
---|
586 | * @param string $message Optional. Message to display in header. |
---|
587 | * @param WP_Error $wp_error Optional. WordPress Error Object |
---|
588 | */ |
---|
589 | public function __construct( $title = 'Log In', $message = '', $wp_error = '' ) { |
---|
590 | $this->header_title = $title; |
---|
591 | $this->header_message = $message; |
---|
592 | |
---|
593 | if ( ! empty($wp_error) ) { |
---|
594 | $this->header_wp_error = $wp_error; |
---|
595 | } else { |
---|
596 | $this->header_wp_error = new WP_Error(); |
---|
597 | } |
---|
598 | } |
---|
599 | |
---|
600 | /** |
---|
601 | * @param string $input_id Which input to autofocus |
---|
602 | */ |
---|
603 | protected function set_focus_input_id( $focus_input_id ) { |
---|
604 | $this->focus_input_id = $focus_input_id; |
---|
605 | } |
---|
606 | |
---|
607 | /** |
---|
608 | * Outputs the header for the login page. |
---|
609 | * |
---|
610 | * @uses do_action() Calls the 'login_head' for outputting HTML in the Log In |
---|
611 | * header. |
---|
612 | * @uses apply_filters() Calls 'login_headerurl' for the top login link. |
---|
613 | * @uses apply_filters() Calls 'login_headertitle' for the top login title. |
---|
614 | * @uses apply_filters() Calls 'login_message' on the message to display in the |
---|
615 | * header. |
---|
616 | * @uses $error The error global, which is checked for displaying errors. |
---|
617 | */ |
---|
618 | protected function paint_header() { |
---|
619 | global $error, $is_iphone, $interim_login, $current_site; |
---|
620 | |
---|
621 | // Don't index any of these forms |
---|
622 | add_filter( 'pre_option_blog_public', '__return_zero' ); |
---|
623 | add_action( 'login_head', 'noindex' ); |
---|
624 | |
---|
625 | // Shake it! |
---|
626 | $shake_error_codes = array( 'empty_password', 'empty_email', 'invalid_email', 'invalidcombo', 'empty_username', 'invalid_username', 'incorrect_password' ); |
---|
627 | $shake_error_codes = apply_filters( 'shake_error_codes', $shake_error_codes ); |
---|
628 | |
---|
629 | if ( $shake_error_codes && $this->header_wp_error->get_error_code() && in_array( $this->header_wp_error->get_error_code(), $shake_error_codes ) ) |
---|
630 | add_action( 'login_head', array($this, 'paint_shake_js'), 12 ); |
---|
631 | ?> |
---|
632 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
---|
633 | <html xmlns="http://www.w3.org/1999/xhtml" <?php language_attributes(); ?>> |
---|
634 | <head> |
---|
635 | <title><?php bloginfo('name'); ?> › <?php echo $this->header_title; ?></title> |
---|
636 | <meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" /> |
---|
637 | <?php |
---|
638 | wp_admin_css( 'login', true ); |
---|
639 | wp_admin_css( 'colors-fresh', true ); |
---|
640 | |
---|
641 | if ( $is_iphone ) { ?> |
---|
642 | <meta name="viewport" content="width=320; initial-scale=0.9; maximum-scale=1.0; user-scalable=0;" /> |
---|
643 | <style type="text/css" media="screen"> |
---|
644 | form { margin-left: 0px; } |
---|
645 | #login { margin-top: 20px; } |
---|
646 | </style> |
---|
647 | <?php |
---|
648 | } elseif ( isset($interim_login) && $interim_login ) { ?> |
---|
649 | <style type="text/css" media="all"> |
---|
650 | .login #login { margin: 20px auto; } |
---|
651 | </style> |
---|
652 | <?php |
---|
653 | } |
---|
654 | |
---|
655 | do_action('login_head'); ?> |
---|
656 | </head> |
---|
657 | <body class="login"> |
---|
658 | <?php if ( !is_multisite() ) { ?> |
---|
659 | <div id="login"><h1><a href="<?php echo apply_filters('login_headerurl', 'http://wordpress.org/'); ?>" title="<?php echo apply_filters('login_headertitle', esc_attr__('Powered by WordPress')); ?>"><?php bloginfo('name'); ?></a></h1> |
---|
660 | <?php } else { ?> |
---|
661 | <div id="login"><h1><a href="<?php echo apply_filters('login_headerurl', network_home_url() ); ?>" title="<?php echo apply_filters('login_headertitle', esc_attr($current_site->site_name) ); ?>"><span class="hide"><?php bloginfo('name'); ?></span></a></h1> |
---|
662 | <?php } |
---|
663 | |
---|
664 | $message = apply_filters('login_message', $this->header_message); |
---|
665 | if ( !empty( $message ) ) echo $message . "\n"; |
---|
666 | |
---|
667 | // Incase a plugin uses $error rather than the $errors object |
---|
668 | if ( !empty( $error ) ) { |
---|
669 | $this->header_wp_error->add('error', $error); |
---|
670 | unset($error); |
---|
671 | } |
---|
672 | |
---|
673 | if ( $this->header_wp_error->get_error_code() ) { |
---|
674 | $errors = ''; |
---|
675 | $messages = ''; |
---|
676 | foreach ( $this->header_wp_error->get_error_codes() as $code ) { |
---|
677 | $severity = $this->header_wp_error->get_error_data($code); |
---|
678 | foreach ( $this->header_wp_error->get_error_messages($code) as $error ) { |
---|
679 | if ( 'message' == $severity ) |
---|
680 | $messages .= ' ' . $error . "<br />\n"; |
---|
681 | else |
---|
682 | $errors .= ' ' . $error . "<br />\n"; |
---|
683 | } |
---|
684 | } |
---|
685 | if ( !empty($errors) ) |
---|
686 | echo '<div id="login_error">' . apply_filters('login_errors', $errors) . "</div>\n"; |
---|
687 | if ( !empty($messages) ) |
---|
688 | echo '<p class="message">' . apply_filters('login_messages', $messages) . "</p>\n"; |
---|
689 | } |
---|
690 | } |
---|
691 | |
---|
692 | /** |
---|
693 | * Outputs the footer for the login page. |
---|
694 | */ |
---|
695 | protected function paint_footer() { |
---|
696 | echo "</div>\n"; |
---|
697 | |
---|
698 | if ( !empty($this->focus_input_id) ) { |
---|
699 | ?> |
---|
700 | <script type="text/javascript"> |
---|
701 | try{document.getElementById('<?php echo $this->focus_input_id; ?>').focus();}catch(e){} |
---|
702 | if(typeof wpOnload=='function')wpOnload(); |
---|
703 | </script> |
---|
704 | <?php |
---|
705 | } |
---|
706 | ?> |
---|
707 | <p id="backtoblog"><a href="<?php bloginfo('url'); ?>/" title="<?php esc_attr_e('Are you lost?') ?>"><?php printf(__('← Back to %s'), get_bloginfo('title', 'display' )); ?></a></p> |
---|
708 | <?php do_action('login_footer'); ?> |
---|
709 | </body> |
---|
710 | </html> |
---|
711 | <?php |
---|
712 | } |
---|
713 | |
---|
714 | /** |
---|
715 | * Shakes the entire page for the user to see there was an error. |
---|
716 | * Needs public visibility because it will be called by a filter hook. |
---|
717 | */ |
---|
718 | public function paint_shake_js() { |
---|
719 | global $is_iphone; |
---|
720 | if ( $is_iphone ) |
---|
721 | return; |
---|
722 | ?> |
---|
723 | <script type="text/javascript"> |
---|
724 | addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}}; |
---|
725 | function s(id,pos){g(id).left=pos+'px';} |
---|
726 | function g(id){return document.getElementById(id).style;} |
---|
727 | function shake(id,a,d){c=a.shift();s(id,c);if(a.length>0){setTimeout(function(){shake(id,a,d);},d);}else{try{g(id).position='static';wp_attempt_focus();}catch(e){}}} |
---|
728 | addLoadEvent(function(){ var p=new Array(15,30,15,0,-15,-30,-15,0);p=p.concat(p.concat(p));var i=document.forms[0].id;g(i).position='relative';shake(i,p,20);}); |
---|
729 | </script> |
---|
730 | <?php |
---|
731 | } |
---|
732 | |
---|
733 | /** |
---|
734 | * Empty function to be overriden by children to paint HTML content, |
---|
735 | * although this is not a requirement. |
---|
736 | */ |
---|
737 | protected function paint() { |
---|
738 | } |
---|
739 | |
---|
740 | /** |
---|
741 | * May or may not be overridden. |
---|
742 | */ |
---|
743 | public function render() { |
---|
744 | $this->paint_header(); |
---|
745 | $this->paint(); |
---|
746 | $this->paint_footer(); |
---|
747 | } |
---|
748 | } |
---|
749 | |
---|
750 | /** |
---|
751 | * Displays interim login screen. |
---|
752 | */ |
---|
753 | class WP_Login_View_Interim extends WP_Login_View_Base { |
---|
754 | /** |
---|
755 | * Class constructor. |
---|
756 | */ |
---|
757 | public function __construct() { |
---|
758 | $message = '<p class="message">' . __('You have logged in successfully.') . '</p>'; |
---|
759 | parent::__construct( '', $message ); |
---|
760 | } |
---|
761 | |
---|
762 | /** |
---|
763 | * Overriding to skip paint_footer() as we're about to draw a custom footer in paint(). |
---|
764 | */ |
---|
765 | public function render() { |
---|
766 | $this->paint_header(); |
---|
767 | $this->paint(); |
---|
768 | } |
---|
769 | |
---|
770 | /** |
---|
771 | * Paint HTML contents. |
---|
772 | */ |
---|
773 | protected function paint() { |
---|
774 | ?> |
---|
775 | <script type="text/javascript">setTimeout( function(){window.close()}, 8000);</script> |
---|
776 | <p class="alignright"> |
---|
777 | <input type="button" class="button-primary" value="<?php esc_attr_e('Close'); ?>" onclick="window.close()" /></p> |
---|
778 | </div></body></html> |
---|
779 | <?php |
---|
780 | } |
---|
781 | } |
---|
782 | |
---|
783 | /** |
---|
784 | * Renders the login form. |
---|
785 | */ |
---|
786 | class WP_Login_View_Login extends WP_Login_View_Base { |
---|
787 | private $user_login; |
---|
788 | private $remember_me; |
---|
789 | private $interim_login; |
---|
790 | private $redirect_to; |
---|
791 | private $errors; |
---|
792 | |
---|
793 | /** |
---|
794 | * Class constructor. |
---|
795 | * |
---|
796 | * @param string $user_login User name |
---|
797 | * @param boolean $rememberme |
---|
798 | * @param boolean $interim_login |
---|
799 | * @param string $redirect_to URL to redirect to. |
---|
800 | * @param WP_Error $errors Errors, if any. |
---|
801 | */ |
---|
802 | public function __construct( $message = '', $user_login = '', $remember_me = false, $interim_login = false, $redirect_to = '', $errors = null ) { |
---|
803 | parent::__construct( __('Log In'), $message, $errors ); |
---|
804 | |
---|
805 | $this->user_login = $user_login; |
---|
806 | $this->remember_me = $remember_me; |
---|
807 | $this->interim_login = $interim_login; |
---|
808 | $this->redirect_to = $redirect_to; |
---|
809 | if ( ! empty($errors) ) { |
---|
810 | $this->errors = $errors; |
---|
811 | } else { |
---|
812 | $this->errors = new WP_Error(); |
---|
813 | } |
---|
814 | } |
---|
815 | |
---|
816 | /** |
---|
817 | * Overriding to skip paint_footer() as we're about to draw a custom footer in paint(). |
---|
818 | */ |
---|
819 | public function render() { |
---|
820 | $this->paint_header(); |
---|
821 | $this->paint(); |
---|
822 | } |
---|
823 | |
---|
824 | /** |
---|
825 | * Renders the login form. |
---|
826 | */ |
---|
827 | protected function paint() { |
---|
828 | ?> |
---|
829 | <form name="loginform" id="loginform" action="<?php echo site_url('wp-login.php', 'login_post') ?>" method="post"> |
---|
830 | <p> |
---|
831 | <label><?php _e('Username') ?><br /> |
---|
832 | <input type="text" name="log" id="user_login" class="input" value="<?php echo esc_attr($this->user_login); ?>" size="20" tabindex="10" /></label> |
---|
833 | </p> |
---|
834 | <p> |
---|
835 | <label><?php _e('Password') ?><br /> |
---|
836 | <input type="password" name="pwd" id="user_pass" class="input" value="" size="20" tabindex="20" /></label> |
---|
837 | </p> |
---|
838 | <?php do_action('login_form'); ?> |
---|
839 | <p class="forgetmenot"><label><input name="rememberme" type="checkbox" id="rememberme" value="forever" tabindex="90"<?php checked( $this->remember_me ); ?> /> <?php esc_attr_e('Remember Me'); ?></label></p> |
---|
840 | <p class="submit"> |
---|
841 | <input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Log In'); ?>" tabindex="100" /> |
---|
842 | <?php if ( $this->interim_login ) { ?> |
---|
843 | <input type="hidden" name="interim-login" value="1" /> |
---|
844 | <?php } else { ?> |
---|
845 | <input type="hidden" name="redirect_to" value="<?php echo esc_attr($this->redirect_to); ?>" /> |
---|
846 | <?php } ?> |
---|
847 | <input type="hidden" name="testcookie" value="1" /> |
---|
848 | </p> |
---|
849 | </form> |
---|
850 | |
---|
851 | <?php if ( !$this->interim_login ) { ?> |
---|
852 | <p id="nav"> |
---|
853 | <?php if ( isset($_GET['checkemail']) && in_array( $_GET['checkemail'], array('confirm', 'newpass') ) ) : ?> |
---|
854 | <?php elseif ( get_option('users_can_register') ) : ?> |
---|
855 | <a href="<?php echo site_url('wp-login.php?action=register', 'login') ?>"><?php _e('Register') ?></a> | |
---|
856 | <a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a> |
---|
857 | <?php else : ?> |
---|
858 | <a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a> |
---|
859 | <?php endif; ?> |
---|
860 | </p> |
---|
861 | </div> |
---|
862 | <p id="backtoblog"><a href="<?php bloginfo('url'); ?>/" title="<?php esc_attr_e('Are you lost?') ?>"><?php printf(__('← Back to %s'), get_bloginfo('title', 'display' )); ?></a></p> |
---|
863 | <?php } else { ?> |
---|
864 | </div> |
---|
865 | <?php } ?> |
---|
866 | |
---|
867 | <script type="text/javascript"> |
---|
868 | function wp_attempt_focus(){ |
---|
869 | setTimeout( function(){ try{ |
---|
870 | <?php if ( $this->user_login || $this->interim_login ) { ?> |
---|
871 | d = document.getElementById('user_pass'); |
---|
872 | d.value = ''; |
---|
873 | <?php } else { ?> |
---|
874 | d = document.getElementById('user_login'); |
---|
875 | <?php if ( 'invalid_username' == $this->errors->get_error_code() ) { ?> |
---|
876 | if( d.value != '' ) |
---|
877 | d.value = ''; |
---|
878 | <?php |
---|
879 | } |
---|
880 | }?> |
---|
881 | d.focus(); |
---|
882 | d.select(); |
---|
883 | } catch(e){} |
---|
884 | }, 200); |
---|
885 | } |
---|
886 | |
---|
887 | <?php if ( !$error ) { ?> |
---|
888 | wp_attempt_focus(); |
---|
889 | <?php } ?> |
---|
890 | if(typeof wpOnload=='function')wpOnload(); |
---|
891 | </script> |
---|
892 | <?php do_action( 'login_footer' ); ?> |
---|
893 | </body> |
---|
894 | </html> |
---|
895 | <?php |
---|
896 | } |
---|
897 | } |
---|
898 | |
---|
899 | /** |
---|
900 | * Renders the register form. |
---|
901 | */ |
---|
902 | class WP_Login_View_Register extends WP_Login_View_Base { |
---|
903 | private $user_login; |
---|
904 | private $user_email; |
---|
905 | private $redirect_to; |
---|
906 | |
---|
907 | /** |
---|
908 | * Class constructor. |
---|
909 | * |
---|
910 | * @param string $user_login User name |
---|
911 | * @param string $user_email User email |
---|
912 | * @param string $redirect_to URL to redirect to after login. |
---|
913 | * @param WP_Error $errors Errors, if any. |
---|
914 | */ |
---|
915 | public function __construct( $user_login, $user_email, $redirect_to, $errors ) { |
---|
916 | parent::__construct( __('Registration Form'), '<p class="message register">' . __('Register For This Site') . '</p>', $errors ); |
---|
917 | |
---|
918 | $this->user_login = $user_login; |
---|
919 | $this->user_email = $user_email; |
---|
920 | $this->redirect_to = $redirect_to; |
---|
921 | |
---|
922 | $this->set_focus_input_id( 'user_login' ); |
---|
923 | } |
---|
924 | |
---|
925 | /** |
---|
926 | * Outputs the registration form. |
---|
927 | */ |
---|
928 | protected function paint() { |
---|
929 | ?> |
---|
930 | <form name="registerform" id="registerform" action="<?php echo site_url('wp-login.php?action=register', 'login_post') ?>" method="post"> |
---|
931 | <p> |
---|
932 | <label><?php _e('Username') ?><br /> |
---|
933 | <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr(stripslashes($this->user_login)); ?>" size="20" tabindex="10" /></label> |
---|
934 | </p> |
---|
935 | <p> |
---|
936 | <label><?php _e('E-mail') ?><br /> |
---|
937 | <input type="text" name="user_email" id="user_email" class="input" value="<?php echo esc_attr(stripslashes($this->user_email)); ?>" size="25" tabindex="20" /></label> |
---|
938 | </p> |
---|
939 | <?php do_action('register_form'); ?> |
---|
940 | <p id="reg_passmail"><?php _e('A password will be e-mailed to you.') ?></p> |
---|
941 | <br class="clear" /> |
---|
942 | <input type="hidden" name="redirect_to" value="<?php echo esc_attr( $this->redirect_to ); ?>" /> |
---|
943 | <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Register'); ?>" tabindex="100" /></p> |
---|
944 | </form> |
---|
945 | |
---|
946 | <p id="nav"> |
---|
947 | <a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a> | |
---|
948 | <a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a> |
---|
949 | </p> |
---|
950 | <?php |
---|
951 | } |
---|
952 | } |
---|
953 | |
---|
954 | /** |
---|
955 | * Renders the password retrieval form. |
---|
956 | */ |
---|
957 | class WP_Login_View_LostPassword extends WP_Login_View_Base { |
---|
958 | private $user_login; |
---|
959 | private $errors; |
---|
960 | private $redirect_to; |
---|
961 | |
---|
962 | /** |
---|
963 | * @param string $user_login User name |
---|
964 | * @param WP_Error $errors Errors, if any. |
---|
965 | * @param $redirect_to URL to redirect to. |
---|
966 | */ |
---|
967 | public function __construct( $user_login, $errors, $redirect_to ) { |
---|
968 | parent::__construct( __('Lost Password'), '<p class="message">' . __('Please enter your username or email address. You will receive a link to create a new password via email.') . '</p>', $errors ); |
---|
969 | |
---|
970 | $this->user_login = $user_login; |
---|
971 | $this->errors = $errors; |
---|
972 | $this->redirect_to = $redirect_to; |
---|
973 | |
---|
974 | $this->set_focus_input_id('user_login'); |
---|
975 | } |
---|
976 | |
---|
977 | /** |
---|
978 | * Outputs the password retrieval form. |
---|
979 | */ |
---|
980 | protected function paint() { |
---|
981 | ?> |
---|
982 | <form name="lostpasswordform" id="lostpasswordform" action="<?php echo site_url('wp-login.php?action=lostpassword', 'login_post') ?>" method="post"> |
---|
983 | <p> |
---|
984 | <label><?php _e('Username or E-mail:') ?><br /> |
---|
985 | <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr($this->user_login); ?>" size="20" tabindex="10" /></label> |
---|
986 | </p> |
---|
987 | <?php do_action('lostpassword_form'); ?> |
---|
988 | <input type="hidden" name="redirect_to" value="<?php echo esc_attr( $this->redirect_to ); ?>" /> |
---|
989 | <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Get New Password'); ?>" tabindex="100" /></p> |
---|
990 | </form> |
---|
991 | |
---|
992 | <p id="nav"> |
---|
993 | <a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a> |
---|
994 | <?php if (get_option('users_can_register')) : ?> |
---|
995 | | <a href="<?php echo site_url('wp-login.php?action=register', 'login') ?>"><?php _e('Register') ?></a> |
---|
996 | <?php endif; ?> |
---|
997 | </p> |
---|
998 | <?php |
---|
999 | } |
---|
1000 | } |
---|
1001 | |
---|
1002 | /** |
---|
1003 | * Outputs the password change form. |
---|
1004 | */ |
---|
1005 | class WP_Login_View_ResetPass extends WP_Login_View_Base { |
---|
1006 | /** |
---|
1007 | * Class constructor. |
---|
1008 | */ |
---|
1009 | public function __construct( $errors ) { |
---|
1010 | parent::__construct( __('Reset Password'), '<p class="message reset-pass">' . __('Enter your new password below.') . '</p>', $errors ); |
---|
1011 | |
---|
1012 | $this->set_focus_input_id('user_pass'); |
---|
1013 | } |
---|
1014 | |
---|
1015 | /** |
---|
1016 | * Renders the password change form. |
---|
1017 | */ |
---|
1018 | protected function paint() { |
---|
1019 | ?> |
---|
1020 | <form name="resetpassform" id="resetpassform" action="<?php echo site_url('wp-login.php?action=resetpass&key=' . urlencode($_GET['key']) . '&login=' . urlencode($_GET['login']), 'login_post') ?>" method="post"> |
---|
1021 | <input type="hidden" id="user_login" value="<?php echo esc_attr( $_GET['login'] ); ?>" autocomplete="off" /> |
---|
1022 | |
---|
1023 | <p> |
---|
1024 | <label><?php _e('New password') ?><br /> |
---|
1025 | <input type="password" name="pass1" id="pass1" class="input" size="20" value="" autocomplete="off" /></label> |
---|
1026 | </p> |
---|
1027 | <p> |
---|
1028 | <label><?php _e('Confirm new password') ?><br /> |
---|
1029 | <input type="password" name="pass2" id="pass2" class="input" size="20" value="" autocomplete="off" /></label> |
---|
1030 | </p> |
---|
1031 | |
---|
1032 | <div id="pass-strength-result" class="hide-if-no-js"><?php _e('Strength indicator'); ?></div> |
---|
1033 | <p class="description indicator-hint"><?php _e('Hint: The password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers and symbols like ! " ? $ % ^ & ).'); ?></p> |
---|
1034 | |
---|
1035 | <br class="clear" /> |
---|
1036 | <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Reset Password'); ?>" tabindex="100" /></p> |
---|
1037 | </form> |
---|
1038 | |
---|
1039 | <p id="nav"> |
---|
1040 | <a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a> |
---|
1041 | <?php if (get_option('users_can_register')) : ?> |
---|
1042 | | <a href="<?php echo site_url('wp-login.php?action=register', 'login') ?>"><?php _e('Register') ?></a> |
---|
1043 | <?php endif; ?> |
---|
1044 | </p> |
---|
1045 | <?php |
---|
1046 | } |
---|
1047 | } |
---|
1048 | |
---|
1049 | /** |
---|
1050 | * Outputs the login form with the password successfully changed message. |
---|
1051 | */ |
---|
1052 | class WP_Login_View_ResetPass_Completed extends WP_Login_View_Login { |
---|
1053 | /** |
---|
1054 | * Class constructor. |
---|
1055 | */ |
---|
1056 | public function __construct() { |
---|
1057 | // to make this work, I needed to change isset() to !empty() in WP_Login_Login::process() for checking $_REQUEST['redirect_to'] |
---|
1058 | parent::__construct( '<p class="message reset-pass">' . __('Your password has been reset.') . '</p>' ); |
---|
1059 | } |
---|
1060 | } |
---|
1061 | |
---|
1062 | ?> |
---|