diff --git a/wp-includes/default-filters.php b/wp-includes/default-filters.php
index de97238..d1a3042 100644
a
|
b
|
add_action( 'admin_enqueue_scripts', 'wp_auth_check_load' ); |
299 | 299 | add_filter( 'heartbeat_received', 'wp_auth_check', 10, 2 ); |
300 | 300 | add_filter( 'heartbeat_nopriv_received', 'wp_auth_check', 10, 2 ); |
301 | 301 | |
| 302 | // Default authentication filters |
| 303 | add_filter('authenticate', 'wp_authenticate_username_password', 20, 3); |
| 304 | add_filter('authenticate', 'wp_authenticate_cookie', 30, 3); |
| 305 | add_filter('authenticate', 'wp_authenticate_spam_check', 99); |
| 306 | |
302 | 307 | unset($filter, $action); |
diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
index acfa2dd..705f6af 100644
a
|
b
|
function wp_authenticate($username, $password) { |
479 | 479 | |
480 | 480 | $ignore_codes = array('empty_username', 'empty_password'); |
481 | 481 | |
482 | | if (is_wp_error($user) && !in_array($user->get_error_code(), $ignore_codes) ) { |
| 482 | if (is_wp_error($user) && $user->get_error_codes() != $ignore_codes) { |
483 | 483 | do_action('wp_login_failed', $username); |
484 | 484 | } |
485 | 485 | |
diff --git a/wp-includes/user.php b/wp-includes/user.php
index bc583a5..b1ab0ba 100644
a
|
b
|
function wp_signon( $credentials = '', $secure_cookie = '' ) { |
48 | 48 | global $auth_secure_cookie; // XXX ugly hack to pass this to wp_authenticate_cookie |
49 | 49 | $auth_secure_cookie = $secure_cookie; |
50 | 50 | |
51 | | add_filter('authenticate', 'wp_authenticate_cookie', 30, 3); |
52 | | |
53 | 51 | $user = wp_authenticate($credentials['user_login'], $credentials['user_password']); |
54 | 52 | |
55 | 53 | if ( is_wp_error($user) ) { |
… |
… |
function wp_signon( $credentials = '', $secure_cookie = '' ) { |
68 | 66 | /** |
69 | 67 | * Authenticate the user using the username and password. |
70 | 68 | */ |
71 | | add_filter('authenticate', 'wp_authenticate_username_password', 20, 3); |
72 | 69 | function wp_authenticate_username_password($user, $username, $password) { |
73 | 70 | if ( is_a($user, 'WP_User') ) { return $user; } |
74 | 71 | |
75 | 72 | if ( empty($username) || empty($password) ) { |
| 73 | if ( is_wp_error($user) ) |
| 74 | return $user; |
| 75 | |
76 | 76 | $error = new WP_Error(); |
77 | 77 | |
78 | 78 | if ( empty($username) ) |
… |
… |
function wp_authenticate_username_password($user, $username, $password) { |
89 | 89 | if ( !$user ) |
90 | 90 | return new WP_Error( 'invalid_username', sprintf( __( '<strong>ERROR</strong>: Invalid username. <a href="%s" title="Password Lost and Found">Lost your password</a>?' ), wp_lostpassword_url() ) ); |
91 | 91 | |
92 | | if ( is_multisite() ) { |
93 | | // Is user marked as spam? |
94 | | if ( 1 == $user->spam ) |
95 | | return new WP_Error( 'spammer_account', __( '<strong>ERROR</strong>: Your account has been marked as a spammer.' ) ); |
96 | | |
97 | | // Is a user's blog marked as spam? |
98 | | if ( !is_super_admin( $user->ID ) && isset( $user->primary_blog ) ) { |
99 | | $details = get_blog_details( $user->primary_blog ); |
100 | | if ( is_object( $details ) && $details->spam == 1 ) |
101 | | return new WP_Error( 'blog_suspended', __( 'Site Suspended.' ) ); |
102 | | } |
103 | | } |
104 | | |
105 | 92 | $user = apply_filters('wp_authenticate_user', $user, $password); |
106 | 93 | if ( is_wp_error($user) ) |
107 | 94 | return $user; |
… |
… |
function wp_authenticate_cookie($user, $username, $password) { |
141 | 128 | } |
142 | 129 | |
143 | 130 | /** |
| 131 | * For multisite blogs, check if the authenticated user has been marked as a |
| 132 | * spammer, or if the user's primary blog has been marked as spam. |
| 133 | */ |
| 134 | function wp_authenticate_spam_check($user) { |
| 135 | if ( $user && is_a($user, 'WP_User') && is_multisite() ) { |
| 136 | $spammed = is_user_spammy( $user ); |
| 137 | $spammed = apply_filters( 'check_is_user_spammed', $spammed, $user ); |
| 138 | if ( is_wp_error( $spammed ) ) |
| 139 | return $spammed; |
| 140 | elseif ( $spammed ) |
| 141 | return new WP_Error( 'spammer_account', __( '<strong>ERROR</strong>: Your account has been marked as a spammer.' ) ); |
| 142 | } |
| 143 | |
| 144 | return $user; |
| 145 | } |
| 146 | |
| 147 | /** |
144 | 148 | * Number of posts user has written. |
145 | 149 | * |
146 | 150 | * @since 3.0.0 |