WordPress.org

Make WordPress Core

Ticket #19714: authenticate.diff

File authenticate.diff, 4.0 KB (added by willnorris, 21 months ago)
  • wp-includes/default-filters.php

    diff --git a/wp-includes/default-filters.php b/wp-includes/default-filters.php
    index de97238..d1a3042 100644
    a b add_action( 'admin_enqueue_scripts', 'wp_auth_check_load' ); 
    299299add_filter( 'heartbeat_received',        'wp_auth_check', 10, 2 ); 
    300300add_filter( 'heartbeat_nopriv_received', 'wp_auth_check', 10, 2 ); 
    301301 
     302// Default authentication filters 
     303add_filter('authenticate', 'wp_authenticate_username_password', 20, 3); 
     304add_filter('authenticate', 'wp_authenticate_cookie', 30, 3); 
     305add_filter('authenticate', 'wp_authenticate_spam_check', 99); 
     306 
    302307unset($filter, $action); 
  • wp-includes/pluggable.php

    diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
    index acfa2dd..705f6af 100644
    a b function wp_authenticate($username, $password) { 
    479479 
    480480        $ignore_codes = array('empty_username', 'empty_password'); 
    481481 
    482         if (is_wp_error($user) && !in_array($user->get_error_code(), $ignore_codes) ) { 
     482        if (is_wp_error($user) && $user->get_error_codes() != $ignore_codes) { 
    483483                do_action('wp_login_failed', $username); 
    484484        } 
    485485 
  • wp-includes/user.php

    diff --git a/wp-includes/user.php b/wp-includes/user.php
    index bc583a5..9e5e186 100644
    a b function wp_signon( $credentials = '', $secure_cookie = '' ) { 
    4848        global $auth_secure_cookie; // XXX ugly hack to pass this to wp_authenticate_cookie 
    4949        $auth_secure_cookie = $secure_cookie; 
    5050 
    51         add_filter('authenticate', 'wp_authenticate_cookie', 30, 3); 
    52  
    5351        $user = wp_authenticate($credentials['user_login'], $credentials['user_password']); 
    5452 
    5553        if ( is_wp_error($user) ) { 
    function wp_signon( $credentials = '', $secure_cookie = '' ) { 
    6866/** 
    6967 * Authenticate the user using the username and password. 
    7068 */ 
    71 add_filter('authenticate', 'wp_authenticate_username_password', 20, 3); 
    7269function wp_authenticate_username_password($user, $username, $password) { 
    7370        if ( is_a($user, 'WP_User') ) { return $user; } 
    7471 
    7572        if ( empty($username) || empty($password) ) { 
     73                if ( is_wp_error($user) ) 
     74                        return $user; 
     75 
    7676                $error = new WP_Error(); 
    7777 
    7878                if ( empty($username) ) 
    function wp_authenticate_username_password($user, $username, $password) { 
    8989        if ( !$user ) 
    9090                return new WP_Error( 'invalid_username', sprintf( __( '<strong>ERROR</strong>: Invalid username. <a href="%s" title="Password Lost and Found">Lost your password</a>?' ), wp_lostpassword_url() ) ); 
    9191 
    92         if ( is_multisite() ) { 
    93                 // Is user marked as spam? 
    94                 if ( 1 == $user->spam ) 
    95                         return new WP_Error( 'spammer_account', __( '<strong>ERROR</strong>: Your account has been marked as a spammer.' ) ); 
    96  
    97                 // Is a user's blog marked as spam? 
    98                 if ( !is_super_admin( $user->ID ) && isset( $user->primary_blog ) ) { 
    99                         $details = get_blog_details( $user->primary_blog ); 
    100                         if ( is_object( $details ) && $details->spam == 1 ) 
    101                                 return new WP_Error( 'blog_suspended', __( 'Site Suspended.' ) ); 
    102                 } 
    103         } 
    104  
    10592        $user = apply_filters('wp_authenticate_user', $user, $password); 
    10693        if ( is_wp_error($user) ) 
    10794                return $user; 
    function wp_authenticate_cookie($user, $username, $password) { 
    141128} 
    142129 
    143130/** 
     131 * For multisite blogs, check if the authenticated user has been marked as a 
     132 * spammer, or if the user's primary blog has been marked as spam. 
     133 */ 
     134function wp_authenticate_spam_check($user) { 
     135        if ( $user && is_a($user, 'WP_User') && is_multisite() ) { 
     136                // Is user marked as spam? 
     137                if ( 1 == $user->spam ) 
     138                        return new WP_Error( 'spammer_account', __( '<strong>ERROR</strong>: Your account has been marked as a spammer.' ) ); 
     139 
     140                // Is a user's blog marked as spam? 
     141                if ( !is_super_admin( $user->ID ) && isset( $user->primary_blog ) ) { 
     142                        $details = get_blog_details( $user->primary_blog ); 
     143                        if ( is_object( $details ) && $details->spam == 1 ) 
     144                                return new WP_Error( 'blog_suspended', __( 'Site Suspended.' ) ); 
     145                } 
     146        } 
     147 
     148        return $user; 
     149} 
     150 
     151/** 
    144152 * Number of posts user has written. 
    145153 * 
    146154 * @since 3.0.0