WordPress.org

Make WordPress Core

Ticket #19714: authenticate.diff

File authenticate.diff, 4.0 KB (added by willnorris, 5 years ago)
  • wp-includes/default-filters.php

    diff --git a/wp-includes/default-filters.php b/wp-includes/default-filters.php
    index de97238..d1a3042 100644
    a b add_action( 'admin_enqueue_scripts', 'wp_auth_check_load' ); 
    299299add_filter( 'heartbeat_received',        'wp_auth_check', 10, 2 );
    300300add_filter( 'heartbeat_nopriv_received', 'wp_auth_check', 10, 2 );
    301301
     302// Default authentication filters
     303add_filter('authenticate', 'wp_authenticate_username_password', 20, 3);
     304add_filter('authenticate', 'wp_authenticate_cookie', 30, 3);
     305add_filter('authenticate', 'wp_authenticate_spam_check', 99);
     306
    302307unset($filter, $action);
  • wp-includes/pluggable.php

    diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
    index acfa2dd..705f6af 100644
    a b function wp_authenticate($username, $password) { 
    479479
    480480        $ignore_codes = array('empty_username', 'empty_password');
    481481
    482         if (is_wp_error($user) && !in_array($user->get_error_code(), $ignore_codes) ) {
     482        if (is_wp_error($user) && $user->get_error_codes() != $ignore_codes) {
    483483                do_action('wp_login_failed', $username);
    484484        }
    485485
  • wp-includes/user.php

    diff --git a/wp-includes/user.php b/wp-includes/user.php
    index bc583a5..9e5e186 100644
    a b function wp_signon( $credentials = '', $secure_cookie = '' ) { 
    4848        global $auth_secure_cookie; // XXX ugly hack to pass this to wp_authenticate_cookie
    4949        $auth_secure_cookie = $secure_cookie;
    5050
    51         add_filter('authenticate', 'wp_authenticate_cookie', 30, 3);
    52 
    5351        $user = wp_authenticate($credentials['user_login'], $credentials['user_password']);
    5452
    5553        if ( is_wp_error($user) ) {
    function wp_signon( $credentials = '', $secure_cookie = '' ) { 
    6866/**
    6967 * Authenticate the user using the username and password.
    7068 */
    71 add_filter('authenticate', 'wp_authenticate_username_password', 20, 3);
    7269function wp_authenticate_username_password($user, $username, $password) {
    7370        if ( is_a($user, 'WP_User') ) { return $user; }
    7471
    7572        if ( empty($username) || empty($password) ) {
     73                if ( is_wp_error($user) )
     74                        return $user;
     75
    7676                $error = new WP_Error();
    7777
    7878                if ( empty($username) )
    function wp_authenticate_username_password($user, $username, $password) { 
    8989        if ( !$user )
    9090                return new WP_Error( 'invalid_username', sprintf( __( '<strong>ERROR</strong>: Invalid username. <a href="%s" title="Password Lost and Found">Lost your password</a>?' ), wp_lostpassword_url() ) );
    9191
    92         if ( is_multisite() ) {
    93                 // Is user marked as spam?
    94                 if ( 1 == $user->spam )
    95                         return new WP_Error( 'spammer_account', __( '<strong>ERROR</strong>: Your account has been marked as a spammer.' ) );
    96 
    97                 // Is a user's blog marked as spam?
    98                 if ( !is_super_admin( $user->ID ) && isset( $user->primary_blog ) ) {
    99                         $details = get_blog_details( $user->primary_blog );
    100                         if ( is_object( $details ) && $details->spam == 1 )
    101                                 return new WP_Error( 'blog_suspended', __( 'Site Suspended.' ) );
    102                 }
    103         }
    104 
    10592        $user = apply_filters('wp_authenticate_user', $user, $password);
    10693        if ( is_wp_error($user) )
    10794                return $user;
    function wp_authenticate_cookie($user, $username, $password) { 
    141128}
    142129
    143130/**
     131 * For multisite blogs, check if the authenticated user has been marked as a
     132 * spammer, or if the user's primary blog has been marked as spam.
     133 */
     134function wp_authenticate_spam_check($user) {
     135        if ( $user && is_a($user, 'WP_User') && is_multisite() ) {
     136                // Is user marked as spam?
     137                if ( 1 == $user->spam )
     138                        return new WP_Error( 'spammer_account', __( '<strong>ERROR</strong>: Your account has been marked as a spammer.' ) );
     139
     140                // Is a user's blog marked as spam?
     141                if ( !is_super_admin( $user->ID ) && isset( $user->primary_blog ) ) {
     142                        $details = get_blog_details( $user->primary_blog );
     143                        if ( is_object( $details ) && $details->spam == 1 )
     144                                return new WP_Error( 'blog_suspended', __( 'Site Suspended.' ) );
     145                }
     146        }
     147
     148        return $user;
     149}
     150
     151/**
    144152 * Number of posts user has written.
    145153 *
    146154 * @since 3.0.0