Ticket #35829: 35829.diff
File 35829.diff, 23.7 KB (added by , 9 years ago) |
---|
-
new file wp-includes/functions.wp-login.php
diff --git a/wp-includes/functions.wp-login.php b/wp-includes/functions.wp-login.php new file mode 100644 index 0000000..15715f7
- + 1 <?php 2 /** 3 * Login Page Functions 4 * 5 * @since 4.5.0 6 * 7 * @package WordPress 8 */ 9 10 11 /** 12 * Output the login page header. 13 * 14 * @param string $title Optional. WordPress login Page title to display in the `<title>` element. 15 * Default 'Log In'. 16 * @param string $message Optional. Message to display in header. Default empty. 17 * @param WP_Error $wp_error Optional. The error to pass. Default empty. 18 */ 19 function login_header( $title = 'Log In', $message = '', $wp_error = '' ) { 20 global $error, $interim_login, $action; 21 22 // Don't index any of these forms 23 add_action( 'login_head', 'wp_no_robots' ); 24 25 if ( wp_is_mobile() ) { 26 add_action( 'login_head', 'wp_login_viewport_meta' ); 27 } 28 29 if ( empty( $wp_error ) ) { 30 $wp_error = new WP_Error(); 31 } 32 33 // Shake it! 34 $shake_error_codes = array( 'empty_password', 'empty_email', 'invalid_email', 'invalidcombo', 'empty_username', 'invalid_username', 'incorrect_password' ); 35 36 /** 37 * Filter the error codes array for shaking the login form. 38 * 39 * @since 3.0.0 40 * 41 * @param array $shake_error_codes Error codes that shake the login form. 42 */ 43 $shake_error_codes = apply_filters( 'shake_error_codes', $shake_error_codes ); 44 45 if ( $shake_error_codes && $wp_error->get_error_code() && in_array( $wp_error->get_error_code(), $shake_error_codes ) ) { 46 add_action( 'login_head', 'wp_shake_js', 12 ); 47 } 48 49 $separator = is_rtl() ? ' › ' : ' ‹ '; 50 51 ?><!DOCTYPE html> 52 <!--[if IE 8]> 53 <html xmlns="http://www.w3.org/1999/xhtml" class="ie8" <?php language_attributes(); ?>> 54 <![endif]--> 55 <!--[if !(IE 8) ]><!--> 56 <html xmlns="http://www.w3.org/1999/xhtml" <?php language_attributes(); ?>> 57 <!--<![endif]--> 58 <head> 59 <meta http-equiv="Content-Type" content="<?php bloginfo( 'html_type' ); ?>; charset=<?php bloginfo( 'charset' ); ?>" /> 60 <title><?php echo get_bloginfo( 'name', 'display' ) . $separator . $title; ?></title> 61 <?php 62 63 wp_enqueue_style( 'login' ); 64 65 /* 66 * Remove all stored post data on logging out. 67 * This could be added by add_action('login_head'...) like wp_shake_js(), 68 * but maybe better if it's not removable by plugins 69 */ 70 if ( 'loggedout' == $wp_error->get_error_code() ) { 71 ?> 72 <script>if("sessionStorage" in window){try{for(var key in sessionStorage){if(key.indexOf("wp-autosave-")!=-1){sessionStorage.removeItem(key)}}}catch(e){}};</script> 73 <?php 74 } 75 76 /** 77 * Enqueue scripts and styles for the login page. 78 * 79 * @since 3.1.0 80 */ 81 do_action( 'login_enqueue_scripts' ); 82 83 /** 84 * Fires in the login page header after scripts are enqueued. 85 * 86 * @since 2.1.0 87 */ 88 do_action( 'login_head' ); 89 90 if ( is_multisite() ) { 91 $login_header_url = network_home_url(); 92 $login_header_title = get_current_site()->site_name; 93 } else { 94 $login_header_url = __( 'https://wordpress.org/' ); 95 $login_header_title = __( 'Powered by WordPress' ); 96 } 97 98 /** 99 * Filter link URL of the header logo above login form. 100 * 101 * @since 2.1.0 102 * 103 * @param string $login_header_url Login header logo URL. 104 */ 105 $login_header_url = apply_filters( 'login_headerurl', $login_header_url ); 106 107 /** 108 * Filter the title attribute of the header logo above login form. 109 * 110 * @since 2.1.0 111 * 112 * @param string $login_header_title Login header logo title attribute. 113 */ 114 $login_header_title = apply_filters( 'login_headertitle', $login_header_title ); 115 116 $classes = array( 'login-action-' . $action, 'wp-core-ui' ); 117 if ( wp_is_mobile() ) { 118 $classes[] = 'mobile'; 119 } 120 121 if ( is_rtl() ) { 122 $classes[] = 'rtl'; 123 } 124 125 if ( $interim_login ) { 126 $classes[] = 'interim-login'; 127 ?> 128 <style type="text/css">html{background-color: transparent;}</style> 129 <?php 130 131 if ( 'success' === $interim_login ) { 132 $classes[] = 'interim-login-success'; 133 } 134 } 135 $classes[] =' locale-' . sanitize_html_class( strtolower( str_replace( '_', '-', get_locale() ) ) ); 136 137 /** 138 * Filter the login page body classes. 139 * 140 * @since 3.5.0 141 * 142 * @param array $classes An array of body classes. 143 * @param string $action The action that brought the visitor to the login page. 144 */ 145 $classes = apply_filters( 'login_body_class', $classes, $action ); 146 147 ?> 148 </head> 149 <body class="login <?php echo esc_attr( implode( ' ', $classes ) ); ?>"> 150 <div id="login"> 151 <h1><a href="<?php echo esc_url( $login_header_url ); ?>" title="<?php echo esc_attr( $login_header_title ); ?>" tabindex="-1"><?php bloginfo( 'name' ); ?></a></h1> 152 <?php 153 154 unset( $login_header_url, $login_header_title ); 155 156 /** 157 * Filter the message to display above the login form. 158 * 159 * @since 2.1.0 160 * 161 * @param string $message Login message text. 162 */ 163 $message = apply_filters( 'login_message', $message ); 164 if ( ! empty( $message ) ) { 165 echo $message . "\n"; 166 } 167 168 // In case a plugin uses $error rather than the $wp_errors object 169 if ( ! empty( $error ) ) { 170 $wp_error->add( 'error', $error ); 171 unset( $error ); 172 } 173 174 if ( $wp_error->get_error_code() ) { 175 $errors = ''; 176 $messages = ''; 177 foreach ( $wp_error->get_error_codes() as $code ) { 178 $severity = $wp_error->get_error_data( $code ); 179 foreach ( $wp_error->get_error_messages( $code ) as $error_message ) { 180 if ( 'message' == $severity ) { 181 $messages .= ' ' . $error_message . "<br />\n"; 182 } else { 183 $errors .= ' ' . $error_message . "<br />\n"; 184 } 185 } 186 } 187 if ( ! empty( $errors ) ) { 188 /** 189 * Filter the error messages displayed above the login form. 190 * 191 * @since 2.1.0 192 * 193 * @param string $errors Login error message. 194 */ 195 echo '<div id="login_error">' . apply_filters( 'login_errors', $errors ) . "</div>\n"; 196 } 197 if ( ! empty( $messages ) ) { 198 /** 199 * Filter instructional messages displayed above the login form. 200 * 201 * @since 2.5.0 202 * 203 * @param string $messages Login messages. 204 */ 205 echo '<p class="message">' . apply_filters( 'login_messages', $messages ) . "</p>\n"; 206 } 207 } 208 } // End of login_header() 209 210 /** 211 * Outputs the footer for the login page. 212 * 213 * @param string $input_id Which input to auto-focus 214 */ 215 function login_footer( $input_id = '' ) { 216 global $interim_login; 217 218 // Don't allow interim logins to navigate away from the page. 219 if ( ! $interim_login ): ?> 220 <p id="backtoblog"><a href="<?php echo esc_url( home_url( '/' ) ); ?>"><?php printf( __( '← Back to %s' ), get_bloginfo( 'title', 'display' ) ); ?></a></p> 221 <?php endif; ?> 222 223 </div> 224 225 <?php if ( ! empty( $input_id ) ) : ?> 226 <script type="text/javascript"> 227 try{document.getElementById('<?php echo $input_id; ?>').focus();}catch(e){} 228 if(typeof wpOnload=='function')wpOnload(); 229 </script> 230 <?php endif; ?> 231 232 <?php 233 /** 234 * Fires in the login page footer. 235 * 236 * @since 3.1.0 237 */ 238 do_action( 'login_footer' ); ?> 239 <div class="clear"></div> 240 </body> 241 </html> 242 <?php 243 } 244 245 /** 246 * @since 3.0.0 247 */ 248 function wp_shake_js() { 249 if ( wp_is_mobile() ) { 250 return; 251 } 252 ?> 253 <script type="text/javascript"> 254 addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}}; 255 function s(id,pos){g(id).left=pos+'px';} 256 function g(id){return document.getElementById(id).style;} 257 function shake(id,a,d){c=a.shift();s(id,c);if(a.length>0){setTimeout(function(){shake(id,a,d);},d);}else{try{g(id).position='static';wp_attempt_focus();}catch(e){}}} 258 addLoadEvent(function(){ var p=new Array(15,30,15,0,-15,-30,-15,0);p=p.concat(p.concat(p));var i=document.forms[0].id;g(i).position='relative';shake(i,p,20);}); 259 </script> 260 <?php 261 } 262 263 /** 264 * @since 3.7.0 265 */ 266 function wp_login_viewport_meta() { 267 ?> 268 <meta name="viewport" content="width=device-width" /> 269 <?php 270 } 271 272 /** 273 * Handles sending password retrieval email to user. 274 * 275 * @global wpdb $wpdb WordPress database abstraction object. 276 * @global PasswordHash $wp_hasher Portable PHP password hashing framework. 277 * 278 * @return bool|WP_Error True: when finish. WP_Error on error 279 */ 280 function retrieve_password() { 281 global $wpdb, $wp_hasher; 282 283 $errors = new WP_Error(); 284 285 if ( empty( $_POST['user_login'] ) ) { 286 $errors->add( 'empty_username', __( '<strong>ERROR</strong>: Enter a username or email address.' ) ); 287 } elseif ( strpos( $_POST['user_login'], '@' ) ) { 288 $user_data = get_user_by( 'email', trim( $_POST['user_login'] ) ); 289 if ( empty( $user_data ) ) 290 $errors->add( 'invalid_email', __( '<strong>ERROR</strong>: There is no user registered with that email address.' ) ); 291 } else { 292 $login = trim( $_POST['user_login'] ); 293 $user_data = get_user_by( 'login', $login ); 294 } 295 296 /** 297 * Fires before errors are returned from a password reset request. 298 * 299 * @since 2.1.0 300 * @since 4.4.0 Added the `$errors` parameter. 301 * 302 * @param WP_Error $errors A WP_Error object containing any errors generated 303 * by using invalid credentials. 304 */ 305 do_action( 'lostpassword_post', $errors ); 306 307 if ( $errors->get_error_code() ) { 308 return $errors; 309 } 310 311 if ( ! $user_data ) { 312 $errors->add( 'invalidcombo', __( '<strong>ERROR</strong>: Invalid username or email.' ) ); 313 return $errors; 314 } 315 316 // Redefining user_login ensures we return the right case in the email. 317 $user_login = $user_data->user_login; 318 $user_email = $user_data->user_email; 319 $key = get_password_reset_key( $user_data ); 320 321 if ( is_wp_error( $key ) ) { 322 return $key; 323 } 324 325 $message = __( 'Someone has requested a password reset for the following account:' ) . "\r\n\r\n"; 326 $message .= network_home_url( '/' ) . "\r\n\r\n"; 327 $message .= sprintf(__( 'Username: %s' ), $user_login ) . "\r\n\r\n"; 328 $message .= __( 'If this was a mistake, just ignore this email and nothing will happen.' ) . "\r\n\r\n"; 329 $message .= __( 'To reset your password, visit the following address:' ) . "\r\n\r\n"; 330 $message .= '<' . network_site_url( "wp-login.php?action=rp&key=$key&login=" . rawurlencode( $user_login ), 'login' ) . ">\r\n"; 331 332 if ( is_multisite() ) { 333 $blogname = $GLOBALS['current_site']->site_name; 334 } else { 335 /* 336 * The blogname option is escaped with esc_html on the way into the database 337 * in sanitize_option we want to reverse this for the plain text arena of emails. 338 */ 339 $blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); 340 } 341 342 $title = sprintf( __( '[%s] Password Reset' ), $blogname ); 343 344 /** 345 * Filter the subject of the password reset email. 346 * 347 * @since 2.8.0 348 * @since 4.4.0 Added the `$user_login` and `$user_data` parameters. 349 * 350 * @param string $title Default email title. 351 * @param string $user_login The username for the user. 352 * @param WP_User $user_data WP_User object. 353 */ 354 $title = apply_filters( 'retrieve_password_title', $title, $user_login, $user_data ); 355 356 /** 357 * Filter the message body of the password reset mail. 358 * 359 * @since 2.8.0 360 * @since 4.1.0 Added `$user_login` and `$user_data` parameters. 361 * 362 * @param string $message Default mail message. 363 * @param string $key The activation key. 364 * @param string $user_login The username for the user. 365 * @param WP_User $user_data WP_User object. 366 */ 367 $message = apply_filters( 'retrieve_password_message', $message, $key, $user_login, $user_data ); 368 369 if ( $message && !wp_mail( $user_email, wp_specialchars_decode( $title ), $message ) ) { 370 wp_die( __( 'The email could not be sent.' ) . "<br />\n" . __( 'Possible reason: your host may have disabled the mail() function.' ) ); 371 } 372 373 return true; 374 } -
wp-login.php
diff --git a/wp-login.php b/wp-login.php index 28dbaae..45e9906 100644
a b if ( force_ssl_admin() && ! is_ssl() ) { 22 22 } 23 23 } 24 24 25 /** 26 * Output the login page header. 27 * 28 * @param string $title Optional. WordPress login Page title to display in the `<title>` element. 29 * Default 'Log In'. 30 * @param string $message Optional. Message to display in header. Default empty. 31 * @param WP_Error $wp_error Optional. The error to pass. Default empty. 32 */ 33 function login_header( $title = 'Log In', $message = '', $wp_error = '' ) { 34 global $error, $interim_login, $action; 35 36 // Don't index any of these forms 37 add_action( 'login_head', 'wp_no_robots' ); 38 39 if ( wp_is_mobile() ) 40 add_action( 'login_head', 'wp_login_viewport_meta' ); 41 42 if ( empty($wp_error) ) 43 $wp_error = new WP_Error(); 44 45 // Shake it! 46 $shake_error_codes = array( 'empty_password', 'empty_email', 'invalid_email', 'invalidcombo', 'empty_username', 'invalid_username', 'incorrect_password' ); 47 /** 48 * Filter the error codes array for shaking the login form. 49 * 50 * @since 3.0.0 51 * 52 * @param array $shake_error_codes Error codes that shake the login form. 53 */ 54 $shake_error_codes = apply_filters( 'shake_error_codes', $shake_error_codes ); 55 56 if ( $shake_error_codes && $wp_error->get_error_code() && in_array( $wp_error->get_error_code(), $shake_error_codes ) ) 57 add_action( 'login_head', 'wp_shake_js', 12 ); 58 59 $separator = is_rtl() ? ' › ' : ' ‹ '; 60 61 ?><!DOCTYPE html> 62 <!--[if IE 8]> 63 <html xmlns="http://www.w3.org/1999/xhtml" class="ie8" <?php language_attributes(); ?>> 64 <![endif]--> 65 <!--[if !(IE 8) ]><!--> 66 <html xmlns="http://www.w3.org/1999/xhtml" <?php language_attributes(); ?>> 67 <!--<![endif]--> 68 <head> 69 <meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" /> 70 <title><?php echo get_bloginfo( 'name', 'display' ) . $separator . $title; ?></title> 71 <?php 72 73 wp_enqueue_style( 'login' ); 74 75 /* 76 * Remove all stored post data on logging out. 77 * This could be added by add_action('login_head'...) like wp_shake_js(), 78 * but maybe better if it's not removable by plugins 79 */ 80 if ( 'loggedout' == $wp_error->get_error_code() ) { 81 ?> 82 <script>if("sessionStorage" in window){try{for(var key in sessionStorage){if(key.indexOf("wp-autosave-")!=-1){sessionStorage.removeItem(key)}}}catch(e){}};</script> 83 <?php 84 } 85 86 /** 87 * Enqueue scripts and styles for the login page. 88 * 89 * @since 3.1.0 90 */ 91 do_action( 'login_enqueue_scripts' ); 92 93 /** 94 * Fires in the login page header after scripts are enqueued. 95 * 96 * @since 2.1.0 97 */ 98 do_action( 'login_head' ); 99 100 if ( is_multisite() ) { 101 $login_header_url = network_home_url(); 102 $login_header_title = get_current_site()->site_name; 103 } else { 104 $login_header_url = __( 'https://wordpress.org/' ); 105 $login_header_title = __( 'Powered by WordPress' ); 106 } 107 108 /** 109 * Filter link URL of the header logo above login form. 110 * 111 * @since 2.1.0 112 * 113 * @param string $login_header_url Login header logo URL. 114 */ 115 $login_header_url = apply_filters( 'login_headerurl', $login_header_url ); 116 /** 117 * Filter the title attribute of the header logo above login form. 118 * 119 * @since 2.1.0 120 * 121 * @param string $login_header_title Login header logo title attribute. 122 */ 123 $login_header_title = apply_filters( 'login_headertitle', $login_header_title ); 124 125 $classes = array( 'login-action-' . $action, 'wp-core-ui' ); 126 if ( wp_is_mobile() ) 127 $classes[] = 'mobile'; 128 if ( is_rtl() ) 129 $classes[] = 'rtl'; 130 if ( $interim_login ) { 131 $classes[] = 'interim-login'; 132 ?> 133 <style type="text/css">html{background-color: transparent;}</style> 134 <?php 135 136 if ( 'success' === $interim_login ) 137 $classes[] = 'interim-login-success'; 138 } 139 $classes[] =' locale-' . sanitize_html_class( strtolower( str_replace( '_', '-', get_locale() ) ) ); 140 141 /** 142 * Filter the login page body classes. 143 * 144 * @since 3.5.0 145 * 146 * @param array $classes An array of body classes. 147 * @param string $action The action that brought the visitor to the login page. 148 */ 149 $classes = apply_filters( 'login_body_class', $classes, $action ); 150 151 ?> 152 </head> 153 <body class="login <?php echo esc_attr( implode( ' ', $classes ) ); ?>"> 154 <div id="login"> 155 <h1><a href="<?php echo esc_url( $login_header_url ); ?>" title="<?php echo esc_attr( $login_header_title ); ?>" tabindex="-1"><?php bloginfo( 'name' ); ?></a></h1> 156 <?php 157 158 unset( $login_header_url, $login_header_title ); 159 160 /** 161 * Filter the message to display above the login form. 162 * 163 * @since 2.1.0 164 * 165 * @param string $message Login message text. 166 */ 167 $message = apply_filters( 'login_message', $message ); 168 if ( !empty( $message ) ) 169 echo $message . "\n"; 170 171 // In case a plugin uses $error rather than the $wp_errors object 172 if ( !empty( $error ) ) { 173 $wp_error->add('error', $error); 174 unset($error); 175 } 176 177 if ( $wp_error->get_error_code() ) { 178 $errors = ''; 179 $messages = ''; 180 foreach ( $wp_error->get_error_codes() as $code ) { 181 $severity = $wp_error->get_error_data( $code ); 182 foreach ( $wp_error->get_error_messages( $code ) as $error_message ) { 183 if ( 'message' == $severity ) 184 $messages .= ' ' . $error_message . "<br />\n"; 185 else 186 $errors .= ' ' . $error_message . "<br />\n"; 187 } 188 } 189 if ( ! empty( $errors ) ) { 190 /** 191 * Filter the error messages displayed above the login form. 192 * 193 * @since 2.1.0 194 * 195 * @param string $errors Login error message. 196 */ 197 echo '<div id="login_error">' . apply_filters( 'login_errors', $errors ) . "</div>\n"; 198 } 199 if ( ! empty( $messages ) ) { 200 /** 201 * Filter instructional messages displayed above the login form. 202 * 203 * @since 2.5.0 204 * 205 * @param string $messages Login messages. 206 */ 207 echo '<p class="message">' . apply_filters( 'login_messages', $messages ) . "</p>\n"; 208 } 209 } 210 } // End of login_header() 211 212 /** 213 * Outputs the footer for the login page. 214 * 215 * @param string $input_id Which input to auto-focus 216 */ 217 function login_footer($input_id = '') { 218 global $interim_login; 219 220 // Don't allow interim logins to navigate away from the page. 221 if ( ! $interim_login ): ?> 222 <p id="backtoblog"><a href="<?php echo esc_url( home_url( '/' ) ); ?>"><?php printf( __( '← Back to %s' ), get_bloginfo( 'title', 'display' ) ); ?></a></p> 223 <?php endif; ?> 224 225 </div> 226 227 <?php if ( !empty($input_id) ) : ?> 228 <script type="text/javascript"> 229 try{document.getElementById('<?php echo $input_id; ?>').focus();}catch(e){} 230 if(typeof wpOnload=='function')wpOnload(); 231 </script> 232 <?php endif; ?> 233 234 <?php 235 /** 236 * Fires in the login page footer. 237 * 238 * @since 3.1.0 239 */ 240 do_action( 'login_footer' ); ?> 241 <div class="clear"></div> 242 </body> 243 </html> 244 <?php 245 } 246 247 /** 248 * @since 3.0.0 249 */ 250 function wp_shake_js() { 251 if ( wp_is_mobile() ) 252 return; 253 ?> 254 <script type="text/javascript"> 255 addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}}; 256 function s(id,pos){g(id).left=pos+'px';} 257 function g(id){return document.getElementById(id).style;} 258 function shake(id,a,d){c=a.shift();s(id,c);if(a.length>0){setTimeout(function(){shake(id,a,d);},d);}else{try{g(id).position='static';wp_attempt_focus();}catch(e){}}} 259 addLoadEvent(function(){ var p=new Array(15,30,15,0,-15,-30,-15,0);p=p.concat(p.concat(p));var i=document.forms[0].id;g(i).position='relative';shake(i,p,20);}); 260 </script> 261 <?php 262 } 263 264 /** 265 * @since 3.7.0 266 */ 267 function wp_login_viewport_meta() { 268 ?> 269 <meta name="viewport" content="width=device-width" /> 270 <?php 271 } 272 273 /** 274 * Handles sending password retrieval email to user. 275 * 276 * @global wpdb $wpdb WordPress database abstraction object. 277 * @global PasswordHash $wp_hasher Portable PHP password hashing framework. 278 * 279 * @return bool|WP_Error True: when finish. WP_Error on error 280 */ 281 function retrieve_password() { 282 global $wpdb, $wp_hasher; 283 284 $errors = new WP_Error(); 285 286 if ( empty( $_POST['user_login'] ) ) { 287 $errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or email address.')); 288 } elseif ( strpos( $_POST['user_login'], '@' ) ) { 289 $user_data = get_user_by( 'email', trim( $_POST['user_login'] ) ); 290 if ( empty( $user_data ) ) 291 $errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.')); 292 } else { 293 $login = trim($_POST['user_login']); 294 $user_data = get_user_by('login', $login); 295 } 296 297 /** 298 * Fires before errors are returned from a password reset request. 299 * 300 * @since 2.1.0 301 * @since 4.4.0 Added the `$errors` parameter. 302 * 303 * @param WP_Error $errors A WP_Error object containing any errors generated 304 * by using invalid credentials. 305 */ 306 do_action( 'lostpassword_post', $errors ); 307 308 if ( $errors->get_error_code() ) 309 return $errors; 310 311 if ( !$user_data ) { 312 $errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or email.')); 313 return $errors; 314 } 315 316 // Redefining user_login ensures we return the right case in the email. 317 $user_login = $user_data->user_login; 318 $user_email = $user_data->user_email; 319 $key = get_password_reset_key( $user_data ); 320 321 if ( is_wp_error( $key ) ) { 322 return $key; 323 } 324 325 $message = __('Someone has requested a password reset for the following account:') . "\r\n\r\n"; 326 $message .= network_home_url( '/' ) . "\r\n\r\n"; 327 $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n"; 328 $message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n"; 329 $message .= __('To reset your password, visit the following address:') . "\r\n\r\n"; 330 $message .= '<' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ">\r\n"; 331 332 if ( is_multisite() ) 333 $blogname = $GLOBALS['current_site']->site_name; 334 else 335 /* 336 * The blogname option is escaped with esc_html on the way into the database 337 * in sanitize_option we want to reverse this for the plain text arena of emails. 338 */ 339 $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES); 340 341 $title = sprintf( __('[%s] Password Reset'), $blogname ); 342 343 /** 344 * Filter the subject of the password reset email. 345 * 346 * @since 2.8.0 347 * @since 4.4.0 Added the `$user_login` and `$user_data` parameters. 348 * 349 * @param string $title Default email title. 350 * @param string $user_login The username for the user. 351 * @param WP_User $user_data WP_User object. 352 */ 353 $title = apply_filters( 'retrieve_password_title', $title, $user_login, $user_data ); 354 355 /** 356 * Filter the message body of the password reset mail. 357 * 358 * @since 2.8.0 359 * @since 4.1.0 Added `$user_login` and `$user_data` parameters. 360 * 361 * @param string $message Default mail message. 362 * @param string $key The activation key. 363 * @param string $user_login The username for the user. 364 * @param WP_User $user_data WP_User object. 365 */ 366 $message = apply_filters( 'retrieve_password_message', $message, $key, $user_login, $user_data ); 367 368 if ( $message && !wp_mail( $user_email, wp_specialchars_decode( $title ), $message ) ) 369 wp_die( __('The email could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function.') ); 370 371 return true; 372 } 373 374 // 375 // Main 376 // 25 require ABSPATH . WPINC . '/functions.wp-login.php'; 377 26 378 27 $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'login'; 379 28 $errors = new WP_Error(); … … if ( !in_array( $action, array( 'postpass', 'logout', 'lostpassword', 'retrievep 387 36 388 37 nocache_headers(); 389 38 390 header( 'Content-Type: '.get_bloginfo('html_type').'; charset='.get_bloginfo('charset'));39 header( 'Content-Type: ' . get_bloginfo( 'html_type' ) . '; charset=' . get_bloginfo( 'charset' ) ); 391 40 392 41 if ( defined( 'RELOCATE' ) && RELOCATE ) { // Move flag is set 393 42 if ( isset( $_SERVER['PATH_INFO'] ) && ($_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) )