Ticket #5405: wp-login.diff
File wp-login.diff, 27.6 KB (added by , 17 years ago) |
---|
-
wp-login.php
1 1 <?php 2 2 require( dirname(__FILE__) . '/wp-config.php' ); 3 3 4 $action = $_REQUEST['action'];5 $errors = array();6 7 if ( isset($_GET['key']) )8 $action = 'resetpass';9 10 nocache_headers();11 12 header('Content-Type: '.get_bloginfo('html_type').'; charset='.get_bloginfo('charset'));13 14 if ( defined('RELOCATE') ) { // Move flag is set15 if ( isset( $_SERVER['PATH_INFO'] ) && ($_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) )16 $_SERVER['PHP_SELF'] = str_replace( $_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF'] );17 18 $schema = ( isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on' ) ? 'https://' : 'http://';19 if ( dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != get_option('siteurl') )20 update_option('siteurl', dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) );21 }22 23 //Set a cookie now to see if they are supported by the browser.24 setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN);25 if ( SITECOOKIEPATH != COOKIEPATH )26 setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN);27 28 4 // Rather than duplicating this HTML all over the place, we'll stick it in function 29 function login_header($title = 'Login', $message = '' ) {30 global $error s, $error;5 function login_header($title = 'Login', $message = '', $wp_error = '') { 6 global $error; 31 7 8 if ( empty($wp_error) ) 9 $wp_error = new WP_Error(); 32 10 ?> 33 11 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 34 12 <html xmlns="http://www.w3.org/1999/xhtml" <?php language_attributes(); ?>> … … 50 28 <?php 51 29 if ( !empty( $message ) ) echo apply_filters('login_message', $message) . "\n"; 52 30 53 // Incase a plugin uses $error rather than the $errors array31 // Incase a plugin uses $error rather than the $errors object 54 32 if ( !empty( $error ) ) { 55 $ errors['error'] = $error;33 $wp_error->add('error', $error); 56 34 unset($error); 57 35 } 58 36 59 if ( !empty( $errors ) ) { 60 if ( is_array( $errors ) ) { 61 $newerrors = "\n"; 62 foreach ( $errors as $error ) $newerrors .= ' ' . $error . "<br />\n"; 63 $errors = $newerrors; 64 } 37 if ( $wp_error->get_error_code() ) { 38 $errors = "\n"; 39 foreach ( $wp_error->get_error_messages() as $error ) 40 $errors .= ' ' . $error . "<br />\n"; 65 41 66 42 echo '<div id="login_error">' . apply_filters('login_errors', $errors) . "</div>\n"; 67 43 } 68 44 } // End of login_header() 69 45 46 function retrieve_password() { 47 global $wpdb; 48 49 $errors = new WP_Error(); 50 51 if ( empty( $_POST['user_login'] ) && empty( $_POST['user_email'] ) ) 52 $errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or e-mail address.')); 53 54 if ( strstr($_POST['user_login'], '@') ) { 55 $user_data = get_user_by_email(trim($_POST['user_login'])); 56 if ( empty($user_data) ) 57 $errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.')); 58 } else { 59 $login = trim($_POST['user_login']); 60 $user_data = get_userdatabylogin($login); 61 } 62 63 do_action('lostpassword_post'); 64 65 if ( $errors->get_error_code() ) 66 return $errors; 67 68 if ( !$user_data ) { 69 $errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or e-mail.')); 70 return $errors; 71 } 72 73 // redefining user_login ensures we return the right case in the email 74 $user_login = $user_data->user_login; 75 $user_email = $user_data->user_email; 76 77 do_action('retreive_password', $user_login); // Misspelled and deprecated 78 do_action('retrieve_password', $user_login); 79 80 // Generate something random for a key... 81 $key = wp_generate_password(); 82 // Now insert the new md5 key into the db 83 $wpdb->query("UPDATE $wpdb->users SET user_activation_key = '$key' WHERE user_login = '$user_login'"); 84 $message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n"; 85 $message .= get_option('siteurl') . "\r\n\r\n"; 86 $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n"; 87 $message .= __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.') . "\r\n\r\n"; 88 $message .= get_option('siteurl') . "/wp-login.php?action=rp&key=$key\r\n"; 89 90 if ( !wp_mail($user_email, sprintf(__('[%s] Password Reset'), get_option('blogname')), $message) ) 91 die('<p>' . __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') . '</p>'); 92 93 return true; 94 } 95 96 function reset_password($key) { 97 global $wpdb; 98 99 $key = preg_replace('/[^a-z0-9]/i', '', $key); 100 101 if ( empty( $key ) ) 102 return new WP_Error('invalid_key', __('Invalid key')); 103 104 $user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_activation_key = '$key'"); 105 if ( empty( $user ) ) 106 return new WP_Error('invalid_key', __('Invalid key')); 107 108 do_action('password_reset'); 109 110 // Generate something random for a password... 111 $new_pass = wp_generate_password(); 112 wp_set_password($new_pass, $user->ID); 113 $message = sprintf(__('Username: %s'), $user->user_login) . "\r\n"; 114 $message .= sprintf(__('Password: %s'), $new_pass) . "\r\n"; 115 $message .= get_option('siteurl') . "/wp-login.php\r\n"; 116 117 if ( !wp_mail($user->user_email, sprintf(__('[%s] Your new password'), get_option('blogname')), $message) ) 118 die('<p>' . __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') . '</p>'); 119 120 // send a copy of password change notification to the admin 121 // but check to see if it's the admin whose password we're changing, and skip this 122 if ( $user->user_email != get_option('admin_email') ) { 123 $message = sprintf(__('Password Lost and Changed for user: %s'), $user->user_login) . "\r\n"; 124 wp_mail(get_option('admin_email'), sprintf(__('[%s] Password Lost/Changed'), get_option('blogname')), $message); 125 } 126 127 return true; 128 } 129 130 function register_new_user($user_login, $user_email) { 131 $errors = new WP_Error(); 132 133 $user_login = sanitize_user( $user_login ); 134 $user_email = apply_filters( 'user_registration_email', $user_email ); 135 136 // Check the username 137 if ( $user_login == '' ) 138 $errors->add('empty_username', __('<strong>ERROR</strong>: Please enter a username.')); 139 elseif ( !validate_username( $user_login ) ) { 140 $errors->add('invalid_username', __('<strong>ERROR</strong>: This username is invalid. Please enter a valid username.')); 141 $user_login = ''; 142 } elseif ( username_exists( $user_login ) ) 143 $errors->add('username_exists', __('<strong>ERROR</strong>: This username is already registered, please choose another one.')); 144 145 // Check the e-mail address 146 if ($user_email == '') { 147 $errors->add('empty_email', __('<strong>ERROR</strong>: Please type your e-mail address.')); 148 } elseif ( !is_email( $user_email ) ) { 149 $errors->add('invalid_email', __('<strong>ERROR</strong>: The email address isn’t correct.')); 150 $user_email = ''; 151 } elseif ( email_exists( $user_email ) ) 152 $errors->add('email_exists', __('<strong>ERROR</strong>: This email is already registered, please choose another one.')); 153 154 do_action('register_post'); 155 156 $errors = apply_filters( 'registration_errors', $errors ); 157 158 if ( $errors->get_error_code() ) 159 return $errors; 160 161 $user_pass = wp_generate_password(); 162 $user_id = wp_create_user( $user_login, $user_pass, $user_email ); 163 if ( !$user_id ) { 164 $errors->add('registerfail', sprintf(__('<strong>ERROR</strong>: Couldn’t register you... please contact the <a href="mailto:%s">webmaster</a> !'), get_option('admin_email'))); 165 return $errors; 166 } 167 168 wp_new_user_notification($user_id, $user_pass); 169 170 return $user_id; 171 } 172 173 // 174 // Main 175 // 176 177 $action = $_REQUEST['action']; 178 $errors = new WP_Error(); 179 180 if ( isset($_GET['key']) ) 181 $action = 'resetpass'; 182 183 nocache_headers(); 184 185 header('Content-Type: '.get_bloginfo('html_type').'; charset='.get_bloginfo('charset')); 186 187 if ( defined('RELOCATE') ) { // Move flag is set 188 if ( isset( $_SERVER['PATH_INFO'] ) && ($_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) ) 189 $_SERVER['PHP_SELF'] = str_replace( $_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF'] ); 190 191 $schema = ( isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on' ) ? 'https://' : 'http://'; 192 if ( dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != get_option('siteurl') ) 193 update_option('siteurl', dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) ); 194 } 195 196 //Set a cookie now to see if they are supported by the browser. 197 setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN); 198 if ( SITECOOKIEPATH != COOKIEPATH ) 199 setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN); 200 70 201 $http_post = ('POST' == $_SERVER['REQUEST_METHOD']); 71 202 switch ($action) { 72 203 73 204 case 'logout' : 74 205 75 wp_clearcookie(); 76 do_action('wp_logout'); 206 wp_logout(); 77 207 78 208 $redirect_to = 'wp-login.php?loggedout=true'; 79 209 if ( isset( $_REQUEST['redirect_to'] ) ) … … 86 216 87 217 case 'lostpassword' : 88 218 case 'retrievepassword' : 89 $user_login = '';90 $user_pass = '';91 92 219 if ( $http_post ) { 93 if ( empty( $_POST['user_login'] ) ) 94 $errors['user_login'] = __('<strong>ERROR</strong>: The username field is empty.'); 95 if ( empty( $_POST['user_email'] ) ) 96 $errors['user_email'] = __('<strong>ERROR</strong>: The e-mail field is empty.'); 97 98 do_action('lostpassword_post'); 99 100 if ( empty( $errors ) ) { 101 $user_data = get_userdatabylogin(trim($_POST['user_login'])); 102 // redefining user_login ensures we return the right case in the email 103 $user_login = $user_data->user_login; 104 $user_email = $user_data->user_email; 105 106 if (!$user_email || $user_email != $_POST['user_email']) { 107 $errors['invalidcombo'] = __('<strong>ERROR</strong>: Invalid username / e-mail combination.'); 108 } else { 109 do_action('retreive_password', $user_login); // Misspelled and deprecated 110 do_action('retrieve_password', $user_login); 111 112 // Generate something random for a key... 113 $key = substr( md5( uniqid( microtime() ) ), 0, 8); 114 // Now insert the new md5 key into the db 115 $wpdb->query("UPDATE $wpdb->users SET user_activation_key = '$key' WHERE user_login = '$user_login'"); 116 $message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n"; 117 $message .= get_option('siteurl') . "\r\n\r\n"; 118 $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n"; 119 $message .= __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.') . "\r\n\r\n"; 120 $message .= get_option('siteurl') . "/wp-login.php?action=rp&key=$key\r\n"; 121 122 if (FALSE == wp_mail($user_email, sprintf(__('[%s] Password Reset'), get_option('blogname')), $message)) { 123 die('<p>' . __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') . '</p>'); 124 } else { 125 wp_redirect('wp-login.php?checkemail=confirm'); 126 exit(); 127 } 128 } 220 $errors = retrieve_password(); 221 if ( !is_wp_error($errors) ) { 222 wp_redirect('wp-login.php?checkemail=confirm'); 223 exit(); 129 224 } 130 225 } 131 226 132 if ( 'invalidkey' == $_GET['error'] ) $errors ['invalidkey'] = __('Sorry, that key does not appear to be valid.');227 if ( 'invalidkey' == $_GET['error'] ) $errors->add('invalidkey', __('Sorry, that key does not appear to be valid.')); 133 228 134 229 do_action('lost_password'); 135 login_header(__('Lost Password'), '<p class="message">' . __('Please enter your username and e-mail address. You will receive a new password via e-mail.') . '</p>' );230 login_header(__('Lost Password'), '<p class="message">' . __('Please enter your username and e-mail address. You will receive a new password via e-mail.') . '</p>', $errors); 136 231 ?> 137 232 138 233 <form name="lostpasswordform" id="lostpasswordform" action="wp-login.php?action=lostpassword" method="post"> 139 234 <p> 140 <label><?php _e('Username ') ?><br />235 <label><?php _e('Username or E-mail:') ?><br /> 141 236 <input type="text" name="user_login" id="user_login" class="input" value="<?php echo attribute_escape(stripslashes($_POST['user_login'])); ?>" size="20" tabindex="10" /></label> 142 237 </p> 143 <p>144 <label><?php _e('E-mail') ?><br />145 <input type="text" name="user_email" id="user_email" class="input" value="<?php echo attribute_escape(stripslashes($_POST['user_email'])); ?>" size="25" tabindex="20" /></label>146 </p>147 238 <?php do_action('lostpassword_form'); ?> 148 239 <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" value="<?php _e('Get New Password »'); ?>" tabindex="100" /></p> 149 240 <div><br clear="all" /></div> … … 169 260 170 261 case 'resetpass' : 171 262 case 'rp' : 172 $key = preg_replace('/[^a-z0-9]/i', '', $_GET['key']); 173 if ( empty( $key ) ) { 174 wp_redirect('wp-login.php?action=lostpassword&error=invalidkey'); 175 exit(); 176 } 263 $errors = reset_password($_GET['key']); 177 264 178 $user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_activation_key = '$key'"); 179 if ( empty( $user ) ) { 180 wp_redirect('wp-login.php?action=lostpassword&error=invalidkey'); 265 if ( ! is_wp_error($errors) ) { 266 wp_redirect('wp-login.php?checkemail=newpass'); 181 267 exit(); 182 268 } 183 269 184 do_action('password_reset'); 270 wp_redirect('wp-login.php?action=lostpassword&error=invalidkey'); 271 exit(); 185 272 186 // Generate something random for a password...187 $new_pass = wp_generate_password();188 wp_set_password($new_pass, $user->ID);189 $message = sprintf(__('Username: %s'), $user->user_login) . "\r\n";190 $message .= sprintf(__('Password: %s'), $new_pass) . "\r\n";191 $message .= get_option('siteurl') . "/wp-login.php\r\n";192 193 if (FALSE == wp_mail($user->user_email, sprintf(__('[%s] Your new password'), get_option('blogname')), $message)) {194 die('<p>' . __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') . '</p>');195 } else {196 // send a copy of password change notification to the admin197 // but check to see if it's the admin whose password we're changing, and skip this198 if ($user->user_email != get_option('admin_email')) {199 $message = sprintf(__('Password Lost and Changed for user: %s'), $user->user_login) . "\r\n";200 wp_mail(get_option('admin_email'), sprintf(__('[%s] Password Lost/Changed'), get_option('blogname')), $message);201 }202 203 wp_redirect('wp-login.php?checkemail=newpass');204 exit();205 }206 273 break; 207 274 208 275 case 'register' : 209 if ( FALSE ==get_option('users_can_register') ) {276 if ( !get_option('users_can_register') ) { 210 277 wp_redirect('wp-login.php?registration=disabled'); 211 278 exit(); 212 279 } 213 280 281 $user_login = ''; 282 $user_email = ''; 214 283 if ( $http_post ) { 215 284 require_once( ABSPATH . WPINC . '/registration.php'); 216 285 217 $user_login = sanitize_user( $_POST['user_login'] ); 218 $user_email = apply_filters( 'user_registration_email', $_POST['user_email'] ); 219 220 // Check the username 221 if ( $user_login == '' ) 222 $errors['user_login'] = __('<strong>ERROR</strong>: Please enter a username.'); 223 elseif ( !validate_username( $user_login ) ) { 224 $errors['user_login'] = __('<strong>ERROR</strong>: This username is invalid. Please enter a valid username.'); 225 $user_login = ''; 226 } elseif ( username_exists( $user_login ) ) 227 $errors['user_login'] = __('<strong>ERROR</strong>: This username is already registered, please choose another one.'); 228 229 // Check the e-mail address 230 if ($user_email == '') { 231 $errors['user_email'] = __('<strong>ERROR</strong>: Please type your e-mail address.'); 232 } elseif ( !is_email( $user_email ) ) { 233 $errors['user_email'] = __('<strong>ERROR</strong>: The email address isn’t correct.'); 234 $user_email = ''; 235 } elseif ( email_exists( $user_email ) ) 236 $errors['user_email'] = __('<strong>ERROR</strong>: This email is already registered, please choose another one.'); 237 238 do_action('register_post'); 239 240 $errors = apply_filters( 'registration_errors', $errors ); 241 242 if ( empty( $errors ) ) { 243 $user_pass = wp_generate_password(); 244 245 $user_id = wp_create_user( $user_login, $user_pass, $user_email ); 246 if ( !$user_id ) 247 $errors['registerfail'] = sprintf(__('<strong>ERROR</strong>: Couldn’t register you... please contact the <a href="mailto:%s">webmaster</a> !'), get_option('admin_email')); 248 else { 249 wp_new_user_notification($user_id, $user_pass); 250 251 wp_redirect('wp-login.php?checkemail=registered'); 252 exit(); 253 } 286 $user_login = $_POST['user_login']; 287 $user_email = $_POST['user_email']; 288 $errors = register_new_user($user_login, $user_email); 289 if ( !is_wp_error($errors) ) { 290 wp_redirect('wp-login.php?checkemail=registered'); 291 exit(); 254 292 } 255 293 } 256 294 257 login_header(__('Registration Form'), '<p class="message register">' . __('Register For This Site') . '</p>' );295 login_header(__('Registration Form'), '<p class="message register">' . __('Register For This Site') . '</p>', $errors); 258 296 ?> 259 297 260 298 <form name="registerform" id="registerform" action="wp-login.php?action=register" method="post"> … … 288 326 289 327 case 'login' : 290 328 default: 291 $user_login = '';292 $user_pass = '';293 294 329 if ( !isset( $_REQUEST['redirect_to'] ) || is_user_logged_in() ) 295 330 $redirect_to = 'wp-admin/'; 296 331 else 297 332 $redirect_to = $_REQUEST['redirect_to']; 298 333 299 if ( $http_post ) { 300 // If cookies are disabled we can't log in even with a valid user+pass 301 if ( empty($_COOKIE[TEST_COOKIE]) ) 302 $errors['test_cookie'] = __('<strong>ERROR</strong>: WordPress requires Cookies but your browser does not support them or they are blocked.'); 303 304 $user_login = $_POST['log']; 305 $user_login = sanitize_user( $user_login ); 306 $user_pass = $_POST['pwd']; 307 $rememberme = $_POST['rememberme']; 334 $user = wp_signon(); 308 335 309 do_action_ref_array('wp_authenticate', array(&$user_login, &$user_pass)); 310 } else { 311 $user = wp_validate_auth_cookie(); 312 if ( !$user ) { 313 if ( empty($_GET['loggedout']) && !empty($_COOKIE[AUTH_COOKIE]) ) 314 $errors['expiredsession'] = __('Your session has expired.'); 315 } else { 316 $user = new WP_User($user); 317 318 // If the user can't edit posts, send them to their profile. 319 if ( !$user->has_cap('edit_posts') && ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' ) ) 320 $redirect_to = get_option('siteurl') . '/wp-admin/profile.php'; 321 wp_safe_redirect($redirect_to); 322 exit(); 323 } 324 } 325 326 if ( $user_login && $user_pass && empty( $errors ) ) { 327 $user = new WP_User(0, $user_login); 328 336 if ( !is_wp_error($user) ) { 329 337 // If the user can't edit posts, send them to their profile. 330 338 if ( !$user->has_cap('edit_posts') && ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' ) ) 331 $redirect_to = get_option('siteurl') . '/wp-admin/profile.php'; 332 333 if ( wp_login($user_login, $user_pass) ) { 334 wp_set_auth_cookie($user->ID, $rememberme); 335 do_action('wp_login', $user_login); 336 wp_safe_redirect($redirect_to); 337 exit(); 338 } 339 $redirect_to = get_option('siteurl') . '/wp-admin/profile.php'; 340 wp_safe_redirect($redirect_to); 341 exit(); 339 342 } 343 344 $errors = $user; 345 // Clear errors if loggedout is set. 346 if ( !empty($_GET['loggedout']) ) 347 $errors = new WP_Error(); 340 348 341 if ( $http_post && empty( $user_login ) ) 342 $errors['user_login'] = __('<strong>ERROR</strong>: The username field is empty.'); 343 if ( $http_post && empty( $user_pass ) ) 344 $errors['user_pass'] = __('<strong>ERROR</strong>: The password field is empty.'); 349 // If cookies are disabled we can't log in even with a valid user+pass 350 if ( isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE]) ) 351 $errors->add('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress.")); 345 352 346 353 // Some parts of this script use the main login form to display a message 347 if ( TRUE == $_GET['loggedout'] ) $errors ['loggedout'] = __('You are now logged out.');348 elseif ( 'disabled' == $_GET['registration'] ) $errors ['registerdiabled'] = __('User registration is currently not allowed.');349 elseif ( 'confirm' == $_GET['checkemail'] ) $errors ['confirm'] = __('Check your e-mail for the confirmation link.');350 elseif ( 'newpass' == $_GET['checkemail'] ) $errors ['newpass'] = __('Check your e-mail for your new password.');351 elseif ( 'registered' == $_GET['checkemail'] ) $errors ['registered'] = __('Registration complete. Please check your e-mail.');354 if ( TRUE == $_GET['loggedout'] ) $errors->add('loggedout', __('You are now logged out.')); 355 elseif ( 'disabled' == $_GET['registration'] ) $errors->add('registerdiabled', __('User registration is currently not allowed.')); 356 elseif ( 'confirm' == $_GET['checkemail'] ) $errors->add('confirm', __('Check your e-mail for the confirmation link.')); 357 elseif ( 'newpass' == $_GET['checkemail'] ) $errors->add('newpass', __('Check your e-mail for your new password.')); 358 elseif ( 'registered' == $_GET['checkemail'] ) $errors->add('registered', __('Registration complete. Please check your e-mail.')); 352 359 353 login_header(__('Login') );360 login_header(__('Login'), '', $errors); 354 361 ?> 355 362 356 363 <form name="loginform" id="loginform" action="wp-login.php" method="post"> … … 368 375 <p class="submit"> 369 376 <input type="submit" name="wp-submit" id="wp-submit" value="<?php _e('Log in'); ?> »" tabindex="100" /> 370 377 <input type="hidden" name="redirect_to" value="<?php echo attribute_escape($redirect_to); ?>" /> 378 <input type="hidden" name="testcookie" value="1" /> 371 379 <div><br clear="all" /></div> 372 380 </p> 373 381 <?php else : ?> -
wp-includes/pluggable.php
413 413 } 414 414 endif; 415 415 416 if ( !function_exists('wp_login') ) :417 416 /** 418 * wp_login() - Checks a users login information and logs them in if it checks out 417 * wp_authenticate() - Checks a user's login information and logs them in if it checks out 418 * @since 2.5 419 419 * 420 * Use the global $error to get the reason why the login failed.421 * If the username is blank, no error will be set, so assume422 * blank username on that case.423 *424 * Plugins extending this function should also provide the global425 * $error and set what the error is, so that those checking the426 * global for why there was a failure can utilize it later.427 *428 * @since 1.2.2429 * @global string $error Error when false is returned430 *431 420 * @param string $username User's username 432 421 * @param string $password User's password 433 * @param bool $deprecated Not used 434 * @return bool False on login failure, true on successful check 422 * @return WP_Error|WP_User WP_User object if login successful, otherwise WP_Error object. 435 423 */ 436 function wp_login($username, $password, $deprecated = '') { 437 global $error; 438 424 function wp_authenticate($username, $password) { 439 425 $username = sanitize_user($username); 440 426 441 427 if ( '' == $username ) 442 return false;428 return new WP_Error('empty_username', __('<strong>ERROR</strong>: The username field is empty.')); 443 429 444 if ( '' == $password ) { 445 $error = __('<strong>ERROR</strong>: The password field is empty.'); 446 return false; 447 } 430 if ( '' == $password ) 431 return new WP_Error('empty_password', __('<strong>ERROR</strong>: The password field is empty.')); 448 432 449 433 $user = get_userdatabylogin($username); 450 434 451 if ( !$user || ($user->user_login != $username) ) { 452 $error = __('<strong>ERROR</strong>: Invalid username.'); 453 return false; 454 } 435 if ( !$user || ($user->user_login != $username) ) 436 return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Invalid username.')); 455 437 456 if ( !wp_check_password($password, $user->user_pass) ) { 457 $error = __('<strong>ERROR</strong>: Incorrect password.'); 458 return false; 459 } 438 if ( !wp_check_password($password, $user->user_pass) ) 439 return new WP_Error('incorrect_password', __('<strong>ERROR</strong>: Incorrect password.')); 460 440 461 441 // If using old md5 password, rehash. 462 442 if ( strlen($user->user_pass) <= 32 ) 463 443 wp_set_password($password, $user->ID); 464 444 465 return true;445 return new WP_User($user->ID); 466 446 } 467 endif;468 447 448 /** 449 * wp_logout() - Log the current user out 450 * @since 2.5 451 * 452 */ 453 function wp_logout() { 454 wp_clear_auth_cookie(); 455 do_action('wp_logout'); 456 } 457 469 458 if ( !function_exists('wp_validate_auth_cookie') ) : 470 459 /** 471 460 * wp_validate_auth_cookie() - Validates authentication cookie … … 1225 1214 } 1226 1215 endif; 1227 1216 1217 if ( !function_exists('wp_login') ) : 1218 /** 1219 * wp_login() - Checks a users login information and logs them in if it checks out 1220 * 1221 * Use the global $error to get the reason why the login failed. 1222 * If the username is blank, no error will be set, so assume 1223 * blank username on that case. 1224 * 1225 * Plugins extending this function should also provide the global 1226 * $error and set what the error is, so that those checking the 1227 * global for why there was a failure can utilize it later. 1228 * 1229 * @since 1.2.2 1230 * @deprecated Use wp_signin() 1231 * @global string $error Error when false is returned 1232 * 1233 * @param string $username User's username 1234 * @param string $password User's password 1235 * @param bool $deprecated Not used 1236 * @return bool False on login failure, true on successful check 1237 */ 1238 function wp_login($username, $password, $deprecated = '') { 1239 global $error; 1240 1241 $user = wp_authenticate($username, $password); 1242 1243 if ( ! is_wp_error($user) ) 1244 return true; 1245 1246 $error = $user->get_error_message(); 1247 return false; 1248 } 1249 endif; 1250 1228 1251 ?> -
wp-includes/user.php
1 1 <?php 2 2 3 function wp_signon( $credentials = '' ) { 4 if ( empty($credentials) ) { 5 if ( ! empty($_POST['log']) ) 6 $credentials['user_login'] = $_POST['log']; 7 if ( ! empty($_POST['pwd']) ) 8 $credentials['user_password'] = $_POST['pwd']; 9 if ( ! empty($_POST['rememberme']) ) 10 $credentials['remember'] = $_POST['rememberme']; 11 } 12 13 if ( !empty($credentials['user_login']) ) 14 $credentials['user_login'] = sanitize_user($credentials['user_login']); 15 if ( !empty($credentials['user_password']) ) 16 $credentials['user_password'] = trim($credentials['user_password']); 17 if ( !empty($credentials['remember']) ) 18 $credentials['remember'] = true; 19 else 20 $credentials['remember'] = false; 21 22 // If no credential info provided, check cookie. 23 if ( empty($credentials['user_login']) && empty($credentials['user_password']) ) { 24 $user = wp_validate_auth_cookie(); 25 if ( $user ) 26 return new WP_User($user); 27 28 if ( !empty($_COOKIE[AUTH_COOKIE]) ) 29 return new WP_Error('expired_session', __('Your session has expired.')); 30 31 // If the cookie is not set, be silent. 32 return new WP_Error(); 33 } 34 35 if ( empty($credentials['user_login']) || empty($credentials['user_password']) ) { 36 $error = new WP_Error(); 37 38 if ( empty($credentials['user_login']) ) 39 $error->add('empty_username', __('<strong>ERROR</strong>: The username field is empty.')); 40 if ( empty($credentials['user_password']) ) 41 $error->add('empty_password', __('<strong>ERROR</strong>: The password field is empty.')); 42 return $error; 43 } 44 45 do_action_ref_array('wp_authenticate', array(&$credentials['user_login'], &$credentials['user_password'])); 46 47 $user = wp_authenticate($credentials['user_login'], $credentials['user_password']); 48 if ( is_wp_error($user) ) 49 return $user; 50 51 wp_set_auth_cookie($user->ID); 52 do_action('wp_login', $credentials['user_login']); 53 return $user; 54 } 55 3 56 function get_profile($field, $user = false) { 4 57 global $wpdb; 5 58 if ( !$user ) … … 15 68 16 69 // TODO: xmlrpc only. Maybe move to xmlrpc.php. 17 70 function user_pass_ok($user_login,$user_pass) { 18 $userdata = get_userdatabylogin($user_login); 19 return wp_check_password($user_pass, $userdata->user_pass); 71 $user = wp_authenticate($user_login, $user_pass); 72 if ( is_wp_error($user) ) 73 return false; 74 75 return true; 20 76 } 21 77 22 78 //