Ticket #7001: cookie_split.diff
| File cookie_split.diff, 19.8 KB (added by , 18 years ago) |
|---|
-
wp-login.php
11 11 /** Make sure that the WordPress bootstrap has ran before continuing. */ 12 12 require( dirname(__FILE__) . '/wp-load.php' ); 13 13 14 // Redirect to https login if forced to use SSL 15 if ( (force_ssl_admin() || force_ssl_login()) && !is_ssl() ) { 16 if ( false !== strpos($_SERVER['REQUEST_URI'], 'http') ) { 17 wp_redirect(str_replace('http://', 'https://', $_SERVER['REQUEST_URI'])); 18 exit(); 19 } else { 20 wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); 21 exit(); 22 } 23 } 24 14 25 /** 15 26 * login_header() - Outputs the header for the login page 16 27 * … … 137 148 $message .= get_option('siteurl') . "\r\n\r\n"; 138 149 $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n"; 139 150 $message .= __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.') . "\r\n\r\n"; 140 $message .= site_url("wp-login.php?action=rp&key=$key" ) . "\r\n";151 $message .= site_url("wp-login.php?action=rp&key=$key", 'login') . "\r\n"; 141 152 142 153 if ( !wp_mail($user_email, sprintf(__('[%s] Password Reset'), get_option('blogname')), $message) ) 143 154 die('<p>' . __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') . '</p>'); … … 174 185 wp_set_password($new_pass, $user->ID); 175 186 $message = sprintf(__('Username: %s'), $user->user_login) . "\r\n"; 176 187 $message .= sprintf(__('Password: %s'), $new_pass) . "\r\n"; 177 $message .= site_url('wp-login.php' ) . "\r\n";188 $message .= site_url('wp-login.php', 'login') . "\r\n"; 178 189 179 190 if ( !wp_mail($user->user_email, sprintf(__('[%s] Your new password'), get_option('blogname')), $message) ) 180 191 die('<p>' . __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') . '</p>'); … … 312 323 313 324 <p id="nav"> 314 325 <?php if (get_option('users_can_register')) : ?> 315 <a href="<?php echo site_url('wp-login.php', ' forceable') ?>"><?php _e('Log in') ?></a> |316 <a href="<?php echo site_url('wp-login.php?action=register' ) ?>"><?php _e('Register') ?></a>326 <a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a> | 327 <a href="<?php echo site_url('wp-login.php?action=register', 'login') ?>"><?php _e('Register') ?></a> 317 328 <?php else : ?> 318 <a href="<?php echo site_url('wp-login.php', ' forceable') ?>"><?php _e('Log in') ?></a>329 <a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a> 319 330 <?php endif; ?> 320 331 </p> 321 332 … … 380 391 </form> 381 392 382 393 <p id="nav"> 383 <a href="<?php echo site_url('wp-login.php', ' forceable') ?>"><?php _e('Log in') ?></a> |384 <a href="<?php echo site_url('wp-login.php?action=lostpassword' ) ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a>394 <a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a> | 395 <a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a> 385 396 </p> 386 397 387 398 </div> … … 395 406 396 407 case 'login' : 397 408 default: 398 $user = wp_signon();399 400 409 if ( isset( $_REQUEST['redirect_to'] ) ) 401 410 $redirect_to = $_REQUEST['redirect_to']; 402 411 else 403 412 $redirect_to = 'wp-admin/'; 404 413 414 if ( is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) ) 415 $secure_cookie = false; 416 else 417 $secure_cookie = ''; 418 419 $user = wp_signon('', $secure_cookie); 420 405 421 if ( !is_wp_error($user) ) { 406 422 // If the user can't edit posts, send them to their profile. 407 423 if ( !$user->has_cap('edit_posts') && ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' ) ) … … 454 470 <p id="nav"> 455 471 <?php if ( isset($_GET['checkemail']) && in_array( $_GET['checkemail'], array('confirm', 'newpass') ) ) : ?> 456 472 <?php elseif (get_option('users_can_register')) : ?> 457 <a href="<?php echo site_url('wp-login.php?action=register' ) ?>"><?php _e('Register') ?></a> |458 <a href="<?php echo site_url('wp-login.php?action=lostpassword' ) ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a>473 <a href="<?php echo site_url('wp-login.php?action=register', 'login') ?>"><?php _e('Register') ?></a> | 474 <a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a> 459 475 <?php else : ?> 460 <a href="<?php echo site_url('wp-login.php?action=lostpassword' ) ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a>476 <a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a> 461 477 <?php endif; ?> 462 478 </p> 463 479 -
wp-includes/functions.php
1768 1768 function is_ssl() { 1769 1769 return ( 'on' == strtolower($_SERVER['HTTPS']) ) ? true : false; 1770 1770 } 1771 1772 function force_ssl_login($force = '') { 1773 static $forced; 1774 1775 if ( '' != $force ) { 1776 $old_forcded = $forced; 1777 $forced = $force; 1778 return $old_forced; 1779 } 1780 1781 return $forced; 1782 } 1783 1784 function force_ssl_admin($force = '') { 1785 static $forced; 1786 1787 if ( '' != $force ) { 1788 $old_forcded = $forced; 1789 $forced = $force; 1790 return $old_forced; 1791 } 1792 1793 return $forced; 1794 } 1795 1771 1796 ?> -
wp-includes/user.php
1 1 <?php 2 2 3 function wp_signon( $credentials = '' ) {3 function wp_signon( $credentials = '', $secure_cookie = '' ) { 4 4 if ( empty($credentials) ) { 5 5 if ( ! empty($_POST['log']) ) 6 6 $credentials['user_login'] = $_POST['log']; … … 21 21 22 22 do_action_ref_array('wp_authenticate', array(&$credentials['user_login'], &$credentials['user_password'])); 23 23 24 if ( '' === $secure_cookie ) 25 $secure_cookie = is_ssl() ? true : false; 26 24 27 // If no credential info provided, check cookie. 25 28 if ( empty($credentials['user_login']) && empty($credentials['user_password']) ) { 26 29 $user = wp_validate_auth_cookie(); 27 30 if ( $user ) 28 31 return new WP_User($user); 29 32 30 if ( !empty($_COOKIE[AUTH_COOKIE]) ) 33 if ( $secure_cookie ) 34 $auth_cookie = SECURE_AUTH_COOKIE; 35 else 36 $auth_cookie = AUTH_COOKIE; 37 38 if ( !empty($_COOKIE[$auth_cookie]) ) 31 39 return new WP_Error('expired_session', __('Please log in again.')); 32 40 33 41 // If the cookie is not set, be silent. … … 48 56 if ( is_wp_error($user) ) 49 57 return $user; 50 58 51 wp_set_auth_cookie($user->ID, $credentials['remember'] );59 wp_set_auth_cookie($user->ID, $credentials['remember'], $secure_cookie); 52 60 do_action('wp_login', $credentials['user_login']); 53 61 return $user; 54 62 } -
wp-includes/link-template.php
780 780 function site_url($path = '', $scheme = null) { 781 781 // should the list of allowed schemes be maintained elsewhere? 782 782 if ( !in_array($scheme, array('http', 'https')) ) { 783 if ( (' forceable' == $scheme) && (defined('FORCE_SSL_LOGIN') && FORCE_SSL_LOGIN) )783 if ( ('login' == $scheme) && ( force_ssl_login() || force_ssl_admin() ) ) 784 784 $scheme = 'https'; 785 elseif ( ('admin' == $scheme) && force_ssl_admin() ) 786 $scheme = 'https'; 785 787 else 786 788 $scheme = ( is_ssl() ? 'https' : 'http' ); 787 789 } … … 797 799 function admin_url($path = '') { 798 800 global $_wp_admin_url; 799 801 800 $url = site_url('wp-admin/', ' forceable');802 $url = site_url('wp-admin/', 'admin'); 801 803 802 804 if ( !empty($path) && is_string($path) && strpos($path, '..') === false ) 803 805 $url .= ltrim($path, '/'); -
wp-includes/general-template.php
33 33 34 34 function wp_loginout() { 35 35 if ( ! is_user_logged_in() ) 36 $link = '<a href="' . site_url('wp-login.php', ' forceable') . '">' . __('Log in') . '</a>';36 $link = '<a href="' . site_url('wp-login.php', 'login') . '">' . __('Log in') . '</a>'; 37 37 else 38 $link = '<a href="' . site_url('wp-login.php?action=logout', ' forceable') . '">' . __('Log out') . '</a>';38 $link = '<a href="' . site_url('wp-login.php?action=logout', 'login') . '">' . __('Log out') . '</a>'; 39 39 40 40 echo apply_filters('loginout', $link); 41 41 } … … 45 45 46 46 if ( ! is_user_logged_in() ) { 47 47 if ( get_option('users_can_register') ) 48 $link = $before . '<a href="' . site_url('wp-login.php?action=register', ' forceable') . '">' . __('Register') . '</a>' . $after;48 $link = $before . '<a href="' . site_url('wp-login.php?action=register', 'login') . '">' . __('Register') . '</a>' . $after; 49 49 else 50 50 $link = ''; 51 51 } else { -
wp-includes/pluggable.php
100 100 return; 101 101 102 102 if ( ! $user = wp_validate_auth_cookie() ) { 103 wp_set_current_user(0); 104 return false; 103 if ( empty($_COOKIE[LOGGED_IN_COOKIE]) || !$user = wp_validate_auth_cookie($_COOKIE[LOGGED_IN_COOKIE], 'logged_in') ) { 104 wp_set_current_user(0); 105 return false; 106 } 105 107 } 106 108 107 109 wp_set_current_user($user); … … 465 467 * @since 2.5 466 468 * 467 469 * @param string $cookie Optional. If used, will validate contents instead of cookie's 470 * @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in 468 471 * @return bool|int False if invalid cookie, User ID if valid. 469 472 */ 470 function wp_validate_auth_cookie($cookie = '' ) {473 function wp_validate_auth_cookie($cookie = '', $scheme = 'auth') { 471 474 if ( empty($cookie) ) { 472 if ( is_ssl() ) 475 if ( is_ssl() ) { 473 476 $cookie_name = SECURE_AUTH_COOKIE; 474 else 477 $scheme = 'secure_auth'; 478 } else { 475 479 $cookie_name = AUTH_COOKIE; 480 $scheme = 'auth'; 481 } 476 482 477 483 if ( empty($_COOKIE[$cookie_name]) ) 478 484 return false; … … 495 501 if ( $expired < time() ) 496 502 return false; 497 503 498 $key = wp_hash($username . '|' . $expiration );504 $key = wp_hash($username . '|' . $expiration, $scheme); 499 505 $hash = hash_hmac('md5', $username . '|' . $expiration, $key); 500 506 501 507 if ( $hmac != $hash ) … … 519 525 * 520 526 * @param int $user_id User ID 521 527 * @param int $expiration Cookie expiration in seconds 522 * @param bool $secure Whether the cookie is for https delivery only or not. Not used by default. For plugin use.528 * @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in 523 529 * @return string Authentication cookie contents 524 530 */ 525 function wp_generate_auth_cookie($user_id, $expiration, $s ecure = false) {531 function wp_generate_auth_cookie($user_id, $expiration, $scheme = 'auth') { 526 532 $user = get_userdata($user_id); 527 533 528 $key = wp_hash($user->user_login . '|' . $expiration );534 $key = wp_hash($user->user_login . '|' . $expiration, $scheme); 529 535 $hash = hash_hmac('md5', $user->user_login . '|' . $expiration, $key); 530 536 531 537 $cookie = $user->user_login . '|' . $expiration . '|' . $hash; 532 538 533 return apply_filters('auth_cookie', $cookie, $user_id, $expiration, $s ecure);539 return apply_filters('auth_cookie', $cookie, $user_id, $expiration, $scheme); 534 540 } 535 541 endif; 536 542 … … 548 554 * @param int $user_id User ID 549 555 * @param bool $remember Whether to remember the user or not 550 556 */ 551 function wp_set_auth_cookie($user_id, $remember = false ) {557 function wp_set_auth_cookie($user_id, $remember = false, $secure = '') { 552 558 if ( $remember ) { 553 559 $expiration = $expire = time() + 1209600; 554 560 } else { … … 556 562 $expire = 0; 557 563 } 558 564 559 if ( is_ssl() ) { 560 $secure = true; 561 $cookie_name = SECURE_AUTH_COOKIE; 565 if ( '' === $secure ) 566 $secure = is_ssl() ? true : false; 567 568 if ( $secure ) { 569 $auth_cookie_name = SECURE_AUTH_COOKIE; 570 $scheme = 'secure_auth'; 562 571 } else { 563 $ secure = false;564 $ cookie_name = AUTH_COOKIE;572 $auth_cookie_name = AUTH_COOKIE; 573 $scheme = 'auth'; 565 574 } 566 575 567 $cookie = wp_generate_auth_cookie($user_id, $expiration, $secure); 576 $auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme); 577 $logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in'); 568 578 569 do_action('set_auth_cookie', $cookie, $expire, $secure); 579 do_action('set_auth_cookie', $auth_cookie, $expire, $scheme); 580 do_action('set_auth_cookie', $logged_in_cookie, $expire, 'logged_in'); 570 581 571 setcookie($cookie_name, $cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure); 572 if ( COOKIEPATH != SITECOOKIEPATH ) 573 setcookie($cookie_name, $cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure); 582 setcookie($auth_cookie_name, $auth_cookie, $expire, COOKIEPATH . 'wp-admin', COOKIE_DOMAIN, $secure); 583 setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN); 584 if ( COOKIEPATH != SITECOOKIEPATH ) { 585 setcookie($cookie_name, $cookie, $expire, SITECOOKIEPATH . 'wp-admin', COOKIE_DOMAIN, $secure); 586 setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN); 587 } 574 588 } 575 589 endif; 576 590 … … 581 595 * @since 2.5 582 596 */ 583 597 function wp_clear_auth_cookie() { 584 setcookie(AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); 585 setcookie(AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN); 586 setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); 587 setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN); 598 setcookie(AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH . 'wp-admin', COOKIE_DOMAIN); 599 setcookie(AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH . 'wp-admin', COOKIE_DOMAIN); 600 setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH . 'wp-admin', COOKIE_DOMAIN); 601 setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH . 'wp-admin', COOKIE_DOMAIN); 602 setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); 603 setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN); 588 604 589 605 // Old cookies 590 606 setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); … … 621 637 function auth_redirect() { 622 638 // Checks if a user is logged in, if not redirects them to the login page 623 639 624 if ( is_ssl() || (defined('FORCE_SSL_LOGIN') && FORCE_SSL_LOGIN) )640 if ( is_ssl() || force_ssl_admin() ) 625 641 $secure = true; 626 642 else 627 643 $secure = false; … … 643 659 // The cookie is no good so force login 644 660 nocache_headers(); 645 661 646 $login_url = site_url( 'wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']), 'forceable' ); 662 if ( is_ssl() ) 663 $proto = 'https://'; 664 else 665 $proto = 'http://'; 647 666 667 $login_url = site_url( 'wp-login.php?redirect_to=' . urlencode($proto . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']), 'login' ); 668 648 669 wp_redirect($login_url); 649 670 exit(); 650 671 } … … 971 992 972 993 $message = sprintf(__('Username: %s'), $user_login) . "\r\n"; 973 994 $message .= sprintf(__('Password: %s'), $plaintext_pass) . "\r\n"; 974 $message .= site_url("wp-login.php", ' forceable') . "\r\n";995 $message .= site_url("wp-login.php", 'login') . "\r\n"; 975 996 976 997 wp_mail($user_email, sprintf(__('[%s] Your username and password'), get_option('blogname')), $message); 977 998 … … 1078 1099 * 1079 1100 * @return string Salt value from either 'SECRET_KEY' or 'secret' option 1080 1101 */ 1081 function wp_salt( ) {1102 function wp_salt($scheme = 'auth') { 1082 1103 global $wp_default_secret_key; 1083 1104 $secret_key = ''; 1084 1105 if ( defined('SECRET_KEY') && ('' != SECRET_KEY) && ( $wp_default_secret_key != SECRET_KEY) ) 1085 1106 $secret_key = SECRET_KEY; 1086 1107 1087 if ( defined('SECRET_SALT') ) { 1088 $salt = SECRET_SALT; 1089 } else { 1090 $salt = get_option('secret'); 1091 if ( empty($salt) ) { 1092 $salt = wp_generate_password(); 1093 update_option('secret', $salt); 1108 if ( 'auth' == $scheme ) { 1109 if ( defined('AUTH_KEY') && ('' != AUTH_KEY) && ( $wp_default_secret_key != AUTH_KEY) ) 1110 $secret_key = AUTH_KEY; 1111 1112 if ( defined('AUTH_SALT') ) { 1113 $salt = AUTH_SALT; 1114 } elseif ( defined('SECRET_SALT') ) { 1115 $salt = SECRET_SALT; 1116 } else { 1117 $salt = get_option('auth_salt'); 1118 if ( empty($salt) ) { 1119 $salt = wp_generate_password(); 1120 update_option('auth_salt', $salt); 1121 } 1094 1122 } 1123 } elseif ( 'secure_auth' == $scheme ) { 1124 if ( defined('SECURE_AUTH_KEY') && ('' != SECURE_AUTH_KEY) && ( $wp_default_secret_key != SECURE_AUTH_KEY) ) 1125 $secret_key = SECURE_AUTH_KEY; 1126 1127 if ( defined('SECURE_AUTH_SALT') ) { 1128 $salt = SECRET_AUTH_SALT; 1129 } else { 1130 $salt = get_option('secure_auth_salt'); 1131 if ( empty($salt) ) { 1132 $salt = wp_generate_password(); 1133 update_option('secure_auth_salt', $salt); 1134 } 1135 } 1136 } elseif ( 'logged_in' == $scheme ) { 1137 if ( defined('LOGGED_IN_KEY') && ('' != LOGGED_IN_KEY) && ( $wp_default_secret_key != LOGGED_IN_KEY) ) 1138 $secret_key = LOGGED_IN_KEY; 1139 1140 if ( defined('LOGGED_IN_SALT') ) { 1141 $salt = LOGGED_IN_SALT; 1142 } else { 1143 $salt = get_option('logged_in_salt'); 1144 if ( empty($salt) ) { 1145 $salt = wp_generate_password(); 1146 update_option('logged_in_salt', $salt); 1147 } 1148 } 1095 1149 } 1096 1150 1097 return apply_filters('salt', $secret_key . $salt );1151 return apply_filters('salt', $secret_key . $salt, $scheme); 1098 1152 } 1099 1153 endif; 1100 1154 … … 1108 1162 * @param string $data Plain text to hash 1109 1163 * @return string Hash of $data 1110 1164 */ 1111 function wp_hash($data ) {1112 $salt = wp_salt( );1165 function wp_hash($data, $scheme = 'auth') { 1166 $salt = wp_salt($scheme); 1113 1167 1114 1168 return hash_hmac('md5', $data, $salt); 1115 1169 } -
wp-settings.php
334 334 335 335 /** 336 336 * It is possible to define this in wp-config.php 337 * @since 2.6 338 */ 339 if ( !defined('LOGGED_IN_COOKIE') ) 340 define('LOGGED_IN_COOKIE', 'wordpress_logged_in_' . COOKIEHASH); 341 342 /** 343 * It is possible to define this in wp-config.php 337 344 * @since 2.3.0 338 345 */ 339 346 if ( !defined('TEST_COOKIE') ) … … 359 366 */ 360 367 if ( !defined('COOKIE_DOMAIN') ) 361 368 define('COOKIE_DOMAIN', false); 362 369 363 370 /** 364 371 * It is possible to define this in wp-config.php 372 * @since 2.6 373 */ 374 if ( !defined('FORCE_SSL_ADMIN') ) 375 define('FORCE_SSL_ADMIN', false); 376 force_ssl_admin(FORCE_SSL_ADMIN); 377 378 /** 379 * It is possible to define this in wp-config.php 380 * @since 2.6 381 */ 382 if ( !defined('FORCE_SSL_LOGIN') ) 383 define('FORCE_SSL_LOGIN', false); 384 force_ssl_login(FORCE_SSL_LOGIN); 385 386 /** 387 * It is possible to define this in wp-config.php 365 388 * @since 2.5.0 366 389 */ 367 390 if ( !defined( 'AUTOSAVE_INTERVAL' ) ) -
wp-admin/admin-header.php
111 111 112 112 <?php } ?> 113 113 114 <div id="user_info"><p><?php printf(__('Howdy, <a href="%1$s">%2$s</a>!'), 'profile.php', $user_identity) ?> | <a href="<?php echo site_url('wp-login.php?action=logout' ) ?>" title="<?php _e('Log Out') ?>"><?php _e('Log Out'); ?></a> | <?php _e('<a href="http://codex.wordpress.org/">Help</a>') ?> | <?php _e('<a href="http://wordpress.org/support/">Forums</a>') ?> | <?php if ( $gears_compat ) { ?><span id="gears-menu"><a href="#" onclick="wpGears.message(1);return false;"><?php _e('Speed up!') ?></a></span><?php } ?></p></div>114 <div id="user_info"><p><?php printf(__('Howdy, <a href="%1$s">%2$s</a>!'), 'profile.php', $user_identity) ?> | <a href="<?php echo site_url('wp-login.php?action=logout', 'login') ?>" title="<?php _e('Log Out') ?>"><?php _e('Log Out'); ?></a> | <?php _e('<a href="http://codex.wordpress.org/">Help</a>') ?> | <?php _e('<a href="http://wordpress.org/support/">Forums</a>') ?> | <?php if ( $gears_compat ) { ?><span id="gears-menu"><a href="#" onclick="wpGears.message(1);return false;"><?php _e('Speed up!') ?></a></span><?php } ?></p></div> 115 115 116 116 <?php 117 117 require(ABSPATH . 'wp-admin/menu-header.php');