Ticket #9568: 9568.10.diff
File 9568.10.diff, 8.3 KB (added by , 10 years ago) |
---|
-
tests/phpunit/tests/auth.php
161 161 // Password broken by setting it to be too long. 162 162 $this->assertInstanceOf( 'WP_Error', $user ); 163 163 } 164 165 function test_email_login() { 166 $user_args = array( 'user_login' => 'frank', 'user_email' => 'mail@mail.com', 'user_pass' => 'thispassword' ); 167 $this->factory->user->create( $user_args ); 168 169 $email_user = wp_authenticate( $user_args['user_email'], $user_args['user_pass'] ); 170 $this->assertInstanceOf( 'WP_User', $email_user ); 171 } 164 172 } -
src/wp-login.php
874 874 875 875 <form name="loginform" id="loginform" action="<?php echo esc_url( site_url( 'wp-login.php', 'login_post' ) ); ?>" method="post"> 876 876 <p> 877 <label for="user_login"><?php _e('Username ') ?><br />877 <label for="user_login"><?php _e('Username or email') ?><br /> 878 878 <input type="text" name="log" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label> 879 879 </p> 880 880 <p> -
src/wp-includes/default-filters.php
302 302 303 303 // Default authentication filters 304 304 add_filter( 'authenticate', 'wp_authenticate_username_password', 20, 3 ); 305 add_filter( 'authenticate', 'wp_authenticate_email_password', 20, 3 ); 305 306 add_filter( 'authenticate', 'wp_authenticate_spam_check', 99 ); 306 307 add_filter( 'determine_current_user', 'wp_validate_auth_cookie' ); 307 308 add_filter( 'determine_current_user', 'wp_validate_logged_in_cookie', 20 ); -
src/wp-includes/pluggable.php
533 533 * 534 534 * @since 2.5.0 535 535 * 536 * @param string $user name User's username537 * @param string $password User's password536 * @param string $user_identifier User's username or email address. 537 * @param string $password User's password. 538 538 * @return WP_User|WP_Error WP_User object if login successful, otherwise WP_Error object. 539 539 */ 540 function wp_authenticate($username, $password) { 541 $username = sanitize_user($username); 542 $password = trim($password); 543 540 function wp_authenticate( $user_identifier, $password ) { 541 $user_identifier = sanitize_user( $user_identifier ); 542 $password = trim( $password ); 544 543 /** 545 544 * Filter the user to authenticate. 546 545 * … … 549 548 * 550 549 * @since 2.8.0 551 550 * 552 * @param null|WP_User $user User to authenticate.553 * @param string $user nameUser login.554 * @param string $password User password551 * @param null|WP_User $user User to authenticate. 552 * @param string $user_identifier User login. 553 * @param string $password User password. 555 554 */ 556 $user = apply_filters( 'authenticate', null, $user name, $password );555 $user = apply_filters( 'authenticate', null, $user_identifier, $password ); 557 556 558 557 if ( $user == null ) { 559 558 // TODO what should the error message be? (Or would these even happen?) 560 559 // Only needed if all authentication handlers fail to return anything. 561 $user = new WP_Error( 'authentication_failed', __('<strong>ERROR</strong>: Invalid username or incorrect password.'));560 $user = new WP_Error( 'authentication_failed', __( '<strong>ERROR</strong>: Invalid username/email address or incorrect password.' ) ); 562 561 } 562 563 $ignore_codes = array( 'empty_username', 'empty_password' ); 563 564 564 $ignore_codes = array('empty_username', 'empty_password'); 565 566 if (is_wp_error($user) && !in_array($user->get_error_code(), $ignore_codes) ) { 565 if ( is_wp_error( $user ) && !in_array( $user->get_error_code(), $ignore_codes ) ) { 567 566 /** 568 567 * Fires after a user login has failed. 569 568 * 570 569 * @since 2.5.0 571 570 * 572 * @param string $user nameUser login.571 * @param string $user_identifier User login. 573 572 */ 574 do_action( 'wp_login_failed', $user name);573 do_action( 'wp_login_failed', $user_identifier ); 575 574 } 576 575 577 576 return $user; -
src/wp-includes/user.php
116 116 return $user; 117 117 } 118 118 119 // Coallate errors found in previous authentication callbacks. 120 if ( is_wp_error( $user ) ) { 121 $error = $user; 122 } else { 123 $error = new WP_Error(); 124 } 125 119 126 if ( empty($username) || empty($password) ) { 120 127 if ( is_wp_error( $user ) ) 121 128 return $user; 122 129 123 $error = new WP_Error();124 125 130 if ( empty($username) ) 126 131 $error->add('empty_username', __('<strong>ERROR</strong>: The username field is empty.')); 127 132 … … 133 138 134 139 $user = get_user_by('login', $username); 135 140 136 if ( !$user ) 137 return new WP_Error( 'invalid_username', sprintf( __( '<strong>ERROR</strong>: Invalid username. <a href="%s">Lost your password</a>?' ), wp_lostpassword_url() ) ); 141 if ( !$user ) { 142 $error->add( 'invalid_username', sprintf( __( '<strong>ERROR</strong>: Invalid username. <a href="%s">Lost your password</a>?' ), wp_lostpassword_url() ) ); 143 return $error; 144 } 138 145 139 146 /** 140 147 * Filter whether the given user can be authenticated with the provided $password. … … 149 156 if ( is_wp_error($user) ) 150 157 return $user; 151 158 152 if ( !wp_check_password($password, $user->user_pass, $user->ID) ) 153 return new WP_Error( 'incorrect_password', sprintf( __( '<strong>ERROR</strong>: The password you entered for the username <strong>%1$s</strong> is incorrect. <a href="%2$s">Lost your password</a>?' ),159 if ( !wp_check_password($password, $user->user_pass, $user->ID) ) { 160 $error->add( 'incorrect_password', sprintf( __( '<strong>ERROR</strong>: The password you entered for the username <strong>%1$s</strong> is incorrect. <a href="%2$s">Lost your password</a>?' ), 154 161 $username, wp_lostpassword_url() ) ); 162 return $error; 163 } 155 164 156 165 return $user; 157 166 } 158 167 159 168 /** 169 * Authenticate the user using the email and password. 170 * 171 * @since 4.2.0 172 * 173 * @param WP_User|WP_Error|null $user WP_User or WP_Error object from a previous callback. Default null. 174 * @param string $username User email for authentication. 175 * @param string $password Password for authentication. 176 * @return WP_User|WP_Error WP_User on success, WP_Error on failure. 177 */ 178 function wp_authenticate_email_password( $user, $email, $password ) { 179 if ( is_a( $user, 'WP_User' ) ) { 180 return $user; 181 } 182 183 if ( ! is_email( $email ) ) { 184 return $user; 185 } 186 187 // Coallate errors found in previous authentication callbacks. 188 if ( is_wp_error( $user ) ) { 189 $error = $user; 190 } else { 191 $error = new WP_Error(); 192 } 193 194 if ( empty($email) || empty($password) ) { 195 if ( is_wp_error( $user ) ) { 196 return $user; 197 } 198 199 if ( empty($email) ) { 200 $error->add('empty_email', __('<strong>ERROR</strong>: The email field is empty.')); 201 } 202 203 if ( empty($password) ) { 204 $error->add('empty_password', __('<strong>ERROR</strong>: The password field is empty.')); 205 } 206 207 return $error; 208 } 209 210 $user = get_user_by( 'email', $email ); 211 212 if ( ! $user ) { 213 $error->add( 'invalid_email', __( '<strong>ERROR</strong>: Invalid email address.' ) ); 214 return $error; 215 } 216 217 /** 218 * Filter whether the given user can be authenticated with the provided $password. 219 * 220 * @since 2.5.0 221 * 222 * @param WP_User|WP_Error $user WP_User or WP_Error object if a previous 223 * callback failed authentication. 224 * @param string $password Password to check against the user. 225 */ 226 $user = apply_filters( 'wp_authenticate_user', $user, $password ); 227 if ( is_wp_error($user) ) { 228 return $user; 229 } 230 231 if ( !wp_check_password($password, $user->user_pass, $user->ID) ) { 232 return new WP_Error( 'incorrect_password', sprintf( __( '<strong>ERROR</strong>: The password you entered for the email <strong>%1$s</strong> is incorrect. <a href="%2$s">Lost your password</a>?' ), 233 $email, wp_lostpassword_url() ) ); 234 } 235 236 return $user; 237 } 238 239 /** 160 240 * Authenticate the user using the WordPress auth cookie. 161 241 * 162 242 * @since 2.8.0