Make WordPress Core

Ticket #9568: 9568.8.diff

File 9568.8.diff, 7.2 KB (added by ericlewis, 10 years ago)
  • wp-includes/default-filters.php

    diff --git a/wp-includes/default-filters.php b/wp-includes/default-filters.php
    index dc0c8f8..9d77240 100644
    a b add_filter( 'heartbeat_nopriv_send', 'wp_auth_check' ); 
    302302
    303303// Default authentication filters
    304304add_filter( 'authenticate', 'wp_authenticate_username_password',  20, 3 );
     305add_filter( 'authenticate', 'wp_authenticate_email_password',     20, 3 );
    305306add_filter( 'authenticate', 'wp_authenticate_spam_check',         99    );
    306307add_filter( 'determine_current_user', 'wp_validate_auth_cookie'          );
    307308add_filter( 'determine_current_user', 'wp_validate_logged_in_cookie', 20 );
  • wp-includes/pluggable.php

    diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
    index 0c87138..3f88ee3 100644
    a b if ( !function_exists('wp_authenticate') ) : 
    533533 *
    534534 * @since 2.5.0
    535535 *
    536  * @param string $username User's username
    537  * @param string $password User's password
     536 * @param string $user_identifier User's username or email address.
     537 * @param string $password        User's password.
    538538 * @return WP_User|WP_Error WP_User object if login successful, otherwise WP_Error object.
    539539 */
    540 function wp_authenticate($username, $password) {
    541         $username = sanitize_user($username);
     540function wp_authenticate($user_identifier, $password) {
     541        $user_identifier = sanitize_user($user_identifier);
    542542        $password = trim($password);
    543 
    544543        /**
    545544         * Filter the user to authenticate.
    546545         *
    function wp_authenticate($username, $password) { 
    549548         *
    550549         * @since 2.8.0
    551550         *
    552          * @param null|WP_User $user     User to authenticate.
    553          * @param string       $username User login.
    554          * @param string       $password User password
     551         * @param null|WP_User $user            User to authenticate.
     552         * @param string       $user_identifier User login.
     553         * @param string       $password        User password.
    555554         */
    556         $user = apply_filters( 'authenticate', null, $username, $password );
     555        $user = apply_filters( 'authenticate', null, $user_identifier, $password );
    557556
    558557        if ( $user == null ) {
    559558                // TODO what should the error message be? (Or would these even happen?)
    560559                // Only needed if all authentication handlers fail to return anything.
    561                 $user = new WP_Error('authentication_failed', __('<strong>ERROR</strong>: Invalid username or incorrect password.'));
     560                $user = new WP_Error('authentication_failed', __('<strong>ERROR</strong>: Invalid username/email address or incorrect password.'));
    562561        }
    563562
    564563        $ignore_codes = array('empty_username', 'empty_password');
  • wp-includes/user.php

    diff --git a/wp-includes/user.php b/wp-includes/user.php
    index 17fe9fc..757d0f7 100644
    a b function wp_authenticate_username_password($user, $username, $password) { 
    116116                return $user;
    117117        }
    118118
     119        // Coallate errors found in previous authentication callbacks.
     120        if ( is_wp_error( $user ) ) {
     121                $error = $user;
     122        } else {
     123                $error = new WP_Error();
     124        }
     125
    119126        if ( empty($username) || empty($password) ) {
    120127                if ( is_wp_error( $user ) )
    121128                        return $user;
    122129
    123                 $error = new WP_Error();
    124 
    125130                if ( empty($username) )
    126131                        $error->add('empty_username', __('<strong>ERROR</strong>: The username field is empty.'));
    127132
    function wp_authenticate_username_password($user, $username, $password) { 
    133138
    134139        $user = get_user_by('login', $username);
    135140
    136         if ( !$user )
    137                 return new WP_Error( 'invalid_username', sprintf( __( '<strong>ERROR</strong>: Invalid username. <a href="%s">Lost your password</a>?' ), wp_lostpassword_url() ) );
     141        if ( !$user ) {
     142                $error->add( 'invalid_username', sprintf( __( '<strong>ERROR</strong>: Invalid username. <a href="%s">Lost your password</a>?' ), wp_lostpassword_url() ) );
     143                return $error;
     144        }
    138145
    139146        /**
    140147         * Filter whether the given user can be authenticated with the provided $password.
    function wp_authenticate_username_password($user, $username, $password) { 
    149156        if ( is_wp_error($user) )
    150157                return $user;
    151158
    152         if ( !wp_check_password($password, $user->user_pass, $user->ID) )
    153                 return new WP_Error( 'incorrect_password', sprintf( __( '<strong>ERROR</strong>: The password you entered for the username <strong>%1$s</strong> is incorrect. <a href="%2$s">Lost your password</a>?' ),
     159        if ( !wp_check_password($password, $user->user_pass, $user->ID) ) {
     160                $error->add( 'incorrect_password', sprintf( __( '<strong>ERROR</strong>: The password you entered for the username <strong>%1$s</strong> is incorrect. <a href="%2$s">Lost your password</a>?' ),
    154161                $username, wp_lostpassword_url() ) );
     162                return $error;
     163        }
     164
     165        return $user;
     166}
     167
     168/**
     169 * Authenticate the user using the email and password.
     170 *
     171 * @since 4.2.0
     172 *
     173 * @param WP_User|WP_Error|null $user     WP_User or WP_Error object from a previous callback. Default null.
     174 * @param string                $username User email for authentication.
     175 * @param string                $password Password for authentication.
     176 * @return WP_User|WP_Error WP_User on success, WP_Error on failure.
     177 */
     178function wp_authenticate_email_password( $user, $email, $password ) {
     179        if ( is_a( $user, 'WP_User' ) ) {
     180                return $user;
     181        }
     182
     183        if ( ! is_email( $email ) ) {
     184                return $user;
     185        }
     186
     187        // Coallate errors found in previous authentication callbacks.
     188        if ( is_wp_error( $user ) ) {
     189                $error = $user;
     190        } else {
     191                $error = new WP_Error();
     192        }
     193
     194        if ( empty($email) || empty($password) ) {
     195                if ( is_wp_error( $user ) ) {
     196                        return $user;
     197                }
     198
     199                if ( empty($email) ) {
     200                        $error->add('empty_email', __('<strong>ERROR</strong>: The email field is empty.'));
     201                }
     202
     203                if ( empty($password) ) {
     204                        $error->add('empty_password', __('<strong>ERROR</strong>: The password field is empty.'));
     205                }
     206
     207                return $error;
     208        }
     209
     210        $user = get_user_by( 'email', $email );
     211
     212        if ( ! $user ) {
     213                $error->add( 'invalid_email', __( '<strong>ERROR</strong>: Invalid email address.' ) );
     214                return $error;
     215        }
     216
     217        /**
     218         * Filter whether the given user can be authenticated with the provided $password.
     219         *
     220         * @since 2.5.0
     221         *
     222         * @param WP_User|WP_Error $user     WP_User or WP_Error object if a previous
     223         *                                   callback failed authentication.
     224         * @param string           $password Password to check against the user.
     225         */
     226        $user = apply_filters( 'wp_authenticate_user', $user, $password );
     227        if ( is_wp_error($user) ) {
     228                return $user;
     229        }
     230
     231        if ( !wp_check_password($password, $user->user_pass, $user->ID) ) {
     232                return new WP_Error( 'incorrect_password', sprintf( __( '<strong>ERROR</strong>: The password you entered for the email <strong>%1$s</strong> is incorrect. <a href="%2$s">Lost your password</a>?' ),
     233                $email, wp_lostpassword_url() ) );
     234        }
    155235
    156236        return $user;
    157237}
  • wp-login.php

    diff --git a/wp-login.php b/wp-login.php
    index 8290f1a..01ce41f 100644
    a b default: 
    874874
    875875<form name="loginform" id="loginform" action="<?php echo esc_url( site_url( 'wp-login.php', 'login_post' ) ); ?>" method="post">
    876876        <p>
    877                 <label for="user_login"><?php _e('Username') ?><br />
     877                <label for="user_login"><?php _e('Username or email') ?><br />
    878878                <input type="text" name="log" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label>
    879879        </p>
    880880        <p>