Ticket #9568: 9568.8.diff
File 9568.8.diff, 7.2 KB (added by , 10 years ago) |
---|
-
wp-includes/default-filters.php
diff --git a/wp-includes/default-filters.php b/wp-includes/default-filters.php index dc0c8f8..9d77240 100644
a b add_filter( 'heartbeat_nopriv_send', 'wp_auth_check' ); 302 302 303 303 // Default authentication filters 304 304 add_filter( 'authenticate', 'wp_authenticate_username_password', 20, 3 ); 305 add_filter( 'authenticate', 'wp_authenticate_email_password', 20, 3 ); 305 306 add_filter( 'authenticate', 'wp_authenticate_spam_check', 99 ); 306 307 add_filter( 'determine_current_user', 'wp_validate_auth_cookie' ); 307 308 add_filter( 'determine_current_user', 'wp_validate_logged_in_cookie', 20 ); -
wp-includes/pluggable.php
diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php index 0c87138..3f88ee3 100644
a b if ( !function_exists('wp_authenticate') ) : 533 533 * 534 534 * @since 2.5.0 535 535 * 536 * @param string $user name User's username537 * @param string $password User's password536 * @param string $user_identifier User's username or email address. 537 * @param string $password User's password. 538 538 * @return WP_User|WP_Error WP_User object if login successful, otherwise WP_Error object. 539 539 */ 540 function wp_authenticate($user name, $password) {541 $user name = sanitize_user($username);540 function wp_authenticate($user_identifier, $password) { 541 $user_identifier = sanitize_user($user_identifier); 542 542 $password = trim($password); 543 544 543 /** 545 544 * Filter the user to authenticate. 546 545 * … … function wp_authenticate($username, $password) { 549 548 * 550 549 * @since 2.8.0 551 550 * 552 * @param null|WP_User $user User to authenticate.553 * @param string $user nameUser login.554 * @param string $password User password551 * @param null|WP_User $user User to authenticate. 552 * @param string $user_identifier User login. 553 * @param string $password User password. 555 554 */ 556 $user = apply_filters( 'authenticate', null, $user name, $password );555 $user = apply_filters( 'authenticate', null, $user_identifier, $password ); 557 556 558 557 if ( $user == null ) { 559 558 // TODO what should the error message be? (Or would these even happen?) 560 559 // Only needed if all authentication handlers fail to return anything. 561 $user = new WP_Error('authentication_failed', __('<strong>ERROR</strong>: Invalid username or incorrect password.'));560 $user = new WP_Error('authentication_failed', __('<strong>ERROR</strong>: Invalid username/email address or incorrect password.')); 562 561 } 563 562 564 563 $ignore_codes = array('empty_username', 'empty_password'); -
wp-includes/user.php
diff --git a/wp-includes/user.php b/wp-includes/user.php index 17fe9fc..757d0f7 100644
a b function wp_authenticate_username_password($user, $username, $password) { 116 116 return $user; 117 117 } 118 118 119 // Coallate errors found in previous authentication callbacks. 120 if ( is_wp_error( $user ) ) { 121 $error = $user; 122 } else { 123 $error = new WP_Error(); 124 } 125 119 126 if ( empty($username) || empty($password) ) { 120 127 if ( is_wp_error( $user ) ) 121 128 return $user; 122 129 123 $error = new WP_Error();124 125 130 if ( empty($username) ) 126 131 $error->add('empty_username', __('<strong>ERROR</strong>: The username field is empty.')); 127 132 … … function wp_authenticate_username_password($user, $username, $password) { 133 138 134 139 $user = get_user_by('login', $username); 135 140 136 if ( !$user ) 137 return new WP_Error( 'invalid_username', sprintf( __( '<strong>ERROR</strong>: Invalid username. <a href="%s">Lost your password</a>?' ), wp_lostpassword_url() ) ); 141 if ( !$user ) { 142 $error->add( 'invalid_username', sprintf( __( '<strong>ERROR</strong>: Invalid username. <a href="%s">Lost your password</a>?' ), wp_lostpassword_url() ) ); 143 return $error; 144 } 138 145 139 146 /** 140 147 * Filter whether the given user can be authenticated with the provided $password. … … function wp_authenticate_username_password($user, $username, $password) { 149 156 if ( is_wp_error($user) ) 150 157 return $user; 151 158 152 if ( !wp_check_password($password, $user->user_pass, $user->ID) ) 153 return new WP_Error( 'incorrect_password', sprintf( __( '<strong>ERROR</strong>: The password you entered for the username <strong>%1$s</strong> is incorrect. <a href="%2$s">Lost your password</a>?' ),159 if ( !wp_check_password($password, $user->user_pass, $user->ID) ) { 160 $error->add( 'incorrect_password', sprintf( __( '<strong>ERROR</strong>: The password you entered for the username <strong>%1$s</strong> is incorrect. <a href="%2$s">Lost your password</a>?' ), 154 161 $username, wp_lostpassword_url() ) ); 162 return $error; 163 } 164 165 return $user; 166 } 167 168 /** 169 * Authenticate the user using the email and password. 170 * 171 * @since 4.2.0 172 * 173 * @param WP_User|WP_Error|null $user WP_User or WP_Error object from a previous callback. Default null. 174 * @param string $username User email for authentication. 175 * @param string $password Password for authentication. 176 * @return WP_User|WP_Error WP_User on success, WP_Error on failure. 177 */ 178 function wp_authenticate_email_password( $user, $email, $password ) { 179 if ( is_a( $user, 'WP_User' ) ) { 180 return $user; 181 } 182 183 if ( ! is_email( $email ) ) { 184 return $user; 185 } 186 187 // Coallate errors found in previous authentication callbacks. 188 if ( is_wp_error( $user ) ) { 189 $error = $user; 190 } else { 191 $error = new WP_Error(); 192 } 193 194 if ( empty($email) || empty($password) ) { 195 if ( is_wp_error( $user ) ) { 196 return $user; 197 } 198 199 if ( empty($email) ) { 200 $error->add('empty_email', __('<strong>ERROR</strong>: The email field is empty.')); 201 } 202 203 if ( empty($password) ) { 204 $error->add('empty_password', __('<strong>ERROR</strong>: The password field is empty.')); 205 } 206 207 return $error; 208 } 209 210 $user = get_user_by( 'email', $email ); 211 212 if ( ! $user ) { 213 $error->add( 'invalid_email', __( '<strong>ERROR</strong>: Invalid email address.' ) ); 214 return $error; 215 } 216 217 /** 218 * Filter whether the given user can be authenticated with the provided $password. 219 * 220 * @since 2.5.0 221 * 222 * @param WP_User|WP_Error $user WP_User or WP_Error object if a previous 223 * callback failed authentication. 224 * @param string $password Password to check against the user. 225 */ 226 $user = apply_filters( 'wp_authenticate_user', $user, $password ); 227 if ( is_wp_error($user) ) { 228 return $user; 229 } 230 231 if ( !wp_check_password($password, $user->user_pass, $user->ID) ) { 232 return new WP_Error( 'incorrect_password', sprintf( __( '<strong>ERROR</strong>: The password you entered for the email <strong>%1$s</strong> is incorrect. <a href="%2$s">Lost your password</a>?' ), 233 $email, wp_lostpassword_url() ) ); 234 } 155 235 156 236 return $user; 157 237 } -
wp-login.php
diff --git a/wp-login.php b/wp-login.php index 8290f1a..01ce41f 100644
a b default: 874 874 875 875 <form name="loginform" id="loginform" action="<?php echo esc_url( site_url( 'wp-login.php', 'login_post' ) ); ?>" method="post"> 876 876 <p> 877 <label for="user_login"><?php _e('Username ') ?><br />877 <label for="user_login"><?php _e('Username or email') ?><br /> 878 878 <input type="text" name="log" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label> 879 879 </p> 880 880 <p>