Ticket #9568: 9568.9.diff
| File 9568.9.diff, 7.8 KB (added by , 10 years ago) |
|---|
-
wp-includes/default-filters.php
302 302 303 303 // Default authentication filters 304 304 add_filter( 'authenticate', 'wp_authenticate_username_password', 20, 3 ); 305 add_filter( 'authenticate', 'wp_authenticate_email_password', 20, 3 ); 305 306 add_filter( 'authenticate', 'wp_authenticate_spam_check', 99 ); 306 307 add_filter( 'determine_current_user', 'wp_validate_auth_cookie' ); 307 308 add_filter( 'determine_current_user', 'wp_validate_logged_in_cookie', 20 ); -
wp-includes/pluggable.php
533 533 * 534 534 * @since 2.5.0 535 535 * 536 * @param string $user name User's username537 * @param string $password User's password536 * @param string $user_identifier User's username or email address. 537 * @param string $password User's password. 538 538 * @return WP_User|WP_Error WP_User object if login successful, otherwise WP_Error object. 539 539 */ 540 function wp_authenticate($user name, $password) {541 $user name = sanitize_user($username);540 function wp_authenticate($user_identifier, $password) { 541 $user_identifier = sanitize_user($user_identifier); 542 542 $password = trim($password); 543 544 543 /** 545 544 * Filter the user to authenticate. 546 545 * … … 549 548 * 550 549 * @since 2.8.0 551 550 * 552 * @param null|WP_User $user User to authenticate.553 * @param string $user nameUser login.554 * @param string $password User password551 * @param null|WP_User $user User to authenticate. 552 * @param string $user_identifier User login. 553 * @param string $password User password. 555 554 */ 556 $user = apply_filters( 'authenticate', null, $user name, $password );555 $user = apply_filters( 'authenticate', null, $user_identifier, $password ); 557 556 558 557 if ( $user == null ) { 559 558 // TODO what should the error message be? (Or would these even happen?) 560 559 // Only needed if all authentication handlers fail to return anything. 561 $user = new WP_Error('authentication_failed', __('<strong>ERROR</strong>: Invalid username or incorrect password.'));560 $user = new WP_Error('authentication_failed', __('<strong>ERROR</strong>: Invalid username/email address or incorrect password.')); 562 561 } 563 562 564 563 $ignore_codes = array('empty_username', 'empty_password'); … … 571 570 * 572 571 * @param string $username User login. 573 572 */ 574 do_action( 'wp_login_failed', $user name);573 do_action( 'wp_login_failed', $user_identifier ); 575 574 } 576 575 577 576 return $user; -
wp-includes/user.php
116 116 return $user; 117 117 } 118 118 119 // Collate errors found in previous authentication callbacks. 120 if ( is_wp_error( $user ) ) { 121 $error = $user; 122 } else { 123 $error = new WP_Error(); 124 } 125 119 126 if ( empty($username) || empty($password) ) { 120 127 if ( is_wp_error( $user ) ) 121 128 return $user; 122 129 123 $error = new WP_Error();124 125 130 if ( empty($username) ) 126 131 $error->add('empty_username', __('<strong>ERROR</strong>: The username field is empty.')); 127 132 … … 133 138 134 139 $user = get_user_by('login', $username); 135 140 136 if ( !$user ) 137 return new WP_Error( 'invalid_username', sprintf( __( '<strong>ERROR</strong>: Invalid username. <a href="%s">Lost your password</a>?' ), wp_lostpassword_url() ) ); 141 if ( !$user ) { 142 $error->add( 'invalid_username', sprintf( __( '<strong>ERROR</strong>: Invalid username. <a href="%s">Lost your password</a>?' ), wp_lostpassword_url() ) ); 143 return $error; 144 } 138 145 139 146 /** 140 147 * Filter whether the given user can be authenticated with the provided $password. … … 149 156 if ( is_wp_error($user) ) 150 157 return $user; 151 158 152 if ( !wp_check_password($password, $user->user_pass, $user->ID) ) 153 return new WP_Error( 'incorrect_password', sprintf( __( '<strong>ERROR</strong>: The password you entered for the username <strong>%1$s</strong> is incorrect. <a href="%2$s">Lost your password</a>?' ),159 if ( !wp_check_password($password, $user->user_pass, $user->ID) ) { 160 $error->add( 'incorrect_password', sprintf( __( '<strong>ERROR</strong>: The password you entered for the username <strong>%1$s</strong> is incorrect. <a href="%2$s">Lost your password</a>?' ), 154 161 $username, wp_lostpassword_url() ) ); 162 return $error; 163 } 155 164 156 165 return $user; 157 166 } 158 167 159 168 /** 169 * Authenticate the user using the email and password. 170 * 171 * @since 4.2.0 172 * 173 * @param WP_User|WP_Error|null $user WP_User or WP_Error object from a previous callback. Default null. 174 * @param string $username User email for authentication. 175 * @param string $password Password for authentication. 176 * @return WP_User|WP_Error WP_User on success, WP_Error on failure. 177 */ 178 function wp_authenticate_email_password( $user, $email, $password ) { 179 if ( is_a( $user, 'WP_User' ) ) { 180 return $user; 181 } 182 183 if ( ! is_email( $email ) ) { 184 return $user; 185 } 186 187 // Collate errors found in previous authentication callbacks. 188 if ( is_wp_error( $user ) ) { 189 $error = $user; 190 } else { 191 $error = new WP_Error(); 192 } 193 194 if ( empty($email) || empty($password) ) { 195 if ( is_wp_error( $user ) ) { 196 return $user; 197 } 198 199 if ( empty($email) ) { 200 $error->add('empty_email', __('<strong>ERROR</strong>: The email field is empty.')); 201 } 202 203 if ( empty($password) ) { 204 $error->add('empty_password', __('<strong>ERROR</strong>: The password field is empty.')); 205 } 206 207 return $error; 208 } 209 210 $user = get_user_by( 'email', $email ); 211 212 if ( ! $user ) { 213 $error->add( 'invalid_email', __( '<strong>ERROR</strong>: Invalid email address.' ) ); 214 return $error; 215 } 216 217 /** 218 * Filter whether the given user can be authenticated with the provided $password. 219 * 220 * @since 2.5.0 221 * 222 * @param WP_User|WP_Error $user WP_User or WP_Error object if a previous 223 * callback failed authentication. 224 * @param string $password Password to check against the user. 225 */ 226 $user = apply_filters( 'wp_authenticate_user', $user, $password ); 227 if ( is_wp_error($user) ) { 228 return $user; 229 } 230 231 if ( !wp_check_password($password, $user->user_pass, $user->ID) ) { 232 return new WP_Error( 'incorrect_password', sprintf( __( '<strong>ERROR</strong>: The password you entered for the email <strong>%1$s</strong> is incorrect. <a href="%2$s">Lost your password</a>?' ), 233 $email, wp_lostpassword_url() ) ); 234 } 235 236 return $user; 237 } 238 239 /** 160 240 * Authenticate the user using the WordPress auth cookie. 161 241 * 162 242 * @since 2.8.0 -
wp-login.php
753 753 754 754 // If the user wants ssl but the session is not ssl, force a secure cookie. 755 755 if ( !empty($_POST['log']) && !force_ssl_admin() ) { 756 $user_name = sanitize_user($_POST['log']); 757 if ( $user = get_user_by('login', $user_name) ) { 756 $user_identifier = sanitize_user( $_POST['log'] ); 757 758 $user = get_user_by( 'login', $user_identifier ); 759 760 if ( !$user ) { 761 $user = get_user_by( 'email', $user_identifier ); 762 } 763 764 if ( $user ) { 758 765 if ( get_user_option('use_ssl', $user->ID) ) { 759 766 $secure_cookie = true; 760 767 force_ssl_admin(true); … … 874 881 875 882 <form name="loginform" id="loginform" action="<?php echo esc_url( site_url( 'wp-login.php', 'login_post' ) ); ?>" method="post"> 876 883 <p> 877 <label for="user_login"><?php _e('Username ') ?><br />884 <label for="user_login"><?php _e('Username or email') ?><br /> 878 885 <input type="text" name="log" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label> 879 886 </p> 880 887 <p>