Changeset 10437
- Timestamp:
- 01/24/2009 10:38:19 PM (16 years ago)
- Location:
- trunk/wp-includes
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/pluggable.php
r10395 r10437 423 423 function wp_authenticate($username, $password) { 424 424 $username = sanitize_user($username); 425 426 if ( '' == $username ) 427 return new WP_Error('empty_username', __('<strong>ERROR</strong>: The username field is empty.')); 428 429 if ( '' == $password ) 430 return new WP_Error('empty_password', __('<strong>ERROR</strong>: The password field is empty.')); 431 432 $user = get_userdatabylogin($username); 433 434 if ( !$user || ($user->user_login != $username) ) { 435 do_action( 'wp_login_failed', $username ); 436 return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Invalid username.')); 437 } 438 439 $user = apply_filters('wp_authenticate_user', $user, $password); 440 if ( is_wp_error($user) ) { 441 do_action( 'wp_login_failed', $username ); 442 return $user; 443 } 444 445 if ( !wp_check_password($password, $user->user_pass, $user->ID) ) { 446 do_action( 'wp_login_failed', $username ); 447 return new WP_Error('incorrect_password', __('<strong>ERROR</strong>: Incorrect password.')); 448 } 449 450 return new WP_User($user->ID); 425 $password = trim($password); 426 427 $user = apply_filters('authenticate', null, $username, $password); 428 429 if ($user == null) { 430 // TODO what should the error message be? (Or would these even happen?) 431 // Only needed if all authentication handlers fail to return anything. 432 $user = new WP_Error('authentication_failed', __('<strong>ERROR</strong>: Invalid username or incorrect password.')); 433 } 434 435 if (is_wp_error($user)) { 436 do_action('wp_login_failed', $username); 437 } 438 439 return $user; 451 440 } 452 441 endif; -
trunk/wp-includes/user.php
r10150 r10437 33 33 } 34 34 35 if ( !empty($credentials['user_login']) )36 $credentials['user_login'] = sanitize_user($credentials['user_login']);37 if ( !empty($credentials['user_password']) )38 $credentials['user_password'] = trim($credentials['user_password']);39 35 if ( !empty($credentials['remember']) ) 40 36 $credentials['remember'] = true; … … 42 38 $credentials['remember'] = false; 43 39 40 // TODO do we deprecate the wp_authentication action? 44 41 do_action_ref_array('wp_authenticate', array(&$credentials['user_login'], &$credentials['user_password'])); 45 42 … … 47 44 $secure_cookie = is_ssl() ? true : false; 48 45 49 // If no credential info provided, check cookie. 50 if ( empty($credentials['user_login']) && empty($credentials['user_password']) ) { 51 $user = wp_validate_auth_cookie(); 52 if ( $user ) 53 return new WP_User($user); 54 55 if ( $secure_cookie ) 46 global $auth_secure_cookie; // XXX ugly hack to pass this to wp_authenticate_cookie 47 $auth_secure_cookie = $secure_cookie; 48 49 add_filter('authenticate', 'wp_authenticate_cookie', 30, 3); 50 51 $user = wp_authenticate($credentials['user_login'], $credentials['user_password']); 52 53 if ( is_wp_error($user) ) 54 return $user; 55 56 wp_set_auth_cookie($user->ID, $credentials['remember'], $secure_cookie); 57 do_action('wp_login', $credentials['user_login']); 58 return $user; 59 } 60 61 62 /** 63 * Authenticate the user using the username and password. 64 */ 65 add_filter('authenticate', 'wp_authenticate_username_password', 20, 3); 66 function wp_authenticate_username_password($user, $username, $password) { 67 if ( is_a($user, 'WP_User') ) { return $user; } 68 69 // XXX slight hack to handle initial load of wp-login.php 70 if ( (empty($username) && empty($password)) && $GLOBALS['pagenow'] == 'wp-login.php' ) { 71 return $user; 72 } 73 74 if ( empty($username) || empty($password) ) { 75 $error = new WP_Error(); 76 77 if ( empty($username) ) 78 $error->add('empty_username', __('<strong>ERROR</strong>: The username field is empty.')); 79 80 if ( empty($password) ) 81 $error->add('empty_password', __('<strong>ERROR</strong>: The password field is empty.')); 82 83 return $error; 84 } 85 86 $userdata = get_userdatabylogin($username); 87 88 if ( !$userdata || ($userdata->user_login != $username) ) { 89 return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Invalid username.')); 90 } 91 92 $user = apply_filters('wp_authenticate_user', $user, $password); 93 if ( is_wp_error($user) ) { 94 return $user; 95 } 96 97 if ( !wp_check_password($password, $userdata->user_pass, $userdata->ID) ) { 98 return new WP_Error('incorrect_password', __('<strong>ERROR</strong>: Incorrect password.')); 99 } 100 101 $user = new WP_User($userdata->ID); 102 return $user; 103 } 104 105 /** 106 * Authenticate the user using the WordPress auth cookie. 107 */ 108 function wp_authenticate_cookie($user, $username, $password) { 109 if ( is_a($user, 'WP_User') ) { return $user; } 110 111 if ( empty($username) && empty($password) ) { 112 $user_id = wp_validate_auth_cookie(); 113 if ( $user_id ) 114 return new WP_User($user_id); 115 116 global $auth_secure_cookie; 117 118 if ( $auth_secure_cookie ) 56 119 $auth_cookie = SECURE_AUTH_COOKIE; 57 120 else … … 62 125 63 126 // If the cookie is not set, be silent. 64 return new WP_Error(); 65 } 66 67 if ( empty($credentials['user_login']) || empty($credentials['user_password']) ) { 68 $error = new WP_Error(); 69 70 if ( empty($credentials['user_login']) ) 71 $error->add('empty_username', __('<strong>ERROR</strong>: The username field is empty.')); 72 if ( empty($credentials['user_password']) ) 73 $error->add('empty_password', __('<strong>ERROR</strong>: The password field is empty.')); 74 return $error; 75 } 76 77 $user = wp_authenticate($credentials['user_login'], $credentials['user_password']); 78 if ( is_wp_error($user) ) 79 return $user; 80 81 wp_set_auth_cookie($user->ID, $credentials['remember'], $secure_cookie); 82 do_action('wp_login', $credentials['user_login']); 127 } 128 83 129 return $user; 84 130 }
Note: See TracChangeset
for help on using the changeset viewer.