Make WordPress Core

Changeset 1731


Ignore:
Timestamp:
10/04/2004 06:23:53 AM (20 years ago)
Author:
saxmatt
Message:

New login system.

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/wp-admin.css

    r1703 r1731  
    326326
    327327#login {
    328     background: url(../wp-images/wp-small.png) #fff no-repeat top center;
    329     border: 2px solid #333;
    330     color: #333;
    331     height: 170px;
    332     left: 50%;
    333     margin-left: -120px; /* half of width and height */
    334     margin-top: -85px;
    335     padding: 40px 5px 5px 5px;
    336     position: absolute;
     328    background: #fff;
     329    border: 2px solid #a2a2a2;
     330    width: 25em;
     331    margin: 5em auto;
     332    padding: 1.5em;
     333}
     334
     335#login form {
    337336    text-align: right;
    338     top: 45%;
    339     width: 240px;
    340 }
    341 
    342 #login textarea, #login input, #login select {
    343     background: #f0f0f0;
    344     border-color: #ccc;
    345     border-style: solid;
    346     border-width: 1px;
    347     margin: 1px;
    348     padding: 2px;
     337}
     338#login #login_error {
     339    background: #c00;
     340    color: #fff;
     341    padding: .5em;
     342    border: 1px solid #a40000;
     343    text-align: center;
     344    font-weight: bold;
     345    font-size: 16px;
     346}
     347#login h1 {
     348    background: url(../wp-images/wp-small.png) no-repeat;
     349    margin-top: 0;
     350}
     351#login h1 a {
     352    display: block;
     353    text-indent: -1000px;
     354}
     355
     356#login ul {
     357    list-style: none;
     358    margin: 0;
     359    padding: 0;
     360   
     361}
     362#login ul li {
     363    display: inline;
     364    text-align: center;
     365    margin-left: 1.4em;
     366}
     367
     368#login input {
     369    padding: 3px;
    349370}
    350371
  • trunk/wp-includes/template-functions-general.php

    r1729 r1731  
    5353
    5454    switch($show) {
    55     case 'url':
    56     case 'siteurl':
     55    case 'url' :
     56    case 'home' :
     57    case 'siteurl' :
    5758        $output = get_settings('home');
     59        break;
     60    case 'wpurl' :
     61        $output = get_settings('siteurl');
    5862        break;
    5963    case 'description':
  • trunk/wp-login.php

    r1730 r1731  
    22require('./wp-config.php');
    33
    4 function login() {
    5     global $wpdb, $log, $pwd, $error, $user_ID;
    6     global $pass_is_md5;
    7     $user_login = &$log;
    8     $pwd = md5($pwd);
    9     $password = &$pwd;
    10     if (!$user_login) {
    11         $error = __('<strong>Error</strong>: the login field is empty.');
     4function login($username, $password, $already_md5 = false) {
     5    global $wpdb, $error;
     6    if ( !$already_md5 )
     7        $pwd = md5($password);
     8
     9    if ( !$username )
    1210        return false;
    13     }
    14 
    15     if (!$password) {
    16         $error = __('<strong>Error</strong>: the password field is empty.');
     11
     12    if ( !$password ) {
     13        $error = __('<strong>Error</strong>: The password field is empty.');
    1714        return false;
    1815    }
    1916
    20     $query = "SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$user_login' AND user_pass = '$password'";
    21 
    22     $login = $wpdb->get_row($query);
     17    $login = $wpdb->get_row("SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$username'");
    2318
    2419    if (!$login) {
    25         $error = __('<strong>Error</strong>: wrong login or password.');
     20        $error = __('<strong>Error</strong>: Wrong login.');
    2621        $pwd = '';
    2722        return false;
    2823    } else {
    29     $user_ID = $login->ID;
    30         if (($pass_is_md5 == 0 && $login->user_login == $user_login && $login->user_pass == $password) || ($pass_is_md5 == 1 && $login->user_login == $user_login && $login->user_pass == md5($password))) {
     24
     25        if ( $login->user_login == $username && $login->user_pass == $pwd ) {
    3126            return true;
    3227        } else {
    33             $error = __('<strong>Error</strong>: wrong login or password.');
     28            $error = __('<strong>Error</strong>: Incorrect password.');
    3429            $pwd = '';
    35         return false;
     30            return false;
    3631        }
    37     }
    38 }
    39 
    40 function checklogin() {
    41     global $user_login, $user_pass_md5, $user_ID;
    42 
    43     $userdata = get_userdatabylogin($user_login);
    44 
    45     if ($user_pass_md5 != md5($userdata->user_pass)) {
    46         return false;
    47     } else {
    48         return true;
    4932    }
    5033}
     
    6952}
    7053
    71 $wpvarstoreset = array('action','mode','error','text','popupurl','popuptitle');
     54$wpvarstoreset = array('action');
    7255
    7356for ($i = 0; $i < count($wpvarstoreset); $i = $i + 1) {
     
    8568    }
    8669}
    87 
     70$error = '';
    8871// If someone has moved WordPress let's try to detect it
    8972if ( dirname('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']) != get_settings('siteurl') )
     
    9477case 'logout':
    9578
    96     setcookie('wordpressuser_'.$cookiehash, " ", time() - 31536000, COOKIEPATH);
    97     setcookie('wordpresspass_'.$cookiehash, " ", time() - 31536000, COOKIEPATH);
     79    setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH);
     80    setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH);
    9881    header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
    9982    header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
    10083    header('Cache-Control: no-cache, must-revalidate');
    10184    header('Pragma: no-cache');
    102     if ($is_IIS) {
     85    if ($is_IIS)
    10386        header('Refresh: 0;url=wp-login.php');
    104     } else {
     87    else
    10588        header('Location: wp-login.php');
    106     }
    10789    exit();
    10890
     
    11193case 'login':
    11294
    113     if(!empty($_POST)) {
     95    if( !empty($_POST) ) {
    11496        $log = $_POST['log'];
    115         $pwd = stripslashes($_POST['pwd']);
    116         $redirect_to = $_POST['redirect_to'];
     97        $pwd = $_POST['pwd'];
     98        $redirect_to = preg_replace('|[^a-z/.:_-]|i', '', $_POST['redirect_to']);
    11799    }
    118100   
     
    123105    }
    124106
    125     if (!login()) {
     107    if ( !login($log, $pwd) ) {
    126108        header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
    127109        header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
    128110        header('Cache-Control: no-cache, must-revalidate');
    129111        header('Pragma: no-cache');
    130     if ($is_IIS) {
    131         header('Refresh: 0;url=wp-login.php');
    132     } else {
    133         header('Location: wp-login.php');
    134     }
     112        if ($is_IIS)
     113            header('Refresh: 0;url=wp-login.php');
     114        else
     115            header('Location: wp-login.php');
    135116        exit();
    136117    } else {
    137118        $user_login = $log;
    138         $user_pass = $pwd;
     119        $user_pass = md5($pwd);
    139120        setcookie('wordpressuser_'.$cookiehash, $user_login, time() + 31536000, COOKIEPATH);
    140121        setcookie('wordpresspass_'.$cookiehash, md5($user_pass), time() + 31536000, COOKIEPATH);
     
    145126        header('Pragma: no-cache');
    146127
    147         switch($mode) {
    148             case 'bookmarklet':
    149                 $location = "wp-admin/bookmarklet.php?text=$text&popupurl=$popupurl&popuptitle=$popuptitle";
    150                 break;
    151             case 'sidebar':
    152                 $location = "wp-admin/sidebar.php?text=$text&popupurl=$popupurl&popuptitle=$popuptitle";
    153                 break;
    154             case 'profile':
    155                 $location = "wp-admin/profile.php?text=$text&popupurl=$popupurl&popuptitle=$popuptitle";
    156                 break;
    157             default:
    158                 $location = "$redirect_to";
    159                 break;
    160         }
    161 
    162         if ($is_IIS) {
    163             header("Refresh: 0;url=$location");
    164         } else {
    165             header("Location: $location");
    166         }
     128        if ($is_IIS)
     129            header("Refresh: 0;url=$redirect_to");
     130        else
     131            header("Location: $redirect_to");
    167132    }
    168133
     
    176141<html xmlns="http://www.w3.org/1999/xhtml">
    177142<head>
    178     <title><?php _e('WordPress &raquo; Lost password ?') ?></title>
    179     <meta http-equiv="Content-Type" content="text/html; charset=<?php echo get_settings('blog_charset'); ?>" />
     143    <title>WordPress &raquo; <?php _e('Lost Password') ?></title>
     144    <meta http-equiv="Content-Type" content="text/html; charset=<?php bloginfo('charset'); ?>" />
    180145    <link rel="stylesheet" href="<?php echo get_settings('siteurl'); ?>/wp-admin/wp-admin.css" type="text/css" />
    181146    <script type="text/javascript">
     
    188153</head>
    189154<body>
    190 
    191 
    192155<div id="login">
    193 <p><?php _e('Please enter your information here. We will send you a new password.') ?> </p>
    194 <?php
    195 if ($error) echo "<div align=\"right\" style=\"padding:4px;\"><font color=\"#FF0000\">$error</font><br />&nbsp;</div>";
     156<h1><a href="http://wordpress.org/">WordPress</a></h1>
     157<p><?php _e('Please enter your information here. We will send you a new password.') ?></p>
     158<?php
     159if ($error)
     160    echo "<div id='loginerror'>$error</div>";
    196161?>
    197162
    198 <form name="" action="wp-login.php" method="post" id="lostpass">
     163<form name="lostpass" action="wp-login.php" method="post" id="lostpass">
     164<p>
    199165<input type="hidden" name="action" value="retrievepassword" />
    200 <label><?php _e('Login:') ?> <input type="text" name="user_login" id="user_login" value="" size="12" /></label><br />
    201 <label><?php _e('E-mail:') ?> <input type="text" name="email" id="email" value="" size="12" /></label><br />
    202 <input type="submit" name="Submit2" value="OK" class="search" />
    203 
     166<label><?php _e('Login') ?>: <input type="text" name="user_login" id="user_login" value="" size="12" tabindex="1" /></label><br />
     167<label><?php _e('E-mail') ?>: <input type="text" name="email" id="email" value="" size="12" tabindex="2" /></label><br />
     168</p>
     169<p class="submit"><input type="submit" name="submit" value="<?php _e('Retrieve Password'); ?> &raquo;" tabindex="3" /></p>
    204170</form>
    205171</div>
    206 
    207 
    208 
    209172</body>
    210173</html>
    211     <?php
    212 
     174<?php
    213175break;
    214176
    215177case 'retrievepassword':
    216178
    217     $user_data = get_userdatabylogin($_POST["user_login"]);
     179    $user_data = get_userdatabylogin($_POST['user_login']);
    218180    // redefining user_login ensures we return the right case in the email
    219181    $user_login = $user_data->user_login;
    220182    $user_email = $user_data->user_email;
    221183
    222     if (!$user_email || $user_email != $_POST['email']) die(sprintf(__('Sorry, that user does not seem to exist in our database. Perhaps you have the wrong username or e-mail address? <a href="%s">Try again</a>.'), 'wp-login.php?action=lostpassword'));
    223     // Generate something random for a password... md5'ing current time with a rand salt
    224     $user_pass = substr((MD5("time" . rand(1,16000))), 0, 6);
    225     // now insert the new pass md5'd into the db
     184    if (!$user_email || $user_email != $_POST['email'])
     185        die(sprintf(__('Sorry, that user does not seem to exist in our database. Perhaps you have the wrong username or e-mail address? <a href="%s">Try again</a>.'), 'wp-login.php?action=lostpassword'));
     186
     187    // Generate something random for a password... md5'ing current time with a rand salt
     188    $user_pass = substr( MD5('time' . rand(1, 16000) ), 0, 6);
     189    // now insert the new pass md5'd into the db
    226190    $wpdb->query("UPDATE $wpdb->users SET user_pass = MD5('$user_pass') WHERE user_login = '$user_login'");
    227     $message  = "Login: $user_login\r\n";
    228     $message .= "Password: $user_pass\r\n";
    229     $message .= 'Login at: ' . get_settings('siteurl') . '/wp-login.php';
    230 
    231     $m = mail($user_email, '[' . get_settings('blogname') . "] Your weblog's login/password", $message);
     191    $message  = __('Login') . ": $user_login\r\n";
     192    $message .= __('Password') . ": $user_pass\r\n";
     193    $message .= get_settings('siteurl') . '/wp-login.php';
     194
     195    $m = mail($user_email, sprintf(__("[%s] Your login and password"), get_settings('blogname')), $message);
    232196
    233197    if ($m == false) {
     
    248212default:
    249213
    250     if((!empty($_COOKIE['wordpressuser_'.$cookiehash])) && (!empty($_COOKIE['wordpresspass_'.$cookiehash]))) {
    251         $user_login = $_COOKIE['wordpressuser_'.$cookiehash];
    252         $user_pass_md5 = $_COOKIE['wordpresspass_'.$cookiehash];
    253     }
    254 
    255     if ( !(checklogin()) ) {
    256         if (!empty($_COOKIE['wordpressuser_'.$cookiehash])) {
    257             $error="Error: wrong login/password"; //, or your session has expired.";
    258         }
    259     } else {
    260         header("Expires: Wed, 5 Jun 1979 23:41:00 GMT"); /* private joke: this is Michel's birthdate - though officially it's on the 6th, since he's GMT+1 :) */
    261         header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); /* different all the time */
    262         header("Cache-Control: no-cache, must-revalidate"); /* to cope with HTTP/1.1 */
    263         header("Pragma: no-cache");
    264         header("Location: wp-admin/");
     214    if( !empty($_COOKIE['wordpressuser_' . COOKIEHASH]) && !empty($_COOKIE['wordpresspass_' . COOKIEHASH]) ) {
     215        $user_login = $_COOKIE['wordpressuser_' . COOKIEHASH];
     216        $user_pass_md5 = $_COOKIE['wordpresspass_' . COOKIEHASH];
     217    }
     218
     219    if ( !login($user_login, $user_pass_md5, true) ) {
     220        if ( !empty($_COOKIE['wordpressuser_' . COOKIEHASH]) )
     221            $error = 'Your session has expired.';
     222    } else {
     223        header('Expires: Wed, 5 Jun 1979 23:41:00 GMT'); // Michel's birthday
     224        header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
     225        header('Cache-Control: no-cache, must-revalidate');
     226        header('Pragma: no-cache');
     227        header('Location: wp-admin/');
    265228        exit();
    266229    }
     
    269232<html xmlns="http://www.w3.org/1999/xhtml">
    270233<head>
    271     <title><?php printf(__('WordPress > %s > Login form'), htmlspecialchars(get_settings('blogname'))) ?></title>
    272     <meta http-equiv="Content-Type" content="text/html; charset=<?php echo get_settings('blog_charset'); ?>" />
    273     <link rel="stylesheet" href="<?php echo get_settings('siteurl'); ?>/wp-admin/wp-admin.css" type="text/css" />
     234    <title>WordPress &rsaquo; <?php _e('Login') ?></title>
     235    <meta http-equiv="Content-Type" content="text/html; charset=<?php bloginfo('charset'); ?>" />
     236    <link rel="stylesheet" href="<?php bloginfo('wpurl'); ?>/wp-admin/wp-admin.css" type="text/css" />
    274237    <script type="text/javascript">
    275238    function focusit() {
     
    283246
    284247<div id="login">
    285 <p>
    286     <a href="<?php echo get_settings('home'); ?>" title="<?php _e('Are you lost?') ?>"><?php _e('Back to blog?') ?></a><br />
    287 <?php if (get_settings('users_can_register')) { ?>
    288     <a href="<?php echo get_settings('siteurl'); ?>/wp-register.php" title="<?php _e('Register to be an author') ?>"><?php _e('Register?') ?></a><br />
    289 <?php } ?>
    290     <a href="<?php echo get_settings('siteurl'); ?>/wp-login.php?action=lostpassword" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a>
    291 </p>
    292 
    293 <?php
    294 if ($error) echo "<div align=\"right\" style=\"padding:4px;\"><font color=\"#FF0000\">$error</font><br />&nbsp;</div>";
     248<h1><a href="http://wordpress.org/">WordPress</a></h1>
     249<?php
     250if ($error)
     251    echo "<div id='login_error'>$error</div>";
    295252?>
    296253
    297 <form name="login" id="loginform" action="wp-login.php" method="post">
    298 <?php if ($mode=="bookmarklet") { ?>
    299     <input type="hidden" name="mode" value="<?php echo $mode ?>" />
    300     <input type="hidden" name="text" value="<?php echo $text ?>" />
    301     <input type="hidden" name="popupurl" value="<?php echo $popupurl ?>" />
    302     <input type="hidden" name="popuptitle" value="<?php echo $popuptitle ?>" />
    303 <?php } ?>
     254<form name="loginform" id="loginform" action="wp-login.php?action=login" method="post">
     255<p><label><?php _e('Login') ?>: <input type="text" name="log" id="log" value="" size="20" tabindex="1" /></label></p>
     256<p><label><?php _e('Password') ?>: <input type="password" name="pwd" value="" size="20" tabindex="2" /></label></p>
     257<p class="submit"><input type="submit" name="submit" value="<?php _e('Login'); ?> &raquo;" tabindex="3" />
    304258<?php if (isset($_GET["redirect_to"])) { ?>
    305259    <input type="hidden" name="redirect_to" value="<?php echo $_GET["redirect_to"] ?>" />
     
    307261    <input type="hidden" name="redirect_to" value="wp-admin/" />
    308262<?php } ?>
    309     <input type="hidden" name="action" value="login" />
    310     <label><?php _e('Login:') ?> <input type="text" name="log" id="log" value="" size="20" tabindex="1" /></label><br />
    311     <label><?php _e('Password:') ?> <input type="password" name="pwd" value="" size="20" tabindex="2" /></label><br />
    312     <input type="submit" name="Submit2" value="OK" class="search" tabindex="3" />
     263</p>
    313264</form>
    314 
     265<ul>
     266    <li><a href="<?php bloginfo('home'); ?>" title="<?php _e('Are you lost?') ?>">&laquo; <?php _e('Back to blog') ?></a></li>
     267<?php if (get_settings('users_can_register')) : ?>
     268    <li><a href="<?php bloginfo('wpurl'); ?>/wp-register.php"><?php _e('Register') ?></a></li>
     269<?php endif; ?>
     270    <li><a href="<?php bloginfo('wpurl'); ?>/wp-login.php?action=lostpassword" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a></li>
     271</ul>
    315272</div>
    316273
Note: See TracChangeset for help on using the changeset viewer.