WordPress.org

Make WordPress Core

Changeset 19925 for trunk/wp-login.php


Ignore:
Timestamp:
02/14/2012 06:29:22 PM (8 years ago)
Author:
ryan
Message:

Set post password cookies via an action in wp-login.php. Retire wp-pass.php (one less root file). Obey login ssl preferences for post password form submission. Props SergeyBiryukov. fixes #19798

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-login.php

    r19783 r19925  
    351351
    352352// validate action so as to default to the login screen
    353 if ( !in_array($action, array('logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login'), true) && false === has_filter('login_form_' . $action) )
     353if ( !in_array( $action, array( 'postpass', 'logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login' ), true ) && false === has_filter( 'login_form_' . $action ) )
    354354    $action = 'login';
    355355
     
    378378$http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
    379379switch ($action) {
     380
     381case 'postpass' :
     382    if ( empty( $wp_hasher ) ) {
     383        require_once( ABSPATH . 'wp-includes/class-phpass.php' );
     384        // By default, use the portable hash from phpass
     385        $wp_hasher = new PasswordHash(8, true);
     386    }
     387
     388    // 10 days
     389    setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 864000, COOKIEPATH );
     390
     391    wp_safe_redirect( wp_get_referer() );
     392    exit();
     393
     394break;
    380395
    381396case 'logout' :
Note: See TracChangeset for help on using the changeset viewer.