Changeset 2215

Timestamp:

02/05/2005 02:19:00 AM (20 years ago)

Author:

saxmatt

Message:

Big buttons for login and registration, more robust registration and password recovery.

Location:

trunk

Files:

• wp-admin/wp-admin.css (modified) (1 diff)
• wp-login.php (modified) (7 diffs)
• wp-register.php (modified) (6 diffs)

trunk/wp-admin/wp-admin.css

@@ -206 +206 @@
 }
 
-.submit, #quicktags, .editform th, #postcustomsubmit, #login form {
+.submit, #quicktags, .editform th, #postcustomsubmit {
     text-align: right;
 }

trunk/wp-login.php

@@ -48 +48 @@
     window.onload = focusit;
     </script>
+    <style type="text/css">
+    #user_login, #email, #submit {
+        font-size: 1.7em;
+    }
+    </style>
 </head>
 <body>
@@ -61 +66 @@
 <p>
 <input type="hidden" name="action" value="retrievepassword" />
-<label><?php _e('Login') ?>: <input type="text" name="user_login" id="user_login" value="" size="12" tabindex="1" /></label><br />
-<label><?php _e('E-mail') ?>: <input type="text" name="email" id="email" value="" size="12" tabindex="2" /></label><br />
+<label><?php _e('Login') ?>:<br />
+<input type="text" name="user_login" id="user_login" value="" size="20" tabindex="1" /></label></p>
+<p><label><?php _e('E-mail') ?>:<br />
+<input type="text" name="email" id="email" value="" size="25" tabindex="2" /></label><br />
 </p>
-<p class="submit"><input type="submit" name="submit" value="<?php _e('Retrieve Password'); ?> &raquo;" tabindex="3" /></p>
+<p class="submit"><input type="submit" name="submit" id="submit" value="<?php _e('Retrieve Password'); ?> &raquo;" tabindex="3" /></p>
 </form>
+<ul>
+    <li><a href="<?php bloginfo('home'); ?>" title="<?php _e('Are you lost?') ?>">&laquo; <?php _e('Back to blog') ?></a></li>
+<?php if (get_settings('users_can_register')) : ?>
+    <li><a href="<?php bloginfo('wpurl'); ?>/wp-register.php"><?php _e('Register') ?></a></li>
+<?php endif; ?>
+    <li><a href="<?php bloginfo('wpurl'); ?>/wp-login.php"><?php _e('Login') ?></a></li>
+</ul>
 </div>
 </body>
@@ -73 +87 @@
 
 case 'retrievepassword':
-
     $user_data = get_userdatabylogin($_POST['user_login']);
     // redefining user_login ensures we return the right case in the email
@@ -83 +96 @@
 
     // Generate something random for a password... md5'ing current time with a rand salt
-    $user_pass = substr(md5(uniqid(microtime())), 0, 6);
+    $key = substr( md5( uniqid( microtime() ) ), 0, 50);
     // now insert the new pass md5'd into the db
-    $wpdb->query("UPDATE $wpdb->users SET user_pass = MD5('$user_pass') WHERE user_login = '$user_login'");
-    $message  = __('Login') . ": $user_login\r\n";
-    $message .= __('Password') . ": $user_pass\r\n";
-    $message .= get_settings('siteurl') . '/wp-login.php';
-
-    $m = wp_mail($user_email, sprintf(__("[%s] Your login and password"), get_settings('blogname')), $message);
+    $wpdb->query("UPDATE $wpdb->users SET user_activation_key = '$key' WHERE user_login = '$user_login'");
+    $message .= __("Someone has asked to reset a password for the login this site\n\n " . get_option('siteurl') ) . "\n\n";
+    $message .= __('Login') . ": $user_login\r\n\r\n";
+    $message .= __("To reset your password visit the following address, otherwise just ignore this email and nothing will happen.\n\n");
+    $message .= get_settings('siteurl') . "/wp-login.php?action=resetpass&key=$key";
+mail($user_email, sprintf(__("[%s] Password Reset"), get_settings('blogname')), $message);
+    $m = wp_mail($user_email, sprintf(__("[%s] Password Reset"), get_settings('blogname')), $message);
 
     if ($m == false) {
@@ -98 +112 @@
     } else {
         echo '<p>' .  sprintf(__("The e-mail was sent successfully to %s's e-mail address."), $user_login) . '<br />';
+        echo  "<a href='wp-login.php' title='" . __('Check your e-mail first, of course') . "'>" . __('Click here to login!') . '</a></p>';
+        die();
+    }
+
+break;
+
+case 'resetpass' :
+
+    // Generate something random for a password... md5'ing current time with a rand salt
+    $key = $_GET['key'];
+    $user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_activation_key = '$key'");
+    if ( !$user )
+        die( __('Sorry, that key does not appear to be valid.') );
+
+    $new_pass = md5( substr( md5( uniqid( microtime() ) ), 0, 7) );
+    $wpdb->query("UPDATE $wpdb->users SET user_pass = '$new_pass', user_activation_key = '' WHERE user_login = '$user->user_login'");
+    $message  = __('Login') . ": $user_login\r\n";
+    $message .= __('Password') . ": $new_pass\r\n";
+    $message .= get_settings('siteurl') . '/wp-login.php';
+
+    $m = wp_mail($user->user_email, sprintf(__("[%s] Your new password"), get_settings('blogname')), $message);
+
+    if ($m == false) {
+         echo '<p>' . __('The e-mail could not be sent.') . "<br />\n";
+         echo  __('Possible reason: your host may have disabled the mail() function...') . "</p>";
+        die();
+    } else {
+        echo '<p>' .  sprintf(__("Your new password is in the mail."), $user_login) . '<br />';
         echo  "<a href='wp-login.php' title='" . __('Check your e-mail first, of course') . "'>" . __('Click here to login!') . '</a></p>';
+        die();
+    }   
+    
         // send a copy of password change notification to the admin
         wp_mail(get_settings('admin_email'), sprintf(__('[%s] Password Lost/Change'), get_settings('blogname')), sprintf(__('Password Lost and Changed for user: %s'), $user_login));
-        die();
-    }
-
 break;
 
@@ -159 +201 @@
     window.onload = focusit;
     </script>
+    <style type="text/css">
+    #log, #pwd, #submit {
+        font-size: 1.7em;
+    }
+    </style>
 </head>
 <body>
@@ -170 +217 @@
 
 <form name="loginform" id="loginform" action="wp-login.php" method="post">
-<p><label><?php _e('Login') ?>: <input type="text" name="log" id="log" value="" size="20" tabindex="1" /></label></p>
-<p><label><?php _e('Password') ?>: <input type="password" name="pwd" value="" size="20" tabindex="2" /></label></p>
+<p><label><?php _e('Login') ?>:<br /><input type="text" name="log" id="log" value="" size="20" tabindex="1" /></label></p>
+<p><label><?php _e('Password') ?>:<br /> <input type="password" name="pwd" id="pwd" value="" size="20" tabindex="2" /></label></p>
 <p class="submit">
-    <input type="submit" name="submit" value="<?php _e('Login'); ?> &raquo;" tabindex="3" />
+    <input type="submit" name="submit" id="submit" value="<?php _e('Login'); ?> &raquo;" tabindex="3" />
     <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
 </p>

trunk/wp-register.php

@@ -27 +27 @@
 
     $user_login = $_POST['user_login'];
-    $pass1 = $_POST['pass1'];
-    $pass2 = $_POST['pass2'];
     $user_email = $_POST['user_email'];
         
@@ -35 +33 @@
         die (__('<strong>ERROR</strong>: Please enter a login.'));
     }
-
-    /* checking the password has been typed twice */
-    if ($pass1 == '' || $pass2 == '') {
-        die (__('<strong>ERROR</strong>: Please enter your password twice.'));
-    }
-
-    /* checking the password has been typed twice the same */
-    if ($pass1 != $pass2)   {
-        die (__('<strong>ERROR</strong>: Please type the same password in the two password fields.'));
-    }
-    $user_nickname = $user_login;
 
     /* checking e-mail address */
@@ -64 +51 @@
     $user_browser = $wpdb->escape($_SERVER['HTTP_USER_AGENT']);
 
-    $user_login = $wpdb->escape($user_login);
-    $pass1 = $wpdb->escape($pass1);
-    $user_nickname = $wpdb->escape($user_nickname);
-    $user_nicename = sanitize_title($user_nickname);
+    $user_login = $wpdb->escape( preg_replace('|a-z0-9 _.-|i', '', $user_login) );
+    $user_nickname = $user_login;
+   $user_nicename = sanitize_title($user_nickname);
     $now = gmdate('Y-m-d H:i:s');
     if (get_settings('new_users_can_blog') >= 1) $user_level = 1;
+    $password = substr( md5( uniqid( microtime() ) ), 0, 7);
 
     $result = $wpdb->query("INSERT INTO $wpdb->users 
         (user_login, user_pass, user_nickname, user_email, user_ip, user_browser, user_registered, user_level, user_idmode, user_nicename)
     VALUES 
-        ('$user_login', MD5('$pass1'), '$user_nickname', '$user_email', '$user_ip', '$user_browser', '$now', '$user_level', 'nickname', '$user_nicename')");
+        ('$user_login', MD5('$password'), '$user_nickname', '$user_email', '$user_ip', '$user_browser', '$now', '$user_level', 'nickname', '$user_nicename')");
     
     if ($result == false) {
@@ -84 +71 @@
         $stars .= '*';
     }
+    
+    $message  = __('Login') . ": $user_login\r\n";
+    $message .= __('Password') . ": $new_pass\r\n";
+    $message .= get_settings('siteurl') . '/wp-login.php';
+    
+    wp_mail($user_email, sprintf(__("[%s] Your login information"), get_settings('blogname')), $message);
 
     $message  = sprintf(__("New user registration on your blog %1\$s:\n\nLogin: %2\$s \n\nE-mail: %3\$s"), get_settings('blogname'), $user_login, $user_email);
@@ -102 +95 @@
     <h2><?php _e('Registration Complete') ?></h2>
     <p><?php _e('Login:') ?> <strong><?php echo $user_login; ?></strong><br />
-    <?php _e('Password:') ?> <strong><?php echo $stars; ?></strong><br />
+    <?php _e('Password:') ?> <strong>emailed to you</strong><br />
     <?php _e('E-mail:') ?> <strong><?php echo $user_email; ?></strong></p>
     <form action="wp-login.php" method="post" name="login">
@@ -150 +143 @@
     <meta http-equiv="Content-Type" content="text/html; charset=<?php echo get_settings('blog_charset'); ?>" />
     <link rel="stylesheet" href="wp-admin/wp-admin.css" type="text/css" />
+    <style type="text/css">
+    #user_email, #user_login, #submit {
+        font-size: 1.7em;
+    }
+    </style>
 </head>
 
 <body>
 <div id="login">
-<h2><?php _e('Registration') ?></h2>
+<h1><a href="http://wordpress.org/">WordPress</a></h1>
+<h2><?php _e('Register for this blog') ?></h2>
 
-<form method="post" action="wp-register.php">
-    <input type="hidden" name="action" value="register" />
-    <label for="user_login"><?php _e('Login:') ?></label> <input type="text" name="user_login" id="user_login" size="10" maxlength="20" /><br />
-    <label for="pass1"><?php _e('Password:') ?></label> <input type="password" name="pass1" id="pass1" size="10" maxlength="100" /><br />
- 
-    <input type="password" name="pass2" size="10" maxlength="100" /><br />
-    <label for="user_email"><?php _e('E-mail') ?></label>: <input type="text" name="user_email" id="user_email" size="15" maxlength="100" /><br />
-    <input type="submit" value="<?php _e('OK') ?>" class="search" name="submit" />
+<form method="post" action="wp-register.php" id="registerform">
+    <p><input type="hidden" name="action" value="register" />
+    <label for="user_login"><?php _e('Login:') ?></label><br /> <input type="text" name="user_login" id="user_login" size="20" maxlength="20" /><br /></p>
+    <p><label for="user_email"><?php _e('E-mail') ?></label>:<br /> <input type="text" name="user_email" id="user_email" size="25" maxlength="100" /></p>
+    <p>A password will be emailed to you.</p>
+    <p class="submit"><input type="submit" value="<?php _e('Register') ?> &raquo;" id="submit" name="submit" /></p>
 </form>
+<ul>
+    <li><a href="<?php bloginfo('home'); ?>" title="<?php _e('Are you lost?') ?>">&laquo; <?php _e('Back to blog') ?></a></li>
+    <li><a href="<?php bloginfo('wpurl'); ?>/wp-login.php"><?php _e('Login') ?></a></li>
+    <li><a href="<?php bloginfo('wpurl'); ?>/wp-login.php?action=lostpassword" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a></li>
+</ul>
 </div>