WordPress.org
Get WordPress

Make WordPress Core

Changeset 6387 for trunk/wp-login.php


Ignore:
Timestamp:
12/16/2007 05:41:59 PM (18 years ago)
Author:
ryan
Message:

New secure cookie protocol. see #5367

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/wp-login.php

    r6385 r6387  
    289289    $user_login = '';
    290290    $user_pass = '';
    291     $using_cookie = FALSE;
    292291
    293292    if ( !isset( $_REQUEST['redirect_to'] ) || is_user_logged_in() )
     
    297296
    298297    if ( $http_post ) {
     298        // If cookies are disabled we can't log in even with a valid user+pass
     299        if ( empty($_COOKIE[TEST_COOKIE]) )
     300            $errors['test_cookie'] = __('<strong>ERROR</strong>: WordPress requires Cookies but your browser does not support them or they are blocked.');
     301       
    299302        $user_login = $_POST['log'];
    300303        $user_login = sanitize_user( $user_login );
    301304        $user_pass  = $_POST['pwd'];
    302305        $rememberme = $_POST['rememberme'];
     306
     307        do_action_ref_array('wp_authenticate', array(&$user_login, &$user_pass));
    303308    } else {
    304         $cookie_login = wp_get_cookie_login();
    305         if ( ! empty($cookie_login) ) {
    306             $using_cookie = true;
    307             $user_login = $cookie_login['login'];
    308             $user_pass = $cookie_login['password'];
    309         }
    310     }
    311 
    312     do_action_ref_array('wp_authenticate', array(&$user_login, &$user_pass));
    313 
    314     // If cookies are disabled we can't log in even with a valid user+pass
    315     if ( $http_post && empty($_COOKIE[TEST_COOKIE]) )
    316         $errors['test_cookie'] = __('<strong>ERROR</strong>: WordPress requires Cookies but your browser does not support them or they are blocked.');
     309        $user = wp_validate_auth_cookie();
     310        if ( !$user ) {
     311            $errors['expiredsession'] = __('Your session has expired.');
     312        } else {
     313            $user = new WP_User($user);
     314
     315            // If the user can't edit posts, send them to their profile.
     316            if ( !$user->has_cap('edit_posts') && ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' ) )
     317                $redirect_to = get_option('siteurl') . '/wp-admin/profile.php';
     318            wp_safe_redirect($redirect_to);
     319            exit();
     320        }
     321    }
    317322
    318323    if ( $user_login && $user_pass && empty( $errors ) ) {
     
    323328            $redirect_to = get_option('siteurl') . '/wp-admin/profile.php';
    324329
    325         if ( wp_login($user_login, $user_pass, $using_cookie) ) {
    326             if ( !$using_cookie )
    327                 wp_setcookie($user_login, $user_pass, false, '', '', $rememberme);
     330        if ( wp_login($user_login, $user_pass) ) {
     331            wp_set_auth_cookie($user->ID, $rememberme);
    328332            do_action('wp_login', $user_login);
    329333            wp_safe_redirect($redirect_to);
    330334            exit();
    331         } else {
    332             if ( $using_cookie )
    333                 $errors['expiredsession'] = __('Your session has expired.');
    334335        }
    335336    }
Note: See TracChangeset for help on using the changeset viewer.