Changeset 8069
- Timestamp:
- 06/11/2008 05:25:55 PM (17 years ago)
- Location:
- trunk
- Files:
-
- 8 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/admin-header.php
r8036 r8069 112 112 <?php } ?> 113 113 114 <div id="user_info"><p><?php printf(__('Howdy, <a href="%1$s">%2$s</a>!'), 'profile.php', $user_identity) ?> | <a href="<?php echo site_url('wp-login.php?action=logout' ) ?>" title="<?php _e('Log Out') ?>"><?php _e('Log Out'); ?></a> | <?php _e('<a href="http://codex.wordpress.org/">Help</a>') ?> | <?php _e('<a href="http://wordpress.org/support/">Forums</a>') ?> | <?php if ( $gears_compat ) { ?><span id="gears-menu"><a href="#" onclick="wpGears.message(1);return false;"><?php _e('Speed up!') ?></a></span><?php } ?></p></div>114 <div id="user_info"><p><?php printf(__('Howdy, <a href="%1$s">%2$s</a>!'), 'profile.php', $user_identity) ?> | <a href="<?php echo site_url('wp-login.php?action=logout', 'login') ?>" title="<?php _e('Log Out') ?>"><?php _e('Log Out'); ?></a> | <?php _e('<a href="http://codex.wordpress.org/">Help</a>') ?> | <?php _e('<a href="http://wordpress.org/support/">Forums</a>') ?> | <?php if ( $gears_compat ) { ?><span id="gears-menu"><a href="#" onclick="wpGears.message(1);return false;"><?php _e('Speed up!') ?></a></span><?php } ?></p></div> 115 115 116 116 <?php -
trunk/wp-includes/functions.php
r7999 r8069 1769 1769 return ( 'on' == strtolower($_SERVER['HTTPS']) ) ? true : false; 1770 1770 } 1771 1772 function force_ssl_login($force = '') { 1773 static $forced; 1774 1775 if ( '' != $force ) { 1776 $old_forcded = $forced; 1777 $forced = $force; 1778 return $old_forced; 1779 } 1780 1781 return $forced; 1782 } 1783 1784 function force_ssl_admin($force = '') { 1785 static $forced; 1786 1787 if ( '' != $force ) { 1788 $old_forcded = $forced; 1789 $forced = $force; 1790 return $old_forced; 1791 } 1792 1793 return $forced; 1794 } 1795 1771 1796 ?> -
trunk/wp-includes/general-template.php
r8058 r8069 34 34 function wp_loginout() { 35 35 if ( ! is_user_logged_in() ) 36 $link = '<a href="' . site_url('wp-login.php', ' forceable') . '">' . __('Log in') . '</a>';36 $link = '<a href="' . site_url('wp-login.php', 'login') . '">' . __('Log in') . '</a>'; 37 37 else 38 $link = '<a href="' . site_url('wp-login.php?action=logout', ' forceable') . '">' . __('Log out') . '</a>';38 $link = '<a href="' . site_url('wp-login.php?action=logout', 'login') . '">' . __('Log out') . '</a>'; 39 39 40 40 echo apply_filters('loginout', $link); … … 46 46 if ( ! is_user_logged_in() ) { 47 47 if ( get_option('users_can_register') ) 48 $link = $before . '<a href="' . site_url('wp-login.php?action=register', ' forceable') . '">' . __('Register') . '</a>' . $after;48 $link = $before . '<a href="' . site_url('wp-login.php?action=register', 'login') . '">' . __('Register') . '</a>' . $after; 49 49 else 50 50 $link = ''; -
trunk/wp-includes/link-template.php
r8058 r8069 781 781 // should the list of allowed schemes be maintained elsewhere? 782 782 if ( !in_array($scheme, array('http', 'https')) ) { 783 if ( ('forceable' == $scheme) && (defined('FORCE_SSL_LOGIN') && FORCE_SSL_LOGIN) ) 783 if ( ('login' == $scheme) && ( force_ssl_login() || force_ssl_admin() ) ) 784 $scheme = 'https'; 785 elseif ( ('admin' == $scheme) && force_ssl_admin() ) 784 786 $scheme = 'https'; 785 787 else … … 798 800 global $_wp_admin_url; 799 801 800 $url = site_url('wp-admin/', ' forceable');802 $url = site_url('wp-admin/', 'admin'); 801 803 802 804 if ( !empty($path) && is_string($path) && strpos($path, '..') === false ) -
trunk/wp-includes/pluggable.php
r8058 r8069 101 101 102 102 if ( ! $user = wp_validate_auth_cookie() ) { 103 wp_set_current_user(0); 104 return false; 103 if ( empty($_COOKIE[LOGGED_IN_COOKIE]) || !$user = wp_validate_auth_cookie($_COOKIE[LOGGED_IN_COOKIE], 'logged_in') ) { 104 wp_set_current_user(0); 105 return false; 106 } 105 107 } 106 108 … … 466 468 * 467 469 * @param string $cookie Optional. If used, will validate contents instead of cookie's 470 * @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in 468 471 * @return bool|int False if invalid cookie, User ID if valid. 469 472 */ 470 function wp_validate_auth_cookie($cookie = '' ) {473 function wp_validate_auth_cookie($cookie = '', $scheme = 'auth') { 471 474 if ( empty($cookie) ) { 472 if ( is_ssl() ) 475 if ( is_ssl() ) { 473 476 $cookie_name = SECURE_AUTH_COOKIE; 474 else 477 $scheme = 'secure_auth'; 478 } else { 475 479 $cookie_name = AUTH_COOKIE; 480 $scheme = 'auth'; 481 } 476 482 477 483 if ( empty($_COOKIE[$cookie_name]) ) … … 496 502 return false; 497 503 498 $key = wp_hash($username . '|' . $expiration );504 $key = wp_hash($username . '|' . $expiration, $scheme); 499 505 $hash = hash_hmac('md5', $username . '|' . $expiration, $key); 500 506 … … 520 526 * @param int $user_id User ID 521 527 * @param int $expiration Cookie expiration in seconds 522 * @param bool $secure Whether the cookie is for https delivery only or not. Not used by default. For plugin use.528 * @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in 523 529 * @return string Authentication cookie contents 524 530 */ 525 function wp_generate_auth_cookie($user_id, $expiration, $s ecure = false) {531 function wp_generate_auth_cookie($user_id, $expiration, $scheme = 'auth') { 526 532 $user = get_userdata($user_id); 527 533 528 $key = wp_hash($user->user_login . '|' . $expiration );534 $key = wp_hash($user->user_login . '|' . $expiration, $scheme); 529 535 $hash = hash_hmac('md5', $user->user_login . '|' . $expiration, $key); 530 536 531 537 $cookie = $user->user_login . '|' . $expiration . '|' . $hash; 532 538 533 return apply_filters('auth_cookie', $cookie, $user_id, $expiration, $s ecure);539 return apply_filters('auth_cookie', $cookie, $user_id, $expiration, $scheme); 534 540 } 535 541 endif; … … 549 555 * @param bool $remember Whether to remember the user or not 550 556 */ 551 function wp_set_auth_cookie($user_id, $remember = false ) {557 function wp_set_auth_cookie($user_id, $remember = false, $secure = '') { 552 558 if ( $remember ) { 553 559 $expiration = $expire = time() + 1209600; … … 557 563 } 558 564 559 if ( is_ssl() ) { 560 $secure = true; 561 $cookie_name = SECURE_AUTH_COOKIE; 565 if ( '' === $secure ) 566 $secure = is_ssl() ? true : false; 567 568 if ( $secure ) { 569 $auth_cookie_name = SECURE_AUTH_COOKIE; 570 $scheme = 'secure_auth'; 562 571 } else { 563 $secure = false; 564 $cookie_name = AUTH_COOKIE; 565 } 566 567 $cookie = wp_generate_auth_cookie($user_id, $expiration, $secure); 568 569 do_action('set_auth_cookie', $cookie, $expire, $secure); 570 571 setcookie($cookie_name, $cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure); 572 $auth_cookie_name = AUTH_COOKIE; 573 $scheme = 'auth'; 574 } 575 576 $auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme); 577 $logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in'); 578 579 do_action('set_auth_cookie', $auth_cookie, $expire, $scheme); 580 do_action('set_auth_cookie', $logged_in_cookie, $expire, 'logged_in'); 581 582 setcookie($auth_cookie_name, $auth_cookie, $expire, SITECOOKIEPATH . 'wp-admin', COOKIE_DOMAIN, $secure); 583 setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN); 572 584 if ( COOKIEPATH != SITECOOKIEPATH ) 573 setcookie( $cookie_name, $cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure);585 setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN); 574 586 } 575 587 endif; … … 582 594 */ 583 595 function wp_clear_auth_cookie() { 584 setcookie(AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); 585 setcookie(AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN); 586 setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); 587 setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN); 596 setcookie(AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH . 'wp-admin', COOKIE_DOMAIN); 597 setcookie(AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH . 'wp-admin', COOKIE_DOMAIN); 598 setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH . 'wp-admin', COOKIE_DOMAIN); 599 setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH . 'wp-admin', COOKIE_DOMAIN); 600 setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); 601 setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN); 588 602 589 603 // Old cookies … … 622 636 // Checks if a user is logged in, if not redirects them to the login page 623 637 624 if ( is_ssl() || (defined('FORCE_SSL_LOGIN') && FORCE_SSL_LOGIN) )638 if ( is_ssl() || force_ssl_admin() ) 625 639 $secure = true; 626 640 else … … 629 643 // If https is required and request is http, redirect 630 644 if ( $secure && !is_ssl() ) { 631 if ( false !== strpos($_SERVER['REQUEST_URI'], 'http') ) {632 wp_redirect( str_replace('http://', 'https://', $_SERVER['REQUEST_URI']));645 if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) { 646 wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI'])); 633 647 exit(); 634 648 } else { … … 644 658 nocache_headers(); 645 659 646 $login_url = site_url( 'wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']), 'forceable' ); 660 if ( is_ssl() ) 661 $proto = 'https://'; 662 else 663 $proto = 'http://'; 664 665 $login_url = site_url( 'wp-login.php?redirect_to=' . urlencode($proto . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']), 'login' ); 647 666 648 667 wp_redirect($login_url); … … 972 991 $message = sprintf(__('Username: %s'), $user_login) . "\r\n"; 973 992 $message .= sprintf(__('Password: %s'), $plaintext_pass) . "\r\n"; 974 $message .= site_url("wp-login.php", ' forceable') . "\r\n";993 $message .= site_url("wp-login.php", 'login') . "\r\n"; 975 994 976 995 wp_mail($user_email, sprintf(__('[%s] Your username and password'), get_option('blogname')), $message); … … 1079 1098 * @return string Salt value from either 'SECRET_KEY' or 'secret' option 1080 1099 */ 1081 function wp_salt( ) {1100 function wp_salt($scheme = 'auth') { 1082 1101 global $wp_default_secret_key; 1083 1102 $secret_key = ''; … … 1085 1104 $secret_key = SECRET_KEY; 1086 1105 1087 if ( defined('SECRET_SALT') ) { 1088 $salt = SECRET_SALT; 1089 } else { 1090 $salt = get_option('secret'); 1091 if ( empty($salt) ) { 1092 $salt = wp_generate_password(); 1093 update_option('secret', $salt); 1106 if ( 'auth' == $scheme ) { 1107 if ( defined('AUTH_KEY') && ('' != AUTH_KEY) && ( $wp_default_secret_key != AUTH_KEY) ) 1108 $secret_key = AUTH_KEY; 1109 1110 if ( defined('AUTH_SALT') ) { 1111 $salt = AUTH_SALT; 1112 } elseif ( defined('SECRET_SALT') ) { 1113 $salt = SECRET_SALT; 1114 } else { 1115 $salt = get_option('auth_salt'); 1116 if ( empty($salt) ) { 1117 $salt = wp_generate_password(); 1118 update_option('auth_salt', $salt); 1119 } 1094 1120 } 1095 } 1096 1097 return apply_filters('salt', $secret_key . $salt); 1121 } elseif ( 'secure_auth' == $scheme ) { 1122 if ( defined('SECURE_AUTH_KEY') && ('' != SECURE_AUTH_KEY) && ( $wp_default_secret_key != SECURE_AUTH_KEY) ) 1123 $secret_key = SECURE_AUTH_KEY; 1124 1125 if ( defined('SECURE_AUTH_SALT') ) { 1126 $salt = SECRET_AUTH_SALT; 1127 } else { 1128 $salt = get_option('secure_auth_salt'); 1129 if ( empty($salt) ) { 1130 $salt = wp_generate_password(); 1131 update_option('secure_auth_salt', $salt); 1132 } 1133 } 1134 } elseif ( 'logged_in' == $scheme ) { 1135 if ( defined('LOGGED_IN_KEY') && ('' != LOGGED_IN_KEY) && ( $wp_default_secret_key != LOGGED_IN_KEY) ) 1136 $secret_key = LOGGED_IN_KEY; 1137 1138 if ( defined('LOGGED_IN_SALT') ) { 1139 $salt = LOGGED_IN_SALT; 1140 } else { 1141 $salt = get_option('logged_in_salt'); 1142 if ( empty($salt) ) { 1143 $salt = wp_generate_password(); 1144 update_option('logged_in_salt', $salt); 1145 } 1146 } 1147 } 1148 1149 return apply_filters('salt', $secret_key . $salt, $scheme); 1098 1150 } 1099 1151 endif; … … 1109 1161 * @return string Hash of $data 1110 1162 */ 1111 function wp_hash($data ) {1112 $salt = wp_salt( );1163 function wp_hash($data, $scheme = 'auth') { 1164 $salt = wp_salt($scheme); 1113 1165 1114 1166 return hash_hmac('md5', $data, $salt); -
trunk/wp-includes/user.php
r7742 r8069 1 1 <?php 2 2 3 function wp_signon( $credentials = '' ) {3 function wp_signon( $credentials = '', $secure_cookie = '' ) { 4 4 if ( empty($credentials) ) { 5 5 if ( ! empty($_POST['log']) ) … … 22 22 do_action_ref_array('wp_authenticate', array(&$credentials['user_login'], &$credentials['user_password'])); 23 23 24 if ( '' === $secure_cookie ) 25 $secure_cookie = is_ssl() ? true : false; 26 24 27 // If no credential info provided, check cookie. 25 28 if ( empty($credentials['user_login']) && empty($credentials['user_password']) ) { … … 28 31 return new WP_User($user); 29 32 30 if ( !empty($_COOKIE[AUTH_COOKIE]) ) 33 if ( $secure_cookie ) 34 $auth_cookie = SECURE_AUTH_COOKIE; 35 else 36 $auth_cookie = AUTH_COOKIE; 37 38 if ( !empty($_COOKIE[$auth_cookie]) ) 31 39 return new WP_Error('expired_session', __('Please log in again.')); 32 40 … … 49 57 return $user; 50 58 51 wp_set_auth_cookie($user->ID, $credentials['remember'] );59 wp_set_auth_cookie($user->ID, $credentials['remember'], $secure_cookie); 52 60 do_action('wp_login', $credentials['user_login']); 53 61 return $user; -
trunk/wp-login.php
r8061 r8069 11 11 /** Make sure that the WordPress bootstrap has ran before continuing. */ 12 12 require( dirname(__FILE__) . '/wp-load.php' ); 13 14 // Redirect to https login if forced to use SSL 15 if ( (force_ssl_admin() || force_ssl_login()) && !is_ssl() ) { 16 if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) { 17 wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI'])); 18 exit(); 19 } else { 20 wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); 21 exit(); 22 } 23 } 13 24 14 25 /** … … 138 149 $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n"; 139 150 $message .= __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.') . "\r\n\r\n"; 140 $message .= site_url("wp-login.php?action=rp&key=$key" ) . "\r\n";151 $message .= site_url("wp-login.php?action=rp&key=$key", 'login') . "\r\n"; 141 152 142 153 if ( !wp_mail($user_email, sprintf(__('[%s] Password Reset'), get_option('blogname')), $message) ) … … 175 186 $message = sprintf(__('Username: %s'), $user->user_login) . "\r\n"; 176 187 $message .= sprintf(__('Password: %s'), $new_pass) . "\r\n"; 177 $message .= site_url('wp-login.php' ) . "\r\n";188 $message .= site_url('wp-login.php', 'login') . "\r\n"; 178 189 179 190 if ( !wp_mail($user->user_email, sprintf(__('[%s] Your new password'), get_option('blogname')), $message) ) … … 313 324 <p id="nav"> 314 325 <?php if (get_option('users_can_register')) : ?> 315 <a href="<?php echo site_url('wp-login.php', ' forceable') ?>"><?php _e('Log in') ?></a> |316 <a href="<?php echo site_url('wp-login.php?action=register' ) ?>"><?php _e('Register') ?></a>326 <a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a> | 327 <a href="<?php echo site_url('wp-login.php?action=register', 'login') ?>"><?php _e('Register') ?></a> 317 328 <?php else : ?> 318 <a href="<?php echo site_url('wp-login.php', ' forceable') ?>"><?php _e('Log in') ?></a>329 <a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a> 319 330 <?php endif; ?> 320 331 </p> … … 381 392 382 393 <p id="nav"> 383 <a href="<?php echo site_url('wp-login.php', ' forceable') ?>"><?php _e('Log in') ?></a> |384 <a href="<?php echo site_url('wp-login.php?action=lostpassword' ) ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a>394 <a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a> | 395 <a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a> 385 396 </p> 386 397 … … 396 407 case 'login' : 397 408 default: 398 $user = wp_signon();399 400 409 if ( isset( $_REQUEST['redirect_to'] ) ) 401 410 $redirect_to = $_REQUEST['redirect_to']; 402 411 else 403 412 $redirect_to = 'wp-admin/'; 413 414 if ( is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) ) 415 $secure_cookie = false; 416 else 417 $secure_cookie = ''; 418 419 $user = wp_signon('', $secure_cookie); 404 420 405 421 if ( !is_wp_error($user) ) { … … 455 471 <?php if ( isset($_GET['checkemail']) && in_array( $_GET['checkemail'], array('confirm', 'newpass') ) ) : ?> 456 472 <?php elseif (get_option('users_can_register')) : ?> 457 <a href="<?php echo site_url('wp-login.php?action=register' ) ?>"><?php _e('Register') ?></a> |458 <a href="<?php echo site_url('wp-login.php?action=lostpassword' ) ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a>473 <a href="<?php echo site_url('wp-login.php?action=register', 'login') ?>"><?php _e('Register') ?></a> | 474 <a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a> 459 475 <?php else : ?> 460 <a href="<?php echo site_url('wp-login.php?action=lostpassword' ) ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a>476 <a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a> 461 477 <?php endif; ?> 462 478 </p> -
trunk/wp-settings.php
r8068 r8069 335 335 /** 336 336 * It is possible to define this in wp-config.php 337 * @since 2.6 338 */ 339 if ( !defined('LOGGED_IN_COOKIE') ) 340 define('LOGGED_IN_COOKIE', 'wordpress_logged_in_' . COOKIEHASH); 341 342 /** 343 * It is possible to define this in wp-config.php 337 344 * @since 2.3.0 338 345 */ … … 360 367 if ( !defined('COOKIE_DOMAIN') ) 361 368 define('COOKIE_DOMAIN', false); 362 369 370 /** 371 * It is possible to define this in wp-config.php 372 * @since 2.6 373 */ 374 if ( !defined('FORCE_SSL_ADMIN') ) 375 define('FORCE_SSL_ADMIN', false); 376 force_ssl_admin(FORCE_SSL_ADMIN); 377 378 /** 379 * It is possible to define this in wp-config.php 380 * @since 2.6 381 */ 382 if ( !defined('FORCE_SSL_LOGIN') ) 383 define('FORCE_SSL_LOGIN', false); 384 force_ssl_login(FORCE_SSL_LOGIN); 385 363 386 /** 364 387 * It is possible to define this in wp-config.php
Note: See TracChangeset
for help on using the changeset viewer.