Changeset 8701 for trunk/wp-login.php

Timestamp:

08/21/2008 05:40:38 PM (17 years ago)

Author:

ryan

Message:

Option to force SSL. see #7561

File:

• trunk/wp-login.php (modified) (1 diff)

trunk/wp-login.php

@@ -408 +408 @@
 case 'login' :
 default:
-    if ( isset( $_REQUEST['redirect_to'] ) )
+    $secure_cookie = '';
+
+    // If the user wants ssl but the session is not ssl, force a secure cookie.
+    if ( !empty($_POST['log']) && !force_ssl_admin() ) {
+        $user_name = sanitize_user($_POST['log']);
+        if ( $user = get_userdatabylogin($user_name) ) {
+            if ( get_user_option('use_ssl', $user->ID) ) {
+                $secure_cookie = true;
+                force_ssl_admin(true);
+            }
+        }
+    }
+
+    if ( isset( $_REQUEST['redirect_to'] ) ) {
         $redirect_to = $_REQUEST['redirect_to'];
-    else
+        // Redirect to https if user wants ssl
+        if ( $secure_cookie )
+            $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
+    } else {
         $redirect_to = admin_url();
-
-    if ( is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
+    }
+
+    if ( !$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
         $secure_cookie = false;
-    else
-        $secure_cookie = '';
 
     $user = wp_signon('', $secure_cookie);