diff --git a/wp-includes/functions.wp-login.php b/wp-includes/functions.wp-login.php new file mode 100644 index 0000000..15715f7 --- /dev/null +++ b/wp-includes/functions.wp-login.php @@ -0,0 +1,374 @@ +` element. + * Default 'Log In'. + * @param string $message Optional. Message to display in header. Default empty. + * @param WP_Error $wp_error Optional. The error to pass. Default empty. + */ +function login_header( $title = 'Log In', $message = '', $wp_error = '' ) { + global $error, $interim_login, $action; + + // Don't index any of these forms + add_action( 'login_head', 'wp_no_robots' ); + + if ( wp_is_mobile() ) { + add_action( 'login_head', 'wp_login_viewport_meta' ); + } + + if ( empty( $wp_error ) ) { + $wp_error = new WP_Error(); + } + + // Shake it! + $shake_error_codes = array( 'empty_password', 'empty_email', 'invalid_email', 'invalidcombo', 'empty_username', 'invalid_username', 'incorrect_password' ); + + /** + * Filter the error codes array for shaking the login form. + * + * @since 3.0.0 + * + * @param array $shake_error_codes Error codes that shake the login form. + */ + $shake_error_codes = apply_filters( 'shake_error_codes', $shake_error_codes ); + + if ( $shake_error_codes && $wp_error->get_error_code() && in_array( $wp_error->get_error_code(), $shake_error_codes ) ) { + add_action( 'login_head', 'wp_shake_js', 12 ); + } + + $separator = is_rtl() ? ' › ' : ' ‹ '; + + ?> + + + > + + + + <?php echo get_bloginfo( 'name', 'display' ) . $separator . $title; ?> + get_error_code() ) { + ?> + + site_name; + } else { + $login_header_url = __( 'https://wordpress.org/' ); + $login_header_title = __( 'Powered by WordPress' ); + } + + /** + * Filter link URL of the header logo above login form. + * + * @since 2.1.0 + * + * @param string $login_header_url Login header logo URL. + */ + $login_header_url = apply_filters( 'login_headerurl', $login_header_url ); + + /** + * Filter the title attribute of the header logo above login form. + * + * @since 2.1.0 + * + * @param string $login_header_title Login header logo title attribute. + */ + $login_header_title = apply_filters( 'login_headertitle', $login_header_title ); + + $classes = array( 'login-action-' . $action, 'wp-core-ui' ); + if ( wp_is_mobile() ) { + $classes[] = 'mobile'; + } + + if ( is_rtl() ) { + $classes[] = 'rtl'; + } + + if ( $interim_login ) { + $classes[] = 'interim-login'; + ?> + + + + +
+

+ add( 'error', $error ); + unset( $error ); + } + + if ( $wp_error->get_error_code() ) { + $errors = ''; + $messages = ''; + foreach ( $wp_error->get_error_codes() as $code ) { + $severity = $wp_error->get_error_data( $code ); + foreach ( $wp_error->get_error_messages( $code ) as $error_message ) { + if ( 'message' == $severity ) { + $messages .= ' ' . $error_message . "
\n"; + } else { + $errors .= ' ' . $error_message . "
\n"; + } + } + } + if ( ! empty( $errors ) ) { + /** + * Filter the error messages displayed above the login form. + * + * @since 2.1.0 + * + * @param string $errors Login error message. + */ + echo '
' . apply_filters( 'login_errors', $errors ) . "
\n"; + } + if ( ! empty( $messages ) ) { + /** + * Filter instructional messages displayed above the login form. + * + * @since 2.5.0 + * + * @param string $messages Login messages. + */ + echo '

' . apply_filters( 'login_messages', $messages ) . "

\n"; + } + } +} // End of login_header() + +/** + * Outputs the footer for the login page. + * + * @param string $input_id Which input to auto-focus + */ +function login_footer( $input_id = '' ) { + global $interim_login; + + // Don't allow interim logins to navigate away from the page. + if ( ! $interim_login ): ?> +

+ + +
+ + + + + + +
+ + + + + + + add( 'empty_username', __( 'ERROR: Enter a username or email address.' ) ); + } elseif ( strpos( $_POST['user_login'], '@' ) ) { + $user_data = get_user_by( 'email', trim( $_POST['user_login'] ) ); + if ( empty( $user_data ) ) + $errors->add( 'invalid_email', __( 'ERROR: There is no user registered with that email address.' ) ); + } else { + $login = trim( $_POST['user_login'] ); + $user_data = get_user_by( 'login', $login ); + } + + /** + * Fires before errors are returned from a password reset request. + * + * @since 2.1.0 + * @since 4.4.0 Added the `$errors` parameter. + * + * @param WP_Error $errors A WP_Error object containing any errors generated + * by using invalid credentials. + */ + do_action( 'lostpassword_post', $errors ); + + if ( $errors->get_error_code() ) { + return $errors; + } + + if ( ! $user_data ) { + $errors->add( 'invalidcombo', __( 'ERROR: Invalid username or email.' ) ); + return $errors; + } + + // Redefining user_login ensures we return the right case in the email. + $user_login = $user_data->user_login; + $user_email = $user_data->user_email; + $key = get_password_reset_key( $user_data ); + + if ( is_wp_error( $key ) ) { + return $key; + } + + $message = __( 'Someone has requested a password reset for the following account:' ) . "\r\n\r\n"; + $message .= network_home_url( '/' ) . "\r\n\r\n"; + $message .= sprintf(__( 'Username: %s' ), $user_login ) . "\r\n\r\n"; + $message .= __( 'If this was a mistake, just ignore this email and nothing will happen.' ) . "\r\n\r\n"; + $message .= __( 'To reset your password, visit the following address:' ) . "\r\n\r\n"; + $message .= '<' . network_site_url( "wp-login.php?action=rp&key=$key&login=" . rawurlencode( $user_login ), 'login' ) . ">\r\n"; + + if ( is_multisite() ) { + $blogname = $GLOBALS['current_site']->site_name; + } else { + /* + * The blogname option is escaped with esc_html on the way into the database + * in sanitize_option we want to reverse this for the plain text arena of emails. + */ + $blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); + } + + $title = sprintf( __( '[%s] Password Reset' ), $blogname ); + + /** + * Filter the subject of the password reset email. + * + * @since 2.8.0 + * @since 4.4.0 Added the `$user_login` and `$user_data` parameters. + * + * @param string $title Default email title. + * @param string $user_login The username for the user. + * @param WP_User $user_data WP_User object. + */ + $title = apply_filters( 'retrieve_password_title', $title, $user_login, $user_data ); + + /** + * Filter the message body of the password reset mail. + * + * @since 2.8.0 + * @since 4.1.0 Added `$user_login` and `$user_data` parameters. + * + * @param string $message Default mail message. + * @param string $key The activation key. + * @param string $user_login The username for the user. + * @param WP_User $user_data WP_User object. + */ + $message = apply_filters( 'retrieve_password_message', $message, $key, $user_login, $user_data ); + + if ( $message && !wp_mail( $user_email, wp_specialchars_decode( $title ), $message ) ) { + wp_die( __( 'The email could not be sent.' ) . "
\n" . __( 'Possible reason: your host may have disabled the mail() function.' ) ); + } + + return true; +} diff --git a/wp-login.php b/wp-login.php index 28dbaae..45e9906 100644 --- a/wp-login.php +++ b/wp-login.php @@ -22,358 +22,7 @@ if ( force_ssl_admin() && ! is_ssl() ) { } } -/** - * Output the login page header. - * - * @param string $title Optional. WordPress login Page title to display in the `` element. - * Default 'Log In'. - * @param string $message Optional. Message to display in header. Default empty. - * @param WP_Error $wp_error Optional. The error to pass. Default empty. - */ -function login_header( $title = 'Log In', $message = '', $wp_error = '' ) { - global $error, $interim_login, $action; - - // Don't index any of these forms - add_action( 'login_head', 'wp_no_robots' ); - - if ( wp_is_mobile() ) - add_action( 'login_head', 'wp_login_viewport_meta' ); - - if ( empty($wp_error) ) - $wp_error = new WP_Error(); - - // Shake it! - $shake_error_codes = array( 'empty_password', 'empty_email', 'invalid_email', 'invalidcombo', 'empty_username', 'invalid_username', 'incorrect_password' ); - /** - * Filter the error codes array for shaking the login form. - * - * @since 3.0.0 - * - * @param array $shake_error_codes Error codes that shake the login form. - */ - $shake_error_codes = apply_filters( 'shake_error_codes', $shake_error_codes ); - - if ( $shake_error_codes && $wp_error->get_error_code() && in_array( $wp_error->get_error_code(), $shake_error_codes ) ) - add_action( 'login_head', 'wp_shake_js', 12 ); - - $separator = is_rtl() ? ' › ' : ' ‹ '; - - ?><!DOCTYPE html> - <!--[if IE 8]> - <html xmlns="http://www.w3.org/1999/xhtml" class="ie8" <?php language_attributes(); ?>> - <![endif]--> - <!--[if !(IE 8) ]><!--> - <html xmlns="http://www.w3.org/1999/xhtml" <?php language_attributes(); ?>> - <!--<![endif]--> - <head> - <meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" /> - <title><?php echo get_bloginfo( 'name', 'display' ) . $separator . $title; ?> - get_error_code() ) { - ?> - - site_name; - } else { - $login_header_url = __( 'https://wordpress.org/' ); - $login_header_title = __( 'Powered by WordPress' ); - } - - /** - * Filter link URL of the header logo above login form. - * - * @since 2.1.0 - * - * @param string $login_header_url Login header logo URL. - */ - $login_header_url = apply_filters( 'login_headerurl', $login_header_url ); - /** - * Filter the title attribute of the header logo above login form. - * - * @since 2.1.0 - * - * @param string $login_header_title Login header logo title attribute. - */ - $login_header_title = apply_filters( 'login_headertitle', $login_header_title ); - - $classes = array( 'login-action-' . $action, 'wp-core-ui' ); - if ( wp_is_mobile() ) - $classes[] = 'mobile'; - if ( is_rtl() ) - $classes[] = 'rtl'; - if ( $interim_login ) { - $classes[] = 'interim-login'; - ?> - - - - -
-

- add('error', $error); - unset($error); - } - - if ( $wp_error->get_error_code() ) { - $errors = ''; - $messages = ''; - foreach ( $wp_error->get_error_codes() as $code ) { - $severity = $wp_error->get_error_data( $code ); - foreach ( $wp_error->get_error_messages( $code ) as $error_message ) { - if ( 'message' == $severity ) - $messages .= ' ' . $error_message . "
\n"; - else - $errors .= ' ' . $error_message . "
\n"; - } - } - if ( ! empty( $errors ) ) { - /** - * Filter the error messages displayed above the login form. - * - * @since 2.1.0 - * - * @param string $errors Login error message. - */ - echo '
' . apply_filters( 'login_errors', $errors ) . "
\n"; - } - if ( ! empty( $messages ) ) { - /** - * Filter instructional messages displayed above the login form. - * - * @since 2.5.0 - * - * @param string $messages Login messages. - */ - echo '

' . apply_filters( 'login_messages', $messages ) . "

\n"; - } - } -} // End of login_header() - -/** - * Outputs the footer for the login page. - * - * @param string $input_id Which input to auto-focus - */ -function login_footer($input_id = '') { - global $interim_login; - - // Don't allow interim logins to navigate away from the page. - if ( ! $interim_login ): ?> -

- - -
- - - - - - -
- - - - - - - add('empty_username', __('ERROR: Enter a username or email address.')); - } elseif ( strpos( $_POST['user_login'], '@' ) ) { - $user_data = get_user_by( 'email', trim( $_POST['user_login'] ) ); - if ( empty( $user_data ) ) - $errors->add('invalid_email', __('ERROR: There is no user registered with that email address.')); - } else { - $login = trim($_POST['user_login']); - $user_data = get_user_by('login', $login); - } - - /** - * Fires before errors are returned from a password reset request. - * - * @since 2.1.0 - * @since 4.4.0 Added the `$errors` parameter. - * - * @param WP_Error $errors A WP_Error object containing any errors generated - * by using invalid credentials. - */ - do_action( 'lostpassword_post', $errors ); - - if ( $errors->get_error_code() ) - return $errors; - - if ( !$user_data ) { - $errors->add('invalidcombo', __('ERROR: Invalid username or email.')); - return $errors; - } - - // Redefining user_login ensures we return the right case in the email. - $user_login = $user_data->user_login; - $user_email = $user_data->user_email; - $key = get_password_reset_key( $user_data ); - - if ( is_wp_error( $key ) ) { - return $key; - } - - $message = __('Someone has requested a password reset for the following account:') . "\r\n\r\n"; - $message .= network_home_url( '/' ) . "\r\n\r\n"; - $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n"; - $message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n"; - $message .= __('To reset your password, visit the following address:') . "\r\n\r\n"; - $message .= '<' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ">\r\n"; - - if ( is_multisite() ) - $blogname = $GLOBALS['current_site']->site_name; - else - /* - * The blogname option is escaped with esc_html on the way into the database - * in sanitize_option we want to reverse this for the plain text arena of emails. - */ - $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES); - - $title = sprintf( __('[%s] Password Reset'), $blogname ); - - /** - * Filter the subject of the password reset email. - * - * @since 2.8.0 - * @since 4.4.0 Added the `$user_login` and `$user_data` parameters. - * - * @param string $title Default email title. - * @param string $user_login The username for the user. - * @param WP_User $user_data WP_User object. - */ - $title = apply_filters( 'retrieve_password_title', $title, $user_login, $user_data ); - - /** - * Filter the message body of the password reset mail. - * - * @since 2.8.0 - * @since 4.1.0 Added `$user_login` and `$user_data` parameters. - * - * @param string $message Default mail message. - * @param string $key The activation key. - * @param string $user_login The username for the user. - * @param WP_User $user_data WP_User object. - */ - $message = apply_filters( 'retrieve_password_message', $message, $key, $user_login, $user_data ); - - if ( $message && !wp_mail( $user_email, wp_specialchars_decode( $title ), $message ) ) - wp_die( __('The email could not be sent.') . "
\n" . __('Possible reason: your host may have disabled the mail() function.') ); - - return true; -} - -// -// Main -// +require ABSPATH . WPINC . '/functions.wp-login.php'; $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'login'; $errors = new WP_Error(); @@ -387,7 +36,7 @@ if ( !in_array( $action, array( 'postpass', 'logout', 'lostpassword', 'retrievep nocache_headers(); -header('Content-Type: '.get_bloginfo('html_type').'; charset='.get_bloginfo('charset')); +header( 'Content-Type: ' . get_bloginfo( 'html_type' ) . '; charset=' . get_bloginfo( 'charset' ) ); if ( defined( 'RELOCATE' ) && RELOCATE ) { // Move flag is set if ( isset( $_SERVER['PATH_INFO'] ) && ($_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) )