Index: wp-includes/user.php
===================================================================
--- wp-includes/user.php (revision 10382)
+++ wp-includes/user.php (working copy)
@@ -32,58 +32,104 @@
$credentials['remember'] = $_POST['rememberme'];
}
- if ( !empty($credentials['user_login']) )
- $credentials['user_login'] = sanitize_user($credentials['user_login']);
- if ( !empty($credentials['user_password']) )
- $credentials['user_password'] = trim($credentials['user_password']);
if ( !empty($credentials['remember']) )
$credentials['remember'] = true;
else
$credentials['remember'] = false;
+ // TODO do we deprecate the wp_authentication action?
do_action_ref_array('wp_authenticate', array(&$credentials['user_login'], &$credentials['user_password']));
if ( '' === $secure_cookie )
$secure_cookie = is_ssl() ? true : false;
- // If no credential info provided, check cookie.
- if ( empty($credentials['user_login']) && empty($credentials['user_password']) ) {
- $user = wp_validate_auth_cookie();
- if ( $user )
- return new WP_User($user);
+ global $auth_secure_cookie; // XXX ugly hack to pass this to wp_authenticate_cookie
+ $auth_secure_cookie = $secure_cookie;
- if ( $secure_cookie )
- $auth_cookie = SECURE_AUTH_COOKIE;
- else
- $auth_cookie = AUTH_COOKIE;
+ add_filter('authenticate', 'wp_authenticate_cookie', 30, 3);
- if ( !empty($_COOKIE[$auth_cookie]) )
- return new WP_Error('expired_session', __('Please log in again.'));
+ $user = wp_authenticate($credentials['user_login'], $credentials['user_password']);
- // If the cookie is not set, be silent.
- return new WP_Error();
+ if ( is_wp_error($user) )
+ return $user;
+
+ wp_set_auth_cookie($user->ID, $credentials['remember'], $secure_cookie);
+ do_action('wp_login', $credentials['user_login']);
+ return $user;
+}
+
+
+/**
+ * Authenticate the user using the username and password.
+ */
+add_filter('authenticate', 'wp_authenticate_username_password', 20, 3);
+function wp_authenticate_username_password($user, $username, $password) {
+ if ( is_a($user, 'WP_User') ) { return $user; }
+
+ // XXX slight hack to handle initial load of wp-login.php
+ if ( (empty($username) && empty($password)) && $GLOBALS['pagenow'] == 'wp-login.php' ) {
+ return $user;
}
- if ( empty($credentials['user_login']) || empty($credentials['user_password']) ) {
+ if ( empty($username) || empty($password) ) {
$error = new WP_Error();
- if ( empty($credentials['user_login']) )
+ if ( empty($username) )
$error->add('empty_username', __('ERROR: The username field is empty.'));
- if ( empty($credentials['user_password']) )
+
+ if ( empty($password) )
$error->add('empty_password', __('ERROR: The password field is empty.'));
+
return $error;
}
- $user = wp_authenticate($credentials['user_login'], $credentials['user_password']);
- if ( is_wp_error($user) )
+ $userdata = get_userdatabylogin($username);
+
+ if ( !$userdata || ($userdata->user_login != $username) ) {
+ return new WP_Error('invalid_username', __('ERROR: Invalid username.'));
+ }
+
+ $user = apply_filters('wp_authenticate_user', $user, $password);
+ if ( is_wp_error($user) ) {
return $user;
+ }
- wp_set_auth_cookie($user->ID, $credentials['remember'], $secure_cookie);
- do_action('wp_login', $credentials['user_login']);
+ if ( !wp_check_password($password, $userdata->user_pass, $userdata->ID) ) {
+ return new WP_Error('incorrect_password', __('ERROR: Incorrect password.'));
+ }
+
+ $user = new WP_User($userdata->ID);
return $user;
}
/**
+ * Authenticate the user using the WordPress auth cookie.
+ */
+function wp_authenticate_cookie($user, $username, $password) {
+ if ( is_a($user, 'WP_User') ) { return $user; }
+
+ if ( empty($username) && empty($password) ) {
+ $user_id = wp_validate_auth_cookie();
+ if ( $user_id )
+ return new WP_User($user_id);
+
+ global $auth_secure_cookie;
+
+ if ( $auth_secure_cookie )
+ $auth_cookie = SECURE_AUTH_COOKIE;
+ else
+ $auth_cookie = AUTH_COOKIE;
+
+ if ( !empty($_COOKIE[$auth_cookie]) )
+ return new WP_Error('expired_session', __('Please log in again.'));
+
+ // If the cookie is not set, be silent.
+ }
+
+ return $user;
+}
+
+/**
* Retrieve user data based on field.
*
* Use get_profile() will make a database query to get the value of the table
Index: wp-includes/pluggable.php
===================================================================
--- wp-includes/pluggable.php (revision 10382)
+++ wp-includes/pluggable.php (working copy)
@@ -437,32 +437,19 @@
*/
function wp_authenticate($username, $password) {
$username = sanitize_user($username);
+ $password = trim($password);
- if ( '' == $username )
- return new WP_Error('empty_username', __('ERROR: The username field is empty.'));
+ $user = apply_filters('authenticate', null, $username, $password);
- if ( '' == $password )
- return new WP_Error('empty_password', __('ERROR: The password field is empty.'));
-
- $user = get_userdatabylogin($username);
-
- if ( !$user || ($user->user_login != $username) ) {
- do_action( 'wp_login_failed', $username );
- return new WP_Error('invalid_username', __('ERROR: Invalid username.'));
+ if ($user == null) {
+ $user = new WP_Error(); // TODO what should the error message be? (Or would these even happen?)
}
- $user = apply_filters('wp_authenticate_user', $user, $password);
- if ( is_wp_error($user) ) {
- do_action( 'wp_login_failed', $username );
- return $user;
+ if (is_wp_error($user)) {
+ do_action('wp_login_failed', $username);
}
- if ( !wp_check_password($password, $user->user_pass, $user->ID) ) {
- do_action( 'wp_login_failed', $username );
- return new WP_Error('incorrect_password', __('ERROR: Incorrect password.'));
- }
-
- return new WP_User($user->ID);
+ return $user;
}
endif;