#20279 closed enhancement (fixed)
Functions defined in wp-login.php should be moved to a separate file to make them re-usable
Reported by: | beaulebens | Owned by: | SergeyBiryukov |
---|---|---|---|
Milestone: | 3.7 | Priority: | normal |
Severity: | normal | Version: | |
Component: | General | Keywords: | has-patch commit |
Focuses: | Cc: |
Description
Currently, there are a series of functions defined at the top of wp-login.php:
login_header() login_footer() wp_shake_js() retrieve_password() check_password_reset_key() reset_password() register_new_user()
If these functions were moved to a separate file, they would be reusable by folks who are trying to do more advanced things involving the login flow.
As an example, if you want to create a page resembling wp-login right now, there's no easy way to do it without just duplicating everything from this file. Moving these functions means you can use login_header() and login_footer() to recreate the bulk of the page, then handle the "content block" yourself. This marginally improves the re-usability of the login system.
Patch attached which does this.
Attachments (3)
Change History (22)
#1
@
13 years ago
See also #15384. I think some of these functions are good as a separate file, while others are pretty intrinsic to the login skin/flow.
We don't use dotted filenames — those files are from BackPress. This would simply be wp-includes/login.php.
Also, 19852#comment:31, where we may end up moving wp-login.php to the admin pot for 3.4.
#2
@
13 years ago
- Cc wycks added
I was just looking at wp_shake_js and it looks strange there, all for cleaning this up a bit.
#7
@
12 years ago
Me too waiting for this enhancement. Maybe moved to pluggable.php
. Also retrieve_password
and others taking values directly from $_POST should accept one or more parameters.
For now a solution for me was to fork these functions and put them in functions.php of my theme.
#8
@
11 years ago
- Milestone changed from Awaiting Review to 3.7
I wanted to use register_new_user()
in a plugin recently, but making it reusable currently requires a dirty hack (error suppression is to hide the "Constant ABSPATH already defined" notice):
ob_start(); @require_once( ABSPATH . 'wp-login.php' ); ob_end_clean();
Moving for review.
#9
follow-up:
↓ 11
@
11 years ago
Two general objections:
- I think some of these functions are good as a separate file, while others are pretty intrinsic to the login skin/flow.
- Some of these functions might not deserve to see the light of day, so to speak — we need to review them.
I think we can overcome these.
Here's the list of functions defined in wp-login.php that I think are intrinsic to wp-login.php and shouldn't leave that file for now:
function login_header($title = 'Log In', $message = '', $wp_error = '') { function login_footer($input_id = '') { function wp_shake_js() { function wp_attempt_focus(){
Here are the other four functions:
function retrieve_password() { function check_password_reset_key($key, $login) { function reset_password($user, $new_pass) { function register_new_user( $user_login, $user_email ) {
I gave a quick scan through all of them to ensure they were sane and were not specific to wp-login.php.
I think check_password_reset_key(), reset_password(), and register_new_user() all meet those parameters. These are under 90 lines of code (including documentation) and, I think, belong in user.php.
I think retrieve_password() may be too tied to the wp-login.php process to be immediately extracted. Other opinions?
#10
@
11 years ago
FWIW, this ticket was originally created in large part because we found ourselves needing to use login_header()
and login_footer()
to create a modified login experience that closely-resembled the core experience.
It looks like maybe there are more hooks and things in there now, so perhaps the original use-case for this is less important, but thought I'd throw it out there.
#11
in reply to:
↑ 9
@
11 years ago
Replying to nacin:
I think check_password_reset_key(), reset_password(), and register_new_user() all meet those parameters. These are under 90 lines of code (including documentation) and, I think, belong in user.php.
Sounds good to me.
#12
@
11 years ago
20279.2.diff moves check_password_reset_key()
, reset_password()
, and register_new_user()
to wp-includes/user.php
.
#14
@
11 years ago
- Owner set to SergeyBiryukov
- Resolution set to fixed
- Status changed from new to closed
In 25231:
#17
in reply to:
↑ 16
;
follow-up:
↓ 18
@
9 years ago
Replying to johnjamesjacoby:
Any objection to making these function pluggable?
I think we tend to add new hooks instead of new pluggable functions, as they are much more flexible (see #8833).
#18
in reply to:
↑ 17
@
9 years ago
Replying to SergeyBiryukov:
I think we tend to add new hooks instead of new pluggable functions, as they are much more flexible (see #8833).
Hard to imagine anything more flexible than dropping in your own version of a core function, but I understand what you mean about the general consensus of pluggable functions being unreliable in the long-term, and how inheriting improvements for free vs. needing to updating pluggable and/or drop-ins makes sense.
Dotted filename used only to match the other functions.*.php files in wp-includes. Feel free to change it.