<?php

/**

 * WordPress User Page

 *

 * Handles authentication, registering, resetting passwords, forgot password,

 * and other user handling.

 *

 * @package WordPress

 */

/** Make sure that the WordPress bootstrap has run before continuing. */

require __DIR__ . '/wp-load.php';

// Redirect to HTTPS login if forced to use SSL.

if ( force_ssl_admin() && ! is_ssl() ) {

	if ( str_starts_with( $_SERVER['REQUEST_URI'], 'http' ) ) {

		wp_safe_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );

		exit;

	} else {

		wp_safe_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );

		exit;

	}

}

/**

 * Outputs the login page header.

 *

 * @since 2.1.0

 *

 * @global string      $error         Login error message set by deprecated pluggable wp_login() function

 *                                    or plugins replacing it.

 * @global bool|string $interim_login Whether interim login modal is being displayed. String 'success'

 *                                    upon successful login.

 * @global string      $action        The action that brought the visitor to the login page.

 *

 * @param string|null   $title    Optional. WordPress login page title to display in the `<title>` element.

 *                                Defaults to 'Log In'.

 * @param string        $message  Optional. Message to display in header. Default empty.

 * @param WP_Error|null $wp_error Optional. The error to pass. Defaults to a WP_Error instance.

 */

function login_header( $title = null, $message = '', $wp_error = null ) {

	global $error, $interim_login, $action;

	if ( null === $title ) {

		$title = __( 'Log In' );

	}

	// Don't index any of these forms.

	add_filter( 'wp_robots', 'wp_robots_sensitive_page' );

	add_action( 'login_head', 'wp_strict_cross_origin_referrer' );

	add_action( 'login_head', 'wp_login_viewport_meta' );

	if ( ! is_wp_error( $wp_error ) ) {

		$wp_error = new WP_Error();

	}

	// Shake it!

	$shake_error_codes = array( 'empty_password', 'empty_email', 'invalid_email', 'invalidcombo', 'empty_username', 'invalid_username', 'incorrect_password', 'retrieve_password_email_failure' );

	/**

	 * Filters the error codes array for shaking the login form.

	 *

	 * @since 3.0.0

	 *

	 * @param string[] $shake_error_codes Error codes that shake the login form.

	 */

	$shake_error_codes = apply_filters( 'shake_error_codes', $shake_error_codes );

	if ( $shake_error_codes && $wp_error->has_errors() && in_array( $wp_error->get_error_code(), $shake_error_codes, true ) ) {

		add_action( 'login_footer', 'wp_shake_js', 12 );

	}

	$login_title = get_bloginfo( 'name', 'display' );

	/* translators: Login screen title. 1: Login screen name, 2: Network or site name. */

	$login_title = sprintf( __( '%1$s ‹ %2$s — WordPress' ), $title, $login_title );

	if ( wp_is_recovery_mode() ) {

		/* translators: %s: Login screen title. */

		$login_title = sprintf( __( 'Recovery Mode — %s' ), $login_title );

	}

	/**

	 * Filters the title tag content for login page.

	 *

	 * @since 4.9.0

	 *

	 * @param string $login_title The page title, with extra context added.

	 * @param string $title       The original page title.

	 */

	$login_title = apply_filters( 'login_title', $login_title, $title );

	?><!DOCTYPE html>

	<html <?php language_attributes(); ?>>

	<head>

	<meta http-equiv="Content-Type" content="<?php bloginfo( 'html_type' ); ?>; charset=<?php bloginfo( 'charset' ); ?>" />

	<title><?php echo $login_title; ?></title>

	<?php

	wp_enqueue_style( 'login' );

	/*

	 * Remove all stored post data on logging out.

	 * This could be added by add_action('login_head'...) like wp_shake_js(),

	 * but maybe better if it's not removable by plugins.

	 */

	if ( 'loggedout' === $wp_error->get_error_code() ) {

		ob_start();

		?>

		<script>if("sessionStorage" in window){try{for(var key in sessionStorage){if(key.indexOf("wp-autosave-")!=-1){sessionStorage.removeItem(key)}}}catch(e){}};</script>

		<?php

		wp_print_inline_script_tag( wp_remove_surrounding_empty_script_tags( ob_get_clean() ) );

	}

	/**

	 * Enqueues scripts and styles for the login page.

	 *

	 * @since 3.1.0

	 */

	do_action( 'login_enqueue_scripts' );

	/**

	 * Fires in the login page header after scripts are enqueued.

	 *

	 * @since 2.1.0

	 */

	do_action( 'login_head' );

	$login_header_url = __( 'https://wordpress.org/' );

	/**

	 * Filters link URL of the header logo above login form.

	 *

	 * @since 2.1.0

	 *

	 * @param string $login_header_url Login header logo URL.

	 */

	$login_header_url = apply_filters( 'login_headerurl', $login_header_url );

	$login_header_title = '';

	/**

	 * Filters the title attribute of the header logo above login form.

	 *

	 * @since 2.1.0

	 * @deprecated 5.2.0 Use {@see 'login_headertext'} instead.

	 *

	 * @param string $login_header_title Login header logo title attribute.

	 */

	$login_header_title = apply_filters_deprecated(

		'login_headertitle',

		array( $login_header_title ),

		'5.2.0',

		'login_headertext',

		__( 'Usage of the title attribute on the login logo is not recommended for accessibility reasons. Use the link text instead.' )

	);

	$login_header_text = empty( $login_header_title ) ? __( 'Powered by WordPress' ) : $login_header_title;

	/**

	 * Filters the link text of the header logo above the login form.

	 *

	 * @since 5.2.0

	 *

	 * @param string $login_header_text The login header logo link text.

	 */

	$login_header_text = apply_filters( 'login_headertext', $login_header_text );

	$classes = array( 'login-action-' . $action, 'wp-core-ui' );

	if ( is_rtl() ) {

		$classes[] = 'rtl';

	}

	if ( $interim_login ) {

		$classes[] = 'interim-login';

		?>

		<style type="text/css">html{background-color: transparent;}</style>

		<?php

		if ( 'success' === $interim_login ) {

			$classes[] = 'interim-login-success';

		}

	}

	$classes[] = ' locale-' . sanitize_html_class( strtolower( str_replace( '_', '-', get_locale() ) ) );

	/**

	 * Filters the login page body classes.

	 *

	 * @since 3.5.0

	 *

	 * @param string[] $classes An array of body classes.

	 * @param string   $action  The action that brought the visitor to the login page.

	 */

	$classes = apply_filters( 'login_body_class', $classes, $action );

	?>

	</head>

	<body class="login no-js <?php echo esc_attr( implode( ' ', $classes ) ); ?>">

	<?php

	wp_print_inline_script_tag( "document.body.className = document.body.className.replace('no-js','js');" );

	?>

	<?php

	/**

	 * Fires in the login page header after the body tag is opened.

	 *

	 * @since 4.6.0

	 */

	do_action( 'login_header' );

	?>

	<?php

	if ( 'confirm_admin_email' !== $action && ! empty( $title ) ) :

		?>

		<h1 class="screen-reader-text"><?php echo $title; ?></h1>

		<?php

	endif;

	?>

	<div id="login">

		<h1 role="presentation" class="wp-login-logo"><a href="<?php echo esc_url( $login_header_url ); ?>"><?php echo $login_header_text; ?></a></h1>

	<?php

	/**

	 * Filters the message to display above the login form.

	 *

	 * @since 2.1.0

	 *

	 * @param string $message Login message text.

	 */

	$message = apply_filters( 'login_message', $message );

	if ( ! empty( $message ) ) {

		echo $message . "\n";

	}

	// In case a plugin uses $error rather than the $wp_errors object.

	if ( ! empty( $error ) ) {

		$wp_error->add( 'error', $error );

		unset( $error );

	}

	if ( $wp_error->has_errors() ) {

		$error_list = array();

		$messages   = '';

		foreach ( $wp_error->get_error_codes() as $code ) {

			$severity = $wp_error->get_error_data( $code );

			foreach ( $wp_error->get_error_messages( $code ) as $error_message ) {

				if ( 'message' === $severity ) {

					$messages .= '<p>' . $error_message . '</p>';

				} else {

					$error_list[] = $error_message;

				}

			}

		}

		if ( ! empty( $error_list ) ) {

			$errors = '';

			if ( count( $error_list ) > 1 ) {

				$errors .= '<ul class="login-error-list">';

				foreach ( $error_list as $item ) {

					$errors .= '<li>' . $item . '</li>';

				}

				$errors .= '</ul>';

			} else {

				$errors .= '<p>' . $error_list[0] . '</p>';

			}

			/**

			 * Filters the error messages displayed above the login form.

			 *

			 * @since 2.1.0

			 *

			 * @param string $errors Login error messages.

			 */

			$errors = apply_filters( 'login_errors', $errors );

			wp_admin_notice(

				$errors,

				array(

					'type'           => 'error',

					'id'             => 'login_error',

					'paragraph_wrap' => false,

				)

			);

		}

		if ( ! empty( $messages ) ) {

			/**

			 * Filters instructional messages displayed above the login form.

			 *

			 * @since 2.5.0

			 *

			 * @param string $messages Login messages.

			 */

			$messages = apply_filters( 'login_messages', $messages );

			wp_admin_notice(

				$messages,

				array(

					'type'               => 'info',

					'id'                 => 'login-message',

					'additional_classes' => array( 'message' ),

					'paragraph_wrap'     => false,

				)

			);

		}

	}

} // End of login_header().

/**

 * Outputs the footer for the login page.

 *

 * @since 3.1.0

 *

 * @global bool|string $interim_login Whether interim login modal is being displayed. String 'success'

 *                                    upon successful login.

 *

 * @param string $input_id Which input to auto-focus.

 */

function login_footer( $input_id = '' ) {

	global $interim_login;

	// Don't allow interim logins to navigate away from the page.

	if ( ! $interim_login ) {

		?>

		<p id="backtoblog">

			<?php

			$html_link = sprintf(

				'<a href="%s">%s</a>',

				esc_url( home_url( '/' ) ),

				sprintf(

					/* translators: %s: Site title. */

					_x( '← Go to %s', 'site' ),

					get_bloginfo( 'title', 'display' )

				)

			);

			/**

			 * Filters the "Go to site" link displayed in the login page footer.

			 *

			 * @since 5.7.0

			 *

			 * @param string $link HTML link to the home URL of the current site.

			 */

			echo apply_filters( 'login_site_html_link', $html_link );

			?>

		</p>

		<?php

		the_privacy_policy_link( '<div class="privacy-policy-page-link">', '</div>' );

	}

	?>

	</div><?php // End of <div id="login">. ?>

	<?php

	if (

		! $interim_login &&

		/**

		 * Filters whether to display the Language selector on the login screen.

		 *

		 * @since 5.9.0

		 *

		 * @param bool $display Whether to display the Language selector on the login screen.

		 */

		apply_filters( 'login_display_language_dropdown', true )

	) {

		$languages = get_available_languages();

		if ( ! empty( $languages ) ) {

			?>

			<div class="language-switcher">

				<form id="language-switcher" method="get">

					<label for="language-switcher-locales">

						<span class="dashicons dashicons-translation" aria-hidden="true"></span>

						<span class="screen-reader-text">

							<?php

							/* translators: Hidden accessibility text. */

							_e( 'Language' );

							?>

						</span>

					</label>

					<?php

					$args = array(

						'id'                          => 'language-switcher-locales',

						'name'                        => 'wp_lang',

						'selected'                    => determine_locale(),

						'show_available_translations' => false,

						'explicit_option_en_us'       => true,

						'languages'                   => $languages,

					);

					/**

					 * Filters default arguments for the Languages select input on the login screen.

					 *

					 * The arguments get passed to the wp_dropdown_languages() function.

					 *

					 * @since 5.9.0

					 *

					 * @param array $args Arguments for the Languages select input on the login screen.

					 */

					wp_dropdown_languages( apply_filters( 'login_language_dropdown_args', $args ) );

					?>

					<?php if ( $interim_login ) { ?>

						<input type="hidden" name="interim-login" value="1" />

					<?php } ?>

					<?php if ( isset( $_GET['redirect_to'] ) && '' !== $_GET['redirect_to'] ) { ?>

						<input type="hidden" name="redirect_to" value="<?php echo sanitize_url( $_GET['redirect_to'] ); ?>" />

					<?php } ?>

					<?php if ( isset( $_GET['action'] ) && '' !== $_GET['action'] ) { ?>

						<input type="hidden" name="action" value="<?php echo esc_attr( $_GET['action'] ); ?>" />