site_iri: web/wp-login.php@85b7b80973f4 (annotated)

136 bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	1	<?php
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	2	/**
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	3	* WordPress User Page
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	4	*
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	5	* Handles authentication, registering, resetting passwords, forgot password,
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	6	* and other user handling.
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	7	*
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	8	* @package WordPress
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	9	*/
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	10
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	11	/** Make sure that the WordPress bootstrap has run before continuing. */
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	12	require( dirname(__FILE__) . '/wp-load.php' );
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	13
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	14	// Redirect to https login if forced to use SSL
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	15	if ( force_ssl_admin() && !is_ssl() ) {
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	16	if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	17	wp_redirect(preg_replace('\|^http://\|', 'https://', $_SERVER['REQUEST_URI']));
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	18	exit();
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	19	} else {
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	20	wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	21	exit();
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	22	}
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	23	}
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	24
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	25	/**
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	26	* Outputs the header for the login page.
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	27	*
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	28	* @uses do_action() Calls the 'login_head' for outputting HTML in the Log In
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	29	* header.
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	30	* @uses apply_filters() Calls 'login_headerurl' for the top login link.
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	31	* @uses apply_filters() Calls 'login_headertitle' for the top login title.
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	32	* @uses apply_filters() Calls 'login_message' on the message to display in the
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	33	* header.
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	34	* @uses $error The error global, which is checked for displaying errors.
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	35	*
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	36	* @param string $title Optional. WordPress Log In Page title to display in
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	37	* <title/> element.
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	38	* @param string $message Optional. Message to display in header.
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	39	* @param WP_Error $wp_error Optional. WordPress Error Object
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	40	*/
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	41	function login_header($title = 'Log In', $message = '', $wp_error = '') {
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	42	global $error, $is_iphone, $interim_login;
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	43
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	44	// Don't index any of these forms
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	45	add_filter( 'pre_option_blog_public', create_function( '$a', 'return 0;' ) );
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	46	add_action( 'login_head', 'noindex' );
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	47
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	48	if ( empty($wp_error) )
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	49	$wp_error = new WP_Error();
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	50	?>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	51	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	52	<html xmlns="http://www.w3.org/1999/xhtml" <?php language_attributes(); ?>>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	53	<head>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	54	<title><?php bloginfo('name'); ?> &rsaquo; <?php echo $title; ?></title>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	55	<meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" />
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	56	<?php
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	57	wp_admin_css( 'login', true );
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	58	wp_admin_css( 'colors-fresh', true );
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	59
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	60	if ( $is_iphone ) { ?>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	61	<meta name="viewport" content="width=320; initial-scale=0.9; maximum-scale=1.0; user-scalable=0;" />
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	62	<style type="text/css" media="screen">
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	63	form { margin-left: 0px; }
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	64	#login { margin-top: 20px; }
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	65	</style>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	66	<?php
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	67	} elseif ( isset($interim_login) && $interim_login ) { ?>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	68	<style type="text/css" media="all">
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	69	.login #login { margin: 20px auto; }
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	70	</style>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	71	<?php
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	72	}
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	73
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	74	do_action('login_head'); ?>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	75	</head>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	76	<body class="login">
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	77
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	78	<div id="login"><h1><a href="<?php echo apply_filters('login_headerurl', 'http://wordpress.org/'); ?>" title="<?php echo apply_filters('login_headertitle', __('Powered by WordPress')); ?>"><?php bloginfo('name'); ?></a></h1>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	79	<?php
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	80	$message = apply_filters('login_message', $message);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	81	if ( !empty( $message ) ) echo $message . "\n";
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	82
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	83	// Incase a plugin uses $error rather than the $errors object
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	84	if ( !empty( $error ) ) {
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	85	$wp_error->add('error', $error);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	86	unset($error);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	87	}
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	88
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	89	if ( $wp_error->get_error_code() ) {
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	90	$errors = '';
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	91	$messages = '';
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	92	foreach ( $wp_error->get_error_codes() as $code ) {
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	93	$severity = $wp_error->get_error_data($code);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	94	foreach ( $wp_error->get_error_messages($code) as $error ) {
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	95	if ( 'message' == $severity )
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	96	$messages .= ' ' . $error . "<br />\n";
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	97	else
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	98	$errors .= ' ' . $error . "<br />\n";
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	99	}
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	100	}
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	101	if ( !empty($errors) )
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	102	echo '<div id="login_error">' . apply_filters('login_errors', $errors) . "</div>\n";
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	103	if ( !empty($messages) )
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	104	echo '<p class="message">' . apply_filters('login_messages', $messages) . "</p>\n";
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	105	}
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	106	} // End of login_header()
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	107
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	108	/**
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	109	* Handles sending password retrieval email to user.
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	110	*
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	111	* @uses $wpdb WordPress Database object
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	112	*
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	113	* @return bool\|WP_Error True: when finish. WP_Error on error
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	114	*/
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	115	function retrieve_password() {
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	116	global $wpdb;
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	117
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	118	$errors = new WP_Error();
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	119
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	120	if ( empty( $_POST['user_login'] ) && empty( $_POST['user_email'] ) )
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	121	$errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or e-mail address.'));
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	122
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	123	if ( strpos($_POST['user_login'], '@') ) {
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	124	$user_data = get_user_by_email(trim($_POST['user_login']));
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	125	if ( empty($user_data) )
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	126	$errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.'));
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	127	} else {
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	128	$login = trim($_POST['user_login']);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	129	$user_data = get_userdatabylogin($login);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	130	}
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	131
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	132	do_action('lostpassword_post');
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	133
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	134	if ( $errors->get_error_code() )
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	135	return $errors;
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	136
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	137	if ( !$user_data ) {
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	138	$errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or e-mail.'));
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	139	return $errors;
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	140	}
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	141
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	142	// redefining user_login ensures we return the right case in the email
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	143	$user_login = $user_data->user_login;
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	144	$user_email = $user_data->user_email;
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	145
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	146	do_action('retreive_password', $user_login); // Misspelled and deprecated
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	147	do_action('retrieve_password', $user_login);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	148
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	149	$allow = apply_filters('allow_password_reset', true, $user_data->ID);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	150
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	151	if ( ! $allow )
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	152	return new WP_Error('no_password_reset', __('Password reset is not allowed for this user'));
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	153	else if ( is_wp_error($allow) )
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	154	return $allow;
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	155
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	156	$key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login));
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	157	if ( empty($key) ) {
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	158	// Generate something random for a key...
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	159	$key = wp_generate_password(20, false);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	160	do_action('retrieve_password_key', $user_login, $key);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	161	// Now insert the new md5 key into the db
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	162	$wpdb->update($wpdb->users, array('user_activation_key' => $key), array('user_login' => $user_login));
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	163	}
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	164	$message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n";
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	165	$message .= get_option('siteurl') . "\r\n\r\n";
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	166	$message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	167	$message .= __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.') . "\r\n\r\n";
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	168	$message .= site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . "\r\n";
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	169
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	170	// The blogname option is escaped with esc_html on the way into the database in sanitize_option
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	171	// we want to reverse this for the plain text arena of emails.
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	172	$blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	173
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	174	$title = sprintf(__('[%s] Password Reset'), $blogname);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	175
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	176	$title = apply_filters('retrieve_password_title', $title);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	177	$message = apply_filters('retrieve_password_message', $message, $key);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	178
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	179	if ( $message && !wp_mail($user_email, $title, $message) )
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	180	die('<p>' . __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') . '</p>');
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	181
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	182	return true;
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	183	}
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	184
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	185	/**
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	186	* Handles resetting the user's password.
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	187	*
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	188	* @uses $wpdb WordPress Database object
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	189	*
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	190	* @param string $key Hash to validate sending user's password
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	191	* @return bool\|WP_Error
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	192	*/
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	193	function reset_password($key, $login) {
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	194	global $wpdb;
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	195
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	196	$key = preg_replace('/[^a-z0-9]/i', '', $key);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	197
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	198	if ( empty( $key ) \|\| !is_string( $key ) )
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	199	return new WP_Error('invalid_key', __('Invalid key'));
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	200
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	201	if ( empty($login) \|\| !is_string($login) )
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	202	return new WP_Error('invalid_key', __('Invalid key'));
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	203
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	204	$user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_activation_key = %s AND user_login = %s", $key, $login));
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	205	if ( empty( $user ) )
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	206	return new WP_Error('invalid_key', __('Invalid key'));
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	207
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	208	// Generate something random for a password...
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	209	$new_pass = wp_generate_password();
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	210
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	211	do_action('password_reset', $user, $new_pass);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	212
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	213	wp_set_password($new_pass, $user->ID);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	214	update_usermeta($user->ID, 'default_password_nag', true); //Set up the Password change nag.
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	215	$message = sprintf(__('Username: %s'), $user->user_login) . "\r\n";
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	216	$message .= sprintf(__('Password: %s'), $new_pass) . "\r\n";
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	217	$message .= site_url('wp-login.php', 'login') . "\r\n";
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	218
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	219	// The blogname option is escaped with esc_html on the way into the database in sanitize_option
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	220	// we want to reverse this for the plain text arena of emails.
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	221	$blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	222
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	223	$title = sprintf(__('[%s] Your new password'), $blogname);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	224
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	225	$title = apply_filters('password_reset_title', $title);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	226	$message = apply_filters('password_reset_message', $message, $new_pass);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	227
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	228	if ( $message && !wp_mail($user->user_email, $title, $message) )
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	229	die('<p>' . __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') . '</p>');
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	230
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	231	wp_password_change_notification($user);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	232
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	233	return true;
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	234	}
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	235
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	236	/**
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	237	* Handles registering a new user.
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	238	*
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	239	* @param string $user_login User's username for logging in
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	240	* @param string $user_email User's email address to send password and add
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	241	* @return int\|WP_Error Either user's ID or error on failure.
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	242	*/
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	243	function register_new_user($user_login, $user_email) {
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	244	$errors = new WP_Error();
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	245
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	246	$user_login = sanitize_user( $user_login );
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	247	$user_email = apply_filters( 'user_registration_email', $user_email );
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	248
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	249	// Check the username
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	250	if ( $user_login == '' )
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	251	$errors->add('empty_username', __('<strong>ERROR</strong>: Please enter a username.'));
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	252	elseif ( !validate_username( $user_login ) ) {
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	253	$errors->add('invalid_username', __('<strong>ERROR</strong>: This username is invalid. Please enter a valid username.'));
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	254	$user_login = '';
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	255	} elseif ( username_exists( $user_login ) )
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	256	$errors->add('username_exists', __('<strong>ERROR</strong>: This username is already registered, please choose another one.'));
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	257
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	258	// Check the e-mail address
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	259	if ($user_email == '') {
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	260	$errors->add('empty_email', __('<strong>ERROR</strong>: Please type your e-mail address.'));
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	261	} elseif ( !is_email( $user_email ) ) {
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	262	$errors->add('invalid_email', __('<strong>ERROR</strong>: The email address isn’t correct.'));
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	263	$user_email = '';
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	264	} elseif ( email_exists( $user_email ) )
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	265	$errors->add('email_exists', __('<strong>ERROR</strong>: This email is already registered, please choose another one.'));
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	266
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	267	do_action('register_post', $user_login, $user_email, $errors);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	268
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	269	$errors = apply_filters( 'registration_errors', $errors, $user_login, $user_email );
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	270
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	271	if ( $errors->get_error_code() )
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	272	return $errors;
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	273
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	274	$user_pass = wp_generate_password();
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	275	$user_id = wp_create_user( $user_login, $user_pass, $user_email );
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	276	if ( !$user_id ) {
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	277	$errors->add('registerfail', sprintf(__('<strong>ERROR</strong>: Couldn’t register you... please contact the <a href="mailto:%s">webmaster</a> !'), get_option('admin_email')));
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	278	return $errors;
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	279	}
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	280
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	281	wp_new_user_notification($user_id, $user_pass);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	282
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	283	return $user_id;
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	284	}
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	285
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	286	//
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	287	// Main
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	288	//
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	289
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	290	$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'login';
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	291	$errors = new WP_Error();
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	292
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	293	if ( isset($_GET['key']) )
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	294	$action = 'resetpass';
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	295
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	296	// validate action so as to default to the login screen
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	297	if ( !in_array($action, array('logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login'), true) && false === has_filter('login_form_' . $action) )
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	298	$action = 'login';
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	299
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	300	nocache_headers();
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	301
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	302	header('Content-Type: '.get_bloginfo('html_type').'; charset='.get_bloginfo('charset'));
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	303
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	304	if ( defined('RELOCATE') ) { // Move flag is set
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	305	if ( isset( $_SERVER['PATH_INFO'] ) && ($_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) )
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	306	$_SERVER['PHP_SELF'] = str_replace( $_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF'] );
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	307
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	308	$schema = ( isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on' ) ? 'https://' : 'http://';
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	309	if ( dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != get_option('siteurl') )
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	310	update_option('siteurl', dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) );
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	311	}
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	312
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	313	//Set a cookie now to see if they are supported by the browser.
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	314	setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	315	if ( SITECOOKIEPATH != COOKIEPATH )
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	316	setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	317
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	318	// allow plugins to override the default actions, and to add extra actions if they want
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	319	do_action('login_form_' . $action);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	320
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	321	$http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	322	switch ($action) {
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	323
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	324	case 'logout' :
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	325	check_admin_referer('log-out');
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	326	wp_logout();
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	327
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	328	$redirect_to = 'wp-login.php?loggedout=true';
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	329	if ( isset( $_REQUEST['redirect_to'] ) )
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	330	$redirect_to = $_REQUEST['redirect_to'];
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	331
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	332	wp_safe_redirect($redirect_to);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	333	exit();
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	334
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	335	break;
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	336
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	337	case 'lostpassword' :
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	338	case 'retrievepassword' :
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	339	if ( $http_post ) {
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	340	$errors = retrieve_password();
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	341	if ( !is_wp_error($errors) ) {
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	342	wp_redirect('wp-login.php?checkemail=confirm');
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	343	exit();
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	344	}
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	345	}
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	346
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	347	if ( isset($_GET['error']) && 'invalidkey' == $_GET['error'] ) $errors->add('invalidkey', __('Sorry, that key does not appear to be valid.'));
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	348
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	349	do_action('lost_password');
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	350	login_header(__('Lost Password'), '<p class="message">' . __('Please enter your username or e-mail address. You will receive a new password via e-mail.') . '</p>', $errors);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	351
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	352	$user_login = isset($_POST['user_login']) ? stripslashes($_POST['user_login']) : '';
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	353
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	354	?>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	355
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	356	<form name="lostpasswordform" id="lostpasswordform" action="<?php echo site_url('wp-login.php?action=lostpassword', 'login_post') ?>" method="post">
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	357	<p>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	358	<label><?php _e('Username or E-mail:') ?><br />
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	359	<input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" tabindex="10" /></label>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	360	</p>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	361	<?php do_action('lostpassword_form'); ?>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	362	<p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Get New Password'); ?>" tabindex="100" /></p>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	363	</form>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	364
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	365	<p id="nav">
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	366	<?php if (get_option('users_can_register')) : ?>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	367	<a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a> \|
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	368	<a href="<?php echo site_url('wp-login.php?action=register', 'login') ?>"><?php _e('Register') ?></a>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	369	<?php else : ?>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	370	<a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	371	<?php endif; ?>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	372	</p>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	373
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	374	</div>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	375
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	376	<p id="backtoblog"><a href="<?php bloginfo('url'); ?>/" title="<?php _e('Are you lost?') ?>"><?php printf(__('← Back to %s'), get_bloginfo('title', 'display' )); ?></a></p>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	377
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	378	<script type="text/javascript">
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	379	try{document.getElementById('user_login').focus();}catch(e){}
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	380	</script>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	381	</body>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	382	</html>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	383	<?php
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	384	break;
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	385
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	386	case 'resetpass' :
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	387	case 'rp' :
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	388	$errors = reset_password($_GET['key'], $_GET['login']);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	389
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	390	if ( ! is_wp_error($errors) ) {
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	391	wp_redirect('wp-login.php?checkemail=newpass');
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	392	exit();
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	393	}
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	394
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	395	wp_redirect('wp-login.php?action=lostpassword&error=invalidkey');
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	396	exit();
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	397
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	398	break;
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	399
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	400	case 'register' :
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	401	if ( !get_option('users_can_register') ) {
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	402	wp_redirect('wp-login.php?registration=disabled');
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	403	exit();
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	404	}
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	405
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	406	$user_login = '';
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	407	$user_email = '';
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	408	if ( $http_post ) {
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	409	require_once( ABSPATH . WPINC . '/registration.php');
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	410
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	411	$user_login = $_POST['user_login'];
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	412	$user_email = $_POST['user_email'];
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	413	$errors = register_new_user($user_login, $user_email);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	414	if ( !is_wp_error($errors) ) {
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	415	wp_redirect('wp-login.php?checkemail=registered');
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	416	exit();
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	417	}
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	418	}
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	419
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	420	login_header(__('Registration Form'), '<p class="message register">' . __('Register For This Site') . '</p>', $errors);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	421	?>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	422
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	423	<form name="registerform" id="registerform" action="<?php echo site_url('wp-login.php?action=register', 'login_post') ?>" method="post">
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	424	<p>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	425	<label><?php _e('Username') ?><br />
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	426	<input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr(stripslashes($user_login)); ?>" size="20" tabindex="10" /></label>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	427	</p>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	428	<p>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	429	<label><?php _e('E-mail') ?><br />
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	430	<input type="text" name="user_email" id="user_email" class="input" value="<?php echo esc_attr(stripslashes($user_email)); ?>" size="25" tabindex="20" /></label>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	431	</p>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	432	<?php do_action('register_form'); ?>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	433	<p id="reg_passmail"><?php _e('A password will be e-mailed to you.') ?></p>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	434	<br class="clear" />
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	435	<p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Register'); ?>" tabindex="100" /></p>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	436	</form>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	437
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	438	<p id="nav">
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	439	<a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a> \|
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	440	<a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	441	</p>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	442
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	443	</div>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	444
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	445	<p id="backtoblog"><a href="<?php bloginfo('url'); ?>/" title="<?php _e('Are you lost?') ?>"><?php printf(__('← Back to %s'), get_bloginfo('title', 'display' )); ?></a></p>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	446
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	447	<script type="text/javascript">
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	448	try{document.getElementById('user_login').focus();}catch(e){}
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	449	</script>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	450	</body>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	451	</html>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	452	<?php
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	453	break;
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	454
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	455	case 'login' :
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	456	default:
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	457	$secure_cookie = '';
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	458	$interim_login = isset($_REQUEST['interim-login']);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	459
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	460	// If the user wants ssl but the session is not ssl, force a secure cookie.
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	461	if ( !empty($_POST['log']) && !force_ssl_admin() ) {
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	462	$user_name = sanitize_user($_POST['log']);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	463	if ( $user = get_userdatabylogin($user_name) ) {
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	464	if ( get_user_option('use_ssl', $user->ID) ) {
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	465	$secure_cookie = true;
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	466	force_ssl_admin(true);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	467	}
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	468	}
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	469	}
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	470
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	471	if ( isset( $_REQUEST['redirect_to'] ) ) {
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	472	$redirect_to = $_REQUEST['redirect_to'];
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	473	// Redirect to https if user wants ssl
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	474	if ( $secure_cookie && false !== strpos($redirect_to, 'wp-admin') )
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	475	$redirect_to = preg_replace('\|^http://\|', 'https://', $redirect_to);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	476	} else {
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	477	$redirect_to = admin_url();
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	478	}
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	479
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	480	if ( !$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	481	$secure_cookie = false;
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	482
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	483	$user = wp_signon('', $secure_cookie);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	484
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	485	$redirect_to = apply_filters('login_redirect', $redirect_to, isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '', $user);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	486
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	487	if ( !is_wp_error($user) ) {
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	488	if ( $interim_login ) {
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	489	$message = '<p class="message">' . __('You have logged in successfully.') . '</p>';
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	490	login_header( '', $message ); ?>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	491	<script type="text/javascript">setTimeout( function(){window.close()}, 8000);</script>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	492	<p class="alignright">
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	493	<input type="button" class="button-primary" value="<?php esc_attr_e('Close'); ?>" onclick="window.close()" /></p>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	494	</div></body></html>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	495	<?php exit;
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	496	}
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	497	// If the user can't edit posts, send them to their profile.
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	498	if ( !$user->has_cap('edit_posts') && ( empty( $redirect_to ) \|\| $redirect_to == 'wp-admin/' \|\| $redirect_to == admin_url() ) )
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	499	$redirect_to = admin_url('profile.php');
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	500	wp_safe_redirect($redirect_to);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	501	exit();
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	502	}
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	503
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	504	$errors = $user;
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	505	// Clear errors if loggedout is set.
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	506	if ( !empty($_GET['loggedout']) )
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	507	$errors = new WP_Error();
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	508
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	509	// If cookies are disabled we can't log in even with a valid user+pass
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	510	if ( isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE]) )
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	511	$errors->add('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress."));
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	512
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	513	// Some parts of this script use the main login form to display a message
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	514	if ( isset($_GET['loggedout']) && TRUE == $_GET['loggedout'] )
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	515	$errors->add('loggedout', __('You are now logged out.'), 'message');
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	516	elseif ( isset($_GET['registration']) && 'disabled' == $_GET['registration'] )
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	517	$errors->add('registerdisabled', __('User registration is currently not allowed.'));
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	518	elseif ( isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail'] )
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	519	$errors->add('confirm', __('Check your e-mail for the confirmation link.'), 'message');
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	520	elseif ( isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail'] )
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	521	$errors->add('newpass', __('Check your e-mail for your new password.'), 'message');
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	522	elseif ( isset($_GET['checkemail']) && 'registered' == $_GET['checkemail'] )
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	523	$errors->add('registered', __('Registration complete. Please check your e-mail.'), 'message');
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	524	elseif ( $interim_login )
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	525	$errors->add('expired', __('Your session has expired. Please log-in again.'), 'message');
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	526
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	527	login_header(__('Log In'), '', $errors);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	528
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	529	if ( isset($_POST['log']) )
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	530	$user_login = ( 'incorrect_password' == $errors->get_error_code() \|\| 'empty_password' == $errors->get_error_code() ) ? esc_attr(stripslashes($_POST['log'])) : '';
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	531	?>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	532
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	533	<?php if ( !isset($_GET['checkemail']) \|\| !in_array( $_GET['checkemail'], array('confirm', 'newpass') ) ) : ?>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	534	<form name="loginform" id="loginform" action="<?php echo site_url('wp-login.php', 'login_post') ?>" method="post">
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	535	<p>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	536	<label><?php _e('Username') ?><br />
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	537	<input type="text" name="log" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" tabindex="10" /></label>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	538	</p>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	539	<p>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	540	<label><?php _e('Password') ?><br />
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	541	<input type="password" name="pwd" id="user_pass" class="input" value="" size="20" tabindex="20" /></label>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	542	</p>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	543	<?php do_action('login_form'); ?>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	544	<p class="forgetmenot"><label><input name="rememberme" type="checkbox" id="rememberme" value="forever" tabindex="90" /> <?php esc_attr_e('Remember Me'); ?></label></p>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	545	<p class="submit">
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	546	<input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Log In'); ?>" tabindex="100" />
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	547	<?php if ( $interim_login ) { ?>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	548	<input type="hidden" name="interim-login" value="1" />
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	549	<?php } else { ?>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	550	<input type="hidden" name="redirect_to" value="<?php echo esc_attr($redirect_to); ?>" />
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	551	<?php } ?>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	552	<input type="hidden" name="testcookie" value="1" />
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	553	</p>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	554	</form>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	555	<?php endif; ?>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	556
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	557	<?php if ( !$interim_login ) { ?>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	558	<p id="nav">
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	559	<?php if ( isset($_GET['checkemail']) && in_array( $_GET['checkemail'], array('confirm', 'newpass') ) ) : ?>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	560	<?php elseif (get_option('users_can_register')) : ?>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	561	<a href="<?php echo site_url('wp-login.php?action=register', 'login') ?>"><?php _e('Register') ?></a> \|
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	562	<a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	563	<?php else : ?>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	564	<a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	565	<?php endif; ?>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	566	</p>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	567
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	568	<p id="backtoblog"><a href="<?php bloginfo('url'); ?>/" title="<?php _e('Are you lost?') ?>"><?php printf(__('← Back to %s'), get_bloginfo('title', 'display' )); ?></a></p>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	569	<?php } ?>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	570	</div>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	571
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	572	<script type="text/javascript">
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	573	<?php if ( $user_login \|\| $interim_login ) { ?>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	574	setTimeout( function(){ try{
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	575	d = document.getElementById('user_pass');
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	576	d.value = '';
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	577	d.focus();
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	578	} catch(e){}
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	579	}, 200);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	580	<?php } else { ?>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	581	try{document.getElementById('user_login').focus();}catch(e){}
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	582	<?php } ?>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	583	</script>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	584	</body>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	585	</html>
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	586	<?php
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	587
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	588	break;
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	589	} // end action switch
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	590	?>

author	ymh@caf4f556-3d62-0410-8435-a86758001935
	Wed, 03 Mar 2010 14:49:38 +0000
changeset 155	85b7b80973f4
parent 136	bde1974c263b
child 194	32102edaa81b
permissions	-rw-r--r--