10 |
10 |
11 /** Make sure that the WordPress bootstrap has run before continuing. */ |
11 /** Make sure that the WordPress bootstrap has run before continuing. */ |
12 require( dirname(__FILE__) . '/wp-load.php' ); |
12 require( dirname(__FILE__) . '/wp-load.php' ); |
13 |
13 |
14 // Redirect to https login if forced to use SSL |
14 // Redirect to https login if forced to use SSL |
15 if ( force_ssl_admin() && !is_ssl() ) { |
15 if ( force_ssl_admin() && ! is_ssl() ) { |
16 if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) { |
16 if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) { |
17 wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI'])); |
17 wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) ); |
18 exit(); |
18 exit(); |
19 } else { |
19 } else { |
20 wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); |
20 wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ); |
21 exit(); |
21 exit(); |
22 } |
22 } |
23 } |
23 } |
24 |
24 |
25 /** |
25 /** |
37 * <title/> element. |
37 * <title/> element. |
38 * @param string $message Optional. Message to display in header. |
38 * @param string $message Optional. Message to display in header. |
39 * @param WP_Error $wp_error Optional. WordPress Error Object |
39 * @param WP_Error $wp_error Optional. WordPress Error Object |
40 */ |
40 */ |
41 function login_header($title = 'Log In', $message = '', $wp_error = '') { |
41 function login_header($title = 'Log In', $message = '', $wp_error = '') { |
42 global $error, $interim_login, $current_site; |
42 global $error, $interim_login, $current_site, $action; |
43 |
43 |
44 // Don't index any of these forms |
44 // Don't index any of these forms |
45 add_action( 'login_head', 'wp_no_robots' ); |
45 add_action( 'login_head', 'wp_no_robots' ); |
46 |
46 |
47 if ( empty($wp_error) ) |
47 if ( empty($wp_error) ) |
84 |
84 |
85 // Don't allow interim logins to navigate away from the page. |
85 // Don't allow interim logins to navigate away from the page. |
86 if ( $interim_login ) |
86 if ( $interim_login ) |
87 $login_header_url = '#'; |
87 $login_header_url = '#'; |
88 |
88 |
|
89 $classes = array( 'login-action-' . $action, 'wp-core-ui' ); |
|
90 if ( wp_is_mobile() ) |
|
91 $classes[] = 'mobile'; |
|
92 if ( is_rtl() ) |
|
93 $classes[] = 'rtl'; |
|
94 $classes = apply_filters( 'login_body_class', $classes, $action ); |
89 ?> |
95 ?> |
90 </head> |
96 </head> |
91 <body class="login<?php if ( wp_is_mobile() ) echo ' mobile'; ?>"> |
97 <body class="login <?php echo esc_attr( implode( ' ', $classes ) ); ?>"> |
92 <div id="login"> |
98 <div id="login"> |
93 <h1><a href="<?php echo esc_url( $login_header_url ); ?>" title="<?php echo esc_attr( $login_header_title ); ?>"><?php bloginfo( 'name' ); ?></a></h1> |
99 <h1><a href="<?php echo esc_url( $login_header_url ); ?>" title="<?php echo esc_attr( $login_header_title ); ?>"><?php bloginfo( 'name' ); ?></a></h1> |
94 <?php |
100 <?php |
95 |
101 |
96 unset( $login_header_url, $login_header_title ); |
102 unset( $login_header_url, $login_header_title ); |
307 $errors->add( 'empty_username', __( '<strong>ERROR</strong>: Please enter a username.' ) ); |
313 $errors->add( 'empty_username', __( '<strong>ERROR</strong>: Please enter a username.' ) ); |
308 } elseif ( ! validate_username( $user_login ) ) { |
314 } elseif ( ! validate_username( $user_login ) ) { |
309 $errors->add( 'invalid_username', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ) ); |
315 $errors->add( 'invalid_username', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ) ); |
310 $sanitized_user_login = ''; |
316 $sanitized_user_login = ''; |
311 } elseif ( username_exists( $sanitized_user_login ) ) { |
317 } elseif ( username_exists( $sanitized_user_login ) ) { |
312 $errors->add( 'username_exists', __( '<strong>ERROR</strong>: This username is already registered, please choose another one.' ) ); |
318 $errors->add( 'username_exists', __( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' ) ); |
313 } |
319 } |
314 |
320 |
315 // Check the e-mail address |
321 // Check the e-mail address |
316 if ( $user_email == '' ) { |
322 if ( $user_email == '' ) { |
317 $errors->add( 'empty_email', __( '<strong>ERROR</strong>: Please type your e-mail address.' ) ); |
323 $errors->add( 'empty_email', __( '<strong>ERROR</strong>: Please type your e-mail address.' ) ); |
359 |
365 |
360 nocache_headers(); |
366 nocache_headers(); |
361 |
367 |
362 header('Content-Type: '.get_bloginfo('html_type').'; charset='.get_bloginfo('charset')); |
368 header('Content-Type: '.get_bloginfo('html_type').'; charset='.get_bloginfo('charset')); |
363 |
369 |
364 if ( defined('RELOCATE') ) { // Move flag is set |
370 if ( defined( 'RELOCATE' ) && RELOCATE ) { // Move flag is set |
365 if ( isset( $_SERVER['PATH_INFO'] ) && ($_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) ) |
371 if ( isset( $_SERVER['PATH_INFO'] ) && ($_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) ) |
366 $_SERVER['PHP_SELF'] = str_replace( $_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF'] ); |
372 $_SERVER['PHP_SELF'] = str_replace( $_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF'] ); |
367 |
373 |
368 $schema = is_ssl() ? 'https://' : 'http://'; |
374 $url = dirname( set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] ) ); |
369 if ( dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != get_option('siteurl') ) |
375 if ( $url != get_option( 'siteurl' ) ) |
370 update_option('siteurl', dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) ); |
376 update_option( 'siteurl', $url ); |
371 } |
377 } |
372 |
378 |
373 //Set a cookie now to see if they are supported by the browser. |
379 //Set a cookie now to see if they are supported by the browser. |
374 setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN); |
380 setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN); |
375 if ( SITECOOKIEPATH != COOKIEPATH ) |
381 if ( SITECOOKIEPATH != COOKIEPATH ) |
388 // By default, use the portable hash from phpass |
394 // By default, use the portable hash from phpass |
389 $wp_hasher = new PasswordHash(8, true); |
395 $wp_hasher = new PasswordHash(8, true); |
390 } |
396 } |
391 |
397 |
392 // 10 days |
398 // 10 days |
393 setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 864000, COOKIEPATH ); |
399 setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH ); |
394 |
400 |
395 wp_safe_redirect( wp_get_referer() ); |
401 wp_safe_redirect( wp_get_referer() ); |
396 exit(); |
402 exit(); |
397 |
403 |
398 break; |
404 break; |
430 ?> |
436 ?> |
431 |
437 |
432 <form name="lostpasswordform" id="lostpasswordform" action="<?php echo esc_url( site_url( 'wp-login.php?action=lostpassword', 'login_post' ) ); ?>" method="post"> |
438 <form name="lostpasswordform" id="lostpasswordform" action="<?php echo esc_url( site_url( 'wp-login.php?action=lostpassword', 'login_post' ) ); ?>" method="post"> |
433 <p> |
439 <p> |
434 <label for="user_login" ><?php _e('Username or E-mail:') ?><br /> |
440 <label for="user_login" ><?php _e('Username or E-mail:') ?><br /> |
435 <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" tabindex="10" /></label> |
441 <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label> |
436 </p> |
442 </p> |
437 <?php do_action('lostpassword_form'); ?> |
443 <?php do_action('lostpassword_form'); ?> |
438 <input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" /> |
444 <input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" /> |
439 <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Get New Password'); ?>" tabindex="100" /></p> |
445 <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Get New Password'); ?>" /></p> |
440 </form> |
446 </form> |
441 |
447 |
442 <p id="nav"> |
448 <p id="nav"> |
443 <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e('Log in') ?></a> |
449 <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e('Log in') ?></a> |
444 <?php if ( get_option( 'users_can_register' ) ) : ?> |
450 <?php if ( get_option( 'users_can_register' ) ) : ?> |
457 if ( is_wp_error($user) ) { |
463 if ( is_wp_error($user) ) { |
458 wp_redirect( site_url('wp-login.php?action=lostpassword&error=invalidkey') ); |
464 wp_redirect( site_url('wp-login.php?action=lostpassword&error=invalidkey') ); |
459 exit; |
465 exit; |
460 } |
466 } |
461 |
467 |
462 $errors = ''; |
468 $errors = new WP_Error(); |
463 |
469 |
464 if ( isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2'] ) { |
470 if ( isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2'] ) |
465 $errors = new WP_Error('password_reset_mismatch', __('The passwords do not match.')); |
471 $errors->add( 'password_reset_mismatch', __( 'The passwords do not match.' ) ); |
466 } elseif ( isset($_POST['pass1']) && !empty($_POST['pass1']) ) { |
472 |
|
473 do_action( 'validate_password_reset', $errors, $user ); |
|
474 |
|
475 if ( ( ! $errors->get_error_code() ) && isset( $_POST['pass1'] ) && !empty( $_POST['pass1'] ) ) { |
467 reset_password($user, $_POST['pass1']); |
476 reset_password($user, $_POST['pass1']); |
468 login_header( __( 'Password Reset' ), '<p class="message reset-pass">' . __( 'Your password has been reset.' ) . ' <a href="' . esc_url( wp_login_url() ) . '">' . __( 'Log in' ) . '</a></p>' ); |
477 login_header( __( 'Password Reset' ), '<p class="message reset-pass">' . __( 'Your password has been reset.' ) . ' <a href="' . esc_url( wp_login_url() ) . '">' . __( 'Log in' ) . '</a></p>' ); |
469 login_footer(); |
478 login_footer(); |
470 exit; |
479 exit; |
471 } |
480 } |
490 |
499 |
491 <div id="pass-strength-result" class="hide-if-no-js"><?php _e('Strength indicator'); ?></div> |
500 <div id="pass-strength-result" class="hide-if-no-js"><?php _e('Strength indicator'); ?></div> |
492 <p class="description indicator-hint"><?php _e('Hint: The password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers and symbols like ! " ? $ % ^ & ).'); ?></p> |
501 <p class="description indicator-hint"><?php _e('Hint: The password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers and symbols like ! " ? $ % ^ & ).'); ?></p> |
493 |
502 |
494 <br class="clear" /> |
503 <br class="clear" /> |
495 <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Reset Password'); ?>" tabindex="100" /></p> |
504 <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Reset Password'); ?>" /></p> |
496 </form> |
505 </form> |
497 |
506 |
498 <p id="nav"> |
507 <p id="nav"> |
499 <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log in' ); ?></a> |
508 <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log in' ); ?></a> |
500 <?php if ( get_option( 'users_can_register' ) ) : ?> |
509 <?php if ( get_option( 'users_can_register' ) ) : ?> |
507 break; |
516 break; |
508 |
517 |
509 case 'register' : |
518 case 'register' : |
510 if ( is_multisite() ) { |
519 if ( is_multisite() ) { |
511 // Multisite uses wp-signup.php |
520 // Multisite uses wp-signup.php |
512 wp_redirect( apply_filters( 'wp_signup_location', site_url('wp-signup.php') ) ); |
521 wp_redirect( apply_filters( 'wp_signup_location', network_site_url('wp-signup.php') ) ); |
513 exit; |
522 exit; |
514 } |
523 } |
515 |
524 |
516 if ( !get_option('users_can_register') ) { |
525 if ( !get_option('users_can_register') ) { |
517 wp_redirect( site_url('wp-login.php?registration=disabled') ); |
526 wp_redirect( site_url('wp-login.php?registration=disabled') ); |
536 ?> |
545 ?> |
537 |
546 |
538 <form name="registerform" id="registerform" action="<?php echo esc_url( site_url('wp-login.php?action=register', 'login_post') ); ?>" method="post"> |
547 <form name="registerform" id="registerform" action="<?php echo esc_url( site_url('wp-login.php?action=register', 'login_post') ); ?>" method="post"> |
539 <p> |
548 <p> |
540 <label for="user_login"><?php _e('Username') ?><br /> |
549 <label for="user_login"><?php _e('Username') ?><br /> |
541 <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr(stripslashes($user_login)); ?>" size="20" tabindex="10" /></label> |
550 <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr(stripslashes($user_login)); ?>" size="20" /></label> |
542 </p> |
551 </p> |
543 <p> |
552 <p> |
544 <label for="user_email"><?php _e('E-mail') ?><br /> |
553 <label for="user_email"><?php _e('E-mail') ?><br /> |
545 <input type="email" name="user_email" id="user_email" class="input" value="<?php echo esc_attr(stripslashes($user_email)); ?>" size="25" tabindex="20" /></label> |
554 <input type="text" name="user_email" id="user_email" class="input" value="<?php echo esc_attr(stripslashes($user_email)); ?>" size="25" /></label> |
546 </p> |
555 </p> |
547 <?php do_action('register_form'); ?> |
556 <?php do_action('register_form'); ?> |
548 <p id="reg_passmail"><?php _e('A password will be e-mailed to you.') ?></p> |
557 <p id="reg_passmail"><?php _e('A password will be e-mailed to you.') ?></p> |
549 <br class="clear" /> |
558 <br class="clear" /> |
550 <input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" /> |
559 <input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" /> |
551 <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Register'); ?>" tabindex="100" /></p> |
560 <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Register'); ?>" /></p> |
552 </form> |
561 </form> |
553 |
562 |
554 <p id="nav"> |
563 <p id="nav"> |
555 <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log in' ); ?></a> | |
564 <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log in' ); ?></a> | |
556 <a href="<?php echo esc_url( wp_lostpassword_url() ); ?>" title="<?php esc_attr_e( 'Password Lost and Found' ) ?>"><?php _e( 'Lost your password?' ); ?></a> |
565 <a href="<?php echo esc_url( wp_lostpassword_url() ); ?>" title="<?php esc_attr_e( 'Password Lost and Found' ) ?>"><?php _e( 'Lost your password?' ); ?></a> |
669 ?> |
678 ?> |
670 |
679 |
671 <form name="loginform" id="loginform" action="<?php echo esc_url( site_url( 'wp-login.php', 'login_post' ) ); ?>" method="post"> |
680 <form name="loginform" id="loginform" action="<?php echo esc_url( site_url( 'wp-login.php', 'login_post' ) ); ?>" method="post"> |
672 <p> |
681 <p> |
673 <label for="user_login"><?php _e('Username') ?><br /> |
682 <label for="user_login"><?php _e('Username') ?><br /> |
674 <input type="text" name="log" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" tabindex="10" /></label> |
683 <input type="text" name="log" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label> |
675 </p> |
684 </p> |
676 <p> |
685 <p> |
677 <label for="user_pass"><?php _e('Password') ?><br /> |
686 <label for="user_pass"><?php _e('Password') ?><br /> |
678 <input type="password" name="pwd" id="user_pass" class="input" value="" size="20" tabindex="20" /></label> |
687 <input type="password" name="pwd" id="user_pass" class="input" value="" size="20" /></label> |
679 </p> |
688 </p> |
680 <?php do_action('login_form'); ?> |
689 <?php do_action('login_form'); ?> |
681 <p class="forgetmenot"><label for="rememberme"><input name="rememberme" type="checkbox" id="rememberme" value="forever" tabindex="90"<?php checked( $rememberme ); ?> /> <?php esc_attr_e('Remember Me'); ?></label></p> |
690 <p class="forgetmenot"><label for="rememberme"><input name="rememberme" type="checkbox" id="rememberme" value="forever" <?php checked( $rememberme ); ?> /> <?php esc_attr_e('Remember Me'); ?></label></p> |
682 <p class="submit"> |
691 <p class="submit"> |
683 <input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Log In'); ?>" tabindex="100" /> |
692 <input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Log In'); ?>" /> |
684 <?php if ( $interim_login ) { ?> |
693 <?php if ( $interim_login ) { ?> |
685 <input type="hidden" name="interim-login" value="1" /> |
694 <input type="hidden" name="interim-login" value="1" /> |
686 <?php } else { ?> |
695 <?php } else { ?> |
687 <input type="hidden" name="redirect_to" value="<?php echo esc_attr($redirect_to); ?>" /> |
696 <input type="hidden" name="redirect_to" value="<?php echo esc_attr($redirect_to); ?>" /> |
688 <?php } ?> |
697 <?php } ?> |