2003-04-01 09:12:34 -05:00
< ? php
2008-05-25 11:50:15 -04:00
/**
2008-05-25 16:33:13 -04:00
* WordPress User Page
*
* Handles authentication , registering , resetting passwords , forgot password ,
* and other user handling .
2008-05-25 11:50:15 -04:00
*
* @ package WordPress
*/
2009-04-20 17:50:29 -04:00
/** Make sure that the WordPress bootstrap has run before continuing. */
2008-05-21 01:59:27 -04:00
require ( dirname ( __FILE__ ) . '/wp-load.php' );
2003-04-01 09:12:34 -05:00
2008-06-11 13:25:55 -04:00
// Redirect to https login if forced to use SSL
2008-06-26 12:40:04 -04:00
if ( force_ssl_admin () && ! is_ssl () ) {
2008-06-11 13:25:55 -04:00
if ( 0 === strpos ( $_SERVER [ 'REQUEST_URI' ], 'http' ) ) {
wp_redirect ( preg_replace ( '|^http://|' , 'https://' , $_SERVER [ 'REQUEST_URI' ]));
exit ();
} else {
wp_redirect ( 'https://' . $_SERVER [ 'HTTP_HOST' ] . $_SERVER [ 'REQUEST_URI' ]);
2008-08-09 01:36:14 -04:00
exit ();
2008-06-11 13:25:55 -04:00
}
}
2008-05-25 11:50:15 -04:00
/**
2008-09-22 01:15:41 -04:00
* Outputs the header for the login page .
2008-05-25 11:50:15 -04:00
*
2008-11-19 22:23:15 -05:00
* @ uses do_action () Calls the 'login_head' for outputting HTML in the Log In
2008-05-25 11:50:15 -04:00
* header .
* @ uses apply_filters () Calls 'login_headerurl' for the top login link .
* @ uses apply_filters () Calls 'login_headertitle' for the top login title .
* @ uses apply_filters () Calls 'login_message' on the message to display in the
* header .
* @ uses $error The error global , which is checked for displaying errors .
*
2008-11-19 22:23:15 -05:00
* @ param string $title Optional . WordPress Log In Page title to display in
2008-05-25 11:50:15 -04:00
* < title /> element .
* @ param string $message Optional . Message to display in header .
* @ param WP_Error $wp_error Optional . WordPress Error Object
*/
2008-11-19 22:23:15 -05:00
function login_header ( $title = 'Log In' , $message = '' , $wp_error = '' ) {
2010-01-11 16:49:40 -05:00
global $error , $is_iphone , $interim_login , $current_site ;
2006-10-04 12:47:50 -04:00
2009-06-03 17:29:02 -04:00
// Don't index any of these forms
2010-05-14 12:46:53 -04:00
add_filter ( 'pre_option_blog_public' , '__return_zero' );
2009-06-03 17:29:02 -04:00
add_action ( 'login_head' , 'noindex' );
2008-01-22 14:35:19 -05:00
if ( empty ( $wp_error ) )
$wp_error = new WP_Error ();
2010-01-23 18:07:56 -05:00
// Shake it!
$shake_error_codes = array ( 'empty_password' , 'empty_email' , 'invalid_email' , 'invalidcombo' , 'empty_username' , 'invalid_username' , 'incorrect_password' );
$shake_error_codes = apply_filters ( 'shake_error_codes' , $shake_error_codes );
2010-01-24 01:16:17 -05:00
if ( $shake_error_codes && $wp_error -> get_error_code () && in_array ( $wp_error -> get_error_code (), $shake_error_codes ) )
2010-01-23 18:07:56 -05:00
add_action ( 'login_head' , 'wp_shake_js' , 12 );
2006-10-04 12:47:50 -04:00
?>
<! DOCTYPE html PUBLIC " -//W3C//DTD XHTML 1.0 Transitional//EN " " http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd " >
2006-10-07 15:12:33 -04:00
< html xmlns = " http://www.w3.org/1999/xhtml " < ? php language_attributes (); ?> >
2006-10-04 12:47:50 -04:00
< head >
< title >< ? php bloginfo ( 'name' ); ?> › <?php echo $title; ?></title>
< meta http - equiv = " Content-Type " content = " <?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?> " />
2009-10-11 07:26:59 -04:00
< ? php
2008-05-21 20:06:41 -04:00
wp_admin_css ( 'login' , true );
wp_admin_css ( 'colors-fresh' , true );
2009-06-03 18:15:22 -04:00
2009-10-11 07:26:59 -04:00
if ( $is_iphone ) { ?>
2009-09-14 10:03:32 -04:00
< meta name = " viewport " content = " width=320; initial-scale=0.9; maximum-scale=1.0; user-scalable=0; " />
< style type = " text/css " media = " screen " >
2009-06-03 18:15:22 -04:00
form { margin - left : 0 px ; }
#login { margin-top: 20px; }
</ style >
2009-10-11 07:26:59 -04:00
< ? php
} elseif ( isset ( $interim_login ) && $interim_login ) { ?>
< style type = " text/css " media = " all " >
. login #login { margin: 20px auto; }
</ style >
< ? php
2009-06-03 18:15:22 -04:00
}
2008-07-11 16:14:44 -04:00
do_action ( 'login_head' ); ?>
2006-10-04 12:47:50 -04:00
</ head >
2006-12-03 19:53:33 -05:00
< body class = " login " >
2010-01-15 18:40:29 -05:00
< ? php if ( ! is_multisite () ) { ?>
2007-03-20 16:39:39 -04:00
< div id = " login " >< h1 >< a href = " <?php echo apply_filters('login_headerurl', 'http://wordpress.org/'); ?> " title = " <?php echo apply_filters('login_headertitle', __('Powered by WordPress')); ?> " >< ? php bloginfo ( 'name' ); ?> </a></h1>
2010-01-11 16:49:40 -05:00
< ? php } else { ?>
2010-03-29 17:45:31 -04:00
< div id = " login " >< h1 >< a href = " <?php echo apply_filters('login_headerurl', network_home_url() ); ?> " title = " <?php echo apply_filters('login_headertitle', $current_site->site_name ); ?> " >< span class = " hide " >< ? php bloginfo ( 'name' ); ?> </span></a></h1>
2010-01-11 16:49:40 -05:00
< ? php }
2009-02-23 01:46:42 -05:00
$message = apply_filters ( 'login_message' , $message );
if ( ! empty ( $message ) ) echo $message . " \n " ;
2006-10-04 12:47:50 -04:00
2008-01-22 14:35:19 -05:00
// Incase a plugin uses $error rather than the $errors object
2006-10-04 12:47:50 -04:00
if ( ! empty ( $error ) ) {
2008-01-22 14:35:19 -05:00
$wp_error -> add ( 'error' , $error );
2006-10-04 12:47:50 -04:00
unset ( $error );
}
2008-01-22 14:35:19 -05:00
if ( $wp_error -> get_error_code () ) {
2008-02-22 17:07:53 -05:00
$errors = '' ;
$messages = '' ;
foreach ( $wp_error -> get_error_codes () as $code ) {
$severity = $wp_error -> get_error_data ( $code );
foreach ( $wp_error -> get_error_messages ( $code ) as $error ) {
if ( 'message' == $severity )
$messages .= ' ' . $error . " <br /> \n " ;
else
$errors .= ' ' . $error . " <br /> \n " ;
}
}
if ( ! empty ( $errors ) )
echo '<div id="login_error">' . apply_filters ( 'login_errors' , $errors ) . " </div> \n " ;
if ( ! empty ( $messages ) )
echo '<p class="message">' . apply_filters ( 'login_messages' , $messages ) . " </p> \n " ;
2006-10-04 12:47:50 -04:00
}
} // End of login_header()
2010-10-04 11:32:54 -04:00
/**
* Outputs the footer for the login page .
*
* @ param string $input_id Which input to auto - focus
*/
function login_footer ( $input_id = '' ) {
echo " </div> \n " ;
if ( ! empty ( $input_id ) ) {
?>
< script type = " text/javascript " >
try { document . getElementById ( '<?php echo $input_id; ?>' ) . focus ();} catch ( e ){}
if ( typeof wpOnload == 'function' ) wpOnload ();
</ script >
< ? php
}
?>
< p id = " backtoblog " >< a href = " <?php bloginfo('url'); ?>/ " title = " <?php _e('Are you lost?') ?> " >< ? php printf ( __ ( '← Back to %s' ), get_bloginfo ( 'title' , 'display' )); ?> </a></p>
2010-10-27 02:57:10 -04:00
< ? php do_action ( 'login_footer' ); ?>
2010-10-04 11:32:54 -04:00
</ body >
</ html >
< ? php
}
2010-01-23 18:07:56 -05:00
function wp_shake_js () {
2010-05-22 20:26:13 -04:00
global $is_iphone ;
if ( $is_iphone )
return ;
2010-01-23 18:07:56 -05:00
?>
< script type = " text/javascript " >
2010-01-24 01:16:17 -05:00
addLoadEvent = function ( func ){ if ( typeof jQuery != " undefined " ) jQuery ( document ) . ready ( func ); else if ( typeof wpOnload != 'function' ){ wpOnload = func ;} else { var oldonload = wpOnload ; wpOnload = function (){ oldonload (); func ();}}};
function s ( id , pos ){ g ( id ) . left = pos + 'px' ;}
function g ( id ){ return document . getElementById ( id ) . style ;}
2010-05-23 07:06:44 -04:00
function shake ( id , a , d ){ c = a . shift (); s ( id , c ); if ( a . length > 0 ){ setTimeout ( function (){ shake ( id , a , d );}, d );} else { try { g ( id ) . position = 'static' ; wp_attempt_focus ();} catch ( e ){}}}
2010-01-24 01:16:17 -05:00
addLoadEvent ( function (){ var p = new Array ( 15 , 30 , 15 , 0 , - 15 , - 30 , - 15 , 0 ); p = p . concat ( p . concat ( p )); var i = document . forms [ 0 ] . id ; g ( i ) . position = 'relative' ; shake ( i , p , 20 );});
2010-01-23 18:07:56 -05:00
</ script >
< ? php
}
2008-05-25 11:50:15 -04:00
/**
2008-09-22 01:15:41 -04:00
* Handles sending password retrieval email to user .
2008-05-25 11:50:15 -04:00
*
* @ uses $wpdb WordPress Database object
*
* @ return bool | WP_Error True : when finish . WP_Error on error
*/
2008-01-22 14:35:19 -05:00
function retrieve_password () {
2010-01-11 16:49:40 -05:00
global $wpdb , $current_site ;
2008-01-22 14:35:19 -05:00
$errors = new WP_Error ();
if ( empty ( $_POST [ 'user_login' ] ) && empty ( $_POST [ 'user_email' ] ) )
$errors -> add ( 'empty_username' , __ ( '<strong>ERROR</strong>: Enter a username or e-mail address.' ));
2008-08-27 16:47:01 -04:00
if ( strpos ( $_POST [ 'user_login' ], '@' ) ) {
2008-01-22 14:35:19 -05:00
$user_data = get_user_by_email ( trim ( $_POST [ 'user_login' ]));
if ( empty ( $user_data ) )
$errors -> add ( 'invalid_email' , __ ( '<strong>ERROR</strong>: There is no user registered with that email address.' ));
} else {
$login = trim ( $_POST [ 'user_login' ]);
$user_data = get_userdatabylogin ( $login );
}
do_action ( 'lostpassword_post' );
if ( $errors -> get_error_code () )
return $errors ;
2008-02-05 01:47:27 -05:00
2008-01-22 14:35:19 -05:00
if ( ! $user_data ) {
$errors -> add ( 'invalidcombo' , __ ( '<strong>ERROR</strong>: Invalid username or e-mail.' ));
return $errors ;
}
// redefining user_login ensures we return the right case in the email
$user_login = $user_data -> user_login ;
$user_email = $user_data -> user_email ;
do_action ( 'retreive_password' , $user_login ); // Misspelled and deprecated
do_action ( 'retrieve_password' , $user_login );
2008-07-23 12:36:10 -04:00
$allow = apply_filters ( 'allow_password_reset' , true , $user_data -> ID );
2008-07-22 15:15:42 -04:00
if ( ! $allow )
return new WP_Error ( 'no_password_reset' , __ ( 'Password reset is not allowed for this user' ));
else if ( is_wp_error ( $allow ) )
return $allow ;
2008-08-09 01:36:14 -04:00
2008-04-08 13:30:14 -04:00
$key = $wpdb -> get_var ( $wpdb -> prepare ( " SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s " , $user_login ));
2008-02-25 02:34:24 -05:00
if ( empty ( $key ) ) {
// Generate something random for a key...
2008-04-25 13:12:25 -04:00
$key = wp_generate_password ( 20 , false );
2008-02-25 02:41:13 -05:00
do_action ( 'retrieve_password_key' , $user_login , $key );
2008-02-25 02:34:24 -05:00
// Now insert the new md5 key into the db
2009-03-05 23:27:51 -05:00
$wpdb -> update ( $wpdb -> users , array ( 'user_activation_key' => $key ), array ( 'user_login' => $user_login ));
2008-02-25 02:34:24 -05:00
}
2010-10-12 13:22:05 -04:00
$message = __ ( 'Someone requested that the password be reset for the following account:' ) . " \r \n \r \n " ;
2010-03-29 17:45:31 -04:00
$message .= network_site_url () . " \r \n \r \n " ;
2008-01-22 14:35:19 -05:00
$message .= sprintf ( __ ( 'Username: %s' ), $user_login ) . " \r \n \r \n " ;
2010-10-12 13:22:05 -04:00
$message .= __ ( 'If this was a mistake, just ignore this email and nothing will happen.' ) . " \r \n \r \n " ;
$message .= __ ( 'To reset your password, visit the following address:' ) . " \r \n \r \n " ;
2010-11-10 18:38:15 -05:00
$message .= '<' . network_site_url ( " wp-login.php?action=rp&key= $key &login= " . rawurlencode ( $user_login ), 'login' ) . " > \r \n " ;
2009-05-24 19:47:49 -04:00
2010-02-04 13:57:32 -05:00
if ( is_multisite () )
$blogname = $GLOBALS [ 'current_site' ] -> site_name ;
else
// The blogname option is escaped with esc_html on the way into the database in sanitize_option
// we want to reverse this for the plain text arena of emails.
$blogname = wp_specialchars_decode ( get_option ( 'blogname' ), ENT_QUOTES );
2009-12-14 17:09:54 -05:00
2010-02-04 13:57:32 -05:00
$title = sprintf ( __ ( '[%s] Password Reset' ), $blogname );
2009-05-24 19:47:49 -04:00
2009-05-12 00:55:06 -04:00
$title = apply_filters ( 'retrieve_password_title' , $title );
$message = apply_filters ( 'retrieve_password_message' , $message , $key );
2009-05-24 19:47:49 -04:00
2009-05-12 00:55:06 -04:00
if ( $message && ! wp_mail ( $user_email , $title , $message ) )
2010-02-05 23:42:14 -05:00
wp_die ( __ ( 'The e-mail could not be sent.' ) . " <br /> \n " . __ ( 'Possible reason: your host may have disabled the mail() function...' ) );
2008-01-22 14:35:19 -05:00
return true ;
}
2008-05-25 11:50:15 -04:00
/**
2010-10-04 11:32:54 -04:00
* Retrieves a user row based on password reset key and login
2008-05-25 11:50:15 -04:00
*
* @ uses $wpdb WordPress Database object
*
* @ param string $key Hash to validate sending user ' s password
2010-10-04 11:32:54 -04:00
* @ param string $login The user login
*
* @ return object | WP_Error
2008-05-25 11:50:15 -04:00
*/
2010-10-04 11:32:54 -04:00
function check_password_reset_key ( $key , $login ) {
2008-01-22 14:35:19 -05:00
global $wpdb ;
$key = preg_replace ( '/[^a-z0-9]/i' , '' , $key );
2009-08-11 01:29:36 -04:00
if ( empty ( $key ) || ! is_string ( $key ) )
2008-01-22 14:35:19 -05:00
return new WP_Error ( 'invalid_key' , __ ( 'Invalid key' ));
2009-08-11 01:48:44 -04:00
if ( empty ( $login ) || ! is_string ( $login ) )
return new WP_Error ( 'invalid_key' , __ ( 'Invalid key' ));
$user = $wpdb -> get_row ( $wpdb -> prepare ( " SELECT * FROM $wpdb->users WHERE user_activation_key = %s AND user_login = %s " , $key , $login ));
2010-10-04 11:32:54 -04:00
2008-01-22 14:35:19 -05:00
if ( empty ( $user ) )
return new WP_Error ( 'invalid_key' , __ ( 'Invalid key' ));
2010-10-21 15:55:28 -04:00
2010-10-04 11:32:54 -04:00
return $user ;
}
2008-01-22 14:35:19 -05:00
2010-10-04 11:32:54 -04:00
/**
* Handles resetting the user ' s password .
*
* @ uses $wpdb WordPress Database object
*
* @ param string $key Hash to validate sending user ' s password
*/
function reset_password ( $user , $new_pass ) {
2009-05-12 00:55:06 -04:00
do_action ( 'password_reset' , $user , $new_pass );
2008-01-22 14:35:19 -05:00
wp_set_password ( $new_pass , $user -> ID );
2008-07-29 16:21:34 -04:00
wp_password_change_notification ( $user );
2008-01-22 14:35:19 -05:00
}
2008-05-25 11:50:15 -04:00
/**
2008-09-22 01:15:41 -04:00
* Handles registering a new user .
2008-05-25 11:50:15 -04:00
*
* @ param string $user_login User ' s username for logging in
* @ param string $user_email User ' s email address to send password and add
* @ return int | WP_Error Either user ' s ID or error on failure .
*/
2010-05-03 19:46:42 -04:00
function register_new_user ( $user_login , $user_email ) {
2008-01-22 14:35:19 -05:00
$errors = new WP_Error ();
2010-05-03 19:46:42 -04:00
$sanitized_user_login = sanitize_user ( $user_login );
2008-01-22 14:35:19 -05:00
$user_email = apply_filters ( 'user_registration_email' , $user_email );
// Check the username
2010-05-03 19:46:42 -04:00
if ( $sanitized_user_login == '' ) {
$errors -> add ( 'empty_username' , __ ( '<strong>ERROR</strong>: Please enter a username.' ) );
} elseif ( ! validate_username ( $user_login ) ) {
$errors -> add ( 'invalid_username' , __ ( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ) );
$sanitized_user_login = '' ;
} elseif ( username_exists ( $sanitized_user_login ) ) {
$errors -> add ( 'username_exists' , __ ( '<strong>ERROR</strong>: This username is already registered, please choose another one.' ) );
}
2008-01-22 14:35:19 -05:00
// Check the e-mail address
2010-05-03 19:46:42 -04:00
if ( $user_email == '' ) {
$errors -> add ( 'empty_email' , __ ( '<strong>ERROR</strong>: Please type your e-mail address.' ) );
} elseif ( ! is_email ( $user_email ) ) {
$errors -> add ( 'invalid_email' , __ ( '<strong>ERROR</strong>: The email address isn’t correct.' ) );
2008-01-22 14:35:19 -05:00
$user_email = '' ;
2010-05-03 19:46:42 -04:00
} elseif ( email_exists ( $user_email ) ) {
$errors -> add ( 'email_exists' , __ ( '<strong>ERROR</strong>: This email is already registered, please choose another one.' ) );
}
2008-01-22 14:35:19 -05:00
2010-05-03 19:46:42 -04:00
do_action ( 'register_post' , $sanitized_user_login , $user_email , $errors );
2008-01-22 14:35:19 -05:00
2010-05-03 19:46:42 -04:00
$errors = apply_filters ( 'registration_errors' , $errors , $sanitized_user_login , $user_email );
2008-01-22 14:35:19 -05:00
if ( $errors -> get_error_code () )
return $errors ;
2010-11-10 18:31:54 -05:00
$user_pass = wp_generate_password ( 12 , false );
2010-05-03 19:46:42 -04:00
$user_id = wp_create_user ( $sanitized_user_login , $user_pass , $user_email );
if ( ! $user_id ) {
$errors -> add ( 'registerfail' , sprintf ( __ ( '<strong>ERROR</strong>: Couldn’t register you... please contact the <a href="mailto:%s">webmaster</a> !' ), get_option ( 'admin_email' ) ) );
2008-01-22 14:35:19 -05:00
return $errors ;
}
2010-05-03 19:46:42 -04:00
update_user_option ( $user_id , 'default_password_nag' , true , true ); //Set up the Password change nag.
2010-02-28 02:15:15 -05:00
2010-05-03 19:46:42 -04:00
wp_new_user_notification ( $user_id , $user_pass );
2008-01-22 14:35:19 -05:00
return $user_id ;
}
2008-02-05 01:47:27 -05:00
//
2008-01-22 14:35:19 -05:00
// Main
//
2009-05-12 00:55:06 -04:00
$action = isset ( $_REQUEST [ 'action' ]) ? $_REQUEST [ 'action' ] : 'login' ;
2008-01-22 14:35:19 -05:00
$errors = new WP_Error ();
if ( isset ( $_GET [ 'key' ]) )
$action = 'resetpass' ;
2009-05-12 00:55:06 -04:00
// validate action so as to default to the login screen
2009-10-11 07:26:59 -04:00
if ( ! in_array ( $action , array ( 'logout' , 'lostpassword' , 'retrievepassword' , 'resetpass' , 'rp' , 'register' , 'login' ), true ) && false === has_filter ( 'login_form_' . $action ) )
2009-05-12 00:55:06 -04:00
$action = 'login' ;
2008-01-22 14:35:19 -05:00
nocache_headers ();
header ( 'Content-Type: ' . get_bloginfo ( 'html_type' ) . '; charset=' . get_bloginfo ( 'charset' ));
if ( defined ( 'RELOCATE' ) ) { // Move flag is set
if ( isset ( $_SERVER [ 'PATH_INFO' ] ) && ( $_SERVER [ 'PATH_INFO' ] != $_SERVER [ 'PHP_SELF' ]) )
$_SERVER [ 'PHP_SELF' ] = str_replace ( $_SERVER [ 'PATH_INFO' ], '' , $_SERVER [ 'PHP_SELF' ] );
2010-02-26 01:21:47 -05:00
$schema = is_ssl () ? 'https://' : 'http://' ;
2008-01-22 14:35:19 -05:00
if ( dirname ( $schema . $_SERVER [ 'HTTP_HOST' ] . $_SERVER [ 'PHP_SELF' ]) != get_option ( 'siteurl' ) )
update_option ( 'siteurl' , dirname ( $schema . $_SERVER [ 'HTTP_HOST' ] . $_SERVER [ 'PHP_SELF' ]) );
}
//Set a cookie now to see if they are supported by the browser.
setcookie ( TEST_COOKIE , 'WP Cookie check' , 0 , COOKIEPATH , COOKIE_DOMAIN );
if ( SITECOOKIEPATH != COOKIEPATH )
setcookie ( TEST_COOKIE , 'WP Cookie check' , 0 , SITECOOKIEPATH , COOKIE_DOMAIN );
2009-05-12 00:55:06 -04:00
// allow plugins to override the default actions, and to add extra actions if they want
do_action ( 'login_form_' . $action );
2007-11-27 03:03:33 -05:00
$http_post = ( 'POST' == $_SERVER [ 'REQUEST_METHOD' ]);
2006-10-04 12:47:50 -04:00
switch ( $action ) {
case 'logout' :
2008-09-28 17:05:37 -04:00
check_admin_referer ( 'log-out' );
2008-01-22 14:35:19 -05:00
wp_logout ();
2005-11-10 20:35:15 -05:00
2010-02-27 13:21:03 -05:00
$redirect_to = ! empty ( $_REQUEST [ 'redirect_to' ] ) ? $_REQUEST [ 'redirect_to' ] : 'wp-login.php?loggedout=true' ;
wp_safe_redirect ( $redirect_to );
2003-04-01 09:12:34 -05:00
exit ();
break ;
2006-10-04 12:47:50 -04:00
case 'lostpassword' :
case 'retrievepassword' :
2010-10-12 16:29:19 -04:00
2007-11-27 03:03:33 -05:00
if ( $http_post ) {
2008-01-22 14:35:19 -05:00
$errors = retrieve_password ();
if ( ! is_wp_error ( $errors ) ) {
2010-02-27 13:21:03 -05:00
$redirect_to = ! empty ( $_REQUEST [ 'redirect_to' ] ) ? $_REQUEST [ 'redirect_to' ] : 'wp-login.php?checkemail=confirm' ;
wp_safe_redirect ( $redirect_to );
2008-01-22 14:35:19 -05:00
exit ();
2006-10-04 12:47:50 -04:00
}
2005-02-04 21:19:00 -05:00
}
2006-10-04 12:47:50 -04:00
2008-11-14 18:01:16 -05:00
if ( isset ( $_GET [ 'error' ]) && 'invalidkey' == $_GET [ 'error' ] ) $errors -> add ( 'invalidkey' , __ ( 'Sorry, that key does not appear to be valid.' ));
2010-02-27 13:21:03 -05:00
$redirect_to = apply_filters ( 'lostpassword_redirect' , ! empty ( $_REQUEST [ 'redirect_to' ] ) ? $_REQUEST [ 'redirect_to' ] : '' );
2006-10-04 12:47:50 -04:00
do_action ( 'lost_password' );
2010-10-27 02:48:01 -04:00
login_header ( __ ( 'Lost Password' ), '<p class="message">' . __ ( 'Please enter your username or email address. You will receive a link to create a new password via email.' ) . '</p>' , $errors );
2008-11-14 18:01:16 -05:00
$user_login = isset ( $_POST [ 'user_login' ]) ? stripslashes ( $_POST [ 'user_login' ]) : '' ;
2003-04-01 09:12:34 -05:00
?>
2008-06-26 12:40:04 -04:00
< form name = " lostpasswordform " id = " lostpasswordform " action = " <?php echo site_url('wp-login.php?action=lostpassword', 'login_post') ?> " method = " post " >
2006-10-04 12:47:50 -04:00
< p >
2008-01-22 14:35:19 -05:00
< label >< ? php _e ( 'Username or E-mail:' ) ?> <br />
2009-05-05 15:43:53 -04:00
< input type = " text " name = " user_login " id = " user_login " class = " input " value = " <?php echo esc_attr( $user_login ); ?> " size = " 20 " tabindex = " 10 " /></ label >
2006-10-04 12:47:50 -04:00
</ p >
< ? php do_action ( 'lostpassword_form' ); ?>
2010-02-27 13:21:03 -05:00
< input type = " hidden " name = " redirect_to " value = " <?php echo esc_attr( $redirect_to ); ?> " />
2010-10-28 20:31:27 -04:00
< p class = " submit " >< input type = " submit " name = " wp-submit " id = " wp-submit " class = " button-primary " value = " <?php esc_attr_e('Get New Password'); ?> " tabindex = " 100 " /></ p >
2003-04-01 09:12:34 -05:00
</ form >
2006-12-03 19:53:33 -05:00
2008-01-14 04:11:41 -05:00
< p id = " nav " >
2008-06-11 13:25:55 -04:00
< a href = " <?php echo site_url('wp-login.php', 'login') ?> " >< ? php _e ( 'Log in' ) ?> </a>
2010-10-04 11:32:54 -04:00
< ? php if ( get_option ( 'users_can_register' )) : ?>
| < a href = " <?php echo site_url('wp-login.php?action=register', 'login') ?> " >< ? php _e ( 'Register' ) ?> </a>
2006-10-04 12:47:50 -04:00
< ? php endif ; ?>
2008-01-14 04:11:41 -05:00
</ p >
2004-10-04 02:23:53 -04:00
< ? php
2010-10-04 11:32:54 -04:00
login_footer ( 'user_login' );
2003-04-01 09:12:34 -05:00
break ;
2005-02-04 21:19:00 -05:00
case 'resetpass' :
2006-04-20 17:44:14 -04:00
case 'rp' :
2010-10-04 11:32:54 -04:00
$user = check_password_reset_key ( $_GET [ 'key' ], $_GET [ 'login' ]);
2006-10-04 12:47:50 -04:00
2010-10-04 11:32:54 -04:00
if ( is_wp_error ( $user ) ) {
2010-10-27 06:43:43 -04:00
wp_redirect ( site_url ( 'wp-login.php?action=lostpassword&error=invalidkey' ) );
2010-10-04 11:32:54 -04:00
exit ;
2006-10-04 12:47:50 -04:00
}
2005-02-04 21:19:00 -05:00
2010-10-04 11:32:54 -04:00
$errors = '' ;
if ( isset ( $_POST [ 'pass1' ]) && $_POST [ 'pass1' ] != $_POST [ 'pass2' ] ) {
$errors = new WP_Error ( 'password_reset_mismatch' , __ ( 'The passwords do not match.' ));
} elseif ( isset ( $_POST [ 'pass1' ]) && ! empty ( $_POST [ 'pass1' ]) ) {
2010-10-06 15:02:43 -04:00
reset_password ( $user , $_POST [ 'pass1' ]);
2010-10-04 11:32:54 -04:00
login_header ( __ ( 'Password Reset' ), '<p class="message reset-pass">' . __ ( 'Your password has been reset.' ) . ' <a href="' . site_url ( 'wp-login.php' , 'login' ) . '">' . __ ( 'Log in' ) . '</a></p>' );
login_footer ();
exit ;
}
2006-10-04 12:47:50 -04:00
2010-10-27 02:57:10 -04:00
wp_enqueue_script ( 'utils' );
wp_enqueue_script ( 'user-profile' );
2010-10-12 17:37:01 -04:00
2010-10-27 02:57:10 -04:00
login_header ( __ ( 'Reset Password' ), '<p class="message reset-pass">' . __ ( 'Enter your new password below.' ) . '</p>' , $errors );
2010-10-12 16:29:19 -04:00
2010-10-04 11:32:54 -04:00
?>
< form name = " resetpassform " id = " resetpassform " action = " <?php echo site_url('wp-login.php?action=resetpass&key=' . urlencode( $_GET['key'] ) . '&login=' . urlencode( $_GET['login'] ), 'login_post') ?> " method = " post " >
2010-10-12 17:37:01 -04:00
< input type = " hidden " id = " user_login " value = " <?php echo esc_attr( $_GET['login'] ); ?> " autocomplete = " off " />
2010-10-04 11:32:54 -04:00
< p >
2010-10-12 17:37:01 -04:00
< label >< ? php _e ( 'New password' ) ?> <br />
< input type = " password " name = " pass1 " id = " pass1 " class = " input " size = " 20 " value = " " autocomplete = " off " /></ label >
2010-10-04 11:32:54 -04:00
</ p >
< p >
2010-10-12 17:37:01 -04:00
< label >< ? php _e ( 'Confirm new password' ) ?> <br />
< input type = " password " name = " pass2 " id = " pass2 " class = " input " size = " 20 " value = " " autocomplete = " off " /></ label >
2010-10-04 11:32:54 -04:00
</ p >
2010-10-12 16:29:19 -04:00
2010-10-12 17:37:01 -04:00
< div id = " pass-strength-result " class = " hide-if-no-js " >< ? php _e ( 'Strength indicator' ); ?> </div>
< p class = " description indicator-hint " >< ? php _e ( 'Hint: The password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers and symbols like ! " ? $ % ^ & ).' ); ?> </p>
2010-10-04 11:32:54 -04:00
< br class = " clear " />
2010-10-28 20:31:27 -04:00
< p class = " submit " >< input type = " submit " name = " wp-submit " id = " wp-submit " class = " button-primary " value = " <?php esc_attr_e('Reset Password'); ?> " tabindex = " 100 " /></ p >
2010-10-04 11:32:54 -04:00
</ form >
< p id = " nav " >
< a href = " <?php echo site_url('wp-login.php', 'login') ?> " >< ? php _e ( 'Log in' ) ?> </a>
< ? php if ( get_option ( 'users_can_register' )) : ?>
| < a href = " <?php echo site_url('wp-login.php?action=register', 'login') ?> " >< ? php _e ( 'Register' ) ?> </a>
< ? php endif ; ?>
</ p >
< ? php
login_footer ( 'user_pass' );
2003-04-01 09:12:34 -05:00
break ;
2006-10-04 12:47:50 -04:00
case 'register' :
2010-01-23 17:50:37 -05:00
if ( is_multisite () ) {
2010-02-27 13:21:03 -05:00
// Multisite uses wp-signup.php
2010-10-27 06:43:43 -04:00
wp_redirect ( apply_filters ( 'wp_signup_location' , site_url ( 'wp-signup.php' ) ) );
2010-01-15 18:40:29 -05:00
exit ;
}
2008-01-22 14:35:19 -05:00
if ( ! get_option ( 'users_can_register' ) ) {
2010-10-27 06:43:43 -04:00
wp_redirect ( site_url ( 'wp-login.php?registration=disabled' ) );
2006-10-04 12:47:50 -04:00
exit ();
}
2008-01-22 14:35:19 -05:00
$user_login = '' ;
$user_email = '' ;
2007-11-27 03:03:33 -05:00
if ( $http_post ) {
2008-01-22 14:35:19 -05:00
$user_login = $_POST [ 'user_login' ];
$user_email = $_POST [ 'user_email' ];
$errors = register_new_user ( $user_login , $user_email );
if ( ! is_wp_error ( $errors ) ) {
2010-02-27 13:21:03 -05:00
$redirect_to = ! empty ( $_POST [ 'redirect_to' ] ) ? $_POST [ 'redirect_to' ] : 'wp-login.php?checkemail=registered' ;
wp_safe_redirect ( $redirect_to );
2008-01-22 14:35:19 -05:00
exit ();
2006-10-04 12:47:50 -04:00
}
}
2010-02-27 13:21:03 -05:00
$redirect_to = apply_filters ( 'registration_redirect' , ! empty ( $_REQUEST [ 'redirect_to' ] ) ? $_REQUEST [ 'redirect_to' ] : '' );
2008-01-22 14:35:19 -05:00
login_header ( __ ( 'Registration Form' ), '<p class="message register">' . __ ( 'Register For This Site' ) . '</p>' , $errors );
2006-10-04 12:47:50 -04:00
?>
2008-06-28 09:51:39 -04:00
< form name = " registerform " id = " registerform " action = " <?php echo site_url('wp-login.php?action=register', 'login_post') ?> " method = " post " >
2006-10-04 12:47:50 -04:00
< p >
2008-01-14 04:11:41 -05:00
< label >< ? php _e ( 'Username' ) ?> <br />
2009-05-05 15:43:53 -04:00
< input type = " text " name = " user_login " id = " user_login " class = " input " value = " <?php echo esc_attr(stripslashes( $user_login )); ?> " size = " 20 " tabindex = " 10 " /></ label >
2006-10-04 12:47:50 -04:00
</ p >
< p >
2008-01-14 04:11:41 -05:00
< label >< ? php _e ( 'E-mail' ) ?> <br />
2009-05-05 15:43:53 -04:00
< input type = " text " name = " user_email " id = " user_email " class = " input " value = " <?php echo esc_attr(stripslashes( $user_email )); ?> " size = " 25 " tabindex = " 20 " /></ label >
2006-10-04 12:47:50 -04:00
</ p >
< ? php do_action ( 'register_form' ); ?>
< p id = " reg_passmail " >< ? php _e ( 'A password will be e-mailed to you.' ) ?> </p>
2009-04-30 19:53:26 -04:00
< br class = " clear " />
2010-02-27 13:21:03 -05:00
< input type = " hidden " name = " redirect_to " value = " <?php echo esc_attr( $redirect_to ); ?> " />
2010-10-28 20:31:27 -04:00
< p class = " submit " >< input type = " submit " name = " wp-submit " id = " wp-submit " class = " button-primary " value = " <?php esc_attr_e('Register'); ?> " tabindex = " 100 " /></ p >
2006-10-04 12:47:50 -04:00
</ form >
2008-01-14 04:11:41 -05:00
< p id = " nav " >
2008-06-11 13:25:55 -04:00
< a href = " <?php echo site_url('wp-login.php', 'login') ?> " >< ? php _e ( 'Log in' ) ?> </a> |
< a href = " <?php echo site_url('wp-login.php?action=lostpassword', 'login') ?> " title = " <?php _e('Password Lost and Found') ?> " >< ? php _e ( 'Lost your password?' ) ?> </a>
2008-01-14 04:11:41 -05:00
</ p >
2006-10-04 12:47:50 -04:00
< ? php
2010-10-04 11:32:54 -04:00
login_footer ( 'user_login' );
2006-10-04 12:47:50 -04:00
break ;
2006-11-19 02:56:05 -05:00
case 'login' :
2003-04-01 09:12:34 -05:00
default :
2008-08-21 13:40:38 -04:00
$secure_cookie = '' ;
2009-10-11 07:26:59 -04:00
$interim_login = isset ( $_REQUEST [ 'interim-login' ]);
2008-08-21 13:40:38 -04:00
// If the user wants ssl but the session is not ssl, force a secure cookie.
if ( ! empty ( $_POST [ 'log' ]) && ! force_ssl_admin () ) {
$user_name = sanitize_user ( $_POST [ 'log' ]);
if ( $user = get_userdatabylogin ( $user_name ) ) {
if ( get_user_option ( 'use_ssl' , $user -> ID ) ) {
$secure_cookie = true ;
force_ssl_admin ( true );
}
}
}
if ( isset ( $_REQUEST [ 'redirect_to' ] ) ) {
2005-09-14 16:57:21 -04:00
$redirect_to = $_REQUEST [ 'redirect_to' ];
2008-08-21 13:40:38 -04:00
// Redirect to https if user wants ssl
2008-08-25 16:40:34 -04:00
if ( $secure_cookie && false !== strpos ( $redirect_to , 'wp-admin' ) )
2008-08-21 13:40:38 -04:00
$redirect_to = preg_replace ( '|^http://|' , 'https://' , $redirect_to );
} else {
2008-06-26 12:40:04 -04:00
$redirect_to = admin_url ();
2008-08-21 13:40:38 -04:00
}
2004-11-27 17:54:23 -05:00
2010-05-11 09:44:40 -04:00
$reauth = empty ( $_REQUEST [ 'reauth' ]) ? false : true ;
2010-01-08 14:10:50 -05:00
// If the user was redirected to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure
2010-01-08 14:09:37 -05:00
// cookie and redirect back to the referring non-secure admin page. This allows logins to always be POSTed over SSL while allowing the user to choose visiting
// the admin via http or https.
2008-08-21 13:40:38 -04:00
if ( ! $secure_cookie && is_ssl () && force_ssl_login () && ! force_ssl_admin () && ( 0 !== strpos ( $redirect_to , 'https' ) ) && ( 0 === strpos ( $redirect_to , 'http' ) ) )
2008-06-11 13:25:55 -04:00
$secure_cookie = false ;
$user = wp_signon ( '' , $secure_cookie );
2008-08-26 13:57:03 -04:00
$redirect_to = apply_filters ( 'login_redirect' , $redirect_to , isset ( $_REQUEST [ 'redirect_to' ] ) ? $_REQUEST [ 'redirect_to' ] : '' , $user );
2010-05-11 09:44:40 -04:00
if ( ! is_wp_error ( $user ) && ! $reauth ) {
2009-10-11 07:26:59 -04:00
if ( $interim_login ) {
$message = '<p class="message">' . __ ( 'You have logged in successfully.' ) . '</p>' ;
login_header ( '' , $message ); ?>
< script type = " text/javascript " > setTimeout ( function (){ window . close ()}, 8000 ); </ script >
< p class = " alignright " >
< input type = " button " class = " button-primary " value = " <?php esc_attr_e('Close'); ?> " onclick = " window.close() " /></ p >
</ div ></ body ></ html >
< ? php exit ;
}
2010-10-07 15:34:18 -04:00
// If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
if ( is_multisite () && ! get_active_blog_for_user ( $user -> id ) )
$redirect_to = user_admin_url ();
elseif ( ! is_multisite () && ! $user -> has_cap ( 'read' ) )
$redirect_to = user_admin_url ();
elseif ( ! $user -> has_cap ( 'edit_posts' ) && ( empty ( $redirect_to ) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url () ) )
2008-05-27 13:46:01 -04:00
$redirect_to = admin_url ( 'profile.php' );
2008-01-22 14:35:19 -05:00
wp_safe_redirect ( $redirect_to );
exit ();
2003-06-11 02:03:41 -04:00
}
2008-02-05 01:47:27 -05:00
2008-01-22 14:35:19 -05:00
$errors = $user ;
// Clear errors if loggedout is set.
2010-05-11 09:44:40 -04:00
if ( ! empty ( $_GET [ 'loggedout' ]) || $reauth )
2008-01-22 14:35:19 -05:00
$errors = new WP_Error ();
2007-02-27 10:24:54 -05:00
2008-01-22 14:35:19 -05:00
// If cookies are disabled we can't log in even with a valid user+pass
if ( isset ( $_POST [ 'testcookie' ]) && empty ( $_COOKIE [ TEST_COOKIE ]) )
$errors -> add ( 'test_cookie' , __ ( " <strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress. " ));
2006-10-04 12:47:50 -04:00
// Some parts of this script use the main login form to display a message
2009-10-11 07:26:59 -04:00
if ( isset ( $_GET [ 'loggedout' ]) && TRUE == $_GET [ 'loggedout' ] )
$errors -> add ( 'loggedout' , __ ( 'You are now logged out.' ), 'message' );
elseif ( isset ( $_GET [ 'registration' ]) && 'disabled' == $_GET [ 'registration' ] )
$errors -> add ( 'registerdisabled' , __ ( 'User registration is currently not allowed.' ));
elseif ( isset ( $_GET [ 'checkemail' ]) && 'confirm' == $_GET [ 'checkemail' ] )
$errors -> add ( 'confirm' , __ ( 'Check your e-mail for the confirmation link.' ), 'message' );
elseif ( isset ( $_GET [ 'checkemail' ]) && 'newpass' == $_GET [ 'checkemail' ] )
$errors -> add ( 'newpass' , __ ( 'Check your e-mail for your new password.' ), 'message' );
elseif ( isset ( $_GET [ 'checkemail' ]) && 'registered' == $_GET [ 'checkemail' ] )
$errors -> add ( 'registered' , __ ( 'Registration complete. Please check your e-mail.' ), 'message' );
elseif ( $interim_login )
$errors -> add ( 'expired' , __ ( 'Your session has expired. Please log-in again.' ), 'message' );
2006-10-04 12:47:50 -04:00
2010-05-11 09:44:40 -04:00
// Clear any stale cookies.
if ( $reauth )
wp_clear_auth_cookie ();
2008-11-19 22:23:15 -05:00
login_header ( __ ( 'Log In' ), '' , $errors );
2008-07-25 02:32:53 -04:00
if ( isset ( $_POST [ 'log' ]) )
2009-05-05 15:43:53 -04:00
$user_login = ( 'incorrect_password' == $errors -> get_error_code () || 'empty_password' == $errors -> get_error_code () ) ? esc_attr ( stripslashes ( $_POST [ 'log' ])) : '' ;
2010-04-28 13:01:55 -04:00
$rememberme = ! empty ( $_POST [ 'rememberme' ] );
2003-04-01 09:12:34 -05:00
?>
2008-12-03 14:04:07 -05:00
< form name = " loginform " id = " loginform " action = " <?php echo site_url('wp-login.php', 'login_post') ?> " method = " post " >
2006-10-04 12:47:50 -04:00
< p >
2008-01-14 04:11:41 -05:00
< label >< ? php _e ( 'Username' ) ?> <br />
2009-05-05 15:43:53 -04:00
< input type = " text " name = " log " id = " user_login " class = " input " value = " <?php echo esc_attr( $user_login ); ?> " size = " 20 " tabindex = " 10 " /></ label >
2006-10-04 12:47:50 -04:00
</ p >
< p >
2008-01-14 04:11:41 -05:00
< label >< ? php _e ( 'Password' ) ?> <br />
2006-10-06 23:02:42 -04:00
< input type = " password " name = " pwd " id = " user_pass " class = " input " value = " " size = " 20 " tabindex = " 20 " /></ label >
2006-10-04 12:47:50 -04:00
</ p >
< ? php do_action ( 'login_form' ); ?>
2010-04-28 13:01:55 -04:00
< p class = " forgetmenot " >< label >< input name = " rememberme " type = " checkbox " id = " rememberme " value = " forever " tabindex = " 90 " < ? php checked ( $rememberme ); ?> /> <?php esc_attr_e('Remember Me'); ?></label></p>
2006-10-04 12:47:50 -04:00
< p class = " submit " >
2010-10-28 20:31:27 -04:00
< input type = " submit " name = " wp-submit " id = " wp-submit " class = " button-primary " value = " <?php esc_attr_e('Log In'); ?> " tabindex = " 100 " />
2009-10-11 07:26:59 -04:00
< ? php if ( $interim_login ) { ?>
< input type = " hidden " name = " interim-login " value = " 1 " />
< ? php } else { ?>
2009-05-05 15:43:53 -04:00
< input type = " hidden " name = " redirect_to " value = " <?php echo esc_attr( $redirect_to ); ?> " />
2009-10-11 07:26:59 -04:00
< ? php } ?>
2008-01-22 14:35:19 -05:00
< input type = " hidden " name = " testcookie " value = " 1 " />
2006-10-04 12:47:50 -04:00
</ p >
2003-04-01 09:12:34 -05:00
</ form >
2006-12-03 19:53:33 -05:00
2009-10-11 07:26:59 -04:00
< ? php if ( ! $interim_login ) { ?>
2008-01-14 04:11:41 -05:00
< p id = " nav " >
2008-02-02 13:42:09 -05:00
< ? php if ( isset ( $_GET [ 'checkemail' ]) && in_array ( $_GET [ 'checkemail' ], array ( 'confirm' , 'newpass' ) ) ) : ?>
2010-02-05 23:42:14 -05:00
< ? php elseif ( get_option ( 'users_can_register' ) ) : ?>
2008-06-11 13:25:55 -04:00
< a href = " <?php echo site_url('wp-login.php?action=register', 'login') ?> " >< ? php _e ( 'Register' ) ?> </a> |
< a href = " <?php echo site_url('wp-login.php?action=lostpassword', 'login') ?> " title = " <?php _e('Password Lost and Found') ?> " >< ? php _e ( 'Lost your password?' ) ?> </a>
2006-10-04 12:47:50 -04:00
< ? php else : ?>
2008-06-11 13:25:55 -04:00
< a href = " <?php echo site_url('wp-login.php?action=lostpassword', 'login') ?> " title = " <?php _e('Password Lost and Found') ?> " >< ? php _e ( 'Lost your password?' ) ?> </a>
2006-10-04 12:47:50 -04:00
< ? php endif ; ?>
2008-01-14 04:11:41 -05:00
</ p >
2010-06-01 11:54:00 -04:00
</ div >
2008-11-19 19:56:20 -05:00
< p id = " backtoblog " >< a href = " <?php bloginfo('url'); ?>/ " title = " <?php _e('Are you lost?') ?> " >< ? php printf ( __ ( '← Back to %s' ), get_bloginfo ( 'title' , 'display' )); ?> </a></p>
2010-06-01 11:54:00 -04:00
< ? php } else { ?>
2009-10-11 07:26:59 -04:00
</ div >
2010-06-01 11:54:00 -04:00
< ? php } ?>
2003-04-01 09:12:34 -05:00
2008-07-11 16:14:44 -04:00
< script type = " text/javascript " >
2010-01-23 18:07:56 -05:00
function wp_attempt_focus (){
2008-07-25 02:32:53 -04:00
setTimeout ( function (){ try {
2010-01-23 18:07:56 -05:00
< ? php if ( $user_login || $interim_login ) { ?>
2008-07-25 02:32:53 -04:00
d = document . getElementById ( 'user_pass' );
2010-01-23 18:07:56 -05:00
< ? php } else { ?>
2010-01-26 17:49:05 -05:00
d = document . getElementById ( 'user_login' );
2010-01-23 18:07:56 -05:00
< ? php } ?>
2008-07-25 02:32:53 -04:00
d . value = '' ;
d . focus ();
} catch ( e ){}
}, 200 );
2010-01-23 18:07:56 -05:00
}
< ? php if ( ! $error ) { ?>
wp_attempt_focus ();
2008-07-25 02:32:53 -04:00
< ? php } ?>
2010-01-24 01:16:17 -05:00
if ( typeof wpOnload == 'function' ) wpOnload ();
2008-07-11 16:14:44 -04:00
</ script >
2003-04-01 09:12:34 -05:00
</ body >
</ html >
2003-06-11 02:03:41 -04:00
< ? php
2003-04-01 09:12:34 -05:00
break ;
2003-06-11 02:03:41 -04:00
} // end action switch
2009-06-03 18:15:22 -04:00
?>