2005-04-19 23:37:23 -04:00
< ? php
2008-01-11 15:51:39 -05:00
/**
2008-06-22 16:23:23 -04:00
* These functions can be replaced via plugins . If plugins do not redefine these
* functions , then these will be used instead .
2008-01-11 15:51:39 -05:00
*
* @ package WordPress
*/
2005-04-19 23:37:23 -04:00
2006-02-22 14:08:55 -05:00
if ( ! function_exists ( 'wp_set_current_user' ) ) :
2008-01-20 01:53:42 -05:00
/**
2008-06-22 16:23:23 -04:00
* Changes the current user by ID or name .
2008-01-20 01:53:42 -05:00
*
2008-06-22 16:23:23 -04:00
* Set $id to null and specify a name if you do not know a user ' s ID .
2008-01-20 01:53:42 -05:00
*
2008-06-22 16:23:23 -04:00
* Some WordPress functionality is based on the current user and not based on
* the signed in user . Therefore , it opens the ability to edit and perform
* actions on users who aren ' t signed in .
2008-01-20 01:53:42 -05:00
*
2009-01-30 13:08:28 -05:00
* @ since 2.0 . 3
2008-01-20 01:53:42 -05:00
* @ global object $current_user The current user object which holds the user data .
*
* @ param int $id User ID
* @ param string $name User ' s username
* @ return WP_User Current user User object
*/
2006-02-22 14:08:55 -05:00
function wp_set_current_user ( $id , $name = '' ) {
global $current_user ;
2006-01-13 14:19:09 -05:00
2012-04-09 18:01:07 -04:00
if ( isset ( $current_user ) && ( $current_user instanceof WP_User ) && ( $id == $current_user -> ID ) )
2006-02-22 14:08:55 -05:00
return $current_user ;
2006-01-13 14:19:09 -05:00
2012-04-09 18:01:07 -04:00
$current_user = new WP_User ( $id , $name );
2006-01-13 14:19:09 -05:00
2012-04-09 18:01:07 -04:00
setup_userdata ( $current_user -> ID );
2006-01-13 14:19:09 -05:00
2014-03-28 17:21:15 -04:00
/**
* Fires after the current user is set .
*
* @ since 2.0 . 1
*/
do_action ( 'set_current_user' );
2006-01-13 14:19:09 -05:00
return $current_user ;
}
endif ;
2006-05-31 02:27:10 -04:00
if ( ! function_exists ( 'wp_get_current_user' ) ) :
2008-01-20 01:53:42 -05:00
/**
2008-06-22 16:23:23 -04:00
* Retrieve the current user object .
2008-01-20 01:53:42 -05:00
*
2009-01-30 13:08:28 -05:00
* @ since 2.0 . 3
2008-01-20 01:53:42 -05:00
*
* @ return WP_User Current user WP_User object
*/
2006-02-22 14:08:55 -05:00
function wp_get_current_user () {
global $current_user ;
get_currentuserinfo ();
return $current_user ;
}
endif ;
2005-04-19 23:37:23 -04:00
if ( ! function_exists ( 'get_currentuserinfo' ) ) :
2008-01-11 15:51:39 -05:00
/**
2008-06-22 16:23:23 -04:00
* Populate global variables with information about the currently logged in user .
2008-01-11 15:51:39 -05:00
*
2008-06-22 16:23:23 -04:00
* Will set the current user , if the current user is not set . The current user
2014-04-07 17:18:15 -04:00
* will be set to the logged - in person . If no user is logged - in , then it will
2008-06-22 16:23:23 -04:00
* set the current user to 0 , which is invalid and won ' t have any permissions .
2008-01-11 15:51:39 -05:00
*
* @ since 0.71
2014-04-07 17:18:15 -04:00
*
2008-01-20 01:53:42 -05:00
* @ uses $current_user Checks if the current user is set
2008-01-11 15:51:39 -05:00
*
2014-11-30 17:19:25 -05:00
* @ return null | false False on XML - RPC Request and invalid auth cookie . Null when current user set .
2008-01-11 15:51:39 -05:00
*/
2005-04-19 23:37:23 -04:00
function get_currentuserinfo () {
2006-02-22 14:08:55 -05:00
global $current_user ;
2005-06-12 20:05:41 -04:00
2012-04-09 18:01:07 -04:00
if ( ! empty ( $current_user ) ) {
if ( $current_user instanceof WP_User )
return ;
// Upgrade stdClass to WP_User
if ( is_object ( $current_user ) && isset ( $current_user -> ID ) ) {
$cur_id = $current_user -> ID ;
$current_user = null ;
wp_set_current_user ( $cur_id );
return ;
}
// $current_user has a junk value. Force to WP_User with ID 0.
$current_user = null ;
wp_set_current_user ( 0 );
return false ;
}
2006-02-22 14:08:55 -05:00
2012-04-10 12:19:53 -04:00
if ( defined ( 'XMLRPC_REQUEST' ) && XMLRPC_REQUEST ) {
wp_set_current_user ( 0 );
return false ;
}
2014-03-09 11:23:15 -04:00
/**
2014-04-07 17:18:15 -04:00
* Filter the current user .
2014-03-09 11:23:15 -04:00
*
* The default filters use this to determine the current user from the
* request ' s cookies , if available .
*
2014-04-07 17:18:15 -04:00
* Returning a value of false will effectively short - circuit setting
* the current user .
*
2014-03-09 11:23:15 -04:00
* @ since 3.9 . 0
*
2014-04-07 17:18:15 -04:00
* @ param int | bool $user_id User ID if one has been determined , false otherwise .
2014-03-09 11:23:15 -04:00
*/
$user_id = apply_filters ( 'determine_current_user' , false );
if ( ! $user_id ) {
wp_set_current_user ( 0 );
return false ;
2005-12-12 22:46:40 -05:00
}
2006-02-22 14:08:55 -05:00
2014-03-09 11:23:15 -04:00
wp_set_current_user ( $user_id );
2005-04-19 23:37:23 -04:00
}
endif ;
if ( ! function_exists ( 'get_userdata' ) ) :
2008-01-11 15:51:39 -05:00
/**
2008-06-22 16:23:23 -04:00
* Retrieve user info by user ID .
2008-01-11 15:51:39 -05:00
*
* @ since 0.71
*
2008-01-20 01:53:42 -05:00
* @ param int $user_id User ID
2013-09-01 23:25:09 -04:00
* @ return WP_User | bool WP_User object on success , false on failure .
2008-01-11 15:51:39 -05:00
*/
2005-06-12 16:49:13 -04:00
function get_userdata ( $user_id ) {
2011-08-24 15:32:59 -04:00
return get_user_by ( 'id' , $user_id );
}
endif ;
2006-02-12 02:53:23 -05:00
2011-08-24 15:32:59 -04:00
if ( ! function_exists ( 'get_user_by' ) ) :
/**
* Retrieve user info by a given field
*
* @ since 2.8 . 0
*
2011-12-13 18:45:31 -05:00
* @ param string $field The field to retrieve the user with . id | slug | email | login
* @ param int | string $value A value for $field . A user ID , slug , email address , or login name .
2013-09-01 23:25:09 -04:00
* @ return WP_User | bool WP_User object on success , false on failure .
2011-08-24 15:32:59 -04:00
*/
function get_user_by ( $field , $value ) {
$userdata = WP_User :: get_data_by ( $field , $value );
2005-06-12 16:49:13 -04:00
2011-08-24 15:32:59 -04:00
if ( ! $userdata )
2005-11-07 16:56:03 -05:00
return false ;
2007-11-27 17:14:53 -05:00
2011-08-24 15:32:59 -04:00
$user = new WP_User ;
$user -> init ( $userdata );
2005-06-12 16:49:13 -04:00
2005-11-07 16:56:03 -05:00
return $user ;
2005-04-19 23:37:23 -04:00
}
endif ;
2010-03-03 14:08:30 -05:00
if ( ! function_exists ( 'cache_users' ) ) :
/**
* Retrieve info for user lists to prevent multiple queries by get_userdata ()
*
* @ since 3.0 . 0
*
2011-08-24 15:32:59 -04:00
* @ param array $user_ids User ID numbers list
2010-03-03 14:08:30 -05:00
*/
2011-08-24 15:32:59 -04:00
function cache_users ( $user_ids ) {
2010-03-03 14:08:30 -05:00
global $wpdb ;
2012-02-14 10:09:35 -05:00
$clean = _get_non_cached_ids ( $user_ids , 'users' );
2010-03-03 14:08:30 -05:00
2011-08-24 15:32:59 -04:00
if ( empty ( $clean ) )
2010-03-03 14:08:30 -05:00
return ;
2011-08-24 15:32:59 -04:00
$list = implode ( ',' , $clean );
2010-03-03 14:08:30 -05:00
2011-08-24 15:32:59 -04:00
$users = $wpdb -> get_results ( " SELECT * FROM $wpdb->users WHERE ID IN ( $list ) " );
2010-03-17 12:27:25 -04:00
2011-08-24 15:32:59 -04:00
$ids = array ();
foreach ( $users as $user ) {
update_user_caches ( $user );
$ids [] = $user -> ID ;
2009-04-17 17:25:11 -04:00
}
2011-08-24 15:32:59 -04:00
update_meta_cache ( 'user' , $ids );
2007-11-27 17:14:53 -05:00
}
2009-04-21 16:27:22 -04:00
endif ;
2009-04-17 17:25:11 -04:00
2007-06-01 23:18:24 -04:00
if ( ! function_exists ( 'wp_mail' ) ) :
2008-01-11 15:51:39 -05:00
/**
2008-06-22 16:23:23 -04:00
* Send mail , similar to PHP ' s mail
2008-01-11 15:51:39 -05:00
*
2008-06-22 16:23:23 -04:00
* A true return value does not automatically mean that the user received the
* email successfully . It just only means that the method used was able to
* process the request without any errors .
2008-01-11 15:51:39 -05:00
*
2008-06-22 16:23:23 -04:00
* Using the two 'wp_mail_from' and 'wp_mail_from_name' hooks allow from
* creating a from address like 'Name <email@address.com>' when both are set . If
* just 'wp_mail_from' is set , then just the email address will be used with no
* name .
2008-01-20 01:53:42 -05:00
*
2008-06-22 16:23:23 -04:00
* The default content type is 'text/plain' which does not allow using HTML .
* However , you can set the content type of the email by using the
* 'wp_mail_content_type' filter .
2008-01-20 01:53:42 -05:00
*
2008-06-22 16:23:23 -04:00
* The default charset is based on the charset used on the blog . The charset can
* be set using the 'wp_mail_charset' filter .
2008-01-11 15:51:39 -05:00
*
2008-01-20 01:53:42 -05:00
* @ since 1.2 . 1
2014-03-28 17:21:15 -04:00
*
2008-01-20 01:53:42 -05:00
* @ uses PHPMailer
*
2010-02-27 11:10:45 -05:00
* @ param string | array $to Array or comma - separated list of email addresses to send message .
2008-01-20 01:53:42 -05:00
* @ param string $subject Email subject
* @ param string $message Message contents
* @ param string | array $headers Optional . Additional headers .
2008-10-16 16:57:49 -04:00
* @ param string | array $attachments Optional . Files to attach .
2008-01-20 01:53:42 -05:00
* @ return bool Whether the email contents were sent successfully .
2008-01-11 15:51:39 -05:00
*/
2008-10-16 16:57:49 -04:00
function wp_mail ( $to , $subject , $message , $headers = '' , $attachments = array () ) {
2007-09-11 16:49:28 -04:00
// Compact the input, apply the filters, and extract them back out
2014-03-28 17:21:15 -04:00
/**
* Filter the wp_mail () arguments .
*
* @ since 2.2 . 0
*
* @ param array $args A compacted array of wp_mail () arguments , including the " to " email ,
* subject , message , headers , and attachments values .
*/
2014-05-15 02:17:15 -04:00
$atts = apply_filters ( 'wp_mail' , compact ( 'to' , 'subject' , 'message' , 'headers' , 'attachments' ) );
2008-10-16 16:57:49 -04:00
2014-05-15 02:17:15 -04:00
if ( isset ( $atts [ 'to' ] ) ) {
$to = $atts [ 'to' ];
}
if ( isset ( $atts [ 'subject' ] ) ) {
$subject = $atts [ 'subject' ];
}
if ( isset ( $atts [ 'message' ] ) ) {
$message = $atts [ 'message' ];
}
2007-09-11 16:49:28 -04:00
2014-05-15 02:17:15 -04:00
if ( isset ( $atts [ 'headers' ] ) ) {
$headers = $atts [ 'headers' ];
}
if ( isset ( $atts [ 'attachments' ] ) ) {
$attachments = $atts [ 'attachments' ];
}
if ( ! is_array ( $attachments ) ) {
$attachments = explode ( " \n " , str_replace ( " \r \n " , " \n " , $attachments ) );
}
2007-02-25 15:23:25 -05:00
global $phpmailer ;
2007-06-13 22:25:30 -04:00
2007-06-01 23:18:24 -04:00
// (Re)create it, if it's gone missing
2015-01-15 20:06:24 -05:00
if ( ! ( $phpmailer instanceof PHPMailer ) ) {
2007-06-01 23:18:24 -04:00
require_once ABSPATH . WPINC . '/class-phpmailer.php' ;
require_once ABSPATH . WPINC . '/class-smtp.php' ;
2011-04-28 14:16:01 -04:00
$phpmailer = new PHPMailer ( true );
2007-02-25 15:23:25 -05:00
}
2007-06-13 22:25:30 -04:00
2007-06-26 15:11:23 -04:00
// Headers
2007-06-01 23:18:24 -04:00
if ( empty ( $headers ) ) {
2007-06-26 15:11:23 -04:00
$headers = array ();
2009-04-16 20:06:18 -04:00
} else {
if ( ! is_array ( $headers ) ) {
// Explode the headers out, so this function can take both
// string headers and an array of headers.
2010-02-27 11:10:45 -05:00
$tempheaders = explode ( " \n " , str_replace ( " \r \n " , " \n " , $headers ) );
2009-04-16 20:06:18 -04:00
} else {
$tempheaders = $headers ;
}
2007-06-01 23:18:24 -04:00
$headers = array ();
2011-05-23 07:14:05 -04:00
$cc = array ();
$bcc = array ();
2007-06-13 22:25:30 -04:00
2007-06-01 23:18:24 -04:00
// If it's actually got contents
if ( ! empty ( $tempheaders ) ) {
// Iterate through the raw headers
2008-08-06 16:31:54 -04:00
foreach ( ( array ) $tempheaders as $header ) {
2009-04-30 03:25:47 -04:00
if ( strpos ( $header , ':' ) === false ) {
if ( false !== stripos ( $header , 'boundary=' ) ) {
$parts = preg_split ( '/boundary=/i' , trim ( $header ) );
$boundary = trim ( str_replace ( array ( " ' " , '"' ), '' , $parts [ 1 ] ) );
}
2007-06-26 16:18:56 -04:00
continue ;
2009-04-30 03:25:47 -04:00
}
2007-06-01 23:18:24 -04:00
// Explode them out
list ( $name , $content ) = explode ( ':' , trim ( $header ), 2 );
2007-06-13 22:25:30 -04:00
2007-06-01 23:18:24 -04:00
// Cleanup crew
2010-02-27 11:10:45 -05:00
$name = trim ( $name );
2007-06-01 23:18:24 -04:00
$content = trim ( $content );
2007-06-13 22:25:30 -04:00
2010-02-27 11:10:45 -05:00
switch ( strtolower ( $name ) ) {
// Mainly for legacy -- process a From: header if it's there
case 'from' :
2015-04-07 16:10:26 -04:00
$bracket_pos = strpos ( $content , '<' );
if ( $bracket_pos !== false ) {
// Text before the bracketed email is the "From" name.
if ( $bracket_pos > 0 ) {
$from_name = substr ( $content , 0 , $bracket_pos - 1 );
$from_name = str_replace ( '"' , '' , $from_name );
$from_name = trim ( $from_name );
}
2010-02-27 11:10:45 -05:00
2015-04-07 16:10:26 -04:00
$from_email = substr ( $content , $bracket_pos + 1 );
2010-02-27 11:10:45 -05:00
$from_email = str_replace ( '>' , '' , $from_email );
$from_email = trim ( $from_email );
2015-04-07 16:10:26 -04:00
// Avoid setting an empty $from_email.
} elseif ( '' !== trim ( $content ) ) {
2010-02-27 11:10:45 -05:00
$from_email = trim ( $content );
2009-04-30 03:25:47 -04:00
}
2010-02-27 11:10:45 -05:00
break ;
case 'content-type' :
if ( strpos ( $content , ';' ) !== false ) {
2015-04-07 16:10:26 -04:00
list ( $type , $charset_content ) = explode ( ';' , $content );
2010-02-27 11:10:45 -05:00
$content_type = trim ( $type );
2015-04-07 16:10:26 -04:00
if ( false !== stripos ( $charset_content , 'charset=' ) ) {
$charset = trim ( str_replace ( array ( 'charset=' , '"' ), '' , $charset_content ) );
} elseif ( false !== stripos ( $charset_content , 'boundary=' ) ) {
$boundary = trim ( str_replace ( array ( 'BOUNDARY=' , 'boundary=' , '"' ), '' , $charset_content ) );
2010-02-27 11:10:45 -05:00
$charset = '' ;
}
2015-04-07 16:10:26 -04:00
// Avoid setting an empty $content_type.
} elseif ( '' !== trim ( $content ) ) {
2010-02-27 11:10:45 -05:00
$content_type = trim ( $content );
}
break ;
case 'cc' :
$cc = array_merge ( ( array ) $cc , explode ( ',' , $content ) );
break ;
case 'bcc' :
$bcc = array_merge ( ( array ) $bcc , explode ( ',' , $content ) );
break ;
default :
// Add it to our grand headers array
$headers [ trim ( $name )] = trim ( $content );
break ;
2007-06-01 23:18:24 -04:00
}
}
}
2005-04-19 23:37:23 -04:00
}
2007-06-13 22:25:30 -04:00
2007-06-01 23:18:24 -04:00
// Empty out the values that may be set
2007-02-25 15:23:25 -05:00
$phpmailer -> ClearAllRecipients ();
2007-06-01 23:18:24 -04:00
$phpmailer -> ClearAttachments ();
2007-02-25 15:23:25 -05:00
$phpmailer -> ClearCustomHeaders ();
2007-06-01 23:18:24 -04:00
$phpmailer -> ClearReplyTos ();
2007-06-13 22:25:30 -04:00
2007-06-01 23:18:24 -04:00
// From email and name
// If we don't have a name from the input headers
2010-02-27 11:10:45 -05:00
if ( ! isset ( $from_name ) )
2007-06-01 23:18:24 -04:00
$from_name = 'WordPress' ;
2007-06-13 22:25:30 -04:00
2009-02-15 08:31:43 -05:00
/* If we don ' t have an email from the input headers default to wordpress @ $sitename
* Some hosts will block outgoing mail from this address if it doesn ' t exist but
2009-03-17 22:43:45 -04:00
* there ' s no easy alternative . Defaulting to admin_email might appear to be another
2009-02-15 08:31:43 -05:00
* option but some hosts may refuse to relay mail from an unknown domain . See
2014-09-29 09:37:16 -04:00
* https :// core . trac . wordpress . org / ticket / 5007.
2009-02-15 08:31:43 -05:00
*/
2009-03-17 22:43:45 -04:00
2007-06-01 23:18:24 -04:00
if ( ! isset ( $from_email ) ) {
// Get the site domain and get rid of www.
$sitename = strtolower ( $_SERVER [ 'SERVER_NAME' ] );
if ( substr ( $sitename , 0 , 4 ) == 'www.' ) {
$sitename = substr ( $sitename , 4 );
}
2007-06-13 22:25:30 -04:00
2007-06-01 23:18:24 -04:00
$from_email = 'wordpress@' . $sitename ;
}
2007-06-13 22:25:30 -04:00
2014-03-28 17:21:15 -04:00
/**
* Filter the email address to send from .
*
* @ since 2.2 . 0
*
* @ param string $from_email Email address to send from .
*/
$phpmailer -> From = apply_filters ( 'wp_mail_from' , $from_email );
/**
* Filter the name to associate with the " from " email address .
*
* @ since 2.3 . 0
*
* @ param string $from_name Name associated with the " from " email address .
*/
$phpmailer -> FromName = apply_filters ( 'wp_mail_from_name' , $from_name );
2010-02-27 11:10:45 -05:00
// Set destination addresses
if ( ! is_array ( $to ) )
$to = explode ( ',' , $to );
2007-06-13 22:25:30 -04:00
2010-02-27 11:10:45 -05:00
foreach ( ( array ) $to as $recipient ) {
2011-04-28 14:16:01 -04:00
try {
2011-05-23 07:14:05 -04:00
// Break $recipient into name and address parts if in the format "Foo <bar@baz.com>"
$recipient_name = '' ;
2011-09-19 10:30:50 -04:00
if ( preg_match ( '/(.*)<(.+)>/' , $recipient , $matches ) ) {
2011-05-23 07:14:05 -04:00
if ( count ( $matches ) == 3 ) {
$recipient_name = $matches [ 1 ];
$recipient = $matches [ 2 ];
}
}
2011-09-19 10:30:50 -04:00
$phpmailer -> AddAddress ( $recipient , $recipient_name );
2011-04-28 14:16:01 -04:00
} catch ( phpmailerException $e ) {
continue ;
}
2010-02-27 11:10:45 -05:00
}
2007-06-13 22:25:30 -04:00
2007-06-01 23:18:24 -04:00
// Set mail's subject and body
2007-02-25 15:23:25 -05:00
$phpmailer -> Subject = $subject ;
2010-02-27 11:10:45 -05:00
$phpmailer -> Body = $message ;
2007-06-13 22:25:30 -04:00
2008-06-16 16:02:10 -04:00
// Add any CC and BCC recipients
2010-02-27 11:10:45 -05:00
if ( ! empty ( $cc ) ) {
2008-08-06 16:31:54 -04:00
foreach ( ( array ) $cc as $recipient ) {
2011-04-28 14:16:01 -04:00
try {
2011-05-23 07:14:05 -04:00
// Break $recipient into name and address parts if in the format "Foo <bar@baz.com>"
$recipient_name = '' ;
2011-09-19 10:30:50 -04:00
if ( preg_match ( '/(.*)<(.+)>/' , $recipient , $matches ) ) {
2011-05-23 07:14:05 -04:00
if ( count ( $matches ) == 3 ) {
$recipient_name = $matches [ 1 ];
$recipient = $matches [ 2 ];
}
}
2011-09-19 10:30:50 -04:00
$phpmailer -> AddCc ( $recipient , $recipient_name );
2011-04-28 14:16:01 -04:00
} catch ( phpmailerException $e ) {
continue ;
}
2008-06-16 16:02:10 -04:00
}
}
2010-02-27 11:10:45 -05:00
if ( ! empty ( $bcc ) ) {
2008-08-06 16:31:54 -04:00
foreach ( ( array ) $bcc as $recipient ) {
2011-04-28 14:16:01 -04:00
try {
2011-05-23 07:14:05 -04:00
// Break $recipient into name and address parts if in the format "Foo <bar@baz.com>"
$recipient_name = '' ;
2011-09-19 10:30:50 -04:00
if ( preg_match ( '/(.*)<(.+)>/' , $recipient , $matches ) ) {
2011-05-23 07:14:05 -04:00
if ( count ( $matches ) == 3 ) {
$recipient_name = $matches [ 1 ];
$recipient = $matches [ 2 ];
}
}
2011-09-19 10:30:50 -04:00
$phpmailer -> AddBcc ( $recipient , $recipient_name );
2011-04-28 14:16:01 -04:00
} catch ( phpmailerException $e ) {
continue ;
}
2008-06-16 16:02:10 -04:00
}
}
2007-06-01 23:18:24 -04:00
// Set to use PHP's mail()
$phpmailer -> IsMail ();
2007-06-13 22:25:30 -04:00
2007-06-01 23:18:24 -04:00
// Set Content-Type and charset
// If we don't have a content-type from the input headers
2010-02-27 11:10:45 -05:00
if ( ! isset ( $content_type ) )
2007-06-01 23:18:24 -04:00
$content_type = 'text/plain' ;
2007-06-13 22:25:30 -04:00
2014-03-28 17:21:15 -04:00
/**
* Filter the wp_mail () content type .
*
* @ since 2.3 . 0
*
* @ param string $content_type Default wp_mail () content type .
*/
2007-06-26 16:18:56 -04:00
$content_type = apply_filters ( 'wp_mail_content_type' , $content_type );
2009-04-30 03:25:47 -04:00
$phpmailer -> ContentType = $content_type ;
2010-02-24 15:13:23 -05:00
// Set whether it's plaintext, depending on $content_type
2010-02-27 11:10:45 -05:00
if ( 'text/html' == $content_type )
2007-06-01 23:18:24 -04:00
$phpmailer -> IsHTML ( true );
2007-06-13 22:25:30 -04:00
2007-06-01 23:18:24 -04:00
// If we don't have a charset from the input headers
2010-02-27 11:10:45 -05:00
if ( ! isset ( $charset ) )
2007-06-01 23:18:24 -04:00
$charset = get_bloginfo ( 'charset' );
2007-06-13 22:25:30 -04:00
2007-06-01 23:18:24 -04:00
// Set the content-type and charset
2014-03-28 17:21:15 -04:00
/**
* Filter the default wp_mail () charset .
*
* @ since 2.3 . 0
*
* @ param string $charset Default email charset .
*/
2007-06-01 23:18:24 -04:00
$phpmailer -> CharSet = apply_filters ( 'wp_mail_charset' , $charset );
2007-06-13 22:25:30 -04:00
2007-06-01 23:18:24 -04:00
// Set custom headers
if ( ! empty ( $headers ) ) {
2008-08-06 16:31:54 -04:00
foreach ( ( array ) $headers as $name => $content ) {
2007-06-01 23:18:24 -04:00
$phpmailer -> AddCustomHeader ( sprintf ( '%1$s: %2$s' , $name , $content ) );
2007-02-25 15:23:25 -05:00
}
2010-02-27 11:10:45 -05:00
if ( false !== stripos ( $content_type , 'multipart' ) && ! empty ( $boundary ) )
2009-04-30 03:25:47 -04:00
$phpmailer -> AddCustomHeader ( sprintf ( " Content-Type: %s; \n \t boundary= \" %s \" " , $content_type , $boundary ) );
2007-02-25 15:23:25 -05:00
}
2007-06-13 22:25:30 -04:00
2008-10-16 16:57:49 -04:00
if ( ! empty ( $attachments ) ) {
foreach ( $attachments as $attachment ) {
2011-04-28 14:16:01 -04:00
try {
$phpmailer -> AddAttachment ( $attachment );
} catch ( phpmailerException $e ) {
continue ;
}
2008-10-16 16:57:49 -04:00
}
}
2014-03-28 17:21:15 -04:00
/**
* Fires after PHPMailer is initialized .
*
* @ since 2.2 . 0
*
* @ param PHPMailer & $phpmailer The PHPMailer instance , passed by reference .
*/
2007-06-01 23:18:24 -04:00
do_action_ref_array ( 'phpmailer_init' , array ( & $phpmailer ) );
2007-06-13 22:25:30 -04:00
2007-06-01 23:18:24 -04:00
// Send!
2011-04-28 14:16:01 -04:00
try {
2013-06-29 19:03:13 -04:00
return $phpmailer -> Send ();
2011-04-28 14:16:01 -04:00
} catch ( phpmailerException $e ) {
return false ;
}
2005-04-19 23:37:23 -04:00
}
endif ;
2008-10-18 16:46:30 -04:00
if ( ! function_exists ( 'wp_authenticate' ) ) :
2008-01-11 15:51:39 -05:00
/**
2008-06-22 16:23:23 -04:00
* Checks a user ' s login information and logs them in if it checks out .
*
2008-10-18 16:46:30 -04:00
* @ since 2.5 . 0
2008-01-11 15:51:39 -05:00
*
2008-01-20 01:53:42 -05:00
* @ param string $username User ' s username
* @ param string $password User ' s password
2013-09-01 23:25:09 -04:00
* @ return WP_User | WP_Error WP_User object if login successful , otherwise WP_Error object .
2008-01-11 15:51:39 -05:00
*/
2008-01-22 14:35:19 -05:00
function wp_authenticate ( $username , $password ) {
2007-06-12 14:11:06 -04:00
$username = sanitize_user ( $username );
2009-01-24 17:38:19 -05:00
$password = trim ( $password );
2007-06-12 14:11:06 -04:00
2014-03-28 17:21:15 -04:00
/**
* Filter the user to authenticate .
*
* If a non - null value is passed , the filter will effectively short - circuit
* authentication , returning an error instead .
*
* @ since 2.8 . 0
*
* @ param null | WP_User $user User to authenticate .
* @ param string $username User login .
* @ param string $password User password
*/
$user = apply_filters ( 'authenticate' , null , $username , $password );
2005-04-19 23:37:23 -04:00
2009-01-29 16:30:16 -05:00
if ( $user == null ) {
2009-01-24 17:38:19 -05:00
// TODO what should the error message be? (Or would these even happen?)
// Only needed if all authentication handlers fail to return anything.
$user = new WP_Error ( 'authentication_failed' , __ ( '<strong>ERROR</strong>: Invalid username or incorrect password.' ));
2008-01-29 15:17:11 -05:00
}
2009-02-23 12:33:02 -05:00
$ignore_codes = array ( 'empty_username' , 'empty_password' );
if ( is_wp_error ( $user ) && ! in_array ( $user -> get_error_code (), $ignore_codes ) ) {
2014-03-28 17:21:15 -04:00
/**
* Fires after a user login has failed .
*
* @ since 2.5 . 0
*
* @ param string $username User login .
*/
do_action ( 'wp_login_failed' , $username );
2008-01-24 13:32:21 -05:00
}
2007-12-02 00:14:11 -05:00
2009-01-24 17:38:19 -05:00
return $user ;
2008-01-22 14:35:19 -05:00
}
endif ;
2008-10-18 16:46:30 -04:00
if ( ! function_exists ( 'wp_logout' ) ) :
2008-01-22 14:35:19 -05:00
/**
2008-06-22 16:23:23 -04:00
* Log the current user out .
2008-01-22 14:35:19 -05:00
*
2008-10-18 16:46:30 -04:00
* @ since 2.5 . 0
2008-01-22 14:35:19 -05:00
*/
function wp_logout () {
2014-07-18 05:13:15 -04:00
wp_destroy_current_session ();
2008-01-22 14:35:19 -05:00
wp_clear_auth_cookie ();
2014-03-28 17:21:15 -04:00
/**
* Fires after a user is logged - out .
*
* @ since 1.5 . 0
*/
do_action ( 'wp_logout' );
2007-12-16 12:41:59 -05:00
}
endif ;
if ( ! function_exists ( 'wp_validate_auth_cookie' ) ) :
2008-01-20 01:53:42 -05:00
/**
2008-06-22 16:23:23 -04:00
* Validates authentication cookie .
2008-01-20 01:53:42 -05:00
*
2008-06-22 16:23:23 -04:00
* The checks include making sure that the authentication cookie is set and
* pulling in the contents ( if $cookie is not used ) .
2008-01-20 01:53:42 -05:00
*
2008-06-22 16:23:23 -04:00
* Makes sure the cookie is not expired . Verifies the hash in cookie is what is
* should be and compares the two .
2008-01-20 01:53:42 -05:00
*
2013-12-24 13:57:12 -05:00
* @ since 2.5 . 0
2008-01-20 01:53:42 -05:00
*
* @ param string $cookie Optional . If used , will validate contents instead of cookie ' s
2008-06-11 13:25:55 -04:00
* @ param string $scheme Optional . The cookie scheme to use : auth , secure_auth , or logged_in
2008-01-20 01:53:42 -05:00
* @ return bool | int False if invalid cookie , User ID if valid .
*/
2008-08-25 17:09:26 -04:00
function wp_validate_auth_cookie ( $cookie = '' , $scheme = '' ) {
2008-08-20 20:08:25 -04:00
if ( ! $cookie_elements = wp_parse_auth_cookie ( $cookie , $scheme ) ) {
2014-03-28 17:21:15 -04:00
/**
* Fires if an authentication cookie is malformed .
*
* @ since 2.7 . 0
*
* @ param string $cookie Malformed auth cookie .
* @ param string $scheme Authentication scheme . Values include 'auth' , 'secure_auth' ,
* or 'logged_in' .
*/
do_action ( 'auth_cookie_malformed' , $cookie , $scheme );
2008-04-25 02:20:18 -04:00
return false ;
2008-08-20 20:08:25 -04:00
}
2008-04-25 02:20:18 -04:00
2014-05-15 02:11:13 -04:00
$scheme = $cookie_elements [ 'scheme' ];
$username = $cookie_elements [ 'username' ];
$hmac = $cookie_elements [ 'hmac' ];
2014-07-18 05:13:15 -04:00
$token = $cookie_elements [ 'token' ];
2014-05-15 02:11:13 -04:00
$expired = $expiration = $cookie_elements [ 'expiration' ];
2007-12-16 12:41:59 -05:00
2007-12-22 19:58:06 -05:00
// Allow a grace period for POST and AJAX requests
2014-05-15 02:11:13 -04:00
if ( defined ( 'DOING_AJAX' ) || 'POST' == $_SERVER [ 'REQUEST_METHOD' ] ) {
2012-09-25 01:26:19 -04:00
$expired += HOUR_IN_SECONDS ;
2014-05-15 02:11:13 -04:00
}
2007-12-16 12:41:59 -05:00
2008-04-25 02:20:18 -04:00
// Quick check to see if an honest cookie has expired
2008-08-20 20:08:25 -04:00
if ( $expired < time () ) {
2014-03-28 17:21:15 -04:00
/**
* Fires once an authentication cookie has expired .
*
* @ since 2.7 . 0
*
* @ param array $cookie_elements An array of data for the authentication cookie .
*/
do_action ( 'auth_cookie_expired' , $cookie_elements );
2007-12-16 12:41:59 -05:00
return false ;
2008-08-20 20:08:25 -04:00
}
2007-12-16 12:41:59 -05:00
2011-08-05 12:57:31 -04:00
$user = get_user_by ( 'login' , $username );
2009-02-03 00:03:16 -05:00
if ( ! $user ) {
2014-03-28 17:21:15 -04:00
/**
* Fires if a bad username is entered in the user authentication process .
*
* @ since 2.7 . 0
*
* @ param array $cookie_elements An array of data for the authentication cookie .
*/
do_action ( 'auth_cookie_bad_username' , $cookie_elements );
2009-02-03 00:03:16 -05:00
return false ;
}
$pass_frag = substr ( $user -> user_pass , 8 , 4 );
2014-07-18 05:13:15 -04:00
$key = wp_hash ( $username . '|' . $pass_frag . '|' . $expiration . '|' . $token , $scheme );
2014-09-20 13:28:18 -04:00
// If ext/hash is not present, compat.php's hash_hmac() does not support sha256.
$algo = function_exists ( 'hash' ) ? 'sha256' : 'sha1' ;
$hash = hash_hmac ( $algo , $username . '|' . $expiration . '|' . $token , $key );
2008-02-05 01:47:27 -05:00
2014-08-06 01:26:16 -04:00
if ( ! hash_equals ( $hash , $hmac ) ) {
2014-03-28 17:21:15 -04:00
/**
* Fires if a bad authentication cookie hash is encountered .
*
* @ since 2.7 . 0
*
* @ param array $cookie_elements An array of data for the authentication cookie .
*/
do_action ( 'auth_cookie_bad_hash' , $cookie_elements );
2007-12-16 12:41:59 -05:00
return false ;
2008-08-20 20:08:25 -04:00
}
2007-12-16 12:41:59 -05:00
2014-07-18 05:13:15 -04:00
$manager = WP_Session_Tokens :: get_instance ( $user -> ID );
2014-08-26 22:07:16 -04:00
if ( ! $manager -> verify ( $token ) ) {
2014-07-18 05:13:15 -04:00
do_action ( 'auth_cookie_bad_session_token' , $cookie_elements );
return false ;
}
// AJAX/POST grace period set above
if ( $expiration < time () ) {
2009-10-11 07:26:59 -04:00
$GLOBALS [ 'login_grace_period' ] = 1 ;
2014-05-15 02:11:13 -04:00
}
2009-10-11 07:26:59 -04:00
2014-03-28 17:21:15 -04:00
/**
* Fires once an authentication cookie has been validated .
*
* @ since 2.7 . 0
*
* @ param array $cookie_elements An array of data for the authentication cookie .
* @ param WP_User $user User object .
*/
do_action ( 'auth_cookie_valid' , $cookie_elements , $user );
2007-12-16 12:41:59 -05:00
return $user -> ID ;
}
endif ;
2007-12-31 12:50:32 -05:00
if ( ! function_exists ( 'wp_generate_auth_cookie' ) ) :
2008-01-20 01:53:42 -05:00
/**
2008-06-22 16:23:23 -04:00
* Generate authentication cookie contents .
2008-01-20 01:53:42 -05:00
*
2013-12-24 13:57:12 -05:00
* @ since 2.5 . 0
*
2008-01-20 01:53:42 -05:00
* @ param int $user_id User ID
* @ param int $expiration Cookie expiration in seconds
2008-06-11 13:25:55 -04:00
* @ param string $scheme Optional . The cookie scheme to use : auth , secure_auth , or logged_in
2014-07-18 05:13:15 -04:00
* @ param string $token User ' s session token to use for this cookie
* @ return string Authentication cookie contents . Empty string if user does not exist .
2008-01-20 01:53:42 -05:00
*/
2014-07-18 05:13:15 -04:00
function wp_generate_auth_cookie ( $user_id , $expiration , $scheme = 'auth' , $token = '' ) {
2007-12-31 12:50:32 -05:00
$user = get_userdata ( $user_id );
2014-07-18 05:13:15 -04:00
if ( ! $user ) {
return '' ;
}
if ( ! $token ) {
$manager = WP_Session_Tokens :: get_instance ( $user_id );
2014-08-26 22:07:16 -04:00
$token = $manager -> create ( $expiration );
2014-07-18 05:13:15 -04:00
}
2007-12-31 12:50:32 -05:00
2009-02-03 00:03:16 -05:00
$pass_frag = substr ( $user -> user_pass , 8 , 4 );
2014-07-18 05:13:15 -04:00
$key = wp_hash ( $user -> user_login . '|' . $pass_frag . '|' . $expiration . '|' . $token , $scheme );
2014-09-20 13:28:18 -04:00
// If ext/hash is not present, compat.php's hash_hmac() does not support sha256.
$algo = function_exists ( 'hash' ) ? 'sha256' : 'sha1' ;
$hash = hash_hmac ( $algo , $user -> user_login . '|' . $expiration . '|' . $token , $key );
2007-12-31 12:50:32 -05:00
2014-07-18 05:13:15 -04:00
$cookie = $user -> user_login . '|' . $expiration . '|' . $token . '|' . $hash ;
2007-12-31 12:50:32 -05:00
2014-03-28 17:21:15 -04:00
/**
* Filter the authentication cookie .
*
* @ since 2.5 . 0
*
* @ param string $cookie Authentication cookie .
* @ param int $user_id User ID .
* @ param int $expiration Authentication cookie expiration in seconds .
* @ param string $scheme Cookie scheme used . Accepts 'auth' , 'secure_auth' , or 'logged_in' .
2014-07-18 05:13:15 -04:00
* @ param string $token User ' s session token used .
2014-03-28 17:21:15 -04:00
*/
2014-07-18 05:13:15 -04:00
return apply_filters ( 'auth_cookie' , $cookie , $user_id , $expiration , $scheme , $token );
2007-12-31 12:50:32 -05:00
}
endif ;
2008-08-20 20:08:25 -04:00
if ( ! function_exists ( 'wp_parse_auth_cookie' ) ) :
/**
* Parse a cookie into its components
*
2013-12-24 13:57:12 -05:00
* @ since 2.7 . 0
2008-08-20 20:08:25 -04:00
*
* @ param string $cookie
* @ param string $scheme Optional . The cookie scheme to use : auth , secure_auth , or logged_in
* @ return array Authentication cookie components
*/
2008-08-25 17:09:26 -04:00
function wp_parse_auth_cookie ( $cookie = '' , $scheme = '' ) {
2008-08-20 20:08:25 -04:00
if ( empty ( $cookie ) ) {
2008-08-25 17:09:26 -04:00
switch ( $scheme ){
case 'auth' :
$cookie_name = AUTH_COOKIE ;
break ;
case 'secure_auth' :
$cookie_name = SECURE_AUTH_COOKIE ;
break ;
case " logged_in " :
$cookie_name = LOGGED_IN_COOKIE ;
break ;
default :
if ( is_ssl () ) {
$cookie_name = SECURE_AUTH_COOKIE ;
$scheme = 'secure_auth' ;
} else {
$cookie_name = AUTH_COOKIE ;
$scheme = 'auth' ;
}
}
2008-08-20 20:08:25 -04:00
if ( empty ( $_COOKIE [ $cookie_name ]) )
return false ;
$cookie = $_COOKIE [ $cookie_name ];
}
$cookie_elements = explode ( '|' , $cookie );
2014-07-18 05:13:15 -04:00
if ( count ( $cookie_elements ) !== 4 ) {
2008-08-20 20:08:25 -04:00
return false ;
2014-07-18 05:13:15 -04:00
}
2008-08-20 20:08:25 -04:00
2014-07-18 05:13:15 -04:00
list ( $username , $expiration , $token , $hmac ) = $cookie_elements ;
2008-08-20 20:08:25 -04:00
2014-07-18 05:13:15 -04:00
return compact ( 'username' , 'expiration' , 'token' , 'hmac' , 'scheme' );
2008-08-20 20:08:25 -04:00
}
endif ;
2007-12-16 12:41:59 -05:00
if ( ! function_exists ( 'wp_set_auth_cookie' ) ) :
2008-01-20 01:53:42 -05:00
/**
2014-02-07 04:47:12 -05:00
* Sets the authentication cookies based on user ID .
2008-01-20 01:53:42 -05:00
*
2008-06-22 16:23:23 -04:00
* The $remember parameter increases the time that the cookie will be kept . The
* default the cookie is kept without remembering is two days . When $remember is
* set , the cookies will be kept for 14 days or two weeks .
2008-01-20 01:53:42 -05:00
*
2013-12-24 13:57:12 -05:00
* @ since 2.5 . 0
2008-01-20 01:53:42 -05:00
*
* @ param int $user_id User ID
2010-02-24 15:13:23 -05:00
* @ param bool $remember Whether to remember the user
2014-07-18 05:13:15 -04:00
* @ param mixed $secure Whether the admin cookies should only be sent over HTTPS .
* Default is_ssl () .
2008-01-20 01:53:42 -05:00
*/
2008-06-11 13:25:55 -04:00
function wp_set_auth_cookie ( $user_id , $remember = false , $secure = '' ) {
2007-12-16 12:41:59 -05:00
if ( $remember ) {
2014-03-28 17:21:15 -04:00
/**
* Filter the duration of the authentication cookie expiration period .
*
* @ since 2.8 . 0
*
* @ param int $length Duration of the expiration period in seconds .
* @ param int $user_id User ID .
* @ param bool $remember Whether to remember the user login . Default false .
*/
$expiration = time () + apply_filters ( 'auth_cookie_expiration' , 14 * DAY_IN_SECONDS , $user_id , $remember );
/*
* Ensure the browser will continue to send the cookie after the expiration time is reached .
* Needed for the login grace period in wp_validate_auth_cookie () .
*/
2013-08-23 17:27:08 -04:00
$expire = $expiration + ( 12 * HOUR_IN_SECONDS );
2007-12-02 00:14:11 -05:00
} else {
2014-03-28 17:21:15 -04:00
/** This filter is documented in wp-includes/pluggable.php */
$expiration = time () + apply_filters ( 'auth_cookie_expiration' , 2 * DAY_IN_SECONDS , $user_id , $remember );
2007-12-16 12:41:59 -05:00
$expire = 0 ;
2005-04-19 23:37:23 -04:00
}
2007-12-02 00:14:11 -05:00
2014-05-30 11:08:15 -04:00
if ( '' === $secure ) {
2010-03-19 17:15:00 -04:00
$secure = is_ssl ();
2014-05-30 11:08:15 -04:00
}
// Frontend cookie is secure when the auth cookie is secure and the site's home URL is forced HTTPS.
$secure_logged_in_cookie = $secure && 'https' === parse_url ( get_option ( 'home' ), PHP_URL_SCHEME );
2008-06-11 13:25:55 -04:00
2014-03-28 17:21:15 -04:00
/**
* Filter whether the connection is secure .
*
* @ since 3.1 . 0
*
* @ param bool $secure Whether the connection is secure .
* @ param int $user_id User ID .
*/
$secure = apply_filters ( 'secure_auth_cookie' , $secure , $user_id );
/**
* Filter whether to use a secure cookie when logged - in .
*
* @ since 3.1 . 0
*
2014-05-30 11:20:16 -04:00
* @ param bool $secure_logged_in_cookie Whether to use a secure cookie when logged - in .
* @ param int $user_id User ID .
* @ param bool $secure Whether the connection is secure .
2014-03-28 17:21:15 -04:00
*/
2014-05-30 11:08:15 -04:00
$secure_logged_in_cookie = apply_filters ( 'secure_logged_in_cookie' , $secure_logged_in_cookie , $user_id , $secure );
2011-01-05 23:08:23 -05:00
2008-06-11 13:25:55 -04:00
if ( $secure ) {
$auth_cookie_name = SECURE_AUTH_COOKIE ;
$scheme = 'secure_auth' ;
2008-05-27 13:46:01 -04:00
} else {
2008-06-11 13:25:55 -04:00
$auth_cookie_name = AUTH_COOKIE ;
$scheme = 'auth' ;
2008-05-27 13:46:01 -04:00
}
2007-12-16 12:41:59 -05:00
2014-07-18 05:13:15 -04:00
$manager = WP_Session_Tokens :: get_instance ( $user_id );
2014-08-26 22:07:16 -04:00
$token = $manager -> create ( $expiration );
2014-07-18 05:13:15 -04:00
$auth_cookie = wp_generate_auth_cookie ( $user_id , $expiration , $scheme , $token );
$logged_in_cookie = wp_generate_auth_cookie ( $user_id , $expiration , 'logged_in' , $token );
2007-12-24 03:01:55 -05:00
2014-03-28 17:21:15 -04:00
/**
* Fires immediately before the authentication cookie is set .
*
* @ since 2.5 . 0
*
* @ param string $auth_cookie Authentication cookie .
* @ param int $expire Login grace period in seconds . Default 43 , 200 seconds , or 12 hours .
* @ param int $expiration Duration in seconds the authentication cookie should be valid .
* Default 1 , 209 , 600 seconds , or 14 days .
* @ param int $user_id User ID .
* @ param string $scheme Authentication scheme . Values include 'auth' , 'secure_auth' , or 'logged_in' .
*/
do_action ( 'set_auth_cookie' , $auth_cookie , $expire , $expiration , $user_id , $scheme );
/**
* Fires immediately before the secure authentication cookie is set .
*
* @ since 2.6 . 0
*
* @ param string $logged_in_cookie The logged - in cookie .
* @ param int $expire Login grace period in seconds . Default 43 , 200 seconds , or 12 hours .
* @ param int $expiration Duration in seconds the authentication cookie should be valid .
* Default 1 , 209 , 600 seconds , or 14 days .
* @ param int $user_id User ID .
* @ param string $scheme Authentication scheme . Default 'logged_in' .
*/
do_action ( 'set_logged_in_cookie' , $logged_in_cookie , $expire , $expiration , $user_id , 'logged_in' );
2008-05-27 13:46:01 -04:00
2011-04-06 13:07:59 -04:00
setcookie ( $auth_cookie_name , $auth_cookie , $expire , PLUGINS_COOKIE_PATH , COOKIE_DOMAIN , $secure , true );
setcookie ( $auth_cookie_name , $auth_cookie , $expire , ADMIN_COOKIE_PATH , COOKIE_DOMAIN , $secure , true );
setcookie ( LOGGED_IN_COOKIE , $logged_in_cookie , $expire , COOKIEPATH , COOKIE_DOMAIN , $secure_logged_in_cookie , true );
if ( COOKIEPATH != SITECOOKIEPATH )
setcookie ( LOGGED_IN_COOKIE , $logged_in_cookie , $expire , SITECOOKIEPATH , COOKIE_DOMAIN , $secure_logged_in_cookie , true );
2007-12-16 12:41:59 -05:00
}
endif ;
if ( ! function_exists ( 'wp_clear_auth_cookie' ) ) :
2008-01-20 01:53:42 -05:00
/**
2008-06-22 16:23:23 -04:00
* Removes all of the cookies associated with authentication .
2008-01-20 01:53:42 -05:00
*
2013-12-24 13:57:12 -05:00
* @ since 2.5 . 0
2008-01-20 01:53:42 -05:00
*/
2007-12-16 12:41:59 -05:00
function wp_clear_auth_cookie () {
2014-03-28 17:21:15 -04:00
/**
* Fires just before the authentication cookies are cleared .
*
* @ since 2.7 . 0
*/
do_action ( 'clear_auth_cookie' );
2008-08-20 20:08:25 -04:00
2012-09-25 01:26:19 -04:00
setcookie ( AUTH_COOKIE , ' ' , time () - YEAR_IN_SECONDS , ADMIN_COOKIE_PATH , COOKIE_DOMAIN );
setcookie ( SECURE_AUTH_COOKIE , ' ' , time () - YEAR_IN_SECONDS , ADMIN_COOKIE_PATH , COOKIE_DOMAIN );
setcookie ( AUTH_COOKIE , ' ' , time () - YEAR_IN_SECONDS , PLUGINS_COOKIE_PATH , COOKIE_DOMAIN );
setcookie ( SECURE_AUTH_COOKIE , ' ' , time () - YEAR_IN_SECONDS , PLUGINS_COOKIE_PATH , COOKIE_DOMAIN );
setcookie ( LOGGED_IN_COOKIE , ' ' , time () - YEAR_IN_SECONDS , COOKIEPATH , COOKIE_DOMAIN );
setcookie ( LOGGED_IN_COOKIE , ' ' , time () - YEAR_IN_SECONDS , SITECOOKIEPATH , COOKIE_DOMAIN );
2008-06-27 18:54:21 -04:00
// Old cookies
2012-09-25 01:26:19 -04:00
setcookie ( AUTH_COOKIE , ' ' , time () - YEAR_IN_SECONDS , COOKIEPATH , COOKIE_DOMAIN );
setcookie ( AUTH_COOKIE , ' ' , time () - YEAR_IN_SECONDS , SITECOOKIEPATH , COOKIE_DOMAIN );
setcookie ( SECURE_AUTH_COOKIE , ' ' , time () - YEAR_IN_SECONDS , COOKIEPATH , COOKIE_DOMAIN );
setcookie ( SECURE_AUTH_COOKIE , ' ' , time () - YEAR_IN_SECONDS , SITECOOKIEPATH , COOKIE_DOMAIN );
2007-12-16 12:41:59 -05:00
2008-06-27 18:54:21 -04:00
// Even older cookies
2012-09-25 01:26:19 -04:00
setcookie ( USER_COOKIE , ' ' , time () - YEAR_IN_SECONDS , COOKIEPATH , COOKIE_DOMAIN );
setcookie ( PASS_COOKIE , ' ' , time () - YEAR_IN_SECONDS , COOKIEPATH , COOKIE_DOMAIN );
setcookie ( USER_COOKIE , ' ' , time () - YEAR_IN_SECONDS , SITECOOKIEPATH , COOKIE_DOMAIN );
setcookie ( PASS_COOKIE , ' ' , time () - YEAR_IN_SECONDS , SITECOOKIEPATH , COOKIE_DOMAIN );
2005-04-19 23:37:23 -04:00
}
endif ;
2005-12-15 11:31:41 -05:00
if ( ! function_exists ( 'is_user_logged_in' ) ) :
2008-01-11 15:51:39 -05:00
/**
2008-06-22 16:23:23 -04:00
* Checks if the current visitor is a logged in user .
2008-01-11 15:51:39 -05:00
*
* @ since 2.0 . 0
*
2008-01-20 01:53:42 -05:00
* @ return bool True if user is logged in , false if not logged in .
2008-01-11 15:51:39 -05:00
*/
2005-12-15 11:31:41 -05:00
function is_user_logged_in () {
2006-02-22 14:08:55 -05:00
$user = wp_get_current_user ();
2006-02-12 02:53:23 -05:00
2012-04-06 15:18:45 -04:00
if ( ! $user -> exists () )
2005-12-15 11:31:41 -05:00
return false ;
2006-02-22 14:08:55 -05:00
2005-12-15 11:31:41 -05:00
return true ;
}
endif ;
2005-04-19 23:37:23 -04:00
if ( ! function_exists ( 'auth_redirect' ) ) :
2008-01-11 15:51:39 -05:00
/**
2008-06-22 16:23:23 -04:00
* Checks if a user is logged in , if not it redirects them to the login page .
2008-01-11 15:51:39 -05:00
*
2013-12-24 13:57:12 -05:00
* @ since 1.5 . 0
2008-01-11 15:51:39 -05:00
*/
2005-04-19 23:37:23 -04:00
function auth_redirect () {
// Checks if a user is logged in, if not redirects them to the login page
2006-02-12 02:53:23 -05:00
2010-03-19 17:15:00 -04:00
$secure = ( is_ssl () || force_ssl_admin () );
2008-05-27 13:46:01 -04:00
2014-03-28 17:21:15 -04:00
/**
* Filter whether to use a secure authentication redirect .
*
* @ since 3.1 . 0
*
* @ param bool $secure Whether to use a secure authentication redirect . Default false .
*/
$secure = apply_filters ( 'secure_auth_redirect' , $secure );
2011-01-05 23:08:23 -05:00
2008-05-27 13:46:01 -04:00
// If https is required and request is http, redirect
2008-08-25 16:40:34 -04:00
if ( $secure && ! is_ssl () && false !== strpos ( $_SERVER [ 'REQUEST_URI' ], 'wp-admin' ) ) {
2012-08-30 09:33:00 -04:00
if ( 0 === strpos ( $_SERVER [ 'REQUEST_URI' ], 'http' ) ) {
wp_redirect ( set_url_scheme ( $_SERVER [ 'REQUEST_URI' ], 'https' ) );
2008-05-27 13:46:01 -04:00
exit ();
} else {
2012-08-30 09:33:00 -04:00
wp_redirect ( 'https://' . $_SERVER [ 'HTTP_HOST' ] . $_SERVER [ 'REQUEST_URI' ] );
2008-08-09 01:36:14 -04:00
exit ();
2008-05-27 13:46:01 -04:00
}
2005-04-19 23:37:23 -04:00
}
2008-05-27 13:46:01 -04:00
2014-03-28 17:21:15 -04:00
if ( is_user_admin () ) {
2010-10-07 15:34:18 -04:00
$scheme = 'logged_in' ;
2014-03-28 17:21:15 -04:00
} else {
/**
* Filter the authentication redirect scheme .
*
* @ since 2.9 . 0
*
* @ param string $scheme Authentication redirect scheme . Default empty .
*/
2010-10-07 15:34:18 -04:00
$scheme = apply_filters ( 'auth_redirect_scheme' , '' );
2014-03-28 17:21:15 -04:00
}
2010-10-07 15:34:18 -04:00
if ( $user_id = wp_validate_auth_cookie ( '' , $scheme ) ) {
2014-03-28 17:21:15 -04:00
/**
* Fires before the authentication redirect .
*
* @ since 2.8 . 0
*
* @ param int $user_id User ID .
*/
do_action ( 'auth_redirect' , $user_id );
2009-03-02 18:42:28 -05:00
2008-08-21 13:40:38 -04:00
// If the user wants ssl but the session is not ssl, redirect.
2008-08-25 16:40:34 -04:00
if ( ! $secure && get_user_option ( 'use_ssl' , $user_id ) && false !== strpos ( $_SERVER [ 'REQUEST_URI' ], 'wp-admin' ) ) {
2012-08-30 09:33:00 -04:00
if ( 0 === strpos ( $_SERVER [ 'REQUEST_URI' ], 'http' ) ) {
wp_redirect ( set_url_scheme ( $_SERVER [ 'REQUEST_URI' ], 'https' ) );
2008-08-21 13:40:38 -04:00
exit ();
} else {
2012-08-30 09:33:00 -04:00
wp_redirect ( 'https://' . $_SERVER [ 'HTTP_HOST' ] . $_SERVER [ 'REQUEST_URI' ] );
2008-08-21 13:40:38 -04:00
exit ();
}
}
2008-05-27 13:46:01 -04:00
return ; // The cookie is good so we're done
2008-08-21 13:40:38 -04:00
}
2008-05-27 13:46:01 -04:00
// The cookie is no good so force login
nocache_headers ();
2013-03-01 11:28:40 -05:00
$redirect = ( strpos ( $_SERVER [ 'REQUEST_URI' ], '/options.php' ) && wp_get_referer () ) ? wp_get_referer () : set_url_scheme ( 'http://' . $_SERVER [ 'HTTP_HOST' ] . $_SERVER [ 'REQUEST_URI' ] );
2008-11-19 00:07:24 -05:00
2010-05-11 09:44:40 -04:00
$login_url = wp_login_url ( $redirect , true );
2008-05-27 13:46:01 -04:00
wp_redirect ( $login_url );
exit ();
2005-04-19 23:37:23 -04:00
}
endif ;
2006-01-29 18:06:58 -05:00
if ( ! function_exists ( 'check_admin_referer' ) ) :
2008-01-11 15:51:39 -05:00
/**
2008-06-22 16:23:23 -04:00
* Makes sure that a user was referred from another admin page .
*
* To avoid security exploits .
2008-01-11 15:51:39 -05:00
*
* @ since 1.2 . 0
*
2015-02-08 23:57:27 -05:00
* @ param int | string $action Action nonce .
* @ param string $query_arg Optional . Key to check for nonce in `$_REQUEST` ( since 2.5 ) .
* Default '_wpnonce' .
* @ return false | int False if the nonce is invalid , 1 if the nonce is valid and generated between
* 0 - 12 hours ago , 2 if the nonce is valid and generated between 12 - 24 hours ago .
2008-01-11 15:51:39 -05:00
*/
2015-02-08 23:57:27 -05:00
function check_admin_referer ( $action = - 1 , $query_arg = '_wpnonce' ) {
2011-06-08 12:56:26 -04:00
if ( - 1 == $action )
_doing_it_wrong ( __FUNCTION__ , __ ( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2' );
2008-06-06 03:39:11 -04:00
$adminurl = strtolower ( admin_url ());
2006-06-24 01:38:37 -04:00
$referer = strtolower ( wp_get_referer ());
2008-09-28 17:08:25 -04:00
$result = isset ( $_REQUEST [ $query_arg ]) ? wp_verify_nonce ( $_REQUEST [ $query_arg ], $action ) : false ;
2011-02-03 15:42:00 -05:00
if ( ! $result && ! ( - 1 == $action && strpos ( $referer , $adminurl ) === 0 ) ) {
2006-06-27 04:06:00 -04:00
wp_nonce_ays ( $action );
2006-05-18 02:49:22 -04:00
die ();
2006-05-02 18:08:34 -04:00
}
2014-03-28 17:21:15 -04:00
/**
* Fires once the admin request has been validated or not .
*
* @ since 1.5 . 1
*
2015-02-08 23:57:27 -05:00
* @ param string $action The nonce action .
* @ param false | int $result False if the nonce is invalid , 1 if the nonce is valid and generated between
* 0 - 12 hours ago , 2 if the nonce is valid and generated between 12 - 24 hours ago .
2014-03-28 17:21:15 -04:00
*/
do_action ( 'check_admin_referer' , $action , $result );
2008-03-17 22:43:20 -04:00
return $result ;
2012-12-29 13:01:41 -05:00
}
endif ;
2006-03-28 20:51:55 -05:00
if ( ! function_exists ( 'check_ajax_referer' ) ) :
2008-01-20 01:53:42 -05:00
/**
2008-06-22 16:23:23 -04:00
* Verifies the AJAX request to prevent processing requests external of the blog .
2008-01-20 01:53:42 -05:00
*
2009-01-30 13:08:28 -05:00
* @ since 2.0 . 3
2008-01-20 01:53:42 -05:00
*
2015-02-08 23:57:27 -05:00
* @ param int | string $action Action nonce .
* @ param false | string $query_arg Optional . Key to check for the nonce in `$_REQUEST` ( since 2.5 ) . If false ,
* `$_REQUEST` values will be evaluated for '_ajax_nonce' , and '_wpnonce'
* ( in that order ) . Default false .
* @ param bool $die Optional . Whether to die early when the nonce cannot be verified .
* Default true .
* @ return false | int False if the nonce is invalid , 1 if the nonce is valid and generated between
* 0 - 12 hours ago , 2 if the nonce is valid and generated between 12 - 24 hours ago .
2008-01-20 01:53:42 -05:00
*/
2008-03-17 22:43:20 -04:00
function check_ajax_referer ( $action = - 1 , $query_arg = false , $die = true ) {
2013-09-13 18:18:08 -04:00
$nonce = '' ;
2013-09-21 12:26:12 -04:00
if ( $query_arg && isset ( $_REQUEST [ $query_arg ] ) )
$nonce = $_REQUEST [ $query_arg ];
elseif ( isset ( $_REQUEST [ '_ajax_nonce' ] ) )
2013-09-13 18:18:08 -04:00
$nonce = $_REQUEST [ '_ajax_nonce' ];
2013-09-21 12:26:12 -04:00
elseif ( isset ( $_REQUEST [ '_wpnonce' ] ) )
2013-09-13 18:18:08 -04:00
$nonce = $_REQUEST [ '_wpnonce' ];
2007-09-19 15:32:34 -04:00
2008-03-17 22:43:20 -04:00
$result = wp_verify_nonce ( $nonce , $action );
2012-01-31 17:12:58 -05:00
if ( $die && false == $result ) {
if ( defined ( 'DOING_AJAX' ) && DOING_AJAX )
wp_die ( - 1 );
else
die ( '-1' );
}
2007-12-17 16:12:28 -05:00
2014-03-28 17:21:15 -04:00
/**
* Fires once the AJAX request has been validated or not .
*
* @ since 2.1 . 0
*
2015-02-08 23:57:27 -05:00
* @ param string $action The AJAX nonce action .
* @ param false | int $result False if the nonce is invalid , 1 if the nonce is valid and generated between
* 0 - 12 hours ago , 2 if the nonce is valid and generated between 12 - 24 hours ago .
2014-03-28 17:21:15 -04:00
*/
do_action ( 'check_ajax_referer' , $action , $result );
2008-03-17 22:43:20 -04:00
return $result ;
2006-03-28 20:51:55 -05:00
}
endif ;
2006-01-29 18:06:58 -05:00
2005-04-19 23:37:23 -04:00
if ( ! function_exists ( 'wp_redirect' ) ) :
2008-01-11 15:51:39 -05:00
/**
2010-10-02 00:02:24 -04:00
* Redirects to another page .
2008-01-11 15:51:39 -05:00
*
* @ since 1.5 . 1
*
2013-09-04 04:31:09 -04:00
* @ param string $location The path to redirect to .
* @ param int $status Status code to use .
2013-08-06 13:44:32 -04:00
* @ return bool False if $location is not provided , true otherwise .
2008-01-11 15:51:39 -05:00
*/
2006-09-25 20:55:21 -04:00
function wp_redirect ( $location , $status = 302 ) {
2010-12-14 05:15:31 -05:00
global $is_IIS ;
2013-09-04 04:31:09 -04:00
/**
2013-09-05 21:38:09 -04:00
* Filter the redirect location .
2013-09-04 04:31:09 -04:00
*
* @ since 2.1 . 0
*
* @ param string $location The path to redirect to .
* @ param int $status Status code to use .
*/
$location = apply_filters ( 'wp_redirect' , $location , $status );
/**
2013-09-05 21:38:09 -04:00
* Filter the redirect status code .
2013-09-04 04:31:09 -04:00
*
* @ since 2.3 . 0
*
* @ param int $status Status code to use .
* @ param string $location The path to redirect to .
*/
$status = apply_filters ( 'wp_redirect_status' , $status , $location );
2008-08-09 01:36:14 -04:00
2013-09-04 04:31:09 -04:00
if ( ! $location )
2007-09-03 19:32:58 -04:00
return false ;
2006-10-18 18:02:30 -04:00
2007-09-18 23:47:37 -04:00
$location = wp_sanitize_redirect ( $location );
2015-01-09 23:59:22 -05:00
if ( ! $is_IIS && PHP_SAPI != 'cgi-fcgi' )
2010-10-02 00:02:24 -04:00
status_header ( $status ); // This causes problems on IIS and some FastCGI setups
2010-12-14 05:15:31 -05:00
2010-10-02 00:02:24 -04:00
header ( " Location: $location " , true , $status );
2013-08-06 13:44:32 -04:00
return true ;
2007-09-18 23:47:37 -04:00
}
endif ;
if ( ! function_exists ( 'wp_sanitize_redirect' ) ) :
/**
2008-06-22 16:23:23 -04:00
* Sanitizes a URL for use in a redirect .
2008-01-11 15:51:39 -05:00
*
2013-12-24 13:57:12 -05:00
* @ since 2.3 . 0
2008-01-11 15:51:39 -05:00
*
2007-09-18 23:47:37 -04:00
* @ return string redirect - sanitized URL
**/
function wp_sanitize_redirect ( $location ) {
2015-02-27 21:21:26 -05:00
$regex = ' /
(
( ? : [ \xC2 - \xDF ][ \x80 - \xBF ] # double-byte sequences 110xxxxx 10xxxxxx
| \xE0 [ \xA0 - \xBF ][ \x80 - \xBF ] # triple-byte sequences 1110xxxx 10xxxxxx * 2
| [ \xE1 - \xEC ][ \x80 - \xBF ]{ 2 }
| \xED [ \x80 - \x9F ][ \x80 - \xBF ]
| [ \xEE - \xEF ][ \x80 - \xBF ]{ 2 }
| \xF0 [ \x90 - \xBF ][ \x80 - \xBF ]{ 2 } # four-byte sequences 11110xxx 10xxxxxx * 3
| [ \xF1 - \xF3 ][ \x80 - \xBF ]{ 3 }
| \xF4 [ \x80 - \x8F ][ \x80 - \xBF ]{ 2 }
){ 1 , 50 } # ...one or more times
) / x ' ;
$location = preg_replace_callback ( $regex , '_wp_sanitize_utf8_in_redirect' , $location );
2014-11-30 22:21:22 -05:00
$location = preg_replace ( '|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()]|i' , '' , $location );
2006-07-05 20:28:37 -04:00
$location = wp_kses_no_null ( $location );
2006-06-29 20:43:23 -04:00
2007-08-30 13:46:09 -04:00
// remove %0d and %0a from location
2009-06-20 13:42:24 -04:00
$strip = array ( '%0d' , '%0a' , '%0D' , '%0A' );
$location = _deep_replace ( $strip , $location );
2007-09-18 23:47:37 -04:00
return $location ;
2005-04-19 23:37:23 -04:00
}
2015-02-27 21:21:26 -05:00
/**
* URL encode UTF - 8 characters in a URL .
*
* @ ignore
* @ since 4.2 . 0
* @ access private
*
* @ see wp_sanitize_redirect ()
*/
function _wp_sanitize_utf8_in_redirect ( $matches ) {
return urlencode ( $matches [ 0 ] );
}
2005-04-19 23:37:23 -04:00
endif ;
2007-09-18 18:23:16 -04:00
if ( ! function_exists ( 'wp_safe_redirect' ) ) :
/**
2008-06-22 16:23:23 -04:00
* Performs a safe ( local ) redirect , using wp_redirect () .
2008-01-11 15:51:39 -05:00
*
2008-01-20 01:53:42 -05:00
* Checks whether the $location is using an allowed host , if it has an absolute
2008-06-22 16:23:23 -04:00
* path . A plugin can therefore set or remove allowed host ( s ) to or from the
* list .
2008-01-20 01:53:42 -05:00
*
* If the host is not allowed , then the redirect is to wp - admin on the siteurl
2008-06-22 16:23:23 -04:00
* instead . This prevents malicious redirects which redirect to another host ,
* but only used in a few places .
2008-01-20 01:53:42 -05:00
*
2013-12-24 13:57:12 -05:00
* @ since 2.3 . 0
*
2008-01-11 15:51:39 -05:00
* @ return void Does not return anything
2007-09-18 18:23:16 -04:00
**/
function wp_safe_redirect ( $location , $status = 302 ) {
2007-09-18 23:47:37 -04:00
// Need to look at the URL the way it will end up in wp_redirect()
$location = wp_sanitize_redirect ( $location );
2009-06-19 15:30:17 -04:00
$location = wp_validate_redirect ( $location , admin_url ());
wp_redirect ( $location , $status );
}
endif ;
if ( ! function_exists ( 'wp_validate_redirect' ) ) :
/**
* Validates a URL for use in a redirect .
*
* Checks whether the $location is using an allowed host , if it has an absolute
* path . A plugin can therefore set or remove allowed host ( s ) to or from the
* list .
*
* If the host is not allowed , then the redirect is to $default supplied
*
* @ since 2.8 . 1
*
* @ param string $location The redirect to validate
2011-12-20 17:06:34 -05:00
* @ param string $default The value to return if $location is not allowed
2009-06-19 15:30:17 -04:00
* @ return string redirect - sanitized URL
**/
function wp_validate_redirect ( $location , $default = '' ) {
2013-09-10 14:07:10 -04:00
$location = trim ( $location );
2007-09-18 23:47:37 -04:00
// browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
if ( substr ( $location , 0 , 2 ) == '//' )
$location = 'http:' . $location ;
2008-07-13 01:16:54 -04:00
// In php 5 parse_url may fail if the URL query part contains http://, bug #38143
$test = ( $cut = strpos ( $location , '?' ) ) ? substr ( $location , 0 , $cut ) : $location ;
2008-08-09 01:36:14 -04:00
2008-07-13 01:16:54 -04:00
$lp = parse_url ( $test );
2010-03-11 09:54:11 -05:00
// Give up if malformed URL
if ( false === $lp )
return $default ;
// Allow only http and https schemes. No data:, etc.
if ( isset ( $lp [ 'scheme' ]) && ! ( 'http' == $lp [ 'scheme' ] || 'https' == $lp [ 'scheme' ]) )
return $default ;
2010-03-29 12:47:17 -04:00
// Reject if scheme is set but host is not. This catches urls like https:host.com for which parse_url does not set the host field.
if ( isset ( $lp [ 'scheme' ]) && ! isset ( $lp [ 'host' ]) )
return $default ;
2010-01-04 12:23:29 -05:00
$wpp = parse_url ( home_url ());
2007-09-18 23:47:37 -04:00
2014-03-28 17:21:15 -04:00
/**
* Filter the whitelist of hosts to redirect to .
*
* @ since 2.3 . 0
*
* @ param array $hosts An array of allowed hosts .
* @ param bool | string $host The parsed host ; empty if not isset .
*/
$allowed_hosts = ( array ) apply_filters ( 'allowed_redirect_hosts' , array ( $wpp [ 'host' ]), isset ( $lp [ 'host' ]) ? $lp [ 'host' ] : '' );
2007-09-19 00:14:53 -04:00
2007-10-10 15:25:23 -04:00
if ( isset ( $lp [ 'host' ]) && ( ! in_array ( $lp [ 'host' ], $allowed_hosts ) && $lp [ 'host' ] != strtolower ( $wpp [ 'host' ])) )
2009-06-19 15:30:17 -04:00
$location = $default ;
2007-09-18 18:23:16 -04:00
2009-06-19 15:30:17 -04:00
return $location ;
2007-09-18 18:23:16 -04:00
}
endif ;
2005-04-19 23:37:23 -04:00
if ( ! function_exists ( 'wp_notify_postauthor' ) ) :
2008-01-11 15:51:39 -05:00
/**
2013-11-24 20:47:10 -05:00
* Notify an author ( and / or others ) of a comment / trackback / pingback on a post .
2008-01-11 15:51:39 -05:00
*
2008-01-20 01:53:42 -05:00
* @ since 1.0 . 0
2008-01-11 15:51:39 -05:00
*
* @ param int $comment_id Comment ID
2013-11-24 11:26:10 -05:00
* @ param string $deprecated Not used
2013-11-24 20:47:10 -05:00
* @ return bool True on completion . False if no email addresses were specified .
2008-01-11 15:51:39 -05:00
*/
2013-11-24 11:26:10 -05:00
function wp_notify_postauthor ( $comment_id , $deprecated = null ) {
if ( null !== $deprecated ) {
_deprecated_argument ( __FUNCTION__ , '3.8' );
}
2010-11-11 11:28:49 -05:00
$comment = get_comment ( $comment_id );
2013-09-13 18:18:08 -04:00
if ( empty ( $comment ) )
return false ;
2010-11-11 11:28:49 -05:00
$post = get_post ( $comment -> comment_post_ID );
$author = get_userdata ( $post -> post_author );
2005-04-19 23:37:23 -04:00
2013-11-24 20:47:10 -05:00
// Who to notify? By default, just the post author, but others can be added.
2014-03-17 16:31:14 -04:00
$emails = array ();
if ( $author ) {
$emails [] = $author -> user_email ;
}
2013-11-25 23:10:09 -05:00
/**
2014-03-28 17:21:15 -04:00
* Filter the list of email addresses to receive a comment notification .
2013-11-25 23:10:09 -05:00
*
2014-03-28 17:21:15 -04:00
* By default , only post authors are notified of comments . This filter allows
* others to be added .
2013-11-25 23:10:09 -05:00
*
* @ since 3.7 . 0
*
2014-03-28 17:21:15 -04:00
* @ param array $emails An array of email addresses to receive a comment notification .
2013-11-25 23:10:09 -05:00
* @ param int $comment_id The comment ID .
*/
2013-11-24 20:47:10 -05:00
$emails = apply_filters ( 'comment_notification_recipients' , $emails , $comment_id );
$emails = array_filter ( $emails );
2010-11-06 11:20:50 -04:00
2013-11-24 20:47:10 -05:00
// If there are no addresses to send the comment to, bail.
if ( ! count ( $emails ) ) {
2010-11-11 11:28:49 -05:00
return false ;
2013-11-24 20:47:10 -05:00
}
// Facilitate unsetting below without knowing the keys.
$emails = array_flip ( $emails );
2013-11-25 23:10:09 -05:00
/**
* Filter whether to notify comment authors of their comments on their own posts .
*
2014-03-28 17:21:15 -04:00
* By default , comment authors aren ' t notified of their comments on their own
* posts . This filter allows you to override that .
2013-11-25 23:10:09 -05:00
*
* @ since 3.8 . 0
*
2014-03-28 17:21:15 -04:00
* @ param bool $notify Whether to notify the post author of their own comment .
* Default false .
2013-11-25 23:10:09 -05:00
* @ param int $comment_id The comment ID .
*/
2013-11-24 20:47:10 -05:00
$notify_author = apply_filters ( 'comment_notification_notify_author' , false , $comment_id );
// The comment was left by the author
2014-03-17 16:31:14 -04:00
if ( $author && ! $notify_author && $comment -> user_id == $post -> post_author ) {
2013-11-24 20:47:10 -05:00
unset ( $emails [ $author -> user_email ] );
}
// The author moderated a comment on their own post
2014-03-17 16:31:14 -04:00
if ( $author && ! $notify_author && $post -> post_author == get_current_user_id () ) {
2013-11-24 20:47:10 -05:00
unset ( $emails [ $author -> user_email ] );
}
2009-05-24 19:47:49 -04:00
2013-07-10 18:01:12 -04:00
// The post author is no longer a member of the blog
2014-03-17 16:31:14 -04:00
if ( $author && ! $notify_author && ! user_can ( $post -> post_author , 'read_post' , $post -> ID ) ) {
2013-11-24 20:47:10 -05:00
unset ( $emails [ $author -> user_email ] );
}
2013-07-10 18:01:12 -04:00
2013-11-24 20:47:10 -05:00
// If there's no email to send the comment to, bail, otherwise flip array back around for use below
if ( ! count ( $emails ) ) {
2010-11-11 11:28:49 -05:00
return false ;
2013-11-24 20:47:10 -05:00
} else {
$emails = array_flip ( $emails );
}
2005-04-19 23:37:23 -04:00
2006-10-03 23:05:54 -04:00
$comment_author_domain = @ gethostbyaddr ( $comment -> comment_author_IP );
2010-01-15 17:11:12 -05:00
2009-12-13 06:38:45 -05:00
// The blogname option is escaped with esc_html on the way into the database in sanitize_option
// we want to reverse this for the plain text arena of emails.
$blogname = wp_specialchars_decode ( get_option ( 'blogname' ), ENT_QUOTES );
2006-02-12 02:53:23 -05:00
2013-11-24 20:47:10 -05:00
switch ( $comment -> comment_type ) {
2013-11-12 21:32:10 -05:00
case 'trackback' :
$notify_message = sprintf ( __ ( 'New trackback on your post "%s"' ), $post -> post_title ) . " \r \n " ;
/* translators: 1: website name, 2: author IP, 3: author domain */
2015-01-06 12:17:21 -05:00
$notify_message .= sprintf ( __ ( 'Website: %1$s (IP: %2$s, %3$s)' ), $comment -> comment_author , $comment -> comment_author_IP , $comment_author_domain ) . " \r \n " ;
2014-10-24 13:08:18 -04:00
$notify_message .= sprintf ( __ ( 'URL: %s' ), $comment -> comment_author_url ) . " \r \n " ;
2015-03-13 14:29:27 -04:00
$notify_message .= sprintf ( __ ( 'Comment: %s' ), " \r \n " . $comment -> comment_content ) . " \r \n \r \n " ;
2014-10-24 13:08:18 -04:00
$notify_message .= __ ( 'You can see all trackbacks on this post here:' ) . " \r \n " ;
2013-11-12 21:32:10 -05:00
/* translators: 1: blog name, 2: post title */
$subject = sprintf ( __ ( '[%1$s] Trackback: "%2$s"' ), $blogname , $post -> post_title );
break ;
case 'pingback' :
$notify_message = sprintf ( __ ( 'New pingback on your post "%s"' ), $post -> post_title ) . " \r \n " ;
/* translators: 1: comment author, 2: author IP, 3: author domain */
2015-01-06 12:17:21 -05:00
$notify_message .= sprintf ( __ ( 'Website: %1$s (IP: %2$s, %3$s)' ), $comment -> comment_author , $comment -> comment_author_IP , $comment_author_domain ) . " \r \n " ;
2014-10-24 13:08:18 -04:00
$notify_message .= sprintf ( __ ( 'URL: %s' ), $comment -> comment_author_url ) . " \r \n " ;
2015-03-13 14:29:27 -04:00
$notify_message .= sprintf ( __ ( 'Comment: %s' ), " \r \n " . $comment -> comment_content ) . " \r \n \r \n " ;
2014-10-24 13:08:18 -04:00
$notify_message .= __ ( 'You can see all pingbacks on this post here:' ) . " \r \n " ;
2013-11-12 21:32:10 -05:00
/* translators: 1: blog name, 2: post title */
$subject = sprintf ( __ ( '[%1$s] Pingback: "%2$s"' ), $blogname , $post -> post_title );
break ;
default : // Comments
$notify_message = sprintf ( __ ( 'New comment on your post "%s"' ), $post -> post_title ) . " \r \n " ;
/* translators: 1: comment author, 2: author IP, 3: author domain */
2015-01-06 12:17:21 -05:00
$notify_message .= sprintf ( __ ( 'Author: %1$s (IP: %2$s, %3$s)' ), $comment -> comment_author , $comment -> comment_author_IP , $comment_author_domain ) . " \r \n " ;
2014-10-24 13:08:18 -04:00
$notify_message .= sprintf ( __ ( 'E-mail: %s' ), $comment -> comment_author_email ) . " \r \n " ;
$notify_message .= sprintf ( __ ( 'URL: %s' ), $comment -> comment_author_url ) . " \r \n " ;
$notify_message .= sprintf ( __ ( 'Whois: %s' ), " http://whois.arin.net/rest/ip/ { $comment -> comment_author_IP } " ) . " \r \n " ;
2015-03-13 14:29:27 -04:00
$notify_message .= sprintf ( __ ( 'Comment: %s' ), " \r \n " . $comment -> comment_content ) . " \r \n \r \n " ;
2014-10-24 13:08:18 -04:00
$notify_message .= __ ( 'You can see all comments on this post here:' ) . " \r \n " ;
2013-11-12 21:32:10 -05:00
/* translators: 1: blog name, 2: post title */
$subject = sprintf ( __ ( '[%1$s] Comment: "%2$s"' ), $blogname , $post -> post_title );
break ;
2005-04-19 23:37:23 -04:00
}
$notify_message .= get_permalink ( $comment -> comment_post_ID ) . " #comments \r \n \r \n " ;
2014-03-17 16:20:15 -04:00
$notify_message .= sprintf ( __ ( 'Permalink: %s' ), get_comment_link ( $comment_id ) ) . " \r \n " ;
2013-07-10 18:01:12 -04:00
if ( user_can ( $post -> post_author , 'edit_comment' , $comment_id ) ) {
if ( EMPTY_TRASH_DAYS )
$notify_message .= sprintf ( __ ( 'Trash it: %s' ), admin_url ( " comment.php?action=trash&c= $comment_id " ) ) . " \r \n " ;
else
$notify_message .= sprintf ( __ ( 'Delete it: %s' ), admin_url ( " comment.php?action=delete&c= $comment_id " ) ) . " \r \n " ;
$notify_message .= sprintf ( __ ( 'Spam it: %s' ), admin_url ( " comment.php?action=spam&c= $comment_id " ) ) . " \r \n " ;
}
2005-04-19 23:37:23 -04:00
2005-11-25 17:57:26 -05:00
$wp_email = 'wordpress@' . preg_replace ( '#^www\.#' , '' , strtolower ( $_SERVER [ 'SERVER_NAME' ]));
2005-11-10 19:07:39 -05:00
if ( '' == $comment -> comment_author ) {
2005-11-25 17:57:26 -05:00
$from = " From: \" $blogname\ " < $wp_email > " ;
2005-11-10 19:07:39 -05:00
if ( '' != $comment -> comment_author_email )
$reply_to = " Reply-To: $comment->comment_author_email " ;
2006-11-19 02:56:05 -05:00
} else {
2005-11-25 17:57:26 -05:00
$from = " From: \" $comment->comment_author\ " < $wp_email > " ;
2005-11-10 19:07:39 -05:00
if ( '' != $comment -> comment_author_email )
$reply_to = " Reply-To: \" $comment->comment_author_email\ " < $comment -> comment_author_email > " ;
2006-11-19 02:56:05 -05:00
}
2005-04-19 23:37:23 -04:00
2007-06-26 16:18:56 -04:00
$message_headers = " $from\n "
2006-08-30 17:46:31 -04:00
. " Content-Type: text/plain; charset= \" " . get_option ( 'blog_charset' ) . " \" \n " ;
2005-04-19 23:37:23 -04:00
2005-11-10 21:00:06 -05:00
if ( isset ( $reply_to ) )
$message_headers .= $reply_to . " \n " ;
2014-03-28 17:21:15 -04:00
/**
* Filter the comment notification email text .
*
* @ since 1.5 . 2
*
* @ param string $notify_message The comment notification email text .
* @ param int $comment_id Comment ID .
*/
$notify_message = apply_filters ( 'comment_notification_text' , $notify_message , $comment_id );
/**
* Filter the comment notification email subject .
*
* @ since 1.5 . 2
*
* @ param string $subject The comment notification email subject .
* @ param int $comment_id Comment ID .
*/
$subject = apply_filters ( 'comment_notification_subject' , $subject , $comment_id );
/**
* Filter the comment notification email headers .
*
* @ since 1.5 . 2
*
* @ param string $message_headers Headers for the comment notification email .
* @ param int $comment_id Comment ID .
*/
$message_headers = apply_filters ( 'comment_notification_headers' , $message_headers , $comment_id );
2013-08-23 15:36:10 -04:00
foreach ( $emails as $email ) {
2014-03-27 22:44:15 -04:00
@ wp_mail ( $email , wp_specialchars_decode ( $subject ), $notify_message , $message_headers );
2013-08-23 15:36:10 -04:00
}
2007-06-13 22:25:30 -04:00
2005-04-19 23:37:23 -04:00
return true ;
}
endif ;
if ( ! function_exists ( 'wp_notify_moderator' ) ) :
2008-01-11 15:51:39 -05:00
/**
2008-06-22 16:23:23 -04:00
* Notifies the moderator of the blog about a new comment that is awaiting approval .
2008-01-11 15:51:39 -05:00
*
2013-12-24 13:57:12 -05:00
* @ since 1.0 . 0
*
2014-10-31 13:56:22 -04:00
* @ global wpdb $wpdb WordPress database abstraction object .
2008-01-11 15:51:39 -05:00
*
* @ param int $comment_id Comment ID
* @ return bool Always returns true
*/
2005-04-19 23:37:23 -04:00
function wp_notify_moderator ( $comment_id ) {
global $wpdb ;
2010-11-06 11:20:50 -04:00
if ( 0 == get_option ( 'moderation_notify' ) )
2007-09-03 19:32:58 -04:00
return true ;
2007-06-13 22:25:30 -04:00
2010-11-06 11:20:50 -04:00
$comment = get_comment ( $comment_id );
$post = get_post ( $comment -> comment_post_ID );
$user = get_userdata ( $post -> post_author );
2011-09-05 15:08:15 -04:00
// Send to the administration and to the post author if the author can modify the comment.
2013-11-12 21:41:09 -05:00
$emails = array ( get_option ( 'admin_email' ) );
if ( user_can ( $user -> ID , 'edit_comment' , $comment_id ) && ! empty ( $user -> user_email ) ) {
if ( 0 !== strcasecmp ( $user -> user_email , get_option ( 'admin_email' ) ) )
$emails [] = $user -> user_email ;
}
2005-04-19 23:37:23 -04:00
2006-10-03 23:05:54 -04:00
$comment_author_domain = @ gethostbyaddr ( $comment -> comment_author_IP );
2005-04-19 23:37:23 -04:00
$comments_waiting = $wpdb -> get_var ( " SELECT count(comment_ID) FROM $wpdb->comments WHERE comment_approved = '0' " );
2010-01-15 17:11:12 -05:00
2009-12-13 06:38:45 -05:00
// The blogname option is escaped with esc_html on the way into the database in sanitize_option
// we want to reverse this for the plain text arena of emails.
$blogname = wp_specialchars_decode ( get_option ( 'blogname' ), ENT_QUOTES );
2010-01-15 17:11:12 -05:00
2013-11-12 21:32:10 -05:00
switch ( $comment -> comment_type ) {
2008-02-16 12:03:05 -05:00
case 'trackback' :
2010-06-06 10:44:48 -04:00
$notify_message = sprintf ( __ ( 'A new trackback on the post "%s" is waiting for your approval' ), $post -> post_title ) . " \r \n " ;
2008-02-16 12:03:05 -05:00
$notify_message .= get_permalink ( $comment -> comment_post_ID ) . " \r \n \r \n " ;
2015-01-06 12:17:21 -05:00
$notify_message .= sprintf ( __ ( 'Website: %1$s (IP: %2$s, %3$s)' ), $comment -> comment_author , $comment -> comment_author_IP , $comment_author_domain ) . " \r \n " ;
2015-01-06 12:10:35 -05:00
$notify_message .= sprintf ( __ ( 'URL: %s' ), $comment -> comment_author_url ) . " \r \n " ;
2008-02-18 12:13:21 -05:00
$notify_message .= __ ( 'Trackback excerpt: ' ) . " \r \n " . $comment -> comment_content . " \r \n \r \n " ;
2008-02-16 12:03:05 -05:00
break ;
case 'pingback' :
2010-05-22 09:48:38 -04:00
$notify_message = sprintf ( __ ( 'A new pingback on the post "%s" is waiting for your approval' ), $post -> post_title ) . " \r \n " ;
2008-02-16 12:03:05 -05:00
$notify_message .= get_permalink ( $comment -> comment_post_ID ) . " \r \n \r \n " ;
2015-01-06 12:17:21 -05:00
$notify_message .= sprintf ( __ ( 'Website: %1$s (IP: %2$s, %3$s)' ), $comment -> comment_author , $comment -> comment_author_IP , $comment_author_domain ) . " \r \n " ;
2015-01-06 12:10:35 -05:00
$notify_message .= sprintf ( __ ( 'URL: %s' ), $comment -> comment_author_url ) . " \r \n " ;
2008-02-16 12:03:05 -05:00
$notify_message .= __ ( 'Pingback excerpt: ' ) . " \r \n " . $comment -> comment_content . " \r \n \r \n " ;
break ;
2013-11-12 21:32:10 -05:00
default : // Comments
2010-05-22 09:48:38 -04:00
$notify_message = sprintf ( __ ( 'A new comment on the post "%s" is waiting for your approval' ), $post -> post_title ) . " \r \n " ;
2008-02-16 12:03:05 -05:00
$notify_message .= get_permalink ( $comment -> comment_post_ID ) . " \r \n \r \n " ;
2015-01-06 12:17:21 -05:00
$notify_message .= sprintf ( __ ( 'Author: %1$s (IP: %2$s, %3$s)' ), $comment -> comment_author , $comment -> comment_author_IP , $comment_author_domain ) . " \r \n " ;
2015-01-06 12:10:35 -05:00
$notify_message .= sprintf ( __ ( 'E-mail: %s' ), $comment -> comment_author_email ) . " \r \n " ;
$notify_message .= sprintf ( __ ( 'URL: %s' ), $comment -> comment_author_url ) . " \r \n " ;
$notify_message .= sprintf ( __ ( 'Whois: %s' ), " http://whois.arin.net/rest/ip/ { $comment -> comment_author_IP } " ) . " \r \n " ;
2015-03-13 14:29:27 -04:00
$notify_message .= sprintf ( __ ( 'Comment: %s' ), " \r \n " . $comment -> comment_content ) . " \r \n \r \n " ;
2008-02-16 12:03:05 -05:00
break ;
}
2008-03-02 15:17:30 -05:00
2009-12-15 05:55:55 -05:00
$notify_message .= sprintf ( __ ( 'Approve it: %s' ), admin_url ( " comment.php?action=approve&c= $comment_id " ) ) . " \r \n " ;
if ( EMPTY_TRASH_DAYS )
$notify_message .= sprintf ( __ ( 'Trash it: %s' ), admin_url ( " comment.php?action=trash&c= $comment_id " ) ) . " \r \n " ;
else
$notify_message .= sprintf ( __ ( 'Delete it: %s' ), admin_url ( " comment.php?action=delete&c= $comment_id " ) ) . " \r \n " ;
$notify_message .= sprintf ( __ ( 'Spam it: %s' ), admin_url ( " comment.php?action=spam&c= $comment_id " ) ) . " \r \n " ;
2008-03-02 15:17:30 -05:00
2009-02-20 14:35:16 -05:00
$notify_message .= sprintf ( _n ( 'Currently %s comment is waiting for approval. Please visit the moderation panel:' ,
2008-05-27 07:42:32 -04:00
'Currently %s comments are waiting for approval. Please visit the moderation panel:' , $comments_waiting ), number_format_i18n ( $comments_waiting ) ) . " \r \n " ;
2008-06-06 03:39:11 -04:00
$notify_message .= admin_url ( " edit-comments.php?comment_status=moderated " ) . " \r \n " ;
2005-04-19 23:37:23 -04:00
2009-12-13 06:38:45 -05:00
$subject = sprintf ( __ ( '[%1$s] Please moderate: "%2$s"' ), $blogname , $post -> post_title );
2009-05-29 16:00:06 -04:00
$message_headers = '' ;
2005-08-30 19:17:42 -04:00
2014-03-28 17:21:15 -04:00
/**
* Filter the list of recipients for comment moderation emails .
*
* @ since 3.7 . 0
*
* @ param array $emails List of email addresses to notify for comment moderation .
* @ param int $comment_id Comment ID .
*/
$emails = apply_filters ( 'comment_moderation_recipients' , $emails , $comment_id );
/**
* Filter the comment moderation email text .
*
* @ since 1.5 . 2
*
* @ param string $notify_message Text of the comment moderation email .
* @ param int $comment_id Comment ID .
*/
$notify_message = apply_filters ( 'comment_moderation_text' , $notify_message , $comment_id );
/**
* Filter the comment moderation email subject .
*
* @ since 1.5 . 2
*
* @ param string $subject Subject of the comment moderation email .
* @ param int $comment_id Comment ID .
*/
$subject = apply_filters ( 'comment_moderation_subject' , $subject , $comment_id );
/**
* Filter the comment moderation email headers .
*
* @ since 2.8 . 0
*
* @ param string $message_headers Headers for the comment moderation email .
* @ param int $comment_id Comment ID .
*/
$message_headers = apply_filters ( 'comment_moderation_headers' , $message_headers , $comment_id );
2005-04-19 23:37:23 -04:00
2013-08-23 15:36:10 -04:00
foreach ( $emails as $email ) {
2014-03-27 22:44:15 -04:00
@ wp_mail ( $email , wp_specialchars_decode ( $subject ), $notify_message , $message_headers );
2013-08-23 15:36:10 -04:00
}
2006-11-19 02:56:05 -05:00
2005-04-19 23:37:23 -04:00
return true ;
}
endif ;
2008-07-29 16:21:34 -04:00
if ( ! function_exists ( 'wp_password_change_notification' ) ) :
/**
* Notify the blog admin of a user changing password , normally via email .
*
2013-12-24 13:57:12 -05:00
* @ since 2.7 . 0
2008-07-29 16:21:34 -04:00
*
* @ param object $user User Object
*/
function wp_password_change_notification ( & $user ) {
// send a copy of password change notification to the admin
// but check to see if it's the admin whose password we're changing, and skip this
2013-11-12 21:41:09 -05:00
if ( 0 !== strcasecmp ( $user -> user_email , get_option ( 'admin_email' ) ) ) {
2008-07-29 16:21:34 -04:00
$message = sprintf ( __ ( 'Password Lost and Changed for user: %s' ), $user -> user_login ) . " \r \n " ;
2009-12-14 17:09:54 -05:00
// The blogname option is escaped with esc_html on the way into the database in sanitize_option
// we want to reverse this for the plain text arena of emails.
$blogname = wp_specialchars_decode ( get_option ( 'blogname' ), ENT_QUOTES );
wp_mail ( get_option ( 'admin_email' ), sprintf ( __ ( '[%s] Password Lost/Changed' ), $blogname ), $message );
2008-07-29 16:21:34 -04:00
}
}
endif ;
2005-09-13 20:03:02 -04:00
if ( ! function_exists ( 'wp_new_user_notification' ) ) :
2008-01-11 15:51:39 -05:00
/**
2014-02-09 16:07:12 -05:00
* Email login credentials to a newly - registered user .
*
* A new user registration notification is also sent to admin email .
2008-01-11 15:51:39 -05:00
*
2013-12-24 13:57:12 -05:00
* @ since 2.0 . 0
2008-01-11 15:51:39 -05:00
*
2014-02-09 16:07:12 -05:00
* @ param int $user_id User ID .
* @ param string $plaintext_pass Optional . The user ' s plaintext password . Default empty .
2008-01-11 15:51:39 -05:00
*/
2005-09-13 20:03:02 -04:00
function wp_new_user_notification ( $user_id , $plaintext_pass = '' ) {
2012-08-02 21:06:05 -04:00
$user = get_userdata ( $user_id );
2006-02-12 02:53:23 -05:00
2009-12-13 06:38:45 -05:00
// The blogname option is escaped with esc_html on the way into the database in sanitize_option
// we want to reverse this for the plain text arena of emails.
$blogname = wp_specialchars_decode ( get_option ( 'blogname' ), ENT_QUOTES );
2006-02-12 02:53:23 -05:00
2010-04-29 23:17:49 -04:00
$message = sprintf ( __ ( 'New user registration on your site %s:' ), $blogname ) . " \r \n \r \n " ;
2013-03-03 15:55:30 -05:00
$message .= sprintf ( __ ( 'Username: %s' ), $user -> user_login ) . " \r \n \r \n " ;
$message .= sprintf ( __ ( 'E-mail: %s' ), $user -> user_email ) . " \r \n " ;
2006-02-12 02:53:23 -05:00
2009-12-13 06:38:45 -05:00
@ wp_mail ( get_option ( 'admin_email' ), sprintf ( __ ( '[%s] New User Registration' ), $blogname ), $message );
2005-09-13 20:03:02 -04:00
if ( empty ( $plaintext_pass ) )
return ;
2013-03-03 15:55:30 -05:00
$message = sprintf ( __ ( 'Username: %s' ), $user -> user_login ) . " \r \n " ;
2005-09-13 20:03:02 -04:00
$message .= sprintf ( __ ( 'Password: %s' ), $plaintext_pass ) . " \r \n " ;
2009-04-14 14:31:49 -04:00
$message .= wp_login_url () . " \r \n " ;
2006-02-12 02:53:23 -05:00
2013-03-03 15:55:30 -05:00
wp_mail ( $user -> user_email , sprintf ( __ ( '[%s] Your username and password' ), $blogname ), $message );
2006-02-12 02:53:23 -05:00
2005-09-13 20:03:02 -04:00
}
endif ;
2008-03-17 22:43:20 -04:00
if ( ! function_exists ( 'wp_nonce_tick' ) ) :
/**
2008-06-22 16:23:23 -04:00
* Get the time - dependent variable for nonce creation .
2008-03-17 22:43:20 -04:00
*
2008-06-22 16:23:23 -04:00
* A nonce has a lifespan of two ticks . Nonces in their second tick may be
* updated , e . g . by autosave .
2008-03-17 22:43:20 -04:00
*
2013-12-24 13:57:12 -05:00
* @ since 2.5 . 0
2008-03-17 22:43:20 -04:00
*
2014-11-30 17:19:25 -05:00
* @ return float Float value rounded up to the next highest integer .
2008-03-17 22:43:20 -04:00
*/
function wp_nonce_tick () {
2014-03-28 17:21:15 -04:00
/**
* Filter the lifespan of nonces in seconds .
*
* @ since 2.5 . 0
*
* @ param int $lifespan Lifespan of nonces in seconds . Default 86 , 400 seconds , or one day .
*/
2012-09-25 01:26:19 -04:00
$nonce_life = apply_filters ( 'nonce_life' , DAY_IN_SECONDS );
2008-03-17 22:43:20 -04:00
return ceil ( time () / ( $nonce_life / 2 ));
}
endif ;
2006-05-02 18:08:34 -04:00
if ( ! function_exists ( 'wp_verify_nonce' ) ) :
2008-01-11 15:51:39 -05:00
/**
2008-06-22 16:23:23 -04:00
* Verify that correct nonce was used with time limit .
2008-01-11 15:51:39 -05:00
*
2008-06-22 16:23:23 -04:00
* The user is given an amount of time to use the token , so therefore , since the
* UID and $action remain the same , the independent variable is the time .
2008-01-11 15:51:39 -05:00
*
2009-01-30 13:08:28 -05:00
* @ since 2.0 . 3
2008-01-11 15:51:39 -05:00
*
2014-11-30 17:19:25 -05:00
* @ param string $nonce Nonce that was used in the form to verify
2008-01-11 15:51:39 -05:00
* @ param string | int $action Should give context to what is taking place and be the same when nonce was created .
2015-02-08 23:57:27 -05:00
* @ return false | int False if the nonce is invalid , 1 if the nonce is valid and generated between
* 0 - 12 hours ago , 2 if the nonce is valid and generated between 12 - 24 hours ago .
2008-01-11 15:51:39 -05:00
*/
2014-11-26 14:19:23 -05:00
function wp_verify_nonce ( $nonce , $action = - 1 ) {
$nonce = ( string ) $nonce ;
2006-05-02 18:08:34 -04:00
$user = wp_get_current_user ();
2011-08-03 23:09:27 -04:00
$uid = ( int ) $user -> ID ;
2014-03-28 17:21:15 -04:00
if ( ! $uid ) {
/**
* Filter whether the user who generated the nonce is logged out .
*
* @ since 3.5 . 0
*
* @ param int $uid ID of the nonce - owning user .
* @ param string $action The nonce action .
*/
2012-09-13 13:17:47 -04:00
$uid = apply_filters ( 'nonce_user_logged_out' , $uid , $action );
2014-03-28 17:21:15 -04:00
}
2006-05-02 18:08:34 -04:00
2014-08-26 03:39:19 -04:00
if ( empty ( $nonce ) ) {
return false ;
}
2014-07-18 05:13:15 -04:00
$token = wp_get_session_token ();
2008-03-17 22:43:20 -04:00
$i = wp_nonce_tick ();
2006-05-02 18:08:34 -04:00
2008-03-17 22:43:20 -04:00
// Nonce generated 0-12 hours ago
2014-08-06 01:26:16 -04:00
$expected = substr ( wp_hash ( $i . '|' . $action . '|' . $uid . '|' . $token , 'nonce' ), - 12 , 10 );
if ( hash_equals ( $expected , $nonce ) ) {
2008-03-17 22:43:20 -04:00
return 1 ;
2014-07-18 05:13:15 -04:00
}
2008-03-17 22:43:20 -04:00
// Nonce generated 12-24 hours ago
2014-08-06 01:26:16 -04:00
$expected = substr ( wp_hash ( ( $i - 1 ) . '|' . $action . '|' . $uid . '|' . $token , 'nonce' ), - 12 , 10 );
if ( hash_equals ( $expected , $nonce ) ) {
2008-03-17 22:43:20 -04:00
return 2 ;
2014-07-18 05:13:15 -04:00
}
2008-03-17 22:43:20 -04:00
// Invalid nonce
2006-05-02 18:08:34 -04:00
return false ;
}
endif ;
if ( ! function_exists ( 'wp_create_nonce' ) ) :
2008-01-11 15:51:39 -05:00
/**
2014-06-20 16:47:14 -04:00
* Creates a cryptographic token tied to a specific action , user , and window of time .
2008-01-11 15:51:39 -05:00
*
2009-01-30 13:08:28 -05:00
* @ since 2.0 . 3
2008-01-11 15:51:39 -05:00
*
2014-11-30 17:19:25 -05:00
* @ param string | int $action Scalar value to add context to the nonce .
2014-06-20 16:47:14 -04:00
* @ return string The token .
2008-01-11 15:51:39 -05:00
*/
2006-05-02 18:08:34 -04:00
function wp_create_nonce ( $action = - 1 ) {
$user = wp_get_current_user ();
2011-08-03 23:09:27 -04:00
$uid = ( int ) $user -> ID ;
2014-03-28 17:21:15 -04:00
if ( ! $uid ) {
/** This filter is documented in wp-includes/pluggable.php */
2012-09-13 13:17:47 -04:00
$uid = apply_filters ( 'nonce_user_logged_out' , $uid , $action );
2014-03-28 17:21:15 -04:00
}
2006-05-02 18:08:34 -04:00
2014-07-18 05:13:15 -04:00
$token = wp_get_session_token ();
2008-03-17 22:43:20 -04:00
$i = wp_nonce_tick ();
2006-11-19 02:56:05 -05:00
2014-07-18 05:13:15 -04:00
return substr ( wp_hash ( $i . '|' . $action . '|' . $uid . '|' . $token , 'nonce' ), - 12 , 10 );
2006-05-30 20:24:03 -04:00
}
endif ;
2006-05-30 21:40:00 -04:00
if ( ! function_exists ( 'wp_salt' ) ) :
2008-01-11 15:51:39 -05:00
/**
2012-01-09 15:52:08 -05:00
* Get salt to add to hashes .
2008-06-22 16:23:23 -04:00
*
2012-01-09 15:52:08 -05:00
* Salts are created using secret keys . Secret keys are located in two places :
* in the database and in the wp - config . php file . The secret key in the database
* is randomly generated and will be appended to the secret keys in wp - config . php .
2008-01-11 15:51:39 -05:00
*
2012-01-09 15:52:08 -05:00
* The secret keys in wp - config . php should be updated to strong , random keys to maximize
* security . Below is an example of how the secret key constants are defined .
* Do not paste this example directly into wp - config . php . Instead , have a
* { @ link https :// api . wordpress . org / secret - key / 1.1 / salt / secret key created } just
* for you .
2008-01-11 15:51:39 -05:00
*
2014-11-24 01:05:23 -05:00
* define ( 'AUTH_KEY' , ' Xakm<o xQy rw4EMsLKM-?!T+,PFF})H4lzcW57AF0U@N@< >M%G4Yt>f`z]MON' );
* define ( 'SECURE_AUTH_KEY' , 'LzJ}op]mr|6+![P}Ak:uNdJCJZd>(Hx.-Mh#Tz)pCIU#uGEnfFz|f ;;eU%/U^O~' );
* define ( 'LOGGED_IN_KEY' , '|i|Ux`9<p-h$aFf(qnT:sDO:D1P^wZ$$/Ra@miTJi9G;ddp_<q}6H1)o|a +&JCM' );
* define ( 'NONCE_KEY' , '%:R{[P|,s.KuMltH5}cI;/k<Gx~j!f0I)m_sIyu+&NJZ)-iO>z7X>QYR0Z_XnZ@|' );
* define ( 'AUTH_SALT' , 'eZyT)-Naw]F8CwA*VaW#q*|.)g@o}||wf~@C-YSt}(dh_r6EbI#A,y|nU2{B#JBW' );
* define ( 'SECURE_AUTH_SALT' , '!=oLUTXh,QW=H `}`L|9/^4-3 STz},T(w}W<I`.JjPi)<Bmf1v,HpGe}T1:Xt7n' );
* define ( 'LOGGED_IN_SALT' , '+XSqHc;@Q*K_b|Z?NC[3H!!EONbh.n<+=uKR:>*c(u`g~EJBf#8u#R{mUEZrozmm' );
* define ( 'NONCE_SALT' , 'h`GXHhD>SLWVfg1(1(N{;.V!MoE(SfbA_ksP@&`+AycHcAV$+?@3q+rxV{%^VyKT' );
2008-01-11 15:51:39 -05:00
*
2008-06-22 16:23:23 -04:00
* Salting passwords helps against tools which has stored hashed values of
2012-01-09 15:52:08 -05:00
* common dictionary strings . The added values makes it harder to crack .
2008-01-11 15:51:39 -05:00
*
2013-12-24 13:57:12 -05:00
* @ since 2.5 . 0
2012-01-09 15:52:08 -05:00
*
* @ link https :// api . wordpress . org / secret - key / 1.1 / salt / Create secrets for wp - config . php
2008-01-11 15:51:39 -05:00
*
2012-01-27 13:52:20 -05:00
* @ param string $scheme Authentication scheme ( auth , secure_auth , logged_in , nonce )
2010-02-22 15:27:02 -05:00
* @ return string Salt value
2008-01-11 15:51:39 -05:00
*/
2012-01-27 13:52:20 -05:00
function wp_salt ( $scheme = 'auth' ) {
2012-03-06 22:41:56 -05:00
static $cached_salts = array ();
2014-03-28 17:21:15 -04:00
if ( isset ( $cached_salts [ $scheme ] ) ) {
/**
* Filter the WordPress salt .
*
* @ since 2.5 . 0
*
* @ param string $cached_salt Cached salt for the given scheme .
* @ param string $scheme Authentication scheme . Values include 'auth' ,
* 'secure_auth' , 'logged_in' , and 'nonce' .
*/
2012-03-06 22:41:56 -05:00
return apply_filters ( 'salt' , $cached_salts [ $scheme ], $scheme );
2014-03-28 17:21:15 -04:00
}
2012-03-06 22:41:56 -05:00
2012-01-27 13:52:20 -05:00
static $duplicated_keys ;
if ( null === $duplicated_keys ) {
$duplicated_keys = array ( 'put your unique phrase here' => true );
foreach ( array ( 'AUTH' , 'SECURE_AUTH' , 'LOGGED_IN' , 'NONCE' , 'SECRET' ) as $first ) {
foreach ( array ( 'KEY' , 'SALT' ) as $second ) {
2014-06-11 14:36:15 -04:00
if ( ! defined ( " { $first } _ { $second } " ) ) {
2012-01-27 13:52:20 -05:00
continue ;
2014-06-11 14:36:15 -04:00
}
2012-01-27 13:52:20 -05:00
$value = constant ( " { $first } _ { $second } " );
$duplicated_keys [ $value ] = isset ( $duplicated_keys [ $value ] );
2008-06-11 13:25:55 -04:00
}
}
2012-01-27 13:52:20 -05:00
}
2008-06-11 13:25:55 -04:00
2014-06-11 14:36:15 -04:00
$values = array (
'key' => '' ,
'salt' => ''
);
if ( defined ( 'SECRET_KEY' ) && SECRET_KEY && empty ( $duplicated_keys [ SECRET_KEY ] ) ) {
$values [ 'key' ] = SECRET_KEY ;
}
if ( 'auth' == $scheme && defined ( 'SECRET_SALT' ) && SECRET_SALT && empty ( $duplicated_keys [ SECRET_SALT ] ) ) {
$values [ 'salt' ] = SECRET_SALT ;
}
2012-01-27 13:52:20 -05:00
if ( in_array ( $scheme , array ( 'auth' , 'secure_auth' , 'logged_in' , 'nonce' ) ) ) {
foreach ( array ( 'key' , 'salt' ) as $type ) {
$const = strtoupper ( " { $scheme } _ { $type } " );
if ( defined ( $const ) && constant ( $const ) && empty ( $duplicated_keys [ constant ( $const ) ] ) ) {
2014-06-11 14:36:15 -04:00
$values [ $type ] = constant ( $const );
} elseif ( ! $values [ $type ] ) {
$values [ $type ] = get_site_option ( " { $scheme } _ { $type } " );
if ( ! $values [ $type ] ) {
$values [ $type ] = wp_generate_password ( 64 , true , true );
update_site_option ( " { $scheme } _ { $type } " , $values [ $type ] );
2012-01-27 13:52:20 -05:00
}
2008-06-11 13:25:55 -04:00
}
2007-12-24 01:34:12 -05:00
}
2012-01-27 13:52:20 -05:00
} else {
2014-06-11 14:36:15 -04:00
if ( ! $values [ 'key' ] ) {
$values [ 'key' ] = get_site_option ( 'secret_key' );
if ( ! $values [ 'key' ] ) {
$values [ 'key' ] = wp_generate_password ( 64 , true , true );
update_site_option ( 'secret_key' , $values [ 'key' ] );
2008-12-07 16:31:13 -05:00
}
}
2014-06-11 14:36:15 -04:00
$values [ 'salt' ] = hash_hmac ( 'md5' , $scheme , $values [ 'key' ] );
2007-12-16 12:41:59 -05:00
}
2006-05-30 21:40:00 -04:00
2014-06-11 14:36:15 -04:00
$cached_salts [ $scheme ] = $values [ 'key' ] . $values [ 'salt' ];
2014-03-28 17:21:15 -04:00
/** This filter is documented in wp-includes/pluggable.php */
2012-03-06 22:41:56 -05:00
return apply_filters ( 'salt' , $cached_salts [ $scheme ], $scheme );
2006-05-30 21:40:00 -04:00
}
endif ;
2006-05-30 20:24:03 -04:00
if ( ! function_exists ( 'wp_hash' ) ) :
2008-01-11 15:51:39 -05:00
/**
2008-06-22 16:23:23 -04:00
* Get hash of given string .
2008-01-11 15:51:39 -05:00
*
2009-01-30 13:08:28 -05:00
* @ since 2.0 . 3
2008-01-11 15:51:39 -05:00
*
* @ param string $data Plain text to hash
* @ return string Hash of $data
*/
2008-06-11 13:25:55 -04:00
function wp_hash ( $data , $scheme = 'auth' ) {
$salt = wp_salt ( $scheme );
2006-05-30 20:24:03 -04:00
2008-04-23 20:30:49 -04:00
return hash_hmac ( 'md5' , $data , $salt );
2006-05-02 18:08:34 -04:00
}
endif ;
2007-12-02 00:14:11 -05:00
if ( ! function_exists ( 'wp_hash_password' ) ) :
2008-01-11 15:51:39 -05:00
/**
2008-06-22 16:23:23 -04:00
* Create a hash ( encrypt ) of a plain text password .
2008-01-11 15:51:39 -05:00
*
2008-06-22 16:23:23 -04:00
* For integration with other applications , this function can be overwritten to
* instead use the other package password checking algorithm .
2008-01-11 15:51:39 -05:00
*
2013-12-24 13:57:12 -05:00
* @ since 2.5 . 0
*
2008-01-11 15:51:39 -05:00
* @ global object $wp_hasher PHPass object
* @ uses PasswordHash :: HashPassword
*
* @ param string $password Plain text user password to hash
* @ return string The hash string of the password
*/
2007-12-02 00:14:11 -05:00
function wp_hash_password ( $password ) {
global $wp_hasher ;
if ( empty ( $wp_hasher ) ) {
2014-06-29 18:12:16 -04:00
require_once ( ABSPATH . WPINC . '/class-phpass.php' );
2007-12-02 00:14:11 -05:00
// By default, use the portable hash from phpass
2012-01-05 15:50:54 -05:00
$wp_hasher = new PasswordHash ( 8 , true );
2007-12-02 00:14:11 -05:00
}
2008-02-05 01:47:27 -05:00
2013-10-07 09:54:10 -04:00
return $wp_hasher -> HashPassword ( trim ( $password ) );
2007-12-02 00:14:11 -05:00
}
endif ;
if ( ! function_exists ( 'wp_check_password' ) ) :
2008-01-11 15:51:39 -05:00
/**
2008-06-22 16:23:23 -04:00
* Checks the plaintext password against the encrypted Password .
2008-01-11 15:51:39 -05:00
*
2008-06-22 16:23:23 -04:00
* Maintains compatibility between old version and the new cookie authentication
* protocol using PHPass library . The $hash parameter is the encrypted password
2011-09-05 15:08:15 -04:00
* and the function compares the plain text password when encrypted similarly
2008-06-22 16:23:23 -04:00
* against the already encrypted password to see if they match .
2008-01-11 15:51:39 -05:00
*
2008-06-22 16:23:23 -04:00
* For integration with other applications , this function can be overwritten to
* instead use the other package password checking algorithm .
2008-01-11 15:51:39 -05:00
*
2013-12-24 13:57:12 -05:00
* @ since 2.5 . 0
*
2008-01-11 15:51:39 -05:00
* @ global object $wp_hasher PHPass object used for checking the password
* against the $hash + $password
* @ uses PasswordHash :: CheckPassword
*
* @ param string $password Plaintext user ' s password
* @ param string $hash Hash of the user ' s password to check against .
* @ return bool False , if the $password does not match the hashed password
*/
2008-03-27 18:44:47 -04:00
function wp_check_password ( $password , $hash , $user_id = '' ) {
2007-12-02 00:14:11 -05:00
global $wp_hasher ;
2008-03-27 18:44:47 -04:00
// If the hash is still md5...
if ( strlen ( $hash ) <= 32 ) {
2014-11-20 06:49:23 -05:00
$check = hash_equals ( $hash , md5 ( $password ) );
2008-03-27 18:44:47 -04:00
if ( $check && $user_id ) {
// Rehash using new hash.
wp_set_password ( $password , $user_id );
$hash = wp_hash_password ( $password );
}
2014-03-28 17:21:15 -04:00
/**
* Filter whether the plaintext password matches the encrypted password .
*
* @ since 2.5 . 0
*
2014-11-18 13:56:21 -05:00
* @ param bool $check Whether the passwords match .
* @ param string $password The plaintext password .
* @ param string $hash The hashed password .
* @ param int $user_id User ID .
2014-03-28 17:21:15 -04:00
*/
return apply_filters ( 'check_password' , $check , $password , $hash , $user_id );
2008-03-27 18:44:47 -04:00
}
2007-12-02 00:14:11 -05:00
// If the stored hash is longer than an MD5, presume the
// new style phpass portable hash.
if ( empty ( $wp_hasher ) ) {
2014-06-29 18:12:16 -04:00
require_once ( ABSPATH . WPINC . '/class-phpass.php' );
2007-12-02 00:14:11 -05:00
// By default, use the portable hash from phpass
2012-01-05 15:50:54 -05:00
$wp_hasher = new PasswordHash ( 8 , true );
2007-12-02 00:14:11 -05:00
}
2008-01-24 13:36:45 -05:00
$check = $wp_hasher -> CheckPassword ( $password , $hash );
2014-03-28 17:21:15 -04:00
/** This filter is documented in wp-includes/pluggable.php */
return apply_filters ( 'check_password' , $check , $password , $hash , $user_id );
2007-12-02 00:14:11 -05:00
}
endif ;
2007-12-15 00:31:16 -05:00
if ( ! function_exists ( 'wp_generate_password' ) ) :
/**
2008-06-22 16:23:23 -04:00
* Generates a random password drawn from the defined set of characters .
2008-01-11 15:51:39 -05:00
*
2013-12-24 13:57:12 -05:00
* @ since 2.5 . 0
2008-01-11 15:51:39 -05:00
*
2014-11-26 15:38:23 -05:00
* @ param int $length Optional . The length of password to generate . Default 12.
* @ param bool $special_chars Optional . Whether to include standard special characters .
* Default true .
* @ param bool $extra_special_chars Optional . Whether to include other special characters .
* Used when generating secret keys and salts . Default false .
* @ return string The random password .
*/
2010-02-13 23:06:30 -05:00
function wp_generate_password ( $length = 12 , $special_chars = true , $extra_special_chars = false ) {
2008-04-25 13:12:25 -04:00
$chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789' ;
2010-02-18 19:03:36 -05:00
if ( $special_chars )
2008-04-25 13:12:25 -04:00
$chars .= '!@#$%^&*()' ;
2010-02-18 19:03:36 -05:00
if ( $extra_special_chars )
$chars .= '-_ []{}<>~`+=,.;:/?|' ;
2008-04-25 13:12:25 -04:00
2007-12-15 00:31:16 -05:00
$password = '' ;
2010-01-07 15:49:04 -05:00
for ( $i = 0 ; $i < $length ; $i ++ ) {
2008-08-25 13:52:28 -04:00
$password .= substr ( $chars , wp_rand ( 0 , strlen ( $chars ) - 1 ), 1 );
2010-01-07 15:49:04 -05:00
}
2014-03-28 17:21:15 -04:00
/**
* Filter the randomly - generated password .
*
* @ since 3.0 . 0
*
* @ param string $password The generated password .
*/
return apply_filters ( 'random_password' , $password );
2007-12-15 00:31:16 -05:00
}
endif ;
2007-12-16 12:41:59 -05:00
2008-08-25 13:52:28 -04:00
if ( ! function_exists ( 'wp_rand' ) ) :
2012-08-31 05:45:50 -04:00
/**
2008-08-25 13:52:28 -04:00
* Generates a random number
*
* @ since 2.6 . 2
*
2012-08-31 05:45:50 -04:00
* @ param int $min Lower limit for the generated number
* @ param int $max Upper limit for the generated number
2008-08-25 13:52:28 -04:00
* @ return int A random number between min and max
*/
function wp_rand ( $min = 0 , $max = 0 ) {
global $rnd_value ;
// Reset $rnd_value after 14 uses
// 32(md5) + 40(sha1) + 40(sha1) / 8 = 14 random numbers from $rnd_value
if ( strlen ( $rnd_value ) < 8 ) {
2010-02-13 21:47:45 -05:00
if ( defined ( 'WP_SETUP_CONFIG' ) )
static $seed = '' ;
else
$seed = get_transient ( 'random_seed' );
2008-08-25 13:52:28 -04:00
$rnd_value = md5 ( uniqid ( microtime () . mt_rand (), true ) . $seed );
$rnd_value .= sha1 ( $rnd_value );
$rnd_value .= sha1 ( $rnd_value . $seed );
$seed = md5 ( $seed . $rnd_value );
2010-02-13 21:47:45 -05:00
if ( ! defined ( 'WP_SETUP_CONFIG' ) )
set_transient ( 'random_seed' , $seed );
2008-08-25 13:52:28 -04:00
}
// Take the first 8 digits for our value
$value = substr ( $rnd_value , 0 , 8 );
// Strip the first eight, leaving the remainder for the next call to wp_rand().
$rnd_value = substr ( $rnd_value , 8 );
$value = abs ( hexdec ( $value ));
2012-08-31 05:45:50 -04:00
// Some misconfigured 32bit environments (Entropy PHP, for example) truncate integers larger than PHP_INT_MAX to PHP_INT_MAX rather than overflowing them to floats.
$max_random_number = 3000000000 === 2147483647 ? ( float ) " 4294967295 " : 4294967295 ; // 4294967295 = 0xffffffff
2008-08-25 13:52:28 -04:00
// Reduce the value to be within the min - max range
if ( $max != 0 )
2012-08-31 05:45:50 -04:00
$value = $min + ( $max - $min + 1 ) * $value / ( $max_random_number + 1 );
2008-08-25 13:52:28 -04:00
2008-12-09 13:03:31 -05:00
return abs ( intval ( $value ));
2008-08-25 13:52:28 -04:00
}
endif ;
2007-12-17 01:02:45 -05:00
if ( ! function_exists ( 'wp_set_password' ) ) :
2008-01-11 15:51:39 -05:00
/**
2008-06-22 16:23:23 -04:00
* Updates the user ' s password with a new encrypted one .
2008-01-11 15:51:39 -05:00
*
2008-06-22 16:23:23 -04:00
* For integration with other applications , this function can be overwritten to
* instead use the other package password checking algorithm .
2008-01-11 15:51:39 -05:00
*
2014-08-09 22:39:16 -04:00
* Please note : This function should be used sparingly and is really only meant for single - time
* application . Leveraging this improperly in a plugin or theme could result in an endless loop
2014-08-09 22:44:16 -04:00
* of password resets if precautions are not taken to ensure it does not execute on every page load .
2014-08-09 22:39:16 -04:00
*
2013-12-24 13:57:12 -05:00
* @ since 2.5 . 0
*
2014-10-31 13:56:22 -04:00
* @ global wpdb $wpdb WordPress database abstraction object .
2008-01-11 15:51:39 -05:00
*
* @ param string $password The plaintext new user password
* @ param int $user_id User ID
*/
2007-12-17 01:02:45 -05:00
function wp_set_password ( $password , $user_id ) {
global $wpdb ;
2013-10-07 09:54:10 -04:00
$hash = wp_hash_password ( $password );
2009-03-05 23:27:51 -05:00
$wpdb -> update ( $wpdb -> users , array ( 'user_pass' => $hash , 'user_activation_key' => '' ), array ( 'ID' => $user_id ) );
2007-12-17 01:02:45 -05:00
wp_cache_delete ( $user_id , 'users' );
}
endif ;
2008-02-07 01:07:12 -05:00
if ( ! function_exists ( 'get_avatar' ) ) :
/**
2015-01-08 23:43:23 -05:00
* Retrieve the avatar `<img>` tag for a user , email address , MD5 hash , comment , or post .
2008-02-07 01:07:12 -05:00
*
2013-12-24 13:57:12 -05:00
* @ since 2.5 . 0
2015-04-05 12:46:26 -04:00
* @ since 4.2 . 0 Optional `$args` parameter added .
2015-01-08 23:43:23 -05:00
*
* @ param mixed $id_or_email The Gravatar to retrieve . Accepts a user_id , gravatar md5 hash ,
* user email , WP_User object , WP_Post object , or comment object .
2015-02-26 16:17:24 -05:00
* @ param int $size Optional . Height and width of the avatar image file in pixels . Default 96.
2015-01-08 23:43:23 -05:00
* @ param string $default Optional . URL for the default image or a default type . Accepts '404'
* ( return a 404 instead of a default image ), 'retro' ( 8 bit ), 'monsterid'
* ( monster ), 'wavatar' ( cartoon face ), 'indenticon' ( the " quilt " ),
* 'mystery' , 'mm' , or 'mysterman' ( The Oyster Man ), 'blank' ( transparent GIF ),
* or 'gravatar_default' ( the Gravatar logo ) . Default is the value of the
* 'avatar_default' option , with a fallback of 'mystery' .
* @ param string $alt Optional . Alternative text to use in & lt ; img & gt ; tag . Default empty .
* @ param array $args {
* Optional . Extra arguments to retrieve the avatar .
*
2015-02-26 16:17:24 -05:00
* @ type int $height Display height of the avatar in pixels . Defaults to $size .
* @ type int $width Display width of the avatar in pixels . Defaults to $size .
2015-01-08 23:43:23 -05:00
* @ type bool $force_default Whether to always show the default image , never the Gravatar . Default false .
* @ type string $rating What rating to display avatars up to . Accepts 'G' , 'PG' , 'R' , 'X' , and are
* judged in that order . Default is the value of the 'avatar_rating' option .
2015-04-05 12:46:26 -04:00
* @ type string $scheme URL scheme to use . See set_url_scheme () for accepted values .
2015-01-08 23:43:23 -05:00
* Default null .
* @ type array | string $class Array or string of additional classes to add to the & lt ; img & gt ; element .
* Default null .
* @ type bool $force_display Whether to always show the avatar - ignores the show_avatars option .
* Default false .
2015-03-01 02:19:24 -05:00
* @ type string $extra_attr HTML attributes to insert in the IMG element . Is not sanitized . Default empty .
2015-01-08 23:43:23 -05:00
* }
* @ return false | string `<img>` tag for the user ' s avatar . False on failure .
*/
function get_avatar ( $id_or_email , $size = 96 , $default = '' , $alt = '' , $args = null ) {
$defaults = array (
// get_avatar_data() args.
'size' => 96 ,
2015-02-26 16:17:24 -05:00
'height' => null ,
'width' => null ,
2015-01-08 23:43:23 -05:00
'default' => get_option ( 'avatar_default' , 'mystery' ),
'force_default' => false ,
'rating' => get_option ( 'avatar_rating' ),
'scheme' => null ,
'alt' => '' ,
'class' => null ,
'force_display' => false ,
2015-02-26 16:17:24 -05:00
'extra_attr' => '' ,
2015-01-08 23:43:23 -05:00
);
2008-02-07 01:07:12 -05:00
2015-01-08 23:43:23 -05:00
if ( empty ( $args ) ) {
$args = array ();
}
2008-10-02 23:20:54 -04:00
2015-03-11 12:32:26 -04:00
$args [ 'size' ] = ( int ) $size ;
2015-01-08 23:43:23 -05:00
$args [ 'default' ] = $default ;
$args [ 'alt' ] = $alt ;
2008-03-02 16:41:35 -05:00
2015-01-08 23:43:23 -05:00
$args = wp_parse_args ( $args , $defaults );
2014-03-28 17:21:15 -04:00
2015-02-26 16:17:24 -05:00
if ( empty ( $args [ 'height' ] ) ) {
$args [ 'height' ] = $args [ 'size' ];
}
if ( empty ( $args [ 'width' ] ) ) {
$args [ 'width' ] = $args [ 'size' ];
}
2015-01-08 23:43:23 -05:00
/**
* Filter whether to retrieve the avatar URL early .
*
2015-04-05 12:46:26 -04:00
* Passing a non - null value will effectively short - circuit get_avatar (), passing
* the value through the { @ see 'pre_get_avatar' } filter and returning early .
2015-01-08 23:43:23 -05:00
*
* @ since 4.2 . 0
*
2015-04-05 12:46:26 -04:00
* @ param string $avatar HTML for the user ' s avatar . Default null .
* @ param int | object | string $id_or_email A user ID , email address , or comment object .
* @ param array $args Arguments passed to get_avatar_url (), after processing .
2015-01-08 23:43:23 -05:00
*/
$avatar = apply_filters ( 'pre_get_avatar' , null , $id_or_email , $args );
2015-04-05 12:46:26 -04:00
2015-01-08 23:43:23 -05:00
if ( ! is_null ( $avatar ) ) {
2015-02-19 09:59:26 -05:00
/** This filter is documented in wp-includes/pluggable.php */
2015-01-08 23:43:23 -05:00
return apply_filters ( 'get_avatar' , $avatar , $id_or_email , $args [ 'size' ], $args [ 'default' ], $args [ 'alt' ], $args );
}
2013-11-02 08:20:11 -04:00
2015-01-08 23:43:23 -05:00
if ( ! $args [ 'force_display' ] && ! get_option ( 'show_avatars' ) ) {
return false ;
2008-02-07 01:07:12 -05:00
}
2015-03-11 12:32:26 -04:00
$url2x = get_avatar_url ( $id_or_email , array_merge ( $args , array ( 'size' => $args [ 'size' ] * 2 ) ) );
2015-01-08 23:43:23 -05:00
$args = get_avatar_data ( $id_or_email , $args );
$url = $args [ 'url' ];
if ( ! $url || is_wp_error ( $url ) ) {
return false ;
2008-05-02 20:56:16 -04:00
}
2015-01-08 23:43:23 -05:00
$class = array ( 'avatar' , 'avatar-' . ( int ) $args [ 'size' ], 'photo' );
2010-02-24 15:50:40 -05:00
2015-01-08 23:43:23 -05:00
if ( ! $args [ 'found_avatar' ] || $args [ 'force_default' ] ) {
$class [] = 'avatar-default' ;
}
if ( $args [ 'class' ] ) {
if ( is_array ( $args [ 'class' ] ) ) {
$class = array_merge ( $class , $args [ 'class' ] );
} else {
$class [] = $args [ 'class' ];
}
2008-02-07 01:07:12 -05:00
}
2015-01-08 23:43:23 -05:00
$avatar = sprintf (
2015-03-11 12:32:26 -04:00
" <img alt='%s' src='%s' srcset='%s' class='%s' height='%d' width='%d' %s/> " ,
2015-01-08 23:43:23 -05:00
esc_attr ( $args [ 'alt' ] ),
esc_url ( $url ),
2015-03-11 12:56:27 -04:00
esc_attr ( " $url2x 2x " ),
2015-01-08 23:43:23 -05:00
esc_attr ( join ( ' ' , $class ) ),
2015-02-26 16:17:24 -05:00
( int ) $args [ 'height' ],
( int ) $args [ 'width' ],
$args [ 'extra_attr' ]
2015-01-08 23:43:23 -05:00
);
2014-03-28 17:21:15 -04:00
/**
* Filter the avatar to retrieve .
*
* @ since 2.5 . 0
2015-04-05 12:46:26 -04:00
* @ since 4.2 . 0 The `$args` parameter was added .
*
* @ param string $avatar & lt ; img & gt ; tag for the user ' s avatar .
* @ param int | object | string $id_or_email A user ID , email address , or comment object .
* @ param int $size Square avatar width and height in pixels to retrieve .
* @ param string $alt Alternative text to use in the avatar image tag .
* Default empty .
* @ param array $args Arguments passed to get_avatar_data (), after processing .
2014-03-28 17:21:15 -04:00
*/
2015-01-08 23:43:23 -05:00
return apply_filters ( 'get_avatar' , $avatar , $id_or_email , $args [ 'size' ], $args [ 'default' ], $args [ 'alt' ], $args );
2008-02-07 01:07:12 -05:00
}
endif ;
2008-04-18 19:38:21 -04:00
if ( ! function_exists ( 'wp_text_diff' ) ) :
/**
2008-06-22 16:23:23 -04:00
* Displays a human readable HTML representation of the difference between two strings .
2008-04-18 19:38:21 -04:00
*
2008-06-22 16:23:23 -04:00
* The Diff is available for getting the changes between versions . The output is
* HTML , so the primary use is for displaying the changes . If the two strings
* are equivalent , then an empty string will be returned .
2008-04-18 19:38:21 -04:00
*
2008-06-22 16:23:23 -04:00
* The arguments supported and can be changed are listed below .
2008-04-18 19:38:21 -04:00
*
2008-06-22 16:23:23 -04:00
* 'title' : Default is an empty string . Titles the diff in a manner compatible
* with the output .
* 'title_left' : Default is an empty string . Change the HTML to the left of the
* title .
* 'title_right' : Default is an empty string . Change the HTML to the right of
* the title .
2008-04-18 19:38:21 -04:00
*
2013-12-24 13:57:12 -05:00
* @ since 2.6 . 0
*
2008-06-22 16:23:23 -04:00
* @ see wp_parse_args () Used to change defaults to user defined settings .
2008-04-18 19:38:21 -04:00
* @ uses Text_Diff
* @ uses WP_Text_Diff_Renderer_Table
*
* @ param string $left_string " old " ( left ) version of string
* @ param string $right_string " new " ( right ) version of string
2008-06-22 16:23:23 -04:00
* @ param string | array $args Optional . Change 'title' , 'title_left' , and 'title_right' defaults .
* @ return string Empty string if strings are equivalent or HTML with differences .
2008-04-18 19:38:21 -04:00
*/
function wp_text_diff ( $left_string , $right_string , $args = null ) {
2008-05-08 13:25:07 -04:00
$defaults = array ( 'title' => '' , 'title_left' => '' , 'title_right' => '' );
2008-04-18 19:38:21 -04:00
$args = wp_parse_args ( $args , $defaults );
if ( ! class_exists ( 'WP_Text_Diff_Renderer_Table' ) )
require ( ABSPATH . WPINC . '/wp-diff.php' );
2008-10-23 16:03:16 -04:00
$left_string = normalize_whitespace ( $left_string );
$right_string = normalize_whitespace ( $right_string );
2008-08-09 01:36:14 -04:00
2012-01-09 16:20:51 -05:00
$left_lines = explode ( " \n " , $left_string );
$right_lines = explode ( " \n " , $right_string );
2008-04-18 19:38:21 -04:00
$text_diff = new Text_Diff ( $left_lines , $right_lines );
2013-02-28 10:14:34 -05:00
$renderer = new WP_Text_Diff_Renderer_Table ( $args );
2008-04-18 19:38:21 -04:00
$diff = $renderer -> render ( $text_diff );
if ( ! $diff )
return '' ;
$r = " <table class='diff'> \n " ;
2013-02-28 10:14:34 -05:00
2013-03-07 10:32:26 -05:00
if ( ! empty ( $args [ 'show_split_view' ] ) ) {
2013-02-28 10:14:34 -05:00
$r .= " <col class='content diffsplit left' /><col class='content diffsplit middle' /><col class='content diffsplit right' /> " ;
} else {
$r .= " <col class='content' /> " ;
}
2008-04-18 19:38:21 -04:00
2008-05-08 13:25:07 -04:00
if ( $args [ 'title' ] || $args [ 'title_left' ] || $args [ 'title_right' ] )
$r .= " <thead> " ;
2008-04-18 19:38:21 -04:00
if ( $args [ 'title' ] )
2008-05-08 13:25:07 -04:00
$r .= " <tr class='diff-title'><th colspan='4'> $args[title] </th></tr> \n " ;
if ( $args [ 'title_left' ] || $args [ 'title_right' ] ) {
$r .= " <tr class='diff-sub-title'> \n " ;
$r .= " \t <td></td><th> $args[title_left] </th> \n " ;
$r .= " \t <td></td><th> $args[title_right] </th> \n " ;
$r .= " </tr> \n " ;
}
if ( $args [ 'title' ] || $args [ 'title_left' ] || $args [ 'title_right' ] )
$r .= " </thead> \n " ;
2008-04-18 19:38:21 -04:00
$r .= " <tbody> \n $diff\n </tbody> \n " ;
$r .= " </table> " ;
return $r ;
}
endif ;
2013-03-21 11:54:11 -04:00