Introduce logged_in cookie. Deliver auth cookies only to wp-admin. see #7001
git-svn-id: http://svn.automattic.com/wordpress/trunk@8069 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
b666a1c910
commit
6adcab8b27
|
@ -111,7 +111,7 @@ if ( ($is_gecko || $is_winIE) && strpos(strtolower($_SERVER['HTTP_USER_AGENT']),
|
||||||
|
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
|
|
||||||
<div id="user_info"><p><?php printf(__('Howdy, <a href="%1$s">%2$s</a>!'), 'profile.php', $user_identity) ?> | <a href="<?php echo site_url('wp-login.php?action=logout') ?>" title="<?php _e('Log Out') ?>"><?php _e('Log Out'); ?></a> | <?php _e('<a href="http://codex.wordpress.org/">Help</a>') ?> | <?php _e('<a href="http://wordpress.org/support/">Forums</a>') ?> | <?php if ( $gears_compat ) { ?><span id="gears-menu"><a href="#" onclick="wpGears.message(1);return false;"><?php _e('Speed up!') ?></a></span><?php } ?></p></div>
|
<div id="user_info"><p><?php printf(__('Howdy, <a href="%1$s">%2$s</a>!'), 'profile.php', $user_identity) ?> | <a href="<?php echo site_url('wp-login.php?action=logout', 'login') ?>" title="<?php _e('Log Out') ?>"><?php _e('Log Out'); ?></a> | <?php _e('<a href="http://codex.wordpress.org/">Help</a>') ?> | <?php _e('<a href="http://wordpress.org/support/">Forums</a>') ?> | <?php if ( $gears_compat ) { ?><span id="gears-menu"><a href="#" onclick="wpGears.message(1);return false;"><?php _e('Speed up!') ?></a></span><?php } ?></p></div>
|
||||||
|
|
||||||
<?php
|
<?php
|
||||||
require(ABSPATH . 'wp-admin/menu-header.php');
|
require(ABSPATH . 'wp-admin/menu-header.php');
|
||||||
|
|
|
@ -1768,4 +1768,29 @@ function validate_file( $file, $allowed_files = '' ) {
|
||||||
function is_ssl() {
|
function is_ssl() {
|
||||||
return ( 'on' == strtolower($_SERVER['HTTPS']) ) ? true : false;
|
return ( 'on' == strtolower($_SERVER['HTTPS']) ) ? true : false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function force_ssl_login($force = '') {
|
||||||
|
static $forced;
|
||||||
|
|
||||||
|
if ( '' != $force ) {
|
||||||
|
$old_forcded = $forced;
|
||||||
|
$forced = $force;
|
||||||
|
return $old_forced;
|
||||||
|
}
|
||||||
|
|
||||||
|
return $forced;
|
||||||
|
}
|
||||||
|
|
||||||
|
function force_ssl_admin($force = '') {
|
||||||
|
static $forced;
|
||||||
|
|
||||||
|
if ( '' != $force ) {
|
||||||
|
$old_forcded = $forced;
|
||||||
|
$forced = $force;
|
||||||
|
return $old_forced;
|
||||||
|
}
|
||||||
|
|
||||||
|
return $forced;
|
||||||
|
}
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|
|
@ -33,9 +33,9 @@ function get_sidebar( $name = null ) {
|
||||||
|
|
||||||
function wp_loginout() {
|
function wp_loginout() {
|
||||||
if ( ! is_user_logged_in() )
|
if ( ! is_user_logged_in() )
|
||||||
$link = '<a href="' . site_url('wp-login.php', 'forceable') . '">' . __('Log in') . '</a>';
|
$link = '<a href="' . site_url('wp-login.php', 'login') . '">' . __('Log in') . '</a>';
|
||||||
else
|
else
|
||||||
$link = '<a href="' . site_url('wp-login.php?action=logout', 'forceable') . '">' . __('Log out') . '</a>';
|
$link = '<a href="' . site_url('wp-login.php?action=logout', 'login') . '">' . __('Log out') . '</a>';
|
||||||
|
|
||||||
echo apply_filters('loginout', $link);
|
echo apply_filters('loginout', $link);
|
||||||
}
|
}
|
||||||
|
@ -45,7 +45,7 @@ function wp_register( $before = '<li>', $after = '</li>' ) {
|
||||||
|
|
||||||
if ( ! is_user_logged_in() ) {
|
if ( ! is_user_logged_in() ) {
|
||||||
if ( get_option('users_can_register') )
|
if ( get_option('users_can_register') )
|
||||||
$link = $before . '<a href="' . site_url('wp-login.php?action=register', 'forceable') . '">' . __('Register') . '</a>' . $after;
|
$link = $before . '<a href="' . site_url('wp-login.php?action=register', 'login') . '">' . __('Register') . '</a>' . $after;
|
||||||
else
|
else
|
||||||
$link = '';
|
$link = '';
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -780,7 +780,9 @@ function get_shortcut_link() {
|
||||||
function site_url($path = '', $scheme = null) {
|
function site_url($path = '', $scheme = null) {
|
||||||
// should the list of allowed schemes be maintained elsewhere?
|
// should the list of allowed schemes be maintained elsewhere?
|
||||||
if ( !in_array($scheme, array('http', 'https')) ) {
|
if ( !in_array($scheme, array('http', 'https')) ) {
|
||||||
if ( ('forceable' == $scheme) && (defined('FORCE_SSL_LOGIN') && FORCE_SSL_LOGIN) )
|
if ( ('login' == $scheme) && ( force_ssl_login() || force_ssl_admin() ) )
|
||||||
|
$scheme = 'https';
|
||||||
|
elseif ( ('admin' == $scheme) && force_ssl_admin() )
|
||||||
$scheme = 'https';
|
$scheme = 'https';
|
||||||
else
|
else
|
||||||
$scheme = ( is_ssl() ? 'https' : 'http' );
|
$scheme = ( is_ssl() ? 'https' : 'http' );
|
||||||
|
@ -797,7 +799,7 @@ function site_url($path = '', $scheme = null) {
|
||||||
function admin_url($path = '') {
|
function admin_url($path = '') {
|
||||||
global $_wp_admin_url;
|
global $_wp_admin_url;
|
||||||
|
|
||||||
$url = site_url('wp-admin/', 'forceable');
|
$url = site_url('wp-admin/', 'admin');
|
||||||
|
|
||||||
if ( !empty($path) && is_string($path) && strpos($path, '..') === false )
|
if ( !empty($path) && is_string($path) && strpos($path, '..') === false )
|
||||||
$url .= ltrim($path, '/');
|
$url .= ltrim($path, '/');
|
||||||
|
|
|
@ -100,8 +100,10 @@ function get_currentuserinfo() {
|
||||||
return;
|
return;
|
||||||
|
|
||||||
if ( ! $user = wp_validate_auth_cookie() ) {
|
if ( ! $user = wp_validate_auth_cookie() ) {
|
||||||
wp_set_current_user(0);
|
if ( empty($_COOKIE[LOGGED_IN_COOKIE]) || !$user = wp_validate_auth_cookie($_COOKIE[LOGGED_IN_COOKIE], 'logged_in') ) {
|
||||||
return false;
|
wp_set_current_user(0);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
wp_set_current_user($user);
|
wp_set_current_user($user);
|
||||||
|
@ -465,14 +467,18 @@ if ( !function_exists('wp_validate_auth_cookie') ) :
|
||||||
* @since 2.5
|
* @since 2.5
|
||||||
*
|
*
|
||||||
* @param string $cookie Optional. If used, will validate contents instead of cookie's
|
* @param string $cookie Optional. If used, will validate contents instead of cookie's
|
||||||
|
* @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in
|
||||||
* @return bool|int False if invalid cookie, User ID if valid.
|
* @return bool|int False if invalid cookie, User ID if valid.
|
||||||
*/
|
*/
|
||||||
function wp_validate_auth_cookie($cookie = '') {
|
function wp_validate_auth_cookie($cookie = '', $scheme = 'auth') {
|
||||||
if ( empty($cookie) ) {
|
if ( empty($cookie) ) {
|
||||||
if ( is_ssl() )
|
if ( is_ssl() ) {
|
||||||
$cookie_name = SECURE_AUTH_COOKIE;
|
$cookie_name = SECURE_AUTH_COOKIE;
|
||||||
else
|
$scheme = 'secure_auth';
|
||||||
|
} else {
|
||||||
$cookie_name = AUTH_COOKIE;
|
$cookie_name = AUTH_COOKIE;
|
||||||
|
$scheme = 'auth';
|
||||||
|
}
|
||||||
|
|
||||||
if ( empty($_COOKIE[$cookie_name]) )
|
if ( empty($_COOKIE[$cookie_name]) )
|
||||||
return false;
|
return false;
|
||||||
|
@ -495,7 +501,7 @@ function wp_validate_auth_cookie($cookie = '') {
|
||||||
if ( $expired < time() )
|
if ( $expired < time() )
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
$key = wp_hash($username . '|' . $expiration);
|
$key = wp_hash($username . '|' . $expiration, $scheme);
|
||||||
$hash = hash_hmac('md5', $username . '|' . $expiration, $key);
|
$hash = hash_hmac('md5', $username . '|' . $expiration, $key);
|
||||||
|
|
||||||
if ( $hmac != $hash )
|
if ( $hmac != $hash )
|
||||||
|
@ -519,18 +525,18 @@ if ( !function_exists('wp_generate_auth_cookie') ) :
|
||||||
*
|
*
|
||||||
* @param int $user_id User ID
|
* @param int $user_id User ID
|
||||||
* @param int $expiration Cookie expiration in seconds
|
* @param int $expiration Cookie expiration in seconds
|
||||||
* @param bool $secure Whether the cookie is for https delivery only or not. Not used by default. For plugin use.
|
* @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in
|
||||||
* @return string Authentication cookie contents
|
* @return string Authentication cookie contents
|
||||||
*/
|
*/
|
||||||
function wp_generate_auth_cookie($user_id, $expiration, $secure = false) {
|
function wp_generate_auth_cookie($user_id, $expiration, $scheme = 'auth') {
|
||||||
$user = get_userdata($user_id);
|
$user = get_userdata($user_id);
|
||||||
|
|
||||||
$key = wp_hash($user->user_login . '|' . $expiration);
|
$key = wp_hash($user->user_login . '|' . $expiration, $scheme);
|
||||||
$hash = hash_hmac('md5', $user->user_login . '|' . $expiration, $key);
|
$hash = hash_hmac('md5', $user->user_login . '|' . $expiration, $key);
|
||||||
|
|
||||||
$cookie = $user->user_login . '|' . $expiration . '|' . $hash;
|
$cookie = $user->user_login . '|' . $expiration . '|' . $hash;
|
||||||
|
|
||||||
return apply_filters('auth_cookie', $cookie, $user_id, $expiration, $secure);
|
return apply_filters('auth_cookie', $cookie, $user_id, $expiration, $scheme);
|
||||||
}
|
}
|
||||||
endif;
|
endif;
|
||||||
|
|
||||||
|
@ -548,7 +554,7 @@ if ( !function_exists('wp_set_auth_cookie') ) :
|
||||||
* @param int $user_id User ID
|
* @param int $user_id User ID
|
||||||
* @param bool $remember Whether to remember the user or not
|
* @param bool $remember Whether to remember the user or not
|
||||||
*/
|
*/
|
||||||
function wp_set_auth_cookie($user_id, $remember = false) {
|
function wp_set_auth_cookie($user_id, $remember = false, $secure = '') {
|
||||||
if ( $remember ) {
|
if ( $remember ) {
|
||||||
$expiration = $expire = time() + 1209600;
|
$expiration = $expire = time() + 1209600;
|
||||||
} else {
|
} else {
|
||||||
|
@ -556,21 +562,27 @@ function wp_set_auth_cookie($user_id, $remember = false) {
|
||||||
$expire = 0;
|
$expire = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( is_ssl() ) {
|
if ( '' === $secure )
|
||||||
$secure = true;
|
$secure = is_ssl() ? true : false;
|
||||||
$cookie_name = SECURE_AUTH_COOKIE;
|
|
||||||
|
if ( $secure ) {
|
||||||
|
$auth_cookie_name = SECURE_AUTH_COOKIE;
|
||||||
|
$scheme = 'secure_auth';
|
||||||
} else {
|
} else {
|
||||||
$secure = false;
|
$auth_cookie_name = AUTH_COOKIE;
|
||||||
$cookie_name = AUTH_COOKIE;
|
$scheme = 'auth';
|
||||||
}
|
}
|
||||||
|
|
||||||
$cookie = wp_generate_auth_cookie($user_id, $expiration, $secure);
|
$auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme);
|
||||||
|
$logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in');
|
||||||
|
|
||||||
do_action('set_auth_cookie', $cookie, $expire, $secure);
|
do_action('set_auth_cookie', $auth_cookie, $expire, $scheme);
|
||||||
|
do_action('set_auth_cookie', $logged_in_cookie, $expire, 'logged_in');
|
||||||
|
|
||||||
setcookie($cookie_name, $cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure);
|
setcookie($auth_cookie_name, $auth_cookie, $expire, SITECOOKIEPATH . 'wp-admin', COOKIE_DOMAIN, $secure);
|
||||||
|
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN);
|
||||||
if ( COOKIEPATH != SITECOOKIEPATH )
|
if ( COOKIEPATH != SITECOOKIEPATH )
|
||||||
setcookie($cookie_name, $cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure);
|
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN);
|
||||||
}
|
}
|
||||||
endif;
|
endif;
|
||||||
|
|
||||||
|
@ -581,10 +593,12 @@ if ( !function_exists('wp_clear_auth_cookie') ) :
|
||||||
* @since 2.5
|
* @since 2.5
|
||||||
*/
|
*/
|
||||||
function wp_clear_auth_cookie() {
|
function wp_clear_auth_cookie() {
|
||||||
setcookie(AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
|
setcookie(AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH . 'wp-admin', COOKIE_DOMAIN);
|
||||||
setcookie(AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
|
setcookie(AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH . 'wp-admin', COOKIE_DOMAIN);
|
||||||
setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
|
setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH . 'wp-admin', COOKIE_DOMAIN);
|
||||||
setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
|
setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH . 'wp-admin', COOKIE_DOMAIN);
|
||||||
|
setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
|
||||||
|
setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
|
||||||
|
|
||||||
// Old cookies
|
// Old cookies
|
||||||
setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
|
setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
|
||||||
|
@ -621,15 +635,15 @@ if ( !function_exists('auth_redirect') ) :
|
||||||
function auth_redirect() {
|
function auth_redirect() {
|
||||||
// Checks if a user is logged in, if not redirects them to the login page
|
// Checks if a user is logged in, if not redirects them to the login page
|
||||||
|
|
||||||
if ( is_ssl() || (defined('FORCE_SSL_LOGIN') && FORCE_SSL_LOGIN) )
|
if ( is_ssl() || force_ssl_admin() )
|
||||||
$secure = true;
|
$secure = true;
|
||||||
else
|
else
|
||||||
$secure = false;
|
$secure = false;
|
||||||
|
|
||||||
// If https is required and request is http, redirect
|
// If https is required and request is http, redirect
|
||||||
if ( $secure && !is_ssl() ) {
|
if ( $secure && !is_ssl() ) {
|
||||||
if ( false !== strpos($_SERVER['REQUEST_URI'], 'http') ) {
|
if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
|
||||||
wp_redirect(str_replace('http://', 'https://', $_SERVER['REQUEST_URI']));
|
wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
|
||||||
exit();
|
exit();
|
||||||
} else {
|
} else {
|
||||||
wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
|
wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
|
||||||
|
@ -643,7 +657,12 @@ function auth_redirect() {
|
||||||
// The cookie is no good so force login
|
// The cookie is no good so force login
|
||||||
nocache_headers();
|
nocache_headers();
|
||||||
|
|
||||||
$login_url = site_url( 'wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']), 'forceable' );
|
if ( is_ssl() )
|
||||||
|
$proto = 'https://';
|
||||||
|
else
|
||||||
|
$proto = 'http://';
|
||||||
|
|
||||||
|
$login_url = site_url( 'wp-login.php?redirect_to=' . urlencode($proto . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']), 'login' );
|
||||||
|
|
||||||
wp_redirect($login_url);
|
wp_redirect($login_url);
|
||||||
exit();
|
exit();
|
||||||
|
@ -971,7 +990,7 @@ function wp_new_user_notification($user_id, $plaintext_pass = '') {
|
||||||
|
|
||||||
$message = sprintf(__('Username: %s'), $user_login) . "\r\n";
|
$message = sprintf(__('Username: %s'), $user_login) . "\r\n";
|
||||||
$message .= sprintf(__('Password: %s'), $plaintext_pass) . "\r\n";
|
$message .= sprintf(__('Password: %s'), $plaintext_pass) . "\r\n";
|
||||||
$message .= site_url("wp-login.php", 'forceable') . "\r\n";
|
$message .= site_url("wp-login.php", 'login') . "\r\n";
|
||||||
|
|
||||||
wp_mail($user_email, sprintf(__('[%s] Your username and password'), get_option('blogname')), $message);
|
wp_mail($user_email, sprintf(__('[%s] Your username and password'), get_option('blogname')), $message);
|
||||||
|
|
||||||
|
@ -1078,23 +1097,56 @@ if ( !function_exists('wp_salt') ) :
|
||||||
*
|
*
|
||||||
* @return string Salt value from either 'SECRET_KEY' or 'secret' option
|
* @return string Salt value from either 'SECRET_KEY' or 'secret' option
|
||||||
*/
|
*/
|
||||||
function wp_salt() {
|
function wp_salt($scheme = 'auth') {
|
||||||
global $wp_default_secret_key;
|
global $wp_default_secret_key;
|
||||||
$secret_key = '';
|
$secret_key = '';
|
||||||
if ( defined('SECRET_KEY') && ('' != SECRET_KEY) && ( $wp_default_secret_key != SECRET_KEY) )
|
if ( defined('SECRET_KEY') && ('' != SECRET_KEY) && ( $wp_default_secret_key != SECRET_KEY) )
|
||||||
$secret_key = SECRET_KEY;
|
$secret_key = SECRET_KEY;
|
||||||
|
|
||||||
if ( defined('SECRET_SALT') ) {
|
if ( 'auth' == $scheme ) {
|
||||||
$salt = SECRET_SALT;
|
if ( defined('AUTH_KEY') && ('' != AUTH_KEY) && ( $wp_default_secret_key != AUTH_KEY) )
|
||||||
} else {
|
$secret_key = AUTH_KEY;
|
||||||
$salt = get_option('secret');
|
|
||||||
if ( empty($salt) ) {
|
if ( defined('AUTH_SALT') ) {
|
||||||
$salt = wp_generate_password();
|
$salt = AUTH_SALT;
|
||||||
update_option('secret', $salt);
|
} elseif ( defined('SECRET_SALT') ) {
|
||||||
|
$salt = SECRET_SALT;
|
||||||
|
} else {
|
||||||
|
$salt = get_option('auth_salt');
|
||||||
|
if ( empty($salt) ) {
|
||||||
|
$salt = wp_generate_password();
|
||||||
|
update_option('auth_salt', $salt);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} elseif ( 'secure_auth' == $scheme ) {
|
||||||
|
if ( defined('SECURE_AUTH_KEY') && ('' != SECURE_AUTH_KEY) && ( $wp_default_secret_key != SECURE_AUTH_KEY) )
|
||||||
|
$secret_key = SECURE_AUTH_KEY;
|
||||||
|
|
||||||
|
if ( defined('SECURE_AUTH_SALT') ) {
|
||||||
|
$salt = SECRET_AUTH_SALT;
|
||||||
|
} else {
|
||||||
|
$salt = get_option('secure_auth_salt');
|
||||||
|
if ( empty($salt) ) {
|
||||||
|
$salt = wp_generate_password();
|
||||||
|
update_option('secure_auth_salt', $salt);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} elseif ( 'logged_in' == $scheme ) {
|
||||||
|
if ( defined('LOGGED_IN_KEY') && ('' != LOGGED_IN_KEY) && ( $wp_default_secret_key != LOGGED_IN_KEY) )
|
||||||
|
$secret_key = LOGGED_IN_KEY;
|
||||||
|
|
||||||
|
if ( defined('LOGGED_IN_SALT') ) {
|
||||||
|
$salt = LOGGED_IN_SALT;
|
||||||
|
} else {
|
||||||
|
$salt = get_option('logged_in_salt');
|
||||||
|
if ( empty($salt) ) {
|
||||||
|
$salt = wp_generate_password();
|
||||||
|
update_option('logged_in_salt', $salt);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return apply_filters('salt', $secret_key . $salt);
|
return apply_filters('salt', $secret_key . $salt, $scheme);
|
||||||
}
|
}
|
||||||
endif;
|
endif;
|
||||||
|
|
||||||
|
@ -1108,8 +1160,8 @@ if ( !function_exists('wp_hash') ) :
|
||||||
* @param string $data Plain text to hash
|
* @param string $data Plain text to hash
|
||||||
* @return string Hash of $data
|
* @return string Hash of $data
|
||||||
*/
|
*/
|
||||||
function wp_hash($data) {
|
function wp_hash($data, $scheme = 'auth') {
|
||||||
$salt = wp_salt();
|
$salt = wp_salt($scheme);
|
||||||
|
|
||||||
return hash_hmac('md5', $data, $salt);
|
return hash_hmac('md5', $data, $salt);
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
function wp_signon( $credentials = '' ) {
|
function wp_signon( $credentials = '', $secure_cookie = '' ) {
|
||||||
if ( empty($credentials) ) {
|
if ( empty($credentials) ) {
|
||||||
if ( ! empty($_POST['log']) )
|
if ( ! empty($_POST['log']) )
|
||||||
$credentials['user_login'] = $_POST['log'];
|
$credentials['user_login'] = $_POST['log'];
|
||||||
|
@ -21,13 +21,21 @@ function wp_signon( $credentials = '' ) {
|
||||||
|
|
||||||
do_action_ref_array('wp_authenticate', array(&$credentials['user_login'], &$credentials['user_password']));
|
do_action_ref_array('wp_authenticate', array(&$credentials['user_login'], &$credentials['user_password']));
|
||||||
|
|
||||||
|
if ( '' === $secure_cookie )
|
||||||
|
$secure_cookie = is_ssl() ? true : false;
|
||||||
|
|
||||||
// If no credential info provided, check cookie.
|
// If no credential info provided, check cookie.
|
||||||
if ( empty($credentials['user_login']) && empty($credentials['user_password']) ) {
|
if ( empty($credentials['user_login']) && empty($credentials['user_password']) ) {
|
||||||
$user = wp_validate_auth_cookie();
|
$user = wp_validate_auth_cookie();
|
||||||
if ( $user )
|
if ( $user )
|
||||||
return new WP_User($user);
|
return new WP_User($user);
|
||||||
|
|
||||||
if ( !empty($_COOKIE[AUTH_COOKIE]) )
|
if ( $secure_cookie )
|
||||||
|
$auth_cookie = SECURE_AUTH_COOKIE;
|
||||||
|
else
|
||||||
|
$auth_cookie = AUTH_COOKIE;
|
||||||
|
|
||||||
|
if ( !empty($_COOKIE[$auth_cookie]) )
|
||||||
return new WP_Error('expired_session', __('Please log in again.'));
|
return new WP_Error('expired_session', __('Please log in again.'));
|
||||||
|
|
||||||
// If the cookie is not set, be silent.
|
// If the cookie is not set, be silent.
|
||||||
|
@ -48,7 +56,7 @@ function wp_signon( $credentials = '' ) {
|
||||||
if ( is_wp_error($user) )
|
if ( is_wp_error($user) )
|
||||||
return $user;
|
return $user;
|
||||||
|
|
||||||
wp_set_auth_cookie($user->ID, $credentials['remember']);
|
wp_set_auth_cookie($user->ID, $credentials['remember'], $secure_cookie);
|
||||||
do_action('wp_login', $credentials['user_login']);
|
do_action('wp_login', $credentials['user_login']);
|
||||||
return $user;
|
return $user;
|
||||||
}
|
}
|
||||||
|
|
40
wp-login.php
40
wp-login.php
|
@ -11,6 +11,17 @@
|
||||||
/** Make sure that the WordPress bootstrap has ran before continuing. */
|
/** Make sure that the WordPress bootstrap has ran before continuing. */
|
||||||
require( dirname(__FILE__) . '/wp-load.php' );
|
require( dirname(__FILE__) . '/wp-load.php' );
|
||||||
|
|
||||||
|
// Redirect to https login if forced to use SSL
|
||||||
|
if ( (force_ssl_admin() || force_ssl_login()) && !is_ssl() ) {
|
||||||
|
if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
|
||||||
|
wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
|
||||||
|
exit();
|
||||||
|
} else {
|
||||||
|
wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* login_header() - Outputs the header for the login page
|
* login_header() - Outputs the header for the login page
|
||||||
*
|
*
|
||||||
|
@ -137,7 +148,7 @@ function retrieve_password() {
|
||||||
$message .= get_option('siteurl') . "\r\n\r\n";
|
$message .= get_option('siteurl') . "\r\n\r\n";
|
||||||
$message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
|
$message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
|
||||||
$message .= __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.') . "\r\n\r\n";
|
$message .= __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.') . "\r\n\r\n";
|
||||||
$message .= site_url("wp-login.php?action=rp&key=$key") . "\r\n";
|
$message .= site_url("wp-login.php?action=rp&key=$key", 'login') . "\r\n";
|
||||||
|
|
||||||
if ( !wp_mail($user_email, sprintf(__('[%s] Password Reset'), get_option('blogname')), $message) )
|
if ( !wp_mail($user_email, sprintf(__('[%s] Password Reset'), get_option('blogname')), $message) )
|
||||||
die('<p>' . __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') . '</p>');
|
die('<p>' . __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') . '</p>');
|
||||||
|
@ -174,7 +185,7 @@ function reset_password($key) {
|
||||||
wp_set_password($new_pass, $user->ID);
|
wp_set_password($new_pass, $user->ID);
|
||||||
$message = sprintf(__('Username: %s'), $user->user_login) . "\r\n";
|
$message = sprintf(__('Username: %s'), $user->user_login) . "\r\n";
|
||||||
$message .= sprintf(__('Password: %s'), $new_pass) . "\r\n";
|
$message .= sprintf(__('Password: %s'), $new_pass) . "\r\n";
|
||||||
$message .= site_url('wp-login.php') . "\r\n";
|
$message .= site_url('wp-login.php', 'login') . "\r\n";
|
||||||
|
|
||||||
if ( !wp_mail($user->user_email, sprintf(__('[%s] Your new password'), get_option('blogname')), $message) )
|
if ( !wp_mail($user->user_email, sprintf(__('[%s] Your new password'), get_option('blogname')), $message) )
|
||||||
die('<p>' . __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') . '</p>');
|
die('<p>' . __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') . '</p>');
|
||||||
|
@ -312,10 +323,10 @@ case 'retrievepassword' :
|
||||||
|
|
||||||
<p id="nav">
|
<p id="nav">
|
||||||
<?php if (get_option('users_can_register')) : ?>
|
<?php if (get_option('users_can_register')) : ?>
|
||||||
<a href="<?php echo site_url('wp-login.php', 'forceable') ?>"><?php _e('Log in') ?></a> |
|
<a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a> |
|
||||||
<a href="<?php echo site_url('wp-login.php?action=register') ?>"><?php _e('Register') ?></a>
|
<a href="<?php echo site_url('wp-login.php?action=register', 'login') ?>"><?php _e('Register') ?></a>
|
||||||
<?php else : ?>
|
<?php else : ?>
|
||||||
<a href="<?php echo site_url('wp-login.php', 'forceable') ?>"><?php _e('Log in') ?></a>
|
<a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
|
@ -380,8 +391,8 @@ case 'register' :
|
||||||
</form>
|
</form>
|
||||||
|
|
||||||
<p id="nav">
|
<p id="nav">
|
||||||
<a href="<?php echo site_url('wp-login.php', 'forceable') ?>"><?php _e('Log in') ?></a> |
|
<a href="<?php echo site_url('wp-login.php', 'login') ?>"><?php _e('Log in') ?></a> |
|
||||||
<a href="<?php echo site_url('wp-login.php?action=lostpassword') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a>
|
<a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
@ -395,13 +406,18 @@ break;
|
||||||
|
|
||||||
case 'login' :
|
case 'login' :
|
||||||
default:
|
default:
|
||||||
$user = wp_signon();
|
|
||||||
|
|
||||||
if ( isset( $_REQUEST['redirect_to'] ) )
|
if ( isset( $_REQUEST['redirect_to'] ) )
|
||||||
$redirect_to = $_REQUEST['redirect_to'];
|
$redirect_to = $_REQUEST['redirect_to'];
|
||||||
else
|
else
|
||||||
$redirect_to = 'wp-admin/';
|
$redirect_to = 'wp-admin/';
|
||||||
|
|
||||||
|
if ( is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) )
|
||||||
|
$secure_cookie = false;
|
||||||
|
else
|
||||||
|
$secure_cookie = '';
|
||||||
|
|
||||||
|
$user = wp_signon('', $secure_cookie);
|
||||||
|
|
||||||
if ( !is_wp_error($user) ) {
|
if ( !is_wp_error($user) ) {
|
||||||
// If the user can't edit posts, send them to their profile.
|
// If the user can't edit posts, send them to their profile.
|
||||||
if ( !$user->has_cap('edit_posts') && ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' ) )
|
if ( !$user->has_cap('edit_posts') && ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' ) )
|
||||||
|
@ -454,10 +470,10 @@ default:
|
||||||
<p id="nav">
|
<p id="nav">
|
||||||
<?php if ( isset($_GET['checkemail']) && in_array( $_GET['checkemail'], array('confirm', 'newpass') ) ) : ?>
|
<?php if ( isset($_GET['checkemail']) && in_array( $_GET['checkemail'], array('confirm', 'newpass') ) ) : ?>
|
||||||
<?php elseif (get_option('users_can_register')) : ?>
|
<?php elseif (get_option('users_can_register')) : ?>
|
||||||
<a href="<?php echo site_url('wp-login.php?action=register') ?>"><?php _e('Register') ?></a> |
|
<a href="<?php echo site_url('wp-login.php?action=register', 'login') ?>"><?php _e('Register') ?></a> |
|
||||||
<a href="<?php echo site_url('wp-login.php?action=lostpassword') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a>
|
<a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a>
|
||||||
<?php else : ?>
|
<?php else : ?>
|
||||||
<a href="<?php echo site_url('wp-login.php?action=lostpassword') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a>
|
<a href="<?php echo site_url('wp-login.php?action=lostpassword', 'login') ?>" title="<?php _e('Password Lost and Found') ?>"><?php _e('Lost your password?') ?></a>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
|
|
|
@ -332,6 +332,13 @@ if ( !defined('AUTH_COOKIE') )
|
||||||
if ( !defined('SECURE_AUTH_COOKIE') )
|
if ( !defined('SECURE_AUTH_COOKIE') )
|
||||||
define('SECURE_AUTH_COOKIE', 'wordpress_sec_' . COOKIEHASH);
|
define('SECURE_AUTH_COOKIE', 'wordpress_sec_' . COOKIEHASH);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* It is possible to define this in wp-config.php
|
||||||
|
* @since 2.6
|
||||||
|
*/
|
||||||
|
if ( !defined('LOGGED_IN_COOKIE') )
|
||||||
|
define('LOGGED_IN_COOKIE', 'wordpress_logged_in_' . COOKIEHASH);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* It is possible to define this in wp-config.php
|
* It is possible to define this in wp-config.php
|
||||||
* @since 2.3.0
|
* @since 2.3.0
|
||||||
|
@ -359,7 +366,23 @@ if ( !defined('SITECOOKIEPATH') )
|
||||||
*/
|
*/
|
||||||
if ( !defined('COOKIE_DOMAIN') )
|
if ( !defined('COOKIE_DOMAIN') )
|
||||||
define('COOKIE_DOMAIN', false);
|
define('COOKIE_DOMAIN', false);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* It is possible to define this in wp-config.php
|
||||||
|
* @since 2.6
|
||||||
|
*/
|
||||||
|
if ( !defined('FORCE_SSL_ADMIN') )
|
||||||
|
define('FORCE_SSL_ADMIN', false);
|
||||||
|
force_ssl_admin(FORCE_SSL_ADMIN);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* It is possible to define this in wp-config.php
|
||||||
|
* @since 2.6
|
||||||
|
*/
|
||||||
|
if ( !defined('FORCE_SSL_LOGIN') )
|
||||||
|
define('FORCE_SSL_LOGIN', false);
|
||||||
|
force_ssl_login(FORCE_SSL_LOGIN);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* It is possible to define this in wp-config.php
|
* It is possible to define this in wp-config.php
|
||||||
* @since 2.5.0
|
* @since 2.5.0
|
||||||
|
|
Loading…
Reference in New Issue