Authentication: Allow users to log in using their email address.

Introduces `wp_authenticate_email_password()` which is hooked into `authenticate` after `wp_authenticate_username_password()`.

Props Denis-de-Bernardy, ericlewis, vhomenko, MikeHansenMe, swissspidy, ocean90.
Fixes #9568.
Built from https://develop.svn.wordpress.org/trunk@36617


git-svn-id: http://core.svn.wordpress.org/trunk@36584 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Dominik Schilling 2016-02-22 23:15:27 +00:00
parent 83d147c29d
commit 7ebe2c1e7a
5 changed files with 85 additions and 6 deletions

View File

@ -342,6 +342,7 @@ add_filter( 'heartbeat_nopriv_send', 'wp_auth_check' );
// Default authentication filters
add_filter( 'authenticate', 'wp_authenticate_username_password', 20, 3 );
add_filter( 'authenticate', 'wp_authenticate_email_password', 20, 3 );
add_filter( 'authenticate', 'wp_authenticate_spam_check', 99 );
add_filter( 'determine_current_user', 'wp_validate_auth_cookie' );
add_filter( 'determine_current_user', 'wp_validate_logged_in_cookie', 20 );

View File

@ -548,7 +548,7 @@ if ( !function_exists('wp_authenticate') ) :
*
* @since 2.5.0
*
* @param string $username User's username.
* @param string $username User's username or email address.
* @param string $password User's password.
* @return WP_User|WP_Error WP_User object if the credentials are valid,
* otherwise WP_Error.
@ -575,7 +575,7 @@ function wp_authenticate($username, $password) {
if ( $user == null ) {
// TODO what should the error message be? (Or would these even happen?)
// Only needed if all authentication handlers fail to return anything.
$user = new WP_Error('authentication_failed', __('<strong>ERROR</strong>: Invalid username or incorrect password.'));
$user = new WP_Error( 'authentication_failed', __( '<strong>ERROR</strong>: Invalid username, email address or incorrect password.' ) );
}
$ignore_codes = array('empty_username', 'empty_password');

View File

@ -173,6 +173,78 @@ function wp_authenticate_username_password($user, $username, $password) {
return $user;
}
/**
* Authenticate the user using the email and password.
*
* @since 4.5.0
*
* @param WP_User|WP_Error|null $user WP_User or WP_Error object if a previous
* callback failed authentication.
* @param string $email Email address for authentication.
* @param string $password Password for authentication.
* @return WP_User|WP_Error WP_User on success, WP_Error on failure.
*/
function wp_authenticate_email_password( $user, $email, $password ) {
if ( $user instanceof WP_User ) {
return $user;
}
if ( empty( $email ) || empty( $password ) ) {
if ( is_wp_error( $user ) ) {
return $user;
}
$error = new WP_Error();
if ( empty( $email ) ) {
$error->add( 'empty_username', __( '<strong>ERROR</strong>: The email field is empty.' ) ); // Uses 'empty_username' for back-compat with wp_signon()
}
if ( empty( $password ) ) {
$error->add( 'empty_password', __( '<strong>ERROR</strong>: The password field is empty.' ) );
}
return $error;
}
if ( ! is_email( $email ) ) {
return $user;
}
$user = get_user_by( 'email', $email );
if ( ! $user ) {
return new WP_Error( 'invalid_email',
__( '<strong>ERROR</strong>: Invalid email address.' ) .
' <a href="' . wp_lostpassword_url() . '">' .
__( 'Lost your password?' ) .
'</a>'
);
}
/** This filter is documented in wp-includes/user.php */
$user = apply_filters( 'wp_authenticate_user', $user, $password );
if ( is_wp_error( $user ) ) {
return $user;
}
if ( ! wp_check_password( $password, $user->user_pass, $user->ID ) ) {
return new WP_Error( 'incorrect_password',
sprintf(
/* translators: %s: email address */
__( '<strong>ERROR</strong>: The password you entered for the email address %s is incorrect.' ),
'<strong>' . $email . '</strong>'
) .
' <a href="' . wp_lostpassword_url() . '">' .
__( 'Lost your password?' ) .
'</a>'
);
}
return $user;
}
/**
* Authenticate the user using the WordPress auth cookie.
*

View File

@ -4,7 +4,7 @@
*
* @global string $wp_version
*/
$wp_version = '4.5-alpha-36616';
$wp_version = '4.5-alpha-36617';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.

View File

@ -529,7 +529,7 @@ case 'retrievepassword' :
<form name="lostpasswordform" id="lostpasswordform" action="<?php echo esc_url( network_site_url( 'wp-login.php?action=lostpassword', 'login_post' ) ); ?>" method="post">
<p>
<label for="user_login" ><?php _e('Username or Email:') ?><br />
<label for="user_login" ><?php _e('Username or Email') ?><br />
<input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label>
</p>
<?php
@ -756,7 +756,13 @@ default:
// If the user wants ssl but the session is not ssl, force a secure cookie.
if ( !empty($_POST['log']) && !force_ssl_admin() ) {
$user_name = sanitize_user($_POST['log']);
if ( $user = get_user_by('login', $user_name) ) {
$user = get_user_by( 'login', $user_name );
if ( ! $user && strpos( $user_name, '@' ) ) {
$user = get_user_by( 'email', $user_name );
}
if ( $user ) {
if ( get_user_option('use_ssl', $user->ID) ) {
$secure_cookie = true;
force_ssl_admin(true);
@ -882,7 +888,7 @@ default:
<form name="loginform" id="loginform" action="<?php echo esc_url( site_url( 'wp-login.php', 'login_post' ) ); ?>" method="post">
<p>
<label for="user_login"><?php _e('Username') ?><br />
<label for="user_login"><?php _e('Username or Email') ?><br />
<input type="text" name="log" id="user_login"<?php echo $aria_describedby_error; ?> class="input" value="<?php echo esc_attr( $user_login ); ?>" size="20" /></label>
</p>
<p>