2003-04-01 16:12:34 +02:00
< ? php
2003-12-11 01:22:36 +01:00
require ( dirname ( __FILE__ ) . '/wp-config.php' );
2003-04-01 16:12:34 +02:00
if ( ! function_exists ( 'add_magic_quotes' )) {
function add_magic_quotes ( $array ) {
foreach ( $array as $k => $v ) {
if ( is_array ( $v )) {
$array [ $k ] = add_magic_quotes ( $v );
} else {
$array [ $k ] = addslashes ( $v );
}
}
return $array ;
}
}
if ( ! get_magic_quotes_gpc ()) {
$HTTP_GET_VARS = add_magic_quotes ( $HTTP_GET_VARS );
$HTTP_POST_VARS = add_magic_quotes ( $HTTP_POST_VARS );
$HTTP_COOKIE_VARS = add_magic_quotes ( $HTTP_COOKIE_VARS );
}
2003-12-18 10:36:13 +01:00
$wpvarstoreset = array ( 'action' , 'mode' , 'error' , 'text' , 'popupurl' , 'popuptitle' );
2003-04-01 16:12:34 +02:00
2003-12-18 10:36:13 +01:00
for ( $i = 0 ; $i < count ( $wpvarstoreset ); $i = $i + 1 ) {
$wpvar = $wpvarstoreset [ $i ];
if ( ! isset ( $$wpvar )) {
if ( empty ( $HTTP_POST_VARS [ " $wpvar " ])) {
if ( empty ( $HTTP_GET_VARS [ " $wpvar " ])) {
$$wpvar = '' ;
2003-04-01 16:12:34 +02:00
} else {
2003-12-18 10:36:13 +01:00
$$wpvar = $HTTP_GET_VARS [ " $wpvar " ];
2003-04-01 16:12:34 +02:00
}
} else {
2003-12-18 10:36:13 +01:00
$$wpvar = $HTTP_POST_VARS [ " $wpvar " ];
2003-04-01 16:12:34 +02:00
}
}
}
switch ( $action ) {
2003-06-01 07:16:53 +02:00
case 'logout' :
2003-04-01 16:12:34 +02:00
2003-10-20 22:53:13 +02:00
setcookie ( 'wordpressuser_' . $cookiehash );
setcookie ( 'wordpresspass_' . $cookiehash );
2003-08-03 02:00:22 +02:00
header ( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' );
header ( 'Last-Modified: ' . gmdate ( 'D, d M Y H:i:s' ) . ' GMT' );
header ( 'Cache-Control: no-cache, must-revalidate' );
header ( 'Pragma: no-cache' );
2003-04-01 16:12:34 +02:00
if ( $is_IIS ) {
2003-12-11 01:22:36 +01:00
header ( 'Refresh: 0;url=wp-login.php' );
2003-04-01 16:12:34 +02:00
} else {
2003-12-11 01:22:36 +01:00
header ( 'Location: wp-login.php' );
2003-04-01 16:12:34 +02:00
}
exit ();
break ;
2003-06-01 07:16:53 +02:00
case 'login' :
2003-04-01 16:12:34 +02:00
if ( ! empty ( $HTTP_POST_VARS )) {
2004-02-09 10:56:57 +01:00
$log = $HTTP_POST_VARS [ 'log' ];
$pwd = $HTTP_POST_VARS [ 'pwd' ];
$redirect_to = $HTTP_POST_VARS [ 'redirect_to' ];
2003-04-01 16:12:34 +02:00
}
2004-02-01 12:48:34 +01:00
$user = get_userdatabylogin ( $log );
if ( 0 == $user -> user_level ) {
$redirect_to = $site . '/wp-admin/profile.php' ;
}
2003-11-25 01:46:52 +01:00
2003-04-01 16:12:34 +02:00
function login () {
2003-06-01 07:16:53 +02:00
global $wpdb , $log , $pwd , $error , $user_ID ;
2003-04-01 16:12:34 +02:00
global $tableusers , $pass_is_md5 ;
2003-06-01 07:16:53 +02:00
$user_login = & $log ;
2004-02-09 10:56:57 +01:00
$pwd = md5 ( $pwd );
2003-06-01 07:16:53 +02:00
$password = & $pwd ;
2003-04-01 16:12:34 +02:00
if ( ! $user_login ) {
2004-02-09 10:56:57 +01:00
$error = '<strong>Error</strong>: the login field is empty.' ;
2003-04-01 16:12:34 +02:00
return false ;
}
if ( ! $password ) {
2004-02-09 10:56:57 +01:00
$error = '<strong>Error</strong>: the password field is empty.' ;
2003-04-01 16:12:34 +02:00
return false ;
}
2004-02-09 10:56:57 +01:00
$query = " SELECT ID, user_login, user_pass FROM $tableusers WHERE user_login = ' $user_login ' AND user_pass = ' $password ' " ;
2003-06-01 07:16:53 +02:00
$login = $wpdb -> get_row ( $query );
2003-04-01 16:12:34 +02:00
2003-06-01 07:16:53 +02:00
if ( ! $login ) {
2004-02-09 10:56:57 +01:00
$error = '<strong>Error</strong>: wrong login or password.' ;
2003-06-01 07:16:53 +02:00
$pwd = '' ;
2003-04-01 16:12:34 +02:00
return false ;
} else {
2003-06-01 07:16:53 +02:00
$user_ID = $login -> ID ;
2004-02-09 10:56:57 +01:00
if (( $pass_is_md5 == 0 && $login -> user_login == $user_login && $login -> user_pass == $password ) || ( $pass_is_md5 == 1 && $login -> user_login == $user_login && $login -> user_pass == md5 ( $password ))) {
2003-04-01 16:12:34 +02:00
return true ;
} else {
2004-02-09 10:56:57 +01:00
$error = '<strong>Error</strong>: wrong login or password.' ;
2003-06-01 07:16:53 +02:00
$pwd = '' ;
2003-04-01 16:12:34 +02:00
return false ;
}
}
}
if ( ! login ()) {
2003-06-01 07:16:53 +02:00
header ( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' );
header ( 'Last-Modified: ' . gmdate ( 'D, d M Y H:i:s' ) . ' GMT' );
header ( 'Cache-Control: no-cache, must-revalidate' );
header ( 'Pragma: no-cache' );
if ( $is_IIS ) {
2003-12-11 01:22:36 +01:00
header ( 'Refresh: 0;url=wp-login.php' );
2003-06-01 07:16:53 +02:00
} else {
2003-12-11 01:22:36 +01:00
header ( 'Location: wp-login.php' );
2003-06-01 07:16:53 +02:00
}
2003-04-01 16:12:34 +02:00
exit ();
} else {
2003-06-01 07:16:53 +02:00
$user_login = $log ;
$user_pass = $pwd ;
2003-10-20 22:53:13 +02:00
setcookie ( 'wordpressuser_' . $cookiehash , $user_login , time () + 31536000 );
2004-02-09 10:56:57 +01:00
setcookie ( 'wordpresspass_' . $cookiehash , md5 ( $user_pass ), time () + 31536000 );
2003-10-20 22:53:13 +02:00
if ( empty ( $HTTP_COOKIE_VARS [ 'wordpressblogid_' . $cookiehash ])) {
setcookie ( 'wordpressblogid_' . $cookiehash , 1 , time () + 31536000 );
2003-04-01 16:12:34 +02:00
}
2003-06-01 07:16:53 +02:00
header ( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' );
header ( 'Last-Modified: ' . gmdate ( 'D, d M Y H:i:s' ) . ' GMT' );
header ( 'Cache-Control: no-cache, must-revalidate' );
header ( 'Pragma: no-cache' );
2003-04-01 16:12:34 +02:00
switch ( $mode ) {
2003-06-01 07:16:53 +02:00
case 'bookmarklet' :
2003-12-11 01:22:36 +01:00
$location = " wp-admin/bookmarklet.php?text= $text &popupurl= $popupurl &popuptitle= $popuptitle " ;
2003-04-01 16:12:34 +02:00
break ;
2003-06-01 07:16:53 +02:00
case 'sidebar' :
$location = " wp-admin/sidebar.php?text= $text &popupurl= $popupurl &popuptitle= $popuptitle " ;
2003-04-01 16:12:34 +02:00
break ;
2003-06-01 07:16:53 +02:00
case 'profile' :
$location = " wp-admin/profile.php?text= $text &popupurl= $popupurl &popuptitle= $popuptitle " ;
2003-04-01 16:12:34 +02:00
break ;
default :
2003-06-01 07:16:53 +02:00
$location = " $redirect_to " ;
2003-04-01 16:12:34 +02:00
break ;
}
if ( $is_IIS ) {
header ( " Refresh: 0;url= $location " );
} else {
header ( " Location: $location " );
}
}
break ;
2003-06-01 07:16:53 +02:00
case 'lostpassword' :
2003-04-01 16:12:34 +02:00
2003-05-23 19:21:52 +02:00
?>
<! DOCTYPE html PUBLIC " -//W3C//DTD XHTML 1.0 Transitional//EN " " http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd " >
< html xmlns = " http://www.w3.org/1999/xhtml " >
2003-04-01 16:12:34 +02:00
< head >
2004-02-09 11:07:27 +01:00
< title > WordPress & rsaquo ; Lost password ? </ title >
2003-05-23 19:21:52 +02:00
< meta http - equiv = " Content-Type " content = " text/html; charset=iso-8859-1 " />
2003-08-21 19:25:48 +02:00
< link rel = " stylesheet " href = " <?php echo $siteurl ; ?>/wp-admin/wp-admin.css " type = " text/css " />
2003-06-11 08:03:41 +02:00
< script type = " text/javascript " >
function focusit () {
// focus on first input field
document . lostpass . user_login . focus ();
}
window . onload = focusit ;
</ script >
2003-04-01 16:12:34 +02:00
</ head >
2003-05-23 19:21:52 +02:00
< body >
2003-04-01 16:12:34 +02:00
2003-05-23 19:21:52 +02:00
< div id = " login " >
2004-02-09 11:07:27 +01:00
< p > Please enter your information here . We will send you a new password . </ p >
2003-04-01 16:12:34 +02:00
< ? php
if ( $error ) echo " <div align= \" right \" style= \" padding:4px; \" ><font color= \" #FF0000 \" > $error </font><br /> </div> " ;
?>
2003-12-11 01:22:36 +01:00
< form name = " " action = " wp-login.php " method = " post " id = " lostpass " >
2003-04-01 16:12:34 +02:00
< input type = " hidden " name = " action " value = " retrievepassword " />
2004-02-09 11:07:27 +01:00
< label > Login : < input type = " text " name = " user_login " id = " user_login " value = " " size = " 12 " /></ label >< br />
< label > Email : < input type = " text " name = " email " id = " email " value = " " size = " 12 " /></ label >< br />
2003-05-23 19:21:52 +02:00
< input type = " submit " name = " Submit2 " value = " OK " class = " search " >
2003-04-01 16:12:34 +02:00
</ form >
2003-05-23 19:21:52 +02:00
</ div >
2003-04-01 16:12:34 +02:00
2003-06-01 07:16:53 +02:00
2003-04-01 16:12:34 +02:00
</ body >
</ html >
< ? php
break ;
2003-06-01 07:16:53 +02:00
case 'retrievepassword' :
2003-04-01 16:12:34 +02:00
$user_login = $HTTP_POST_VARS [ " user_login " ];
$user_data = get_userdatabylogin ( $user_login );
2003-06-01 13:05:36 +02:00
$user_email = $user_data -> user_email ;
2003-04-01 16:12:34 +02:00
2004-02-09 11:07:27 +01:00
if ( ! $user_email || $user_email != $_POST [ 'email' ]) die ( 'Sorry, that user does not seem to exist in our database. Perhaps you have the wrong username or email address? <a href="wp-login.php?action=lostpassword">Try again</a>.' );
// Generate something random for a password... md5'ing current time with a rand salt
$user_pass = substr (( MD5 ( " time " . rand ( 1 , 16000 ))), 0 , 6 );
// now insert the new pass md5'd into the db
$wpdb -> query ( " UPDATE wp_users SET user_pass = MD5(' $user_pass ') WHERE user_login = ' $user_login ' " );
2003-04-01 16:12:34 +02:00
$message = " Login: $user_login\r\n " ;
$message .= " Password: $user_pass\r\n " ;
2004-01-13 10:23:41 +01:00
$message .= " Login at: $siteurl /wp-login.php " ;
2003-04-01 16:12:34 +02:00
2004-01-09 04:02:55 +01:00
$m = mail ( $user_email , " [ $blogname ] Your weblog's login/password " , $message );
2003-04-01 16:12:34 +02:00
if ( $m == false ) {
echo " <p>The email could not be sent.<br /> \n " ;
echo " Possible reason: your host may have disabled the mail() function...</p> " ;
die ();
} else {
2003-06-01 07:16:53 +02:00
echo " <p>The email was sent successfully to $user_login 's email address.<br />
2003-12-11 01:22:36 +01:00
< a href = 'wp-login.php' title = 'Check your email first, of course' > Click here to login !</ a ></ p > " ;
2004-02-09 10:56:57 +01:00
// send a copy of password change notification to the admin
mail ( $admin_email , " [ $blogname ] Password Lost/Change " , " Password Lost and Changed for user: $user_login " );
2003-04-01 16:12:34 +02:00
die ();
}
break ;
default :
2003-10-20 22:53:13 +02:00
if (( ! empty ( $HTTP_COOKIE_VARS [ 'wordpressuser_' . $cookiehash ])) && ( ! empty ( $HTTP_COOKIE_VARS [ 'wordpresspass_' . $cookiehash ]))) {
$user_login = $HTTP_COOKIE_VARS [ 'wordpressuser_' . $cookiehash ];
$user_pass_md5 = $HTTP_COOKIE_VARS [ 'wordpresspass_' . $cookiehash ];
2003-04-01 16:12:34 +02:00
}
function checklogin () {
2003-06-01 07:16:53 +02:00
global $user_login , $user_pass_md5 , $user_ID ;
2003-04-01 16:12:34 +02:00
$userdata = get_userdatabylogin ( $user_login );
2003-06-01 13:05:36 +02:00
if ( $user_pass_md5 != md5 ( $userdata -> user_pass )) {
2003-04-01 16:12:34 +02:00
return false ;
} else {
return true ;
}
}
if ( ! ( checklogin ()) ) {
2003-10-20 22:53:13 +02:00
if ( ! empty ( $HTTP_COOKIE_VARS [ 'wordpressuser_' . $cookiehash ])) {
2003-04-01 16:12:34 +02:00
$error = " Error: wrong login/password " ; //, or your session has expired.";
}
} else {
2003-06-01 07:16:53 +02:00
header ( " Expires: Wed, 5 Jun 1979 23:41:00 GMT " ); /* private joke: this is Michel's birthdate - though officially it's on the 6th, since he's GMT+1 :) */
2003-04-01 16:12:34 +02:00
header ( " Last-Modified: " . gmdate ( " D, d M Y H:i:s " ) . " GMT " ); /* different all the time */
header ( " Cache-Control: no-cache, must-revalidate " ); /* to cope with HTTP/1.1 */
header ( " Pragma: no-cache " );
2003-10-26 21:34:24 +01:00
header ( " Location: wp-admin/ " );
2003-04-01 16:12:34 +02:00
exit ();
}
2003-06-11 08:03:41 +02:00
?>
<! DOCTYPE html PUBLIC " -//W3C//DTD XHTML 1.0 Transitional//EN " " http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd " >
2003-05-23 19:21:52 +02:00
< html xmlns = " http://www.w3.org/1999/xhtml " >
2003-04-01 16:12:34 +02:00
< head >
2003-08-03 02:00:22 +02:00
< title > WordPress > < ? php bloginfo ( 'name' ) ?> > Login form</title>
2003-06-11 08:03:41 +02:00
< meta http - equiv = " Content-Type " content = " text/html; charset=iso-8859-1 " />
2003-08-21 19:25:48 +02:00
< link rel = " stylesheet " href = " <?php echo $siteurl ; ?>/wp-admin/wp-admin.css " type = " text/css " />
2003-06-11 08:03:41 +02:00
< script type = " text/javascript " >
function focusit () {
// focus on first input field
document . loginform . log . focus ();
}
window . onload = focusit ;
</ script >
2003-04-01 16:12:34 +02:00
</ head >
2003-05-23 19:21:52 +02:00
< body >
2003-04-01 16:12:34 +02:00
2003-05-23 19:21:52 +02:00
< div id = " login " >
2003-06-11 08:03:41 +02:00
< p >
< a href = " <?php echo $siteurl ?> " title = " Are you lost? " > Back to blog ? </ a >< br />
2003-05-24 23:29:49 +02:00
< ? php if ( $users_can_register ) { ?>
2003-12-08 02:32:17 +01:00
< a href = " <?php echo $siteurl ; ?>/wp-register.php " title = " Register to be an author " > Register ? </ a >< br />
2003-05-24 23:29:49 +02:00
< ? php } ?>
2003-12-11 01:22:36 +01:00
< a href = " <?php echo $siteurl ; ?>/wp-login.php?action=lostpassword " title = " Password Lost and Found " > Lost your password ? </ a >
2003-06-11 08:03:41 +02:00
</ p >
2003-04-01 16:12:34 +02:00
< ? php
if ( $error ) echo " <div align= \" right \" style= \" padding:4px; \" ><font color= \" #FF0000 \" > $error </font><br /> </div> " ;
?>
2003-12-11 01:22:36 +01:00
< form name = " login " id = " loginform " action = " wp-login.php " method = " post " >
2003-04-01 16:12:34 +02:00
< ? php if ( $mode == " bookmarklet " ) { ?>
2003-06-11 08:03:41 +02:00
< input type = " hidden " name = " mode " value = " <?php echo $mode ?> " />
< input type = " hidden " name = " text " value = " <?php echo $text ?> " />
< input type = " hidden " name = " popupurl " value = " <?php echo $popupurl ?> " />
< input type = " hidden " name = " popuptitle " value = " <?php echo $popuptitle ?> " />
2003-04-01 16:12:34 +02:00
< ? php } ?>
2003-11-12 16:22:47 +01:00
< ? php if ( isset ( $HTTP_GET_VARS [ " redirect_to " ])) { ?>
< input type = " hidden " name = " redirect_to " value = " <?php echo $HTTP_GET_VARS["redirect_to"] ?> " />
< ? php } else { ?>
2003-10-26 21:34:24 +01:00
< input type = " hidden " name = " redirect_to " value = " wp-admin/ " />
2003-11-12 16:22:47 +01:00
< ? php } ?>
2003-06-11 08:03:41 +02:00
< input type = " hidden " name = " action " value = " login " />
2003-08-03 02:00:22 +02:00
< label > Login : < input type = " text " name = " log " id = " log " value = " " size = " 20 " tabindex = " 1 " /></ label >< br />
< label > Password : < input type = " password " name = " pwd " value = " " size = " 20 " tabindex = " 2 " /></ label >< br />
2003-08-21 19:25:48 +02:00
< input type = " submit " name = " Submit2 " value = " OK " class = " search " tabindex = " 3 " />
2003-04-01 16:12:34 +02:00
</ form >
2003-05-23 19:21:52 +02:00
</ div >
2003-04-01 16:12:34 +02:00
</ body >
</ html >
2003-06-11 08:03:41 +02:00
< ? php
2003-04-01 16:12:34 +02:00
break ;
2003-06-11 08:03:41 +02:00
} // end action switch
2003-11-12 16:22:47 +01:00
?>