2013-10-25 00:58:23 +02:00
< ? php
/**
* WordPress User Page
*
* Handles authentication , registering , resetting passwords , forgot password ,
* and other user handling .
*
* @ package WordPress
*/
/** Make sure that the WordPress bootstrap has run before continuing. */
2017-12-01 00:11:00 +01:00
require ( dirname ( __FILE__ ) . '/wp-load.php' );
2013-10-25 00:58:23 +02:00
// Redirect to https login if forced to use SSL
if ( force_ssl_admin () && ! is_ssl () ) {
2017-12-01 00:11:00 +01:00
if ( 0 === strpos ( $_SERVER [ 'REQUEST_URI' ], 'http' ) ) {
2018-04-03 16:32:31 +02:00
wp_safe_redirect ( set_url_scheme ( $_SERVER [ 'REQUEST_URI' ], 'https' ) );
2013-10-25 00:58:23 +02:00
exit ();
} else {
2018-04-03 16:32:31 +02:00
wp_safe_redirect ( 'https://' . $_SERVER [ 'HTTP_HOST' ] . $_SERVER [ 'REQUEST_URI' ] );
2013-10-25 00:58:23 +02:00
exit ();
}
}
/**
* Output the login page header .
*
2014-11-24 07:31:21 +01:00
* @ param string $title Optional . WordPress login Page title to display in the `<title>` element .
* Default 'Log In' .
2014-06-20 21:19:14 +02:00
* @ param string $message Optional . Message to display in header . Default empty .
* @ param WP_Error $wp_error Optional . The error to pass . Default empty .
2013-10-25 00:58:23 +02:00
*/
2013-11-13 04:23:10 +01:00
function login_header ( $title = 'Log In' , $message = '' , $wp_error = '' ) {
global $error , $interim_login , $action ;
2013-10-25 00:58:23 +02:00
// Don't index any of these forms
add_action ( 'login_head' , 'wp_no_robots' );
2016-10-06 17:52:30 +02:00
add_action ( 'login_head' , 'wp_login_viewport_meta' );
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
if ( empty ( $wp_error ) ) {
2013-10-25 00:58:23 +02:00
$wp_error = new WP_Error ();
2017-12-01 00:11:00 +01:00
}
2013-10-25 00:58:23 +02:00
// Shake it!
$shake_error_codes = array ( 'empty_password' , 'empty_email' , 'invalid_email' , 'invalidcombo' , 'empty_username' , 'invalid_username' , 'incorrect_password' );
/**
2016-05-23 18:44:27 +02:00
* Filters the error codes array for shaking the login form .
2013-10-25 00:58:23 +02:00
*
* @ since 3.0 . 0
*
* @ param array $shake_error_codes Error codes that shake the login form .
*/
$shake_error_codes = apply_filters ( 'shake_error_codes' , $shake_error_codes );
2018-02-27 03:31:31 +01:00
if ( $shake_error_codes && $wp_error -> has_errors () && in_array ( $wp_error -> get_error_code (), $shake_error_codes ) ) {
2013-10-25 00:58:23 +02:00
add_action ( 'login_head' , 'wp_shake_js' , 12 );
2017-12-01 00:11:00 +01:00
}
2013-10-25 00:58:23 +02:00
2017-10-03 01:00:46 +02:00
$login_title = get_bloginfo ( 'name' , 'display' );
/* translators: Login screen title. 1: Login screen name, 2: Network or site name */
$login_title = sprintf ( __ ( '%1$s ‹ %2$s — WordPress' ), $title , $login_title );
/**
* Filters the title tag content for login page .
*
* @ since 4.9 . 0
*
* @ param string $login_title The page title , with extra context added .
* @ param string $title The original page title .
*/
$login_title = apply_filters ( 'login_title' , $login_title , $title );
2016-02-06 23:56:27 +01:00
2013-10-25 00:58:23 +02:00
?> <!DOCTYPE html>
2013-12-03 21:12:11 +01:00
<!-- [ if IE 8 ] >
< html xmlns = " http://www.w3.org/1999/xhtml " class = " ie8 " < ? php language_attributes (); ?> >
<! [ endif ] -->
<!-- [ if ! ( IE 8 ) ] ><!-->
< html xmlns = " http://www.w3.org/1999/xhtml " < ? php language_attributes (); ?> >
<!--<! [ endif ] -->
2013-10-25 00:58:23 +02:00
< head >
2017-12-01 00:11:00 +01:00
< meta http - equiv = " Content-Type " content = " <?php bloginfo( 'html_type' ); ?>; charset=<?php bloginfo( 'charset' ); ?> " />
2017-10-03 01:00:46 +02:00
< title >< ? php echo $login_title ; ?> </title>
2013-10-25 00:58:23 +02:00
< ? php
2016-01-18 10:57:29 +01:00
wp_enqueue_style ( 'login' );
2013-10-25 00:58:23 +02:00
2014-07-17 11:12:16 +02:00
/*
* Remove all stored post data on logging out .
* This could be added by add_action ( 'login_head' ... ) like wp_shake_js (),
* but maybe better if it ' s not removable by plugins
*/
2013-10-25 00:58:23 +02:00
if ( 'loggedout' == $wp_error -> get_error_code () ) {
?>
< script > if ( " sessionStorage " in window ){ try { for ( var key in sessionStorage ){ if ( key . indexOf ( " wp-autosave- " ) !=- 1 ){ sessionStorage . removeItem ( key )}}} catch ( e ){}}; </ script >
< ? php
}
/**
* Enqueue scripts and styles for the login page .
*
* @ since 3.1 . 0
*/
do_action ( 'login_enqueue_scripts' );
2016-01-18 10:57:29 +01:00
2013-10-25 00:58:23 +02:00
/**
* Fires in the login page header after scripts are enqueued .
*
* @ since 2.1 . 0
*/
do_action ( 'login_head' );
if ( is_multisite () ) {
$login_header_url = network_home_url ();
2016-10-19 06:47:30 +02:00
$login_header_title = get_network () -> site_name ;
2013-10-25 00:58:23 +02:00
} else {
2014-03-03 03:34:27 +01:00
$login_header_url = __ ( 'https://wordpress.org/' );
2013-10-25 00:58:23 +02:00
$login_header_title = __ ( 'Powered by WordPress' );
}
/**
2016-05-23 18:44:27 +02:00
* Filters link URL of the header logo above login form .
2013-10-25 00:58:23 +02:00
*
* @ since 2.1 . 0
*
* @ param string $login_header_url Login header logo URL .
*/
$login_header_url = apply_filters ( 'login_headerurl' , $login_header_url );
2016-05-23 18:44:27 +02:00
2013-10-25 00:58:23 +02:00
/**
2016-05-23 18:44:27 +02:00
* Filters the title attribute of the header logo above login form .
2013-10-25 00:58:23 +02:00
*
* @ since 2.1 . 0
*
* @ param string $login_header_title Login header logo title attribute .
*/
$login_header_title = apply_filters ( 'login_headertitle' , $login_header_title );
Login: On the single site login screen, match the logo link text with the title.
Previously, the (W) logo on the single site login screen linked to wordpress.org, with an appropriate `title` attribute, but the link text was the blog name.
To fix this discrepency, the link text is now the same as the `title` attribute.
Props pento, obrienlabs, afercia, flixos90, lukecavanagh, and the infinite stack of bikesheds that WordPress is balanced upon.
Fixes #34625.
Built from https://develop.svn.wordpress.org/trunk@41843
git-svn-id: http://core.svn.wordpress.org/trunk@41677 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-12 06:57:46 +02:00
/*
* To match the URL / title set above , Multisite sites have the blog name ,
* while single sites get the header title .
*/
if ( is_multisite () ) {
2017-10-13 04:10:48 +02:00
$login_header_text = get_bloginfo ( 'name' , 'display' );
Login: On the single site login screen, match the logo link text with the title.
Previously, the (W) logo on the single site login screen linked to wordpress.org, with an appropriate `title` attribute, but the link text was the blog name.
To fix this discrepency, the link text is now the same as the `title` attribute.
Props pento, obrienlabs, afercia, flixos90, lukecavanagh, and the infinite stack of bikesheds that WordPress is balanced upon.
Fixes #34625.
Built from https://develop.svn.wordpress.org/trunk@41843
git-svn-id: http://core.svn.wordpress.org/trunk@41677 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-12 06:57:46 +02:00
} else {
$login_header_text = $login_header_title ;
}
2013-10-25 00:58:23 +02:00
$classes = array ( 'login-action-' . $action , 'wp-core-ui' );
2017-12-01 00:11:00 +01:00
if ( is_rtl () ) {
2013-10-25 00:58:23 +02:00
$classes [] = 'rtl' ;
2017-12-01 00:11:00 +01:00
}
2013-10-25 00:58:23 +02:00
if ( $interim_login ) {
$classes [] = 'interim-login' ;
?>
< style type = " text/css " > html { background - color : transparent ;} </ style >
< ? php
2017-12-01 00:11:00 +01:00
if ( 'success' === $interim_login ) {
2013-10-25 00:58:23 +02:00
$classes [] = 'interim-login-success' ;
2017-12-01 00:11:00 +01:00
}
2013-10-25 00:58:23 +02:00
}
2017-12-01 00:11:00 +01:00
$classes [] = ' locale-' . sanitize_html_class ( strtolower ( str_replace ( '_' , '-' , get_locale () ) ) );
2013-10-25 00:58:23 +02:00
/**
2016-05-23 18:44:27 +02:00
* Filters the login page body classes .
2013-10-25 00:58:23 +02:00
*
* @ since 3.5 . 0
*
* @ param array $classes An array of body classes .
* @ param string $action The action that brought the visitor to the login page .
*/
$classes = apply_filters ( 'login_body_class' , $classes , $action );
?>
</ head >
< body class = " login <?php echo esc_attr( implode( ' ', $classes ) ); ?> " >
2016-04-19 01:54:29 +02:00
< ? php
/**
* Fires in the login page header after the body tag is opened .
*
* @ since 4.6 . 0
*/
do_action ( 'login_header' );
?>
2013-10-25 00:58:23 +02:00
< div id = " login " >
Login: On the single site login screen, match the logo link text with the title.
Previously, the (W) logo on the single site login screen linked to wordpress.org, with an appropriate `title` attribute, but the link text was the blog name.
To fix this discrepency, the link text is now the same as the `title` attribute.
Props pento, obrienlabs, afercia, flixos90, lukecavanagh, and the infinite stack of bikesheds that WordPress is balanced upon.
Fixes #34625.
Built from https://develop.svn.wordpress.org/trunk@41843
git-svn-id: http://core.svn.wordpress.org/trunk@41677 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-12 06:57:46 +02:00
< h1 >< a href = " <?php echo esc_url( $login_header_url ); ?> " title = " <?php echo esc_attr( $login_header_title ); ?> " tabindex = " -1 " >< ? php echo $login_header_text ; ?> </a></h1>
2013-10-25 00:58:23 +02:00
< ? php
unset ( $login_header_url , $login_header_title );
/**
2016-05-23 18:44:27 +02:00
* Filters the message to display above the login form .
2013-10-25 00:58:23 +02:00
*
* @ since 2.1 . 0
*
* @ param string $message Login message text .
*/
$message = apply_filters ( 'login_message' , $message );
2017-12-01 00:11:00 +01:00
if ( ! empty ( $message ) ) {
2013-10-25 00:58:23 +02:00
echo $message . " \n " ;
2017-12-01 00:11:00 +01:00
}
2013-10-25 00:58:23 +02:00
// In case a plugin uses $error rather than the $wp_errors object
2017-12-01 00:11:00 +01:00
if ( ! empty ( $error ) ) {
$wp_error -> add ( 'error' , $error );
unset ( $error );
2013-10-25 00:58:23 +02:00
}
2018-02-27 03:31:31 +01:00
if ( $wp_error -> has_errors () ) {
2017-12-01 00:11:00 +01:00
$errors = '' ;
2013-10-25 00:58:23 +02:00
$messages = '' ;
foreach ( $wp_error -> get_error_codes () as $code ) {
2014-06-30 16:39:17 +02:00
$severity = $wp_error -> get_error_data ( $code );
foreach ( $wp_error -> get_error_messages ( $code ) as $error_message ) {
2017-12-01 00:11:00 +01:00
if ( 'message' == $severity ) {
2014-06-30 16:39:17 +02:00
$messages .= ' ' . $error_message . " <br /> \n " ;
2017-12-01 00:11:00 +01:00
} else {
2014-06-30 16:39:17 +02:00
$errors .= ' ' . $error_message . " <br /> \n " ;
2017-12-01 00:11:00 +01:00
}
2013-10-25 00:58:23 +02:00
}
}
if ( ! empty ( $errors ) ) {
/**
2016-05-23 18:44:27 +02:00
* Filters the error messages displayed above the login form .
2013-10-25 00:58:23 +02:00
*
* @ since 2.1 . 0
*
* @ param string $errors Login error message .
*/
echo '<div id="login_error">' . apply_filters ( 'login_errors' , $errors ) . " </div> \n " ;
}
if ( ! empty ( $messages ) ) {
/**
2016-05-23 18:44:27 +02:00
* Filters instructional messages displayed above the login form .
2013-10-25 00:58:23 +02:00
*
* @ since 2.5 . 0
*
* @ param string $messages Login messages .
*/
echo '<p class="message">' . apply_filters ( 'login_messages' , $messages ) . " </p> \n " ;
}
}
} // End of login_header()
/**
* Outputs the footer for the login page .
*
* @ param string $input_id Which input to auto - focus
*/
2017-12-01 00:11:00 +01:00
function login_footer ( $input_id = '' ) {
2013-10-25 00:58:23 +02:00
global $interim_login ;
// Don't allow interim logins to navigate away from the page.
2017-12-01 00:11:00 +01:00
if ( ! $interim_login ) :
?>
< p id = " backtoblog " >< a href = " <?php echo esc_url( home_url( '/' ) ); ?> " >
< ? php
/* translators: %s: site title */
printf ( _x ( '← Back to %s' , 'site' ), get_bloginfo ( 'title' , 'display' ) );
?>
</ a ></ p >
2013-10-25 00:58:23 +02:00
< ? php endif ; ?>
</ div >
2017-12-01 00:11:00 +01:00
< ? php if ( ! empty ( $input_id ) ) : ?>
2013-10-25 00:58:23 +02:00
< script type = " text/javascript " >
try { document . getElementById ( '<?php echo $input_id; ?>' ) . focus ();} catch ( e ){}
if ( typeof wpOnload == 'function' ) wpOnload ();
</ script >
< ? php endif ; ?>
< ? php
/**
* Fires in the login page footer .
*
* @ since 3.1 . 0
*/
2017-12-01 00:11:00 +01:00
do_action ( 'login_footer' );
?>
2013-10-25 00:58:23 +02:00
< div class = " clear " ></ div >
</ body >
</ html >
< ? php
}
2015-05-31 05:18:25 +02:00
/**
* @ since 3.0 . 0
*/
2013-10-25 00:58:23 +02:00
function wp_shake_js () {
?>
< script type = " text/javascript " >
addLoadEvent = function ( func ){ if ( typeof jQuery != " undefined " ) jQuery ( document ) . ready ( func ); else if ( typeof wpOnload != 'function' ){ wpOnload = func ;} else { var oldonload = wpOnload ; wpOnload = function (){ oldonload (); func ();}}};
function s ( id , pos ){ g ( id ) . left = pos + 'px' ;}
function g ( id ){ return document . getElementById ( id ) . style ;}
function shake ( id , a , d ){ c = a . shift (); s ( id , c ); if ( a . length > 0 ){ setTimeout ( function (){ shake ( id , a , d );}, d );} else { try { g ( id ) . position = 'static' ; wp_attempt_focus ();} catch ( e ){}}}
addLoadEvent ( function (){ var p = new Array ( 15 , 30 , 15 , 0 , - 15 , - 30 , - 15 , 0 ); p = p . concat ( p . concat ( p )); var i = document . forms [ 0 ] . id ; g ( i ) . position = 'relative' ; shake ( i , p , 20 );});
</ script >
< ? php
}
2015-05-31 05:18:25 +02:00
/**
* @ since 3.7 . 0
*/
2013-10-25 00:58:23 +02:00
function wp_login_viewport_meta () {
?>
< meta name = " viewport " content = " width=device-width " />
< ? php
}
/**
* Handles sending password retrieval email to user .
*
* @ return bool | WP_Error True : when finish . WP_Error on error
*/
function retrieve_password () {
$errors = new WP_Error ();
2017-10-06 19:37:47 +02:00
if ( empty ( $_POST [ 'user_login' ] ) || ! is_string ( $_POST [ 'user_login' ] ) ) {
2017-12-01 00:11:00 +01:00
$errors -> add ( 'empty_username' , __ ( '<strong>ERROR</strong>: Enter a username or email address.' ) );
2015-01-08 08:05:25 +01:00
} elseif ( strpos ( $_POST [ 'user_login' ], '@' ) ) {
2016-05-20 21:21:30 +02:00
$user_data = get_user_by ( 'email' , trim ( wp_unslash ( $_POST [ 'user_login' ] ) ) );
2017-12-01 00:11:00 +01:00
if ( empty ( $user_data ) ) {
$errors -> add ( 'invalid_email' , __ ( '<strong>ERROR</strong>: There is no user registered with that email address.' ) );
}
2013-10-25 00:58:23 +02:00
} else {
2017-12-01 00:11:00 +01:00
$login = trim ( $_POST [ 'user_login' ] );
$user_data = get_user_by ( 'login' , $login );
2013-10-25 00:58:23 +02:00
}
/**
* Fires before errors are returned from a password reset request .
*
* @ since 2.1 . 0
2015-10-07 01:00:25 +02:00
* @ since 4.4 . 0 Added the `$errors` parameter .
*
* @ param WP_Error $errors A WP_Error object containing any errors generated
* by using invalid credentials .
2013-10-25 00:58:23 +02:00
*/
2015-10-07 01:00:25 +02:00
do_action ( 'lostpassword_post' , $errors );
2013-10-25 00:58:23 +02:00
2018-02-27 03:31:31 +01:00
if ( $errors -> has_errors () ) {
2013-10-25 00:58:23 +02:00
return $errors ;
2017-12-01 00:11:00 +01:00
}
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
if ( ! $user_data ) {
$errors -> add ( 'invalidcombo' , __ ( '<strong>ERROR</strong>: Invalid username or email.' ) );
2013-10-25 00:58:23 +02:00
return $errors ;
}
2014-07-17 11:12:16 +02:00
// Redefining user_login ensures we return the right case in the email.
2013-10-25 00:58:23 +02:00
$user_login = $user_data -> user_login ;
$user_email = $user_data -> user_email ;
2017-12-01 00:11:00 +01:00
$key = get_password_reset_key ( $user_data );
2013-10-25 00:58:23 +02:00
2015-10-08 02:11:24 +02:00
if ( is_wp_error ( $key ) ) {
return $key ;
2013-10-25 00:58:23 +02:00
}
2016-08-31 07:04:29 +02:00
if ( is_multisite () ) {
2017-09-23 13:44:46 +02:00
$site_name = get_network () -> site_name ;
2016-08-31 07:04:29 +02:00
} else {
2014-07-17 11:12:16 +02:00
/*
* The blogname option is escaped with esc_html on the way into the database
* in sanitize_option we want to reverse this for the plain text arena of emails .
*/
2017-09-23 13:44:46 +02:00
$site_name = wp_specialchars_decode ( get_option ( 'blogname' ), ENT_QUOTES );
2016-08-31 07:04:29 +02:00
}
2013-10-25 00:58:23 +02:00
2017-09-23 13:44:46 +02:00
$message = __ ( 'Someone has requested a password reset for the following account:' ) . " \r \n \r \n " ;
/* translators: %s: site name */
2017-12-01 00:11:00 +01:00
$message .= sprintf ( __ ( 'Site Name: %s' ), $site_name ) . " \r \n \r \n " ;
2017-09-23 13:44:46 +02:00
/* translators: %s: user login */
2017-12-01 00:11:00 +01:00
$message .= sprintf ( __ ( 'Username: %s' ), $user_login ) . " \r \n \r \n " ;
2017-09-23 13:44:46 +02:00
$message .= __ ( 'If this was a mistake, just ignore this email and nothing will happen.' ) . " \r \n \r \n " ;
$message .= __ ( 'To reset your password, visit the following address:' ) . " \r \n \r \n " ;
$message .= '<' . network_site_url ( " wp-login.php?action=rp&key= $key &login= " . rawurlencode ( $user_login ), 'login' ) . " > \r \n " ;
/* translators: Password reset email subject. %s: Site name */
$title = sprintf ( __ ( '[%s] Password Reset' ), $site_name );
2013-10-25 00:58:23 +02:00
/**
2016-05-23 18:44:27 +02:00
* Filters the subject of the password reset email .
2013-10-25 00:58:23 +02:00
*
* @ since 2.8 . 0
2015-10-13 02:51:24 +02:00
* @ since 4.4 . 0 Added the `$user_login` and `$user_data` parameters .
2013-10-25 00:58:23 +02:00
*
2015-10-13 02:51:24 +02:00
* @ param string $title Default email title .
* @ param string $user_login The username for the user .
* @ param WP_User $user_data WP_User object .
2013-10-25 00:58:23 +02:00
*/
2015-10-13 02:51:24 +02:00
$title = apply_filters ( 'retrieve_password_title' , $title , $user_login , $user_data );
2014-11-16 08:25:22 +01:00
2013-10-25 00:58:23 +02:00
/**
2016-05-23 18:44:27 +02:00
* Filters the message body of the password reset mail .
2017-05-12 19:12:46 +02:00
*
2017-02-06 05:16:42 +01:00
* If the filtered message is empty , the password reset email will not be sent .
2013-10-25 00:58:23 +02:00
*
* @ since 2.8 . 0
2014-11-16 08:25:22 +01:00
* @ since 4.1 . 0 Added `$user_login` and `$user_data` parameters .
2013-10-25 00:58:23 +02:00
*
2014-11-16 08:25:22 +01:00
* @ param string $message Default mail message .
* @ param string $key The activation key .
* @ param string $user_login The username for the user .
* @ param WP_User $user_data WP_User object .
2013-10-25 00:58:23 +02:00
*/
2014-11-16 08:25:22 +01:00
$message = apply_filters ( 'retrieve_password_message' , $message , $key , $user_login , $user_data );
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
if ( $message && ! wp_mail ( $user_email , wp_specialchars_decode ( $title ), $message ) ) {
wp_die ( __ ( 'The email could not be sent.' ) . " <br /> \n " . __ ( 'Possible reason: your host may have disabled the mail() function.' ) );
}
2013-10-25 00:58:23 +02:00
return true ;
}
//
// Main
//
2017-12-01 00:11:00 +01:00
$action = isset ( $_REQUEST [ 'action' ] ) ? $_REQUEST [ 'action' ] : 'login' ;
2013-10-25 00:58:23 +02:00
$errors = new WP_Error ();
2017-12-01 00:11:00 +01:00
if ( isset ( $_GET [ 'key' ] ) ) {
2013-10-25 00:58:23 +02:00
$action = 'resetpass' ;
2017-12-01 00:11:00 +01:00
}
2013-10-25 00:58:23 +02:00
// validate action so as to default to the login screen
2018-03-07 00:47:30 +01:00
if ( ! in_array ( $action , array ( 'postpass' , 'logout' , 'lostpassword' , 'retrievepassword' , 'resetpass' , 'rp' , 'register' , 'login' , 'emailconfirm' ), true ) && false === has_filter ( 'login_form_' . $action ) ) {
2013-10-25 00:58:23 +02:00
$action = 'login' ;
2017-12-01 00:11:00 +01:00
}
2013-10-25 00:58:23 +02:00
nocache_headers ();
2017-12-01 00:11:00 +01:00
header ( 'Content-Type: ' . get_bloginfo ( 'html_type' ) . '; charset=' . get_bloginfo ( 'charset' ) );
2013-10-25 00:58:23 +02:00
if ( defined ( 'RELOCATE' ) && RELOCATE ) { // Move flag is set
2017-12-01 00:11:00 +01:00
if ( isset ( $_SERVER [ 'PATH_INFO' ] ) && ( $_SERVER [ 'PATH_INFO' ] != $_SERVER [ 'PHP_SELF' ] ) ) {
2013-10-25 00:58:23 +02:00
$_SERVER [ 'PHP_SELF' ] = str_replace ( $_SERVER [ 'PATH_INFO' ], '' , $_SERVER [ 'PHP_SELF' ] );
2017-12-01 00:11:00 +01:00
}
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
$url = dirname ( set_url_scheme ( 'http://' . $_SERVER [ 'HTTP_HOST' ] . $_SERVER [ 'PHP_SELF' ] ) );
if ( $url != get_option ( 'siteurl' ) ) {
2013-10-25 00:58:23 +02:00
update_option ( 'siteurl' , $url );
2017-12-01 00:11:00 +01:00
}
2013-10-25 00:58:23 +02:00
}
//Set a cookie now to see if they are supported by the browser.
2015-10-08 05:05:25 +02:00
$secure = ( 'https' === parse_url ( wp_login_url (), PHP_URL_SCHEME ) );
2014-06-29 15:25:16 +02:00
setcookie ( TEST_COOKIE , 'WP Cookie check' , 0 , COOKIEPATH , COOKIE_DOMAIN , $secure );
2017-12-01 00:11:00 +01:00
if ( SITECOOKIEPATH != COOKIEPATH ) {
2014-06-29 15:25:16 +02:00
setcookie ( TEST_COOKIE , 'WP Cookie check' , 0 , SITECOOKIEPATH , COOKIE_DOMAIN , $secure );
2017-12-01 00:11:00 +01:00
}
2013-10-25 00:58:23 +02:00
2017-10-03 01:21:47 +02:00
$lang = ! empty ( $_GET [ 'wp_lang' ] ) ? sanitize_text_field ( $_GET [ 'wp_lang' ] ) : '' ;
$switched_locale = switch_to_locale ( $lang );
2013-10-25 00:58:23 +02:00
/**
* Fires when the login form is initialized .
2013-10-25 04:29:52 +02:00
*
2013-10-25 00:58:23 +02:00
* @ since 3.2 . 0
*/
do_action ( 'login_init' );
2017-10-03 01:21:47 +02:00
2013-10-25 00:58:23 +02:00
/**
* Fires before a specified login form action .
*
2014-11-30 12:45:23 +01:00
* The dynamic portion of the hook name , `$action` , refers to the action
2013-10-25 00:58:23 +02:00
* that brought the visitor to the login form . Actions include 'postpass' ,
* 'logout' , 'lostpassword' , etc .
2013-10-25 04:29:52 +02:00
*
2013-10-25 00:58:23 +02:00
* @ since 2.8 . 0
*/
2016-08-22 20:25:31 +02:00
do_action ( " login_form_ { $action } " );
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
$http_post = ( 'POST' == $_SERVER [ 'REQUEST_METHOD' ] );
$interim_login = isset ( $_REQUEST [ 'interim-login' ] );
2013-10-25 00:58:23 +02:00
2017-08-22 16:23:47 +02:00
/**
* Filters the separator used between login form navigation links .
*
* @ since 4.9 . 0
*
* @ param string $login_link_separator The separator used between login form navigation links .
*/
$login_link_separator = apply_filters ( 'login_link_separator' , ' | ' );
2017-12-01 00:11:00 +01:00
switch ( $action ) {
2015-10-07 16:30:25 +02:00
2017-12-01 00:11:00 +01:00
case 'postpass' :
if ( ! array_key_exists ( 'post_password' , $_POST ) ) {
wp_safe_redirect ( wp_get_referer () );
exit ();
}
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
require_once ABSPATH . WPINC . '/class-phpass.php' ;
$hasher = new PasswordHash ( 8 , true );
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
/**
* Filters the life span of the post password cookie .
*
* By default , the cookie expires 10 days from creation . To turn this
* into a session cookie , return 0.
*
* @ since 3.7 . 0
*
* @ param int $expires The expiry time , as passed to setcookie () .
*/
$expire = apply_filters ( 'post_password_expires' , time () + 10 * DAY_IN_SECONDS );
$referer = wp_get_referer ();
if ( $referer ) {
$secure = ( 'https' === parse_url ( $referer , PHP_URL_SCHEME ) );
} else {
$secure = false ;
}
setcookie ( 'wp-postpass_' . COOKIEHASH , $hasher -> HashPassword ( wp_unslash ( $_POST [ 'post_password' ] ) ), $expire , COOKIEPATH , COOKIE_DOMAIN , $secure );
2017-10-03 01:21:47 +02:00
2017-12-01 00:11:00 +01:00
if ( $switched_locale ) {
restore_previous_locale ();
}
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
wp_safe_redirect ( wp_get_referer () );
exit ();
2015-02-11 20:19:26 +01:00
2017-12-01 00:11:00 +01:00
case 'logout' :
check_admin_referer ( 'log-out' );
2015-02-11 20:19:26 +01:00
2017-12-01 00:11:00 +01:00
$user = wp_get_current_user ();
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
wp_logout ();
2015-02-11 20:19:26 +01:00
2017-12-01 00:11:00 +01:00
if ( ! empty ( $_REQUEST [ 'redirect_to' ] ) ) {
$redirect_to = $requested_redirect_to = $_REQUEST [ 'redirect_to' ];
} else {
$redirect_to = 'wp-login.php?loggedout=true' ;
$requested_redirect_to = '' ;
}
2017-10-03 01:21:47 +02:00
2017-12-01 00:11:00 +01:00
if ( $switched_locale ) {
restore_previous_locale ();
}
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
/**
* Filters the log out redirect URL .
*
* @ since 4.2 . 0
*
* @ param string $redirect_to The redirect destination URL .
* @ param string $requested_redirect_to The requested redirect destination URL passed as a parameter .
* @ param WP_User $user The WP_User object for the user that ' s logging out .
*/
$redirect_to = apply_filters ( 'logout_redirect' , $redirect_to , $requested_redirect_to , $user );
wp_safe_redirect ( $redirect_to );
exit ();
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
case 'lostpassword' :
case 'retrievepassword' :
if ( $http_post ) {
$errors = retrieve_password ();
if ( ! is_wp_error ( $errors ) ) {
$redirect_to = ! empty ( $_REQUEST [ 'redirect_to' ] ) ? $_REQUEST [ 'redirect_to' ] : 'wp-login.php?checkemail=confirm' ;
wp_safe_redirect ( $redirect_to );
exit ();
}
2013-10-25 00:58:23 +02:00
}
2017-12-01 00:11:00 +01:00
if ( isset ( $_GET [ 'error' ] ) ) {
if ( 'invalidkey' == $_GET [ 'error' ] ) {
$errors -> add ( 'invalidkey' , __ ( 'Your password reset link appears to be invalid. Please request a new link below.' ) );
} elseif ( 'expiredkey' == $_GET [ 'error' ] ) {
$errors -> add ( 'expiredkey' , __ ( 'Your password reset link has expired. Please request a new link below.' ) );
}
2015-07-01 08:33:26 +02:00
}
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
$lostpassword_redirect = ! empty ( $_REQUEST [ 'redirect_to' ] ) ? $_REQUEST [ 'redirect_to' ] : '' ;
/**
* Filters the URL redirected to after submitting the lostpassword / retrievepassword form .
*
* @ since 3.0 . 0
*
* @ param string $lostpassword_redirect The redirect destination URL .
*/
$redirect_to = apply_filters ( 'lostpassword_redirect' , $lostpassword_redirect );
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
/**
* Fires before the lost password form .
*
* @ since 1.5 . 1
*/
do_action ( 'lost_password' );
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
login_header ( __ ( 'Lost Password' ), '<p class="message">' . __ ( 'Please enter your username or email address. You will receive a link to create a new password via email.' ) . '</p>' , $errors );
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
$user_login = '' ;
2017-10-06 19:37:47 +02:00
2017-12-01 00:11:00 +01:00
if ( isset ( $_POST [ 'user_login' ] ) && is_string ( $_POST [ 'user_login' ] ) ) {
$user_login = wp_unslash ( $_POST [ 'user_login' ] );
}
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
?>
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
< form name = " lostpasswordform " id = " lostpasswordform " action = " <?php echo esc_url( network_site_url( 'wp-login.php?action=lostpassword', 'login_post' ) ); ?> " method = " post " >
2013-10-25 00:58:23 +02:00
< p >
2016-08-31 20:51:28 +02:00
< label for = " user_login " >< ? php _e ( 'Username or Email Address' ); ?> <br />
2017-12-16 14:41:48 +01:00
< input type = " text " name = " user_login " id = " user_login " class = " input " value = " <?php echo esc_attr( $user_login ); ?> " size = " 20 " autocapitalize = " off " /></ label >
2013-10-25 00:58:23 +02:00
</ p >
< ? php
/**
2014-11-24 07:31:21 +01:00
* Fires inside the lostpassword form tags , before the hidden fields .
2013-10-25 00:58:23 +02:00
*
* @ since 2.1 . 0
*/
2017-12-01 00:11:00 +01:00
do_action ( 'lostpassword_form' );
?>
< input type = " hidden " name = " redirect_to " value = " <?php echo esc_attr( $redirect_to ); ?> " />
< p class = " submit " >< input type = " submit " name = " wp-submit " id = " wp-submit " class = " button button-primary button-large " value = " <?php esc_attr_e( 'Get New Password' ); ?> " /></ p >
</ form >
2014-04-25 08:24:15 +02:00
2017-12-01 00:11:00 +01:00
< p id = " nav " >
< a href = " <?php echo esc_url( wp_login_url() ); ?> " >< ? php _e ( 'Log in' ); ?> </a>
< ? php
if ( get_option ( 'users_can_register' ) ) :
$registration_url = sprintf ( '<a href="%s">%s</a>' , esc_url ( wp_registration_url () ), __ ( 'Register' ) );
2017-08-22 16:23:47 +02:00
2017-12-01 00:11:00 +01:00
echo esc_html ( $login_link_separator );
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
/** This filter is documented in wp-includes/general-template.php */
echo apply_filters ( 'register' , $registration_url );
endif ;
?>
</ p >
2017-10-03 01:21:47 +02:00
2017-12-01 00:11:00 +01:00
< ? php
login_footer ( 'user_login' );
2017-10-03 01:21:47 +02:00
2017-12-01 00:11:00 +01:00
if ( $switched_locale ) {
restore_previous_locale ();
2014-07-29 20:19:16 +02:00
}
2017-12-01 00:11:00 +01:00
break ;
case 'resetpass' :
case 'rp' :
list ( $rp_path ) = explode ( '?' , wp_unslash ( $_SERVER [ 'REQUEST_URI' ] ) );
$rp_cookie = 'wp-resetpass-' . COOKIEHASH ;
if ( isset ( $_GET [ 'key' ] ) ) {
$value = sprintf ( '%s:%s' , wp_unslash ( $_GET [ 'login' ] ), wp_unslash ( $_GET [ 'key' ] ) );
setcookie ( $rp_cookie , $value , 0 , $rp_path , COOKIE_DOMAIN , is_ssl (), true );
wp_safe_redirect ( remove_query_arg ( array ( 'key' , 'login' ) ) );
exit ;
}
if ( isset ( $_COOKIE [ $rp_cookie ] ) && 0 < strpos ( $_COOKIE [ $rp_cookie ], ':' ) ) {
list ( $rp_login , $rp_key ) = explode ( ':' , wp_unslash ( $_COOKIE [ $rp_cookie ] ), 2 );
$user = check_password_reset_key ( $rp_key , $rp_login );
if ( isset ( $_POST [ 'pass1' ] ) && ! hash_equals ( $rp_key , $_POST [ 'rp_key' ] ) ) {
$user = false ;
}
} else {
2014-11-20 13:22:22 +01:00
$user = false ;
}
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
if ( ! $user || is_wp_error ( $user ) ) {
setcookie ( $rp_cookie , ' ' , time () - YEAR_IN_SECONDS , $rp_path , COOKIE_DOMAIN , is_ssl (), true );
if ( $user && $user -> get_error_code () === 'expired_key' ) {
wp_redirect ( site_url ( 'wp-login.php?action=lostpassword&error=expiredkey' ) );
} else {
wp_redirect ( site_url ( 'wp-login.php?action=lostpassword&error=invalidkey' ) );
}
exit ;
}
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
$errors = new WP_Error ();
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
if ( isset ( $_POST [ 'pass1' ] ) && $_POST [ 'pass1' ] != $_POST [ 'pass2' ] ) {
$errors -> add ( 'password_reset_mismatch' , __ ( 'The passwords do not match.' ) );
}
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
/**
* Fires before the password reset procedure is validated .
*
* @ since 3.5 . 0
*
* @ param object $errors WP Error object .
* @ param WP_User | WP_Error $user WP_User object if the login and reset key match . WP_Error object otherwise .
*/
do_action ( 'validate_password_reset' , $errors , $user );
2018-02-27 03:31:31 +01:00
if ( ( ! $errors -> has_errors () ) && isset ( $_POST [ 'pass1' ] ) && ! empty ( $_POST [ 'pass1' ] ) ) {
2017-12-01 00:11:00 +01:00
reset_password ( $user , $_POST [ 'pass1' ] );
setcookie ( $rp_cookie , ' ' , time () - YEAR_IN_SECONDS , $rp_path , COOKIE_DOMAIN , is_ssl (), true );
login_header ( __ ( 'Password Reset' ), '<p class="message reset-pass">' . __ ( 'Your password has been reset.' ) . ' <a href="' . esc_url ( wp_login_url () ) . '">' . __ ( 'Log in' ) . '</a></p>' );
login_footer ();
exit ;
}
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
wp_enqueue_script ( 'utils' );
wp_enqueue_script ( 'user-profile' );
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
login_header ( __ ( 'Reset Password' ), '<p class="message reset-pass">' . __ ( 'Enter your new password below.' ) . '</p>' , $errors );
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
?>
< form name = " resetpassform " id = " resetpassform " action = " <?php echo esc_url( network_site_url( 'wp-login.php?action=resetpass', 'login_post' ) ); ?> " method = " post " autocomplete = " off " >
2014-07-29 20:19:16 +02:00
< input type = " hidden " id = " user_login " value = " <?php echo esc_attr( $rp_login ); ?> " autocomplete = " off " />
2013-10-25 00:58:23 +02:00
2015-09-22 05:57:24 +02:00
< div class = " user-pass1-wrap " >
< p >
2017-12-01 00:11:00 +01:00
< label for = " pass1 " >< ? php _e ( 'New password' ); ?> </label>
2015-09-22 05:57:24 +02:00
</ p >
< div class = " wp-pwd " >
2017-09-21 23:29:48 +02:00
< div class = " password-input-wrapper " >
< input type = " password " data - reveal = " 1 " data - pw = " <?php echo esc_attr( wp_generate_password( 16 ) ); ?> " name = " pass1 " id = " pass1 " class = " input password-input " size = " 24 " value = " " autocomplete = " off " aria - describedby = " pass-strength-result " />
< span class = " button button-secondary wp-hide-pw hide-if-no-js " >
< span class = " dashicons dashicons-hidden " ></ span >
</ span >
</ div >
2015-09-22 05:57:24 +02:00
< div id = " pass-strength-result " class = " hide-if-no-js " aria - live = " polite " >< ? php _e ( 'Strength indicator' ); ?> </div>
</ div >
2017-09-21 23:29:48 +02:00
< div class = " pw-weak " >
< label >
< input type = " checkbox " name = " pw_weak " class = " pw-checkbox " />
< ? php _e ( 'Confirm use of weak password' ); ?>
</ label >
</ div >
2015-09-16 13:46:25 +02:00
</ div >
2015-07-01 16:48:24 +02:00
< p class = " user-pass2-wrap " >
2017-12-01 00:11:00 +01:00
< label for = " pass2 " >< ? php _e ( 'Confirm new password' ); ?> </label><br />
2015-07-01 16:48:24 +02:00
< input type = " password " name = " pass2 " id = " pass2 " class = " input " size = " 20 " value = " " autocomplete = " off " />
2013-10-25 00:58:23 +02:00
</ p >
2014-12-15 09:34:23 +01:00
< p class = " description indicator-hint " >< ? php echo wp_get_password_hint (); ?> </p>
2013-10-25 00:58:23 +02:00
< br class = " clear " />
2014-02-02 08:52:13 +01:00
< ? php
/**
* Fires following the 'Strength indicator' meter in the user password reset form .
*
* @ since 3.9 . 0
*
2014-04-08 00:06:14 +02:00
* @ param WP_User $user User object of the user whose password is being reset .
2014-02-02 08:52:13 +01:00
*/
do_action ( 'resetpass_form' , $user );
?>
2014-11-20 13:22:22 +01:00
< input type = " hidden " name = " rp_key " value = " <?php echo esc_attr( $rp_key ); ?> " />
2017-12-01 00:11:00 +01:00
< p class = " submit " >< input type = " submit " name = " wp-submit " id = " wp-submit " class = " button button-primary button-large " value = " <?php esc_attr_e( 'Reset Password' ); ?> " /></ p >
</ form >
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
< p id = " nav " >
< a href = " <?php echo esc_url( wp_login_url() ); ?> " >< ? php _e ( 'Log in' ); ?> </a>
< ? php
if ( get_option ( 'users_can_register' ) ) :
$registration_url = sprintf ( '<a href="%s">%s</a>' , esc_url ( wp_registration_url () ), __ ( 'Register' ) );
2017-10-03 01:21:47 +02:00
2017-12-01 00:11:00 +01:00
echo esc_html ( $login_link_separator );
2017-10-03 01:21:47 +02:00
2017-12-01 00:11:00 +01:00
/** This filter is documented in wp-includes/general-template.php */
echo apply_filters ( 'register' , $registration_url );
endif ;
?>
</ p >
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
< ? php
login_footer ( 'user_pass' );
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
if ( $switched_locale ) {
restore_previous_locale ();
2013-10-25 00:58:23 +02:00
}
2017-12-01 00:11:00 +01:00
break ;
2017-10-06 19:37:47 +02:00
2017-12-01 00:11:00 +01:00
case 'register' :
if ( is_multisite () ) {
/**
* Filters the Multisite sign up URL .
*
* @ since 3.0 . 0
*
* @ param string $sign_up_url The sign up URL .
*/
wp_redirect ( apply_filters ( 'wp_signup_location' , network_site_url ( 'wp-signup.php' ) ) );
exit ;
2017-10-06 19:37:47 +02:00
}
2017-12-01 00:11:00 +01:00
if ( ! get_option ( 'users_can_register' ) ) {
wp_redirect ( site_url ( 'wp-login.php?registration=disabled' ) );
exit ();
2017-10-06 19:37:47 +02:00
}
2017-12-01 00:11:00 +01:00
$user_login = '' ;
$user_email = '' ;
if ( $http_post ) {
if ( isset ( $_POST [ 'user_login' ] ) && is_string ( $_POST [ 'user_login' ] ) ) {
$user_login = $_POST [ 'user_login' ];
}
if ( isset ( $_POST [ 'user_email' ] ) && is_string ( $_POST [ 'user_email' ] ) ) {
$user_email = wp_unslash ( $_POST [ 'user_email' ] );
}
$errors = register_new_user ( $user_login , $user_email );
if ( ! is_wp_error ( $errors ) ) {
$redirect_to = ! empty ( $_POST [ 'redirect_to' ] ) ? $_POST [ 'redirect_to' ] : 'wp-login.php?checkemail=registered' ;
wp_safe_redirect ( $redirect_to );
exit ();
}
2013-10-25 00:58:23 +02:00
}
2017-12-01 00:11:00 +01:00
$registration_redirect = ! empty ( $_REQUEST [ 'redirect_to' ] ) ? $_REQUEST [ 'redirect_to' ] : '' ;
/**
* Filters the registration redirect URL .
*
* @ since 3.0 . 0
*
* @ param string $registration_redirect The redirect destination URL .
*/
$redirect_to = apply_filters ( 'registration_redirect' , $registration_redirect );
login_header ( __ ( 'Registration Form' ), '<p class="message register">' . __ ( 'Register For This Site' ) . '</p>' , $errors );
?>
< form name = " registerform " id = " registerform " action = " <?php echo esc_url( site_url( 'wp-login.php?action=register', 'login_post' ) ); ?> " method = " post " novalidate = " novalidate " >
2013-10-25 00:58:23 +02:00
< p >
2017-12-01 00:11:00 +01:00
< label for = " user_login " >< ? php _e ( 'Username' ); ?> <br />
2017-12-16 14:41:48 +01:00
< input type = " text " name = " user_login " id = " user_login " class = " input " value = " <?php echo esc_attr( wp_unslash( $user_login ) ); ?> " size = " 20 " autocapitalize = " off " /></ label >
2013-10-25 00:58:23 +02:00
</ p >
< p >
2017-12-01 00:11:00 +01:00
< label for = " user_email " >< ? php _e ( 'Email' ); ?> <br />
2014-07-08 19:52:14 +02:00
< input type = " email " name = " user_email " id = " user_email " class = " input " value = " <?php echo esc_attr( wp_unslash( $user_email ) ); ?> " size = " 25 " /></ label >
2013-10-25 00:58:23 +02:00
</ p >
< ? php
/**
2015-08-28 05:17:21 +02:00
* Fires following the 'Email' field in the user registration form .
2013-10-25 00:58:23 +02:00
*
* @ since 2.1 . 0
*/
do_action ( 'register_form' );
?>
2015-08-28 05:17:21 +02:00
< p id = " reg_passmail " >< ? php _e ( 'Registration confirmation will be emailed to you.' ); ?> </p>
2013-10-25 00:58:23 +02:00
< br class = " clear " />
< input type = " hidden " name = " redirect_to " value = " <?php echo esc_attr( $redirect_to ); ?> " />
2017-12-01 00:11:00 +01:00
< p class = " submit " >< input type = " submit " name = " wp-submit " id = " wp-submit " class = " button button-primary button-large " value = " <?php esc_attr_e( 'Register' ); ?> " /></ p >
</ form >
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
< p id = " nav " >
< a href = " <?php echo esc_url( wp_login_url() ); ?> " >< ? php _e ( 'Log in' ); ?> </a>
< ? php echo esc_html ( $login_link_separator ); ?>
< a href = " <?php echo esc_url( wp_lostpassword_url() ); ?> " >< ? php _e ( 'Lost your password?' ); ?> </a>
</ p >
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
< ? php
login_footer ( 'user_login' );
2017-10-03 01:21:47 +02:00
2017-12-01 00:11:00 +01:00
if ( $switched_locale ) {
restore_previous_locale ();
}
2017-10-03 01:21:47 +02:00
2017-12-01 00:11:00 +01:00
break ;
2013-10-25 00:58:23 +02:00
2018-03-07 00:47:30 +01:00
case 'emailconfirm' :
if ( isset ( $_GET [ 'confirm_action' ], $_GET [ 'confirm_key' ], $_GET [ 'uid' ] ) ) {
$action_name = sanitize_key ( wp_unslash ( $_GET [ 'confirm_action' ] ) );
$key = sanitize_text_field ( wp_unslash ( $_GET [ 'confirm_key' ] ) );
$uid = sanitize_text_field ( wp_unslash ( $_GET [ 'uid' ] ) );
$result = check_confirm_account_action_key ( $action_name , $key , $uid );
} else {
$result = new WP_Error ( 'invalid_key' , __ ( 'Invalid key' ) );
}
if ( is_wp_error ( $result ) ) {
/**
* Fires an action hook when the account action was not confirmed .
2018-03-18 15:23:33 +01:00
*
2018-03-07 00:47:30 +01:00
* After running this action hook the page will die .
2018-03-18 15:23:33 +01:00
*
2018-03-07 00:47:30 +01:00
* @ param WP_Error $result Error object .
*/
do_action ( 'account_action_failed' , $result );
wp_die ( $result );
}
2018-03-18 15:23:33 +01:00
2018-03-07 00:47:30 +01:00
/**
* Fires an action hook when the account action has been confirmed by the user .
2018-03-18 15:23:33 +01:00
*
2018-03-07 00:47:30 +01:00
* Using this you can assume the user has agreed to perform the action by
* clicking on the link in the confirmation email .
2018-03-18 15:23:33 +01:00
*
* After firing this action hook the page will redirect to wp - login a callback
2018-03-07 00:47:30 +01:00
* redirects or exits first .
2018-03-18 15:23:33 +01:00
*
2018-03-07 00:47:30 +01:00
* @ param array $result {
* Data about the action which was confirmed .
*
* @ type string $action Name of the action that was confirmed .
* @ type string $email Email of the user who confirmed the action .
* }
*/
do_action ( 'account_action_confirmed' , $result );
$message = '<p class="message">' . __ ( 'Action has been confirmed.' ) . '</p>' ;
login_header ( '' , $message );
login_footer ();
exit ;
2017-12-01 00:11:00 +01:00
case 'login' :
default :
$secure_cookie = '' ;
$customize_login = isset ( $_REQUEST [ 'customize-login' ] );
if ( $customize_login ) {
wp_enqueue_script ( 'customize-base' );
}
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
// If the user wants ssl but the session is not ssl, force a secure cookie.
if ( ! empty ( $_POST [ 'log' ] ) && ! force_ssl_admin () ) {
$user_name = sanitize_user ( $_POST [ 'log' ] );
$user = get_user_by ( 'login' , $user_name );
2016-02-23 00:15:27 +01:00
2017-12-01 00:11:00 +01:00
if ( ! $user && strpos ( $user_name , '@' ) ) {
$user = get_user_by ( 'email' , $user_name );
}
2016-02-23 00:15:27 +01:00
2017-12-01 00:11:00 +01:00
if ( $user ) {
if ( get_user_option ( 'use_ssl' , $user -> ID ) ) {
$secure_cookie = true ;
force_ssl_admin ( true );
}
2013-10-25 00:58:23 +02:00
}
}
2017-12-01 00:11:00 +01:00
if ( isset ( $_REQUEST [ 'redirect_to' ] ) ) {
$redirect_to = $_REQUEST [ 'redirect_to' ];
// Redirect to https if user wants ssl
if ( $secure_cookie && false !== strpos ( $redirect_to , 'wp-admin' ) ) {
$redirect_to = preg_replace ( '|^http://|' , 'https://' , $redirect_to );
}
} else {
$redirect_to = admin_url ();
2014-03-30 01:41:15 +01:00
}
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
$reauth = empty ( $_REQUEST [ 'reauth' ] ) ? false : true ;
$user = wp_signon ( array (), $secure_cookie );
if ( empty ( $_COOKIE [ LOGGED_IN_COOKIE ] ) ) {
if ( headers_sent () ) {
/* translators: 1: Browser cookie documentation URL, 2: Support forums URL */
$user = new WP_Error (
'test_cookie' , sprintf (
__ ( '<strong>ERROR</strong>: Cookies are blocked due to unexpected output. For help, please see <a href="%1$s">this documentation</a> or try the <a href="%2$s">support forums</a>.' ),
__ ( 'https://codex.wordpress.org/Cookies' ), __ ( 'https://wordpress.org/support/' )
)
);
} elseif ( isset ( $_POST [ 'testcookie' ] ) && empty ( $_COOKIE [ TEST_COOKIE ] ) ) {
// If cookies are disabled we can't log in even with a valid user+pass
2018-03-11 17:44:34 +01:00
/* translators: %s: Browser cookie documentation URL */
2017-12-01 00:11:00 +01:00
$user = new WP_Error (
'test_cookie' , sprintf (
__ ( '<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href="%s">enable cookies</a> to use WordPress.' ),
__ ( 'https://codex.wordpress.org/Cookies' )
)
);
}
}
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
$requested_redirect_to = isset ( $_REQUEST [ 'redirect_to' ] ) ? $_REQUEST [ 'redirect_to' ] : '' ;
/**
* Filters the login redirect URL .
*
* @ since 3.0 . 0
*
* @ param string $redirect_to The redirect destination URL .
* @ param string $requested_redirect_to The requested redirect destination URL passed as a parameter .
* @ param WP_User | WP_Error $user WP_User object if login was successful , WP_Error object otherwise .
*/
$redirect_to = apply_filters ( 'login_redirect' , $redirect_to , $requested_redirect_to , $user );
if ( ! is_wp_error ( $user ) && ! $reauth ) {
if ( $interim_login ) {
$message = '<p class="message">' . __ ( 'You have logged in successfully.' ) . '</p>' ;
$interim_login = 'success' ;
login_header ( '' , $message );
?>
</ div >
< ? php
/** This action is documented in wp-login.php */
do_action ( 'login_footer' );
?>
< ? php if ( $customize_login ) : ?>
2013-10-25 00:58:23 +02:00
< script type = " text/javascript " > setTimeout ( function (){ new wp . customize . Messenger ({ url : '<?php echo wp_customize_url(); ?>' , channel : 'login' }) . send ( 'login' ) }, 1000 ); </ script >
< ? php endif ; ?>
2017-12-01 00:11:00 +01:00
</ body ></ html >
< ? php
exit ;
}
2016-03-06 04:06:29 +01:00
2017-12-01 00:11:00 +01:00
if ( ( empty ( $redirect_to ) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url () ) ) {
// If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
if ( is_multisite () && ! get_active_blog_for_user ( $user -> ID ) && ! is_super_admin ( $user -> ID ) ) {
$redirect_to = user_admin_url ();
} elseif ( is_multisite () && ! $user -> has_cap ( 'read' ) ) {
$redirect_to = get_dashboard_url ( $user -> ID );
} elseif ( ! $user -> has_cap ( 'edit_posts' ) ) {
$redirect_to = $user -> has_cap ( 'read' ) ? admin_url ( 'profile.php' ) : home_url ();
}
wp_redirect ( $redirect_to );
exit ();
}
wp_safe_redirect ( $redirect_to );
2016-03-06 04:06:29 +01:00
exit ();
2013-10-25 00:58:23 +02:00
}
2017-12-01 00:11:00 +01:00
$errors = $user ;
// Clear errors if loggedout is set.
if ( ! empty ( $_GET [ 'loggedout' ] ) || $reauth ) {
$errors = new WP_Error ();
}
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
if ( $interim_login ) {
2018-02-27 03:31:31 +01:00
if ( ! $errors -> has_errors () ) {
2017-12-01 00:11:00 +01:00
$errors -> add ( 'expired' , __ ( 'Your session has expired. Please log in to continue where you left off.' ), 'message' );
}
} else {
// Some parts of this script use the main login form to display a message
if ( isset ( $_GET [ 'loggedout' ] ) && true == $_GET [ 'loggedout' ] ) {
$errors -> add ( 'loggedout' , __ ( 'You are now logged out.' ), 'message' );
} elseif ( isset ( $_GET [ 'registration' ] ) && 'disabled' == $_GET [ 'registration' ] ) {
$errors -> add ( 'registerdisabled' , __ ( 'User registration is currently not allowed.' ) );
} elseif ( isset ( $_GET [ 'checkemail' ] ) && 'confirm' == $_GET [ 'checkemail' ] ) {
$errors -> add ( 'confirm' , __ ( 'Check your email for the confirmation link.' ), 'message' );
} elseif ( isset ( $_GET [ 'checkemail' ] ) && 'newpass' == $_GET [ 'checkemail' ] ) {
$errors -> add ( 'newpass' , __ ( 'Check your email for your new password.' ), 'message' );
} elseif ( isset ( $_GET [ 'checkemail' ] ) && 'registered' == $_GET [ 'checkemail' ] ) {
$errors -> add ( 'registered' , __ ( 'Registration complete. Please check your email.' ), 'message' );
} elseif ( strpos ( $redirect_to , 'about.php?updated' ) ) {
$errors -> add ( 'updated' , __ ( '<strong>You have successfully updated WordPress!</strong> Please log back in to see what’s new.' ), 'message' );
}
}
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
/**
* Filters the login page errors .
*
* @ since 3.6 . 0
*
* @ param object $errors WP Error object .
* @ param string $redirect_to Redirect destination URL .
*/
$errors = apply_filters ( 'wp_login_errors' , $errors , $redirect_to );
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
// Clear any stale cookies.
if ( $reauth ) {
wp_clear_auth_cookie ();
}
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
login_header ( __ ( 'Log In' ), '' , $errors );
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
if ( isset ( $_POST [ 'log' ] ) ) {
$user_login = ( 'incorrect_password' == $errors -> get_error_code () || 'empty_password' == $errors -> get_error_code () ) ? esc_attr ( wp_unslash ( $_POST [ 'log' ] ) ) : '' ;
}
$rememberme = ! empty ( $_POST [ 'rememberme' ] );
2015-03-24 17:29:26 +01:00
2018-02-27 03:31:31 +01:00
if ( $errors -> has_errors () ) {
2017-12-01 00:11:00 +01:00
$aria_describedby_error = ' aria-describedby="login_error"' ;
} else {
$aria_describedby_error = '' ;
}
?>
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
< form name = " loginform " id = " loginform " action = " <?php echo esc_url( site_url( 'wp-login.php', 'login_post' ) ); ?> " method = " post " >
2013-10-25 00:58:23 +02:00
< p >
2016-08-31 20:51:28 +02:00
< label for = " user_login " >< ? php _e ( 'Username or Email Address' ); ?> <br />
2017-12-16 14:41:48 +01:00
< input type = " text " name = " log " id = " user_login " < ? php echo $aria_describedby_error ; ?> class="input" value="<?php echo esc_attr( $user_login ); ?>" size="20" autocapitalize="off" /></label>
2013-10-25 00:58:23 +02:00
</ p >
< p >
2016-08-31 20:51:28 +02:00
< label for = " user_pass " >< ? php _e ( 'Password' ); ?> <br />
2015-03-24 17:29:26 +01:00
< input type = " password " name = " pwd " id = " user_pass " < ? php echo $aria_describedby_error ; ?> class="input" value="" size="20" /></label>
2013-10-25 00:58:23 +02:00
</ p >
< ? php
/**
* Fires following the 'Password' field in the login form .
*
* @ since 2.1 . 0
*/
do_action ( 'login_form' );
?>
2016-08-28 20:06:30 +02:00
< p class = " forgetmenot " >< label for = " rememberme " >< input name = " rememberme " type = " checkbox " id = " rememberme " value = " forever " < ? php checked ( $rememberme ); ?> /> <?php esc_html_e( 'Remember Me' ); ?></label></p>
2013-10-25 00:58:23 +02:00
< p class = " submit " >
2017-12-01 00:11:00 +01:00
< input type = " submit " name = " wp-submit " id = " wp-submit " class = " button button-primary button-large " value = " <?php esc_attr_e( 'Log In' ); ?> " />
< ? php if ( $interim_login ) { ?>
2013-10-25 00:58:23 +02:00
< input type = " hidden " name = " interim-login " value = " 1 " />
2017-12-01 00:11:00 +01:00
< ? php } else { ?>
< input type = " hidden " name = " redirect_to " value = " <?php echo esc_attr( $redirect_to ); ?> " />
< ? php } ?>
< ? php if ( $customize_login ) : ?>
2013-10-25 00:58:23 +02:00
< input type = " hidden " name = " customize-login " value = " 1 " />
2017-12-01 00:11:00 +01:00
< ? php endif ; ?>
2013-10-25 00:58:23 +02:00
< input type = " hidden " name = " testcookie " value = " 1 " />
</ p >
2017-12-01 00:11:00 +01:00
</ form >
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
< ? php if ( ! $interim_login ) { ?>
< p id = " nav " >
< ? php
if ( ! isset ( $_GET [ 'checkemail' ] ) || ! in_array ( $_GET [ 'checkemail' ], array ( 'confirm' , 'newpass' ) ) ) :
if ( get_option ( 'users_can_register' ) ) :
$registration_url = sprintf ( '<a href="%s">%s</a>' , esc_url ( wp_registration_url () ), __ ( 'Register' ) );
2014-04-25 08:24:15 +02:00
2017-12-01 00:11:00 +01:00
/** This filter is documented in wp-includes/general-template.php */
echo apply_filters ( 'register' , $registration_url );
2017-08-22 16:23:47 +02:00
2017-12-01 00:11:00 +01:00
echo esc_html ( $login_link_separator );
endif ;
?>
< a href = " <?php echo esc_url( wp_lostpassword_url() ); ?> " >< ? php _e ( 'Lost your password?' ); ?> </a>
< ? php endif ; ?>
</ p >
< ? php } ?>
2013-10-25 00:58:23 +02:00
2017-12-01 00:11:00 +01:00
< script type = " text/javascript " >
function wp_attempt_focus (){
setTimeout ( function (){ try {
< ? php if ( $user_login ) { ?>
d = document . getElementById ( 'user_pass' );
d . value = '' ;
< ? php } else { ?>
d = document . getElementById ( 'user_login' );
< ? php if ( 'invalid_username' == $errors -> get_error_code () ) { ?>
if ( d . value != '' )
d . value = '' ;
< ? php
2013-10-25 00:58:23 +02:00
}
}
2017-12-01 00:11:00 +01:00
?>
d . focus ();
d . select ();
} catch ( e ){}
}, 200 );
2013-10-25 00:58:23 +02:00
}
2017-12-01 00:11:00 +01:00
< ? php
/**
* Filters whether to print the call to `wp_attempt_focus()` on the login screen .
*
* @ since 4.8 . 0
*
* @ param bool $print Whether to print the function call . Default true .
*/
if ( apply_filters ( 'enable_login_autofocus' , true ) && ! $error ) {
?>
wp_attempt_focus ();
< ? php } ?>
if ( typeof wpOnload == 'function' ) wpOnload ();
< ? php if ( $interim_login ) { ?>
( function (){
try {
var i , links = document . getElementsByTagName ( 'a' );
for ( i in links ) {
if ( links [ i ] . href )
links [ i ] . target = '_blank' ;
}
} catch ( e ){}
}());
< ? php } ?>
</ script >
2017-10-03 01:21:47 +02:00
2017-12-01 00:11:00 +01:00
< ? php
login_footer ();
if ( $switched_locale ) {
restore_previous_locale ();
}
2017-10-03 01:21:47 +02:00
2017-12-01 00:11:00 +01:00
break ;
2013-10-25 00:58:23 +02:00
} // end action switch