2005-04-20 05:37:23 +02:00
< ? php
2008-01-11 21:51:39 +01:00
/**
2008-06-22 22:23:23 +02:00
* These functions can be replaced via plugins . If plugins do not redefine these
* functions , then these will be used instead .
2008-01-11 21:51:39 +01:00
*
* @ package WordPress
*/
2005-04-20 05:37:23 +02:00
2006-02-22 20:08:55 +01:00
if ( ! function_exists ( 'wp_set_current_user' ) ) :
2008-01-20 07:53:42 +01:00
/**
2008-06-22 22:23:23 +02:00
* Changes the current user by ID or name .
2008-01-20 07:53:42 +01:00
*
2008-06-22 22:23:23 +02:00
* Set $id to null and specify a name if you do not know a user ' s ID .
2008-01-20 07:53:42 +01:00
*
2008-06-22 22:23:23 +02:00
* Some WordPress functionality is based on the current user and not based on
* the signed in user . Therefore , it opens the ability to edit and perform
* actions on users who aren ' t signed in .
2008-01-20 07:53:42 +01:00
*
2009-01-30 19:08:28 +01:00
* @ since 2.0 . 3
2008-01-20 07:53:42 +01:00
* @ global object $current_user The current user object which holds the user data .
* @ uses do_action () Calls 'set_current_user' hook after setting the current user .
*
* @ param int $id User ID
* @ param string $name User ' s username
* @ return WP_User Current user User object
*/
2006-02-22 20:08:55 +01:00
function wp_set_current_user ( $id , $name = '' ) {
global $current_user ;
2006-01-13 20:19:09 +01:00
2012-04-10 00:01:07 +02:00
if ( isset ( $current_user ) && ( $current_user instanceof WP_User ) && ( $id == $current_user -> ID ) )
2006-02-22 20:08:55 +01:00
return $current_user ;
2006-01-13 20:19:09 +01:00
2012-04-10 00:01:07 +02:00
$current_user = new WP_User ( $id , $name );
2006-01-13 20:19:09 +01:00
2012-04-10 00:01:07 +02:00
setup_userdata ( $current_user -> ID );
2006-01-13 20:19:09 +01:00
do_action ( 'set_current_user' );
return $current_user ;
}
endif ;
2006-05-31 08:27:10 +02:00
if ( ! function_exists ( 'wp_get_current_user' ) ) :
2008-01-20 07:53:42 +01:00
/**
2008-06-22 22:23:23 +02:00
* Retrieve the current user object .
2008-01-20 07:53:42 +01:00
*
2009-01-30 19:08:28 +01:00
* @ since 2.0 . 3
2008-01-20 07:53:42 +01:00
*
* @ return WP_User Current user WP_User object
*/
2006-02-22 20:08:55 +01:00
function wp_get_current_user () {
global $current_user ;
get_currentuserinfo ();
return $current_user ;
}
endif ;
2005-04-20 05:37:23 +02:00
if ( ! function_exists ( 'get_currentuserinfo' ) ) :
2008-01-11 21:51:39 +01:00
/**
2008-06-22 22:23:23 +02:00
* Populate global variables with information about the currently logged in user .
2008-01-11 21:51:39 +01:00
*
2008-06-22 22:23:23 +02:00
* Will set the current user , if the current user is not set . The current user
* will be set to the logged in person . If no user is logged in , then it will
* set the current user to 0 , which is invalid and won ' t have any permissions .
2008-01-11 21:51:39 +01:00
*
* @ since 0.71
2008-01-20 07:53:42 +01:00
* @ uses $current_user Checks if the current user is set
* @ uses wp_validate_auth_cookie () Retrieves current logged in user .
2008-01-11 21:51:39 +01:00
*
2008-01-20 07:53:42 +01:00
* @ return bool | null False on XMLRPC Request and invalid auth cookie . Null when current user set
2008-01-11 21:51:39 +01:00
*/
2005-04-20 05:37:23 +02:00
function get_currentuserinfo () {
2006-02-22 20:08:55 +01:00
global $current_user ;
2005-06-13 02:05:41 +02:00
2012-04-10 00:01:07 +02:00
if ( ! empty ( $current_user ) ) {
if ( $current_user instanceof WP_User )
return ;
// Upgrade stdClass to WP_User
if ( is_object ( $current_user ) && isset ( $current_user -> ID ) ) {
$cur_id = $current_user -> ID ;
$current_user = null ;
wp_set_current_user ( $cur_id );
return ;
}
// $current_user has a junk value. Force to WP_User with ID 0.
$current_user = null ;
wp_set_current_user ( 0 );
return false ;
}
2006-02-22 20:08:55 +01:00
2012-04-10 18:19:53 +02:00
if ( defined ( 'XMLRPC_REQUEST' ) && XMLRPC_REQUEST ) {
wp_set_current_user ( 0 );
return false ;
}
2007-12-16 18:41:59 +01:00
if ( ! $user = wp_validate_auth_cookie () ) {
2012-04-10 00:01:07 +02:00
if ( is_blog_admin () || is_network_admin () || empty ( $_COOKIE [ LOGGED_IN_COOKIE ] ) || ! $user = wp_validate_auth_cookie ( $_COOKIE [ LOGGED_IN_COOKIE ], 'logged_in' ) ) {
wp_set_current_user ( 0 );
2008-06-11 19:25:55 +02:00
return false ;
}
2005-12-13 04:46:40 +01:00
}
2006-02-22 20:08:55 +01:00
2012-04-10 00:01:07 +02:00
wp_set_current_user ( $user );
2005-04-20 05:37:23 +02:00
}
endif ;
if ( ! function_exists ( 'get_userdata' ) ) :
2008-01-11 21:51:39 +01:00
/**
2008-06-22 22:23:23 +02:00
* Retrieve user info by user ID .
2008-01-11 21:51:39 +01:00
*
* @ since 0.71
*
2008-01-20 07:53:42 +01:00
* @ param int $user_id User ID
2013-09-02 05:25:09 +02:00
* @ return WP_User | bool WP_User object on success , false on failure .
2008-01-11 21:51:39 +01:00
*/
2005-06-12 22:49:13 +02:00
function get_userdata ( $user_id ) {
2011-08-24 21:32:59 +02:00
return get_user_by ( 'id' , $user_id );
}
endif ;
2006-02-12 08:53:23 +01:00
2011-08-24 21:32:59 +02:00
if ( ! function_exists ( 'get_user_by' ) ) :
/**
* Retrieve user info by a given field
*
* @ since 2.8 . 0
*
2011-12-14 00:45:31 +01:00
* @ param string $field The field to retrieve the user with . id | slug | email | login
* @ param int | string $value A value for $field . A user ID , slug , email address , or login name .
2013-09-02 05:25:09 +02:00
* @ return WP_User | bool WP_User object on success , false on failure .
2011-08-24 21:32:59 +02:00
*/
function get_user_by ( $field , $value ) {
$userdata = WP_User :: get_data_by ( $field , $value );
2005-06-12 22:49:13 +02:00
2011-08-24 21:32:59 +02:00
if ( ! $userdata )
2005-11-07 22:56:03 +01:00
return false ;
2007-11-27 23:14:53 +01:00
2011-08-24 21:32:59 +02:00
$user = new WP_User ;
$user -> init ( $userdata );
2005-06-12 22:49:13 +02:00
2005-11-07 22:56:03 +01:00
return $user ;
2005-04-20 05:37:23 +02:00
}
endif ;
2010-03-03 20:08:30 +01:00
if ( ! function_exists ( 'cache_users' ) ) :
/**
* Retrieve info for user lists to prevent multiple queries by get_userdata ()
*
* @ since 3.0 . 0
*
2011-08-24 21:32:59 +02:00
* @ param array $user_ids User ID numbers list
2010-03-03 20:08:30 +01:00
*/
2011-08-24 21:32:59 +02:00
function cache_users ( $user_ids ) {
2010-03-03 20:08:30 +01:00
global $wpdb ;
2012-02-14 16:09:35 +01:00
$clean = _get_non_cached_ids ( $user_ids , 'users' );
2010-03-03 20:08:30 +01:00
2011-08-24 21:32:59 +02:00
if ( empty ( $clean ) )
2010-03-03 20:08:30 +01:00
return ;
2011-08-24 21:32:59 +02:00
$list = implode ( ',' , $clean );
2010-03-03 20:08:30 +01:00
2011-08-24 21:32:59 +02:00
$users = $wpdb -> get_results ( " SELECT * FROM $wpdb->users WHERE ID IN ( $list ) " );
2010-03-17 17:27:25 +01:00
2011-08-24 21:32:59 +02:00
$ids = array ();
foreach ( $users as $user ) {
update_user_caches ( $user );
$ids [] = $user -> ID ;
2009-04-17 23:25:11 +02:00
}
2011-08-24 21:32:59 +02:00
update_meta_cache ( 'user' , $ids );
2007-11-27 23:14:53 +01:00
}
2009-04-21 22:27:22 +02:00
endif ;
2009-04-17 23:25:11 +02:00
2007-06-02 05:18:24 +02:00
if ( ! function_exists ( 'wp_mail' ) ) :
2008-01-11 21:51:39 +01:00
/**
2008-06-22 22:23:23 +02:00
* Send mail , similar to PHP ' s mail
2008-01-11 21:51:39 +01:00
*
2008-06-22 22:23:23 +02:00
* A true return value does not automatically mean that the user received the
* email successfully . It just only means that the method used was able to
* process the request without any errors .
2008-01-11 21:51:39 +01:00
*
2008-06-22 22:23:23 +02:00
* Using the two 'wp_mail_from' and 'wp_mail_from_name' hooks allow from
* creating a from address like 'Name <email@address.com>' when both are set . If
* just 'wp_mail_from' is set , then just the email address will be used with no
* name .
2008-01-20 07:53:42 +01:00
*
2008-06-22 22:23:23 +02:00
* The default content type is 'text/plain' which does not allow using HTML .
* However , you can set the content type of the email by using the
* 'wp_mail_content_type' filter .
2008-01-20 07:53:42 +01:00
*
2008-06-22 22:23:23 +02:00
* The default charset is based on the charset used on the blog . The charset can
* be set using the 'wp_mail_charset' filter .
2008-01-11 21:51:39 +01:00
*
2008-01-20 07:53:42 +01:00
* @ since 1.2 . 1
* @ uses apply_filters () Calls 'wp_mail' hook on an array of all of the parameters .
* @ uses apply_filters () Calls 'wp_mail_from' hook to get the from email address .
* @ uses apply_filters () Calls 'wp_mail_from_name' hook to get the from address name .
* @ uses apply_filters () Calls 'wp_mail_content_type' hook to get the email content type .
* @ uses apply_filters () Calls 'wp_mail_charset' hook to get the email charset
* @ uses do_action_ref_array () Calls 'phpmailer_init' hook on the reference to
* phpmailer object .
* @ uses PHPMailer
*
2010-02-27 17:10:45 +01:00
* @ param string | array $to Array or comma - separated list of email addresses to send message .
2008-01-20 07:53:42 +01:00
* @ param string $subject Email subject
* @ param string $message Message contents
* @ param string | array $headers Optional . Additional headers .
2008-10-16 22:57:49 +02:00
* @ param string | array $attachments Optional . Files to attach .
2008-01-20 07:53:42 +01:00
* @ return bool Whether the email contents were sent successfully .
2008-01-11 21:51:39 +01:00
*/
2008-10-16 22:57:49 +02:00
function wp_mail ( $to , $subject , $message , $headers = '' , $attachments = array () ) {
2007-09-11 22:49:28 +02:00
// Compact the input, apply the filters, and extract them back out
2008-10-16 22:57:49 +02:00
extract ( apply_filters ( 'wp_mail' , compact ( 'to' , 'subject' , 'message' , 'headers' , 'attachments' ) ) );
if ( ! is_array ( $attachments ) )
2010-02-27 17:10:45 +01:00
$attachments = explode ( " \n " , str_replace ( " \r \n " , " \n " , $attachments ) );
2007-09-11 22:49:28 +02:00
2007-02-25 21:23:25 +01:00
global $phpmailer ;
2007-06-14 04:25:30 +02:00
2007-06-02 05:18:24 +02:00
// (Re)create it, if it's gone missing
if ( ! is_object ( $phpmailer ) || ! is_a ( $phpmailer , 'PHPMailer' ) ) {
require_once ABSPATH . WPINC . '/class-phpmailer.php' ;
require_once ABSPATH . WPINC . '/class-smtp.php' ;
2011-04-28 20:16:01 +02:00
$phpmailer = new PHPMailer ( true );
2007-02-25 21:23:25 +01:00
}
2007-06-14 04:25:30 +02:00
2007-06-26 21:11:23 +02:00
// Headers
2007-06-02 05:18:24 +02:00
if ( empty ( $headers ) ) {
2007-06-26 21:11:23 +02:00
$headers = array ();
2009-04-17 02:06:18 +02:00
} else {
if ( ! is_array ( $headers ) ) {
// Explode the headers out, so this function can take both
// string headers and an array of headers.
2010-02-27 17:10:45 +01:00
$tempheaders = explode ( " \n " , str_replace ( " \r \n " , " \n " , $headers ) );
2009-04-17 02:06:18 +02:00
} else {
$tempheaders = $headers ;
}
2007-06-02 05:18:24 +02:00
$headers = array ();
2011-05-23 13:14:05 +02:00
$cc = array ();
$bcc = array ();
2007-06-14 04:25:30 +02:00
2007-06-02 05:18:24 +02:00
// If it's actually got contents
if ( ! empty ( $tempheaders ) ) {
// Iterate through the raw headers
2008-08-06 22:31:54 +02:00
foreach ( ( array ) $tempheaders as $header ) {
2009-04-30 09:25:47 +02:00
if ( strpos ( $header , ':' ) === false ) {
if ( false !== stripos ( $header , 'boundary=' ) ) {
$parts = preg_split ( '/boundary=/i' , trim ( $header ) );
$boundary = trim ( str_replace ( array ( " ' " , '"' ), '' , $parts [ 1 ] ) );
}
2007-06-26 22:18:56 +02:00
continue ;
2009-04-30 09:25:47 +02:00
}
2007-06-02 05:18:24 +02:00
// Explode them out
list ( $name , $content ) = explode ( ':' , trim ( $header ), 2 );
2007-06-14 04:25:30 +02:00
2007-06-02 05:18:24 +02:00
// Cleanup crew
2010-02-27 17:10:45 +01:00
$name = trim ( $name );
2007-06-02 05:18:24 +02:00
$content = trim ( $content );
2007-06-14 04:25:30 +02:00
2010-02-27 17:10:45 +01:00
switch ( strtolower ( $name ) ) {
// Mainly for legacy -- process a From: header if it's there
case 'from' :
if ( strpos ( $content , '<' ) !== false ) {
// So... making my life hard again?
$from_name = substr ( $content , 0 , strpos ( $content , '<' ) - 1 );
$from_name = str_replace ( '"' , '' , $from_name );
$from_name = trim ( $from_name );
$from_email = substr ( $content , strpos ( $content , '<' ) + 1 );
$from_email = str_replace ( '>' , '' , $from_email );
$from_email = trim ( $from_email );
} else {
$from_email = trim ( $content );
2009-04-30 09:25:47 +02:00
}
2010-02-27 17:10:45 +01:00
break ;
case 'content-type' :
if ( strpos ( $content , ';' ) !== false ) {
list ( $type , $charset ) = explode ( ';' , $content );
$content_type = trim ( $type );
if ( false !== stripos ( $charset , 'charset=' ) ) {
$charset = trim ( str_replace ( array ( 'charset=' , '"' ), '' , $charset ) );
} elseif ( false !== stripos ( $charset , 'boundary=' ) ) {
$boundary = trim ( str_replace ( array ( 'BOUNDARY=' , 'boundary=' , '"' ), '' , $charset ) );
$charset = '' ;
}
} else {
$content_type = trim ( $content );
}
break ;
case 'cc' :
$cc = array_merge ( ( array ) $cc , explode ( ',' , $content ) );
break ;
case 'bcc' :
$bcc = array_merge ( ( array ) $bcc , explode ( ',' , $content ) );
break ;
default :
// Add it to our grand headers array
$headers [ trim ( $name )] = trim ( $content );
break ;
2007-06-02 05:18:24 +02:00
}
}
}
2005-04-20 05:37:23 +02:00
}
2007-06-14 04:25:30 +02:00
2007-06-02 05:18:24 +02:00
// Empty out the values that may be set
2007-02-25 21:23:25 +01:00
$phpmailer -> ClearAllRecipients ();
2007-06-02 05:18:24 +02:00
$phpmailer -> ClearAttachments ();
2007-02-25 21:23:25 +01:00
$phpmailer -> ClearCustomHeaders ();
2007-06-02 05:18:24 +02:00
$phpmailer -> ClearReplyTos ();
2007-06-14 04:25:30 +02:00
2007-06-02 05:18:24 +02:00
// From email and name
// If we don't have a name from the input headers
2010-02-27 17:10:45 +01:00
if ( ! isset ( $from_name ) )
2007-06-02 05:18:24 +02:00
$from_name = 'WordPress' ;
2007-06-14 04:25:30 +02:00
2009-02-15 14:31:43 +01:00
/* If we don ' t have an email from the input headers default to wordpress @ $sitename
* Some hosts will block outgoing mail from this address if it doesn ' t exist but
2009-03-18 03:43:45 +01:00
* there ' s no easy alternative . Defaulting to admin_email might appear to be another
2009-02-15 14:31:43 +01:00
* option but some hosts may refuse to relay mail from an unknown domain . See
* http :// trac . wordpress . org / ticket / 5007.
*/
2009-03-18 03:43:45 +01:00
2007-06-02 05:18:24 +02:00
if ( ! isset ( $from_email ) ) {
// Get the site domain and get rid of www.
$sitename = strtolower ( $_SERVER [ 'SERVER_NAME' ] );
if ( substr ( $sitename , 0 , 4 ) == 'www.' ) {
$sitename = substr ( $sitename , 4 );
}
2007-06-14 04:25:30 +02:00
2007-06-02 05:18:24 +02:00
$from_email = 'wordpress@' . $sitename ;
}
2007-06-14 04:25:30 +02:00
2009-02-15 14:31:43 +01:00
// Plugin authors can override the potentially troublesome default
2010-02-27 17:10:45 +01:00
$phpmailer -> From = apply_filters ( 'wp_mail_from' , $from_email );
$phpmailer -> FromName = apply_filters ( 'wp_mail_from_name' , $from_name );
// Set destination addresses
if ( ! is_array ( $to ) )
$to = explode ( ',' , $to );
2007-06-14 04:25:30 +02:00
2010-02-27 17:10:45 +01:00
foreach ( ( array ) $to as $recipient ) {
2011-04-28 20:16:01 +02:00
try {
2011-05-23 13:14:05 +02:00
// Break $recipient into name and address parts if in the format "Foo <bar@baz.com>"
$recipient_name = '' ;
2011-09-19 16:30:50 +02:00
if ( preg_match ( '/(.*)<(.+)>/' , $recipient , $matches ) ) {
2011-05-23 13:14:05 +02:00
if ( count ( $matches ) == 3 ) {
$recipient_name = $matches [ 1 ];
$recipient = $matches [ 2 ];
}
}
2011-09-19 16:30:50 +02:00
$phpmailer -> AddAddress ( $recipient , $recipient_name );
2011-04-28 20:16:01 +02:00
} catch ( phpmailerException $e ) {
continue ;
}
2010-02-27 17:10:45 +01:00
}
2007-06-14 04:25:30 +02:00
2007-06-02 05:18:24 +02:00
// Set mail's subject and body
2007-02-25 21:23:25 +01:00
$phpmailer -> Subject = $subject ;
2010-02-27 17:10:45 +01:00
$phpmailer -> Body = $message ;
2007-06-14 04:25:30 +02:00
2008-06-16 22:02:10 +02:00
// Add any CC and BCC recipients
2010-02-27 17:10:45 +01:00
if ( ! empty ( $cc ) ) {
2008-08-06 22:31:54 +02:00
foreach ( ( array ) $cc as $recipient ) {
2011-04-28 20:16:01 +02:00
try {
2011-05-23 13:14:05 +02:00
// Break $recipient into name and address parts if in the format "Foo <bar@baz.com>"
$recipient_name = '' ;
2011-09-19 16:30:50 +02:00
if ( preg_match ( '/(.*)<(.+)>/' , $recipient , $matches ) ) {
2011-05-23 13:14:05 +02:00
if ( count ( $matches ) == 3 ) {
$recipient_name = $matches [ 1 ];
$recipient = $matches [ 2 ];
}
}
2011-09-19 16:30:50 +02:00
$phpmailer -> AddCc ( $recipient , $recipient_name );
2011-04-28 20:16:01 +02:00
} catch ( phpmailerException $e ) {
continue ;
}
2008-06-16 22:02:10 +02:00
}
}
2010-02-27 17:10:45 +01:00
if ( ! empty ( $bcc ) ) {
2008-08-06 22:31:54 +02:00
foreach ( ( array ) $bcc as $recipient ) {
2011-04-28 20:16:01 +02:00
try {
2011-05-23 13:14:05 +02:00
// Break $recipient into name and address parts if in the format "Foo <bar@baz.com>"
$recipient_name = '' ;
2011-09-19 16:30:50 +02:00
if ( preg_match ( '/(.*)<(.+)>/' , $recipient , $matches ) ) {
2011-05-23 13:14:05 +02:00
if ( count ( $matches ) == 3 ) {
$recipient_name = $matches [ 1 ];
$recipient = $matches [ 2 ];
}
}
2011-09-19 16:30:50 +02:00
$phpmailer -> AddBcc ( $recipient , $recipient_name );
2011-04-28 20:16:01 +02:00
} catch ( phpmailerException $e ) {
continue ;
}
2008-06-16 22:02:10 +02:00
}
}
2007-06-02 05:18:24 +02:00
// Set to use PHP's mail()
$phpmailer -> IsMail ();
2007-06-14 04:25:30 +02:00
2007-06-02 05:18:24 +02:00
// Set Content-Type and charset
// If we don't have a content-type from the input headers
2010-02-27 17:10:45 +01:00
if ( ! isset ( $content_type ) )
2007-06-02 05:18:24 +02:00
$content_type = 'text/plain' ;
2007-06-14 04:25:30 +02:00
2007-06-26 22:18:56 +02:00
$content_type = apply_filters ( 'wp_mail_content_type' , $content_type );
2009-04-30 09:25:47 +02:00
$phpmailer -> ContentType = $content_type ;
2010-02-24 21:13:23 +01:00
// Set whether it's plaintext, depending on $content_type
2010-02-27 17:10:45 +01:00
if ( 'text/html' == $content_type )
2007-06-02 05:18:24 +02:00
$phpmailer -> IsHTML ( true );
2007-06-14 04:25:30 +02:00
2007-06-02 05:18:24 +02:00
// If we don't have a charset from the input headers
2010-02-27 17:10:45 +01:00
if ( ! isset ( $charset ) )
2007-06-02 05:18:24 +02:00
$charset = get_bloginfo ( 'charset' );
2007-06-14 04:25:30 +02:00
2007-06-02 05:18:24 +02:00
// Set the content-type and charset
$phpmailer -> CharSet = apply_filters ( 'wp_mail_charset' , $charset );
2007-06-14 04:25:30 +02:00
2007-06-02 05:18:24 +02:00
// Set custom headers
if ( ! empty ( $headers ) ) {
2008-08-06 22:31:54 +02:00
foreach ( ( array ) $headers as $name => $content ) {
2007-06-02 05:18:24 +02:00
$phpmailer -> AddCustomHeader ( sprintf ( '%1$s: %2$s' , $name , $content ) );
2007-02-25 21:23:25 +01:00
}
2010-02-27 17:10:45 +01:00
if ( false !== stripos ( $content_type , 'multipart' ) && ! empty ( $boundary ) )
2009-04-30 09:25:47 +02:00
$phpmailer -> AddCustomHeader ( sprintf ( " Content-Type: %s; \n \t boundary= \" %s \" " , $content_type , $boundary ) );
2007-02-25 21:23:25 +01:00
}
2007-06-14 04:25:30 +02:00
2008-10-16 22:57:49 +02:00
if ( ! empty ( $attachments ) ) {
foreach ( $attachments as $attachment ) {
2011-04-28 20:16:01 +02:00
try {
$phpmailer -> AddAttachment ( $attachment );
} catch ( phpmailerException $e ) {
continue ;
}
2008-10-16 22:57:49 +02:00
}
}
2007-06-02 05:18:24 +02:00
do_action_ref_array ( 'phpmailer_init' , array ( & $phpmailer ) );
2007-06-14 04:25:30 +02:00
2007-06-02 05:18:24 +02:00
// Send!
2011-04-28 20:16:01 +02:00
try {
2013-06-30 01:03:13 +02:00
return $phpmailer -> Send ();
2011-04-28 20:16:01 +02:00
} catch ( phpmailerException $e ) {
return false ;
}
2005-04-20 05:37:23 +02:00
}
endif ;
2008-10-18 22:46:30 +02:00
if ( ! function_exists ( 'wp_authenticate' ) ) :
2008-01-11 21:51:39 +01:00
/**
2008-06-22 22:23:23 +02:00
* Checks a user ' s login information and logs them in if it checks out .
*
2008-10-18 22:46:30 +02:00
* @ since 2.5 . 0
2008-01-11 21:51:39 +01:00
*
2008-01-20 07:53:42 +01:00
* @ param string $username User ' s username
* @ param string $password User ' s password
2013-09-02 05:25:09 +02:00
* @ return WP_User | WP_Error WP_User object if login successful , otherwise WP_Error object .
2008-01-11 21:51:39 +01:00
*/
2008-01-22 20:35:19 +01:00
function wp_authenticate ( $username , $password ) {
2007-06-12 20:11:06 +02:00
$username = sanitize_user ( $username );
2009-01-24 23:38:19 +01:00
$password = trim ( $password );
2007-06-12 20:11:06 +02:00
2009-01-24 23:38:19 +01:00
$user = apply_filters ( 'authenticate' , null , $username , $password );
2005-04-20 05:37:23 +02:00
2009-01-29 22:30:16 +01:00
if ( $user == null ) {
2009-01-24 23:38:19 +01:00
// TODO what should the error message be? (Or would these even happen?)
// Only needed if all authentication handlers fail to return anything.
$user = new WP_Error ( 'authentication_failed' , __ ( '<strong>ERROR</strong>: Invalid username or incorrect password.' ));
2008-01-29 21:17:11 +01:00
}
2009-02-23 18:33:02 +01:00
$ignore_codes = array ( 'empty_username' , 'empty_password' );
if ( is_wp_error ( $user ) && ! in_array ( $user -> get_error_code (), $ignore_codes ) ) {
2009-01-24 23:38:19 +01:00
do_action ( 'wp_login_failed' , $username );
2008-01-24 19:32:21 +01:00
}
2007-12-02 06:14:11 +01:00
2009-01-24 23:38:19 +01:00
return $user ;
2008-01-22 20:35:19 +01:00
}
endif ;
2008-10-18 22:46:30 +02:00
if ( ! function_exists ( 'wp_logout' ) ) :
2008-01-22 20:35:19 +01:00
/**
2008-06-22 22:23:23 +02:00
* Log the current user out .
2008-01-22 20:35:19 +01:00
*
2008-10-18 22:46:30 +02:00
* @ since 2.5 . 0
2008-01-22 20:35:19 +01:00
*/
function wp_logout () {
wp_clear_auth_cookie ();
do_action ( 'wp_logout' );
2007-12-16 18:41:59 +01:00
}
endif ;
if ( ! function_exists ( 'wp_validate_auth_cookie' ) ) :
2008-01-20 07:53:42 +01:00
/**
2008-06-22 22:23:23 +02:00
* Validates authentication cookie .
2008-01-20 07:53:42 +01:00
*
2008-06-22 22:23:23 +02:00
* The checks include making sure that the authentication cookie is set and
* pulling in the contents ( if $cookie is not used ) .
2008-01-20 07:53:42 +01:00
*
2008-06-22 22:23:23 +02:00
* Makes sure the cookie is not expired . Verifies the hash in cookie is what is
* should be and compares the two .
2008-01-20 07:53:42 +01:00
*
2013-12-24 19:57:12 +01:00
* @ since 2.5 . 0
2008-01-20 07:53:42 +01:00
*
* @ param string $cookie Optional . If used , will validate contents instead of cookie ' s
2008-06-11 19:25:55 +02:00
* @ param string $scheme Optional . The cookie scheme to use : auth , secure_auth , or logged_in
2008-01-20 07:53:42 +01:00
* @ return bool | int False if invalid cookie , User ID if valid .
*/
2008-08-25 23:09:26 +02:00
function wp_validate_auth_cookie ( $cookie = '' , $scheme = '' ) {
2008-08-21 02:08:25 +02:00
if ( ! $cookie_elements = wp_parse_auth_cookie ( $cookie , $scheme ) ) {
do_action ( 'auth_cookie_malformed' , $cookie , $scheme );
2008-04-25 08:20:18 +02:00
return false ;
2008-08-21 02:08:25 +02:00
}
2008-04-25 08:20:18 +02:00
2008-08-21 02:08:25 +02:00
extract ( $cookie_elements , EXTR_OVERWRITE );
2007-12-16 18:41:59 +01:00
$expired = $expiration ;
2007-12-23 01:58:06 +01:00
// Allow a grace period for POST and AJAX requests
if ( defined ( 'DOING_AJAX' ) || 'POST' == $_SERVER [ 'REQUEST_METHOD' ] )
2012-09-25 07:26:19 +02:00
$expired += HOUR_IN_SECONDS ;
2007-12-16 18:41:59 +01:00
2008-04-25 08:20:18 +02:00
// Quick check to see if an honest cookie has expired
2008-08-21 02:08:25 +02:00
if ( $expired < time () ) {
do_action ( 'auth_cookie_expired' , $cookie_elements );
2007-12-16 18:41:59 +01:00
return false ;
2008-08-21 02:08:25 +02:00
}
2007-12-16 18:41:59 +01:00
2011-08-05 18:57:31 +02:00
$user = get_user_by ( 'login' , $username );
2009-02-03 06:03:16 +01:00
if ( ! $user ) {
do_action ( 'auth_cookie_bad_username' , $cookie_elements );
return false ;
}
$pass_frag = substr ( $user -> user_pass , 8 , 4 );
$key = wp_hash ( $username . $pass_frag . '|' . $expiration , $scheme );
2008-04-25 08:20:18 +02:00
$hash = hash_hmac ( 'md5' , $username . '|' . $expiration , $key );
2008-02-05 07:47:27 +01:00
2008-08-21 02:08:25 +02:00
if ( $hmac != $hash ) {
do_action ( 'auth_cookie_bad_hash' , $cookie_elements );
2007-12-16 18:41:59 +01:00
return false ;
2008-08-21 02:08:25 +02:00
}
2007-12-16 18:41:59 +01:00
2009-10-11 13:26:59 +02:00
if ( $expiration < time () ) // AJAX/POST grace period set above
$GLOBALS [ 'login_grace_period' ] = 1 ;
2008-08-21 02:08:25 +02:00
do_action ( 'auth_cookie_valid' , $cookie_elements , $user );
2007-12-16 18:41:59 +01:00
return $user -> ID ;
}
endif ;
2007-12-31 18:50:32 +01:00
if ( ! function_exists ( 'wp_generate_auth_cookie' ) ) :
2008-01-20 07:53:42 +01:00
/**
2008-06-22 22:23:23 +02:00
* Generate authentication cookie contents .
2008-01-20 07:53:42 +01:00
*
2013-12-24 19:57:12 +01:00
* @ since 2.5 . 0
*
2008-01-20 07:53:42 +01:00
* @ uses apply_filters () Calls 'auth_cookie' hook on $cookie contents , User ID
* and expiration of cookie .
*
* @ param int $user_id User ID
* @ param int $expiration Cookie expiration in seconds
2008-06-11 19:25:55 +02:00
* @ param string $scheme Optional . The cookie scheme to use : auth , secure_auth , or logged_in
2008-01-20 07:53:42 +01:00
* @ return string Authentication cookie contents
*/
2008-06-11 19:25:55 +02:00
function wp_generate_auth_cookie ( $user_id , $expiration , $scheme = 'auth' ) {
2007-12-31 18:50:32 +01:00
$user = get_userdata ( $user_id );
2009-02-03 06:03:16 +01:00
$pass_frag = substr ( $user -> user_pass , 8 , 4 );
$key = wp_hash ( $user -> user_login . $pass_frag . '|' . $expiration , $scheme );
2008-04-25 08:20:18 +02:00
$hash = hash_hmac ( 'md5' , $user -> user_login . '|' . $expiration , $key );
2007-12-31 18:50:32 +01:00
$cookie = $user -> user_login . '|' . $expiration . '|' . $hash ;
2008-06-11 19:25:55 +02:00
return apply_filters ( 'auth_cookie' , $cookie , $user_id , $expiration , $scheme );
2007-12-31 18:50:32 +01:00
}
endif ;
2008-08-21 02:08:25 +02:00
if ( ! function_exists ( 'wp_parse_auth_cookie' ) ) :
/**
* Parse a cookie into its components
*
2013-12-24 19:57:12 +01:00
* @ since 2.7 . 0
2008-08-21 02:08:25 +02:00
*
* @ param string $cookie
* @ param string $scheme Optional . The cookie scheme to use : auth , secure_auth , or logged_in
* @ return array Authentication cookie components
*/
2008-08-25 23:09:26 +02:00
function wp_parse_auth_cookie ( $cookie = '' , $scheme = '' ) {
2008-08-21 02:08:25 +02:00
if ( empty ( $cookie ) ) {
2008-08-25 23:09:26 +02:00
switch ( $scheme ){
case 'auth' :
$cookie_name = AUTH_COOKIE ;
break ;
case 'secure_auth' :
$cookie_name = SECURE_AUTH_COOKIE ;
break ;
case " logged_in " :
$cookie_name = LOGGED_IN_COOKIE ;
break ;
default :
if ( is_ssl () ) {
$cookie_name = SECURE_AUTH_COOKIE ;
$scheme = 'secure_auth' ;
} else {
$cookie_name = AUTH_COOKIE ;
$scheme = 'auth' ;
}
}
2008-08-21 02:08:25 +02:00
if ( empty ( $_COOKIE [ $cookie_name ]) )
return false ;
$cookie = $_COOKIE [ $cookie_name ];
}
$cookie_elements = explode ( '|' , $cookie );
if ( count ( $cookie_elements ) != 3 )
return false ;
list ( $username , $expiration , $hmac ) = $cookie_elements ;
return compact ( 'username' , 'expiration' , 'hmac' , 'scheme' );
}
endif ;
2007-12-16 18:41:59 +01:00
if ( ! function_exists ( 'wp_set_auth_cookie' ) ) :
2008-01-20 07:53:42 +01:00
/**
2014-02-07 10:47:12 +01:00
* Sets the authentication cookies based on user ID .
2008-01-20 07:53:42 +01:00
*
2008-06-22 22:23:23 +02:00
* The $remember parameter increases the time that the cookie will be kept . The
* default the cookie is kept without remembering is two days . When $remember is
* set , the cookies will be kept for 14 days or two weeks .
2008-01-20 07:53:42 +01:00
*
2013-12-24 19:57:12 +01:00
* @ since 2.5 . 0
2008-01-20 07:53:42 +01:00
*
* @ param int $user_id User ID
2010-02-24 21:13:23 +01:00
* @ param bool $remember Whether to remember the user
2008-01-20 07:53:42 +01:00
*/
2008-06-11 19:25:55 +02:00
function wp_set_auth_cookie ( $user_id , $remember = false , $secure = '' ) {
2007-12-16 18:41:59 +01:00
if ( $remember ) {
2013-08-23 23:27:08 +02:00
$expiration = time () + apply_filters ( 'auth_cookie_expiration' , 14 * DAY_IN_SECONDS , $user_id , $remember );
// Ensure the browser will continue to send the cookie after the expiration time is reached.
// Needed for the login grace period in wp_validate_auth_cookie().
$expire = $expiration + ( 12 * HOUR_IN_SECONDS );
2007-12-02 06:14:11 +01:00
} else {
2013-02-06 04:44:43 +01:00
$expiration = time () + apply_filters ( 'auth_cookie_expiration' , 2 * DAY_IN_SECONDS , $user_id , $remember );
2007-12-16 18:41:59 +01:00
$expire = 0 ;
2005-04-20 05:37:23 +02:00
}
2007-12-02 06:14:11 +01:00
2008-06-11 19:25:55 +02:00
if ( '' === $secure )
2010-03-19 22:15:00 +01:00
$secure = is_ssl ();
2008-06-11 19:25:55 +02:00
2011-01-06 05:08:23 +01:00
$secure = apply_filters ( 'secure_auth_cookie' , $secure , $user_id );
$secure_logged_in_cookie = apply_filters ( 'secure_logged_in_cookie' , false , $user_id , $secure );
2008-06-11 19:25:55 +02:00
if ( $secure ) {
$auth_cookie_name = SECURE_AUTH_COOKIE ;
$scheme = 'secure_auth' ;
2008-05-27 19:46:01 +02:00
} else {
2008-06-11 19:25:55 +02:00
$auth_cookie_name = AUTH_COOKIE ;
$scheme = 'auth' ;
2008-05-27 19:46:01 +02:00
}
2007-12-16 18:41:59 +01:00
2008-06-11 19:25:55 +02:00
$auth_cookie = wp_generate_auth_cookie ( $user_id , $expiration , $scheme );
$logged_in_cookie = wp_generate_auth_cookie ( $user_id , $expiration , 'logged_in' );
2007-12-24 09:01:55 +01:00
2008-06-25 00:19:27 +02:00
do_action ( 'set_auth_cookie' , $auth_cookie , $expire , $expiration , $user_id , $scheme );
do_action ( 'set_logged_in_cookie' , $logged_in_cookie , $expire , $expiration , $user_id , 'logged_in' );
2008-05-27 19:46:01 +02:00
2011-04-06 19:07:59 +02:00
setcookie ( $auth_cookie_name , $auth_cookie , $expire , PLUGINS_COOKIE_PATH , COOKIE_DOMAIN , $secure , true );
setcookie ( $auth_cookie_name , $auth_cookie , $expire , ADMIN_COOKIE_PATH , COOKIE_DOMAIN , $secure , true );
setcookie ( LOGGED_IN_COOKIE , $logged_in_cookie , $expire , COOKIEPATH , COOKIE_DOMAIN , $secure_logged_in_cookie , true );
if ( COOKIEPATH != SITECOOKIEPATH )
setcookie ( LOGGED_IN_COOKIE , $logged_in_cookie , $expire , SITECOOKIEPATH , COOKIE_DOMAIN , $secure_logged_in_cookie , true );
2007-12-16 18:41:59 +01:00
}
endif ;
if ( ! function_exists ( 'wp_clear_auth_cookie' ) ) :
2008-01-20 07:53:42 +01:00
/**
2008-06-22 22:23:23 +02:00
* Removes all of the cookies associated with authentication .
2008-01-20 07:53:42 +01:00
*
2013-12-24 19:57:12 +01:00
* @ since 2.5 . 0
2008-01-20 07:53:42 +01:00
*/
2007-12-16 18:41:59 +01:00
function wp_clear_auth_cookie () {
2008-08-21 02:08:25 +02:00
do_action ( 'clear_auth_cookie' );
2012-09-25 07:26:19 +02:00
setcookie ( AUTH_COOKIE , ' ' , time () - YEAR_IN_SECONDS , ADMIN_COOKIE_PATH , COOKIE_DOMAIN );
setcookie ( SECURE_AUTH_COOKIE , ' ' , time () - YEAR_IN_SECONDS , ADMIN_COOKIE_PATH , COOKIE_DOMAIN );
setcookie ( AUTH_COOKIE , ' ' , time () - YEAR_IN_SECONDS , PLUGINS_COOKIE_PATH , COOKIE_DOMAIN );
setcookie ( SECURE_AUTH_COOKIE , ' ' , time () - YEAR_IN_SECONDS , PLUGINS_COOKIE_PATH , COOKIE_DOMAIN );
setcookie ( LOGGED_IN_COOKIE , ' ' , time () - YEAR_IN_SECONDS , COOKIEPATH , COOKIE_DOMAIN );
setcookie ( LOGGED_IN_COOKIE , ' ' , time () - YEAR_IN_SECONDS , SITECOOKIEPATH , COOKIE_DOMAIN );
2008-06-28 00:54:21 +02:00
// Old cookies
2012-09-25 07:26:19 +02:00
setcookie ( AUTH_COOKIE , ' ' , time () - YEAR_IN_SECONDS , COOKIEPATH , COOKIE_DOMAIN );
setcookie ( AUTH_COOKIE , ' ' , time () - YEAR_IN_SECONDS , SITECOOKIEPATH , COOKIE_DOMAIN );
setcookie ( SECURE_AUTH_COOKIE , ' ' , time () - YEAR_IN_SECONDS , COOKIEPATH , COOKIE_DOMAIN );
setcookie ( SECURE_AUTH_COOKIE , ' ' , time () - YEAR_IN_SECONDS , SITECOOKIEPATH , COOKIE_DOMAIN );
2007-12-16 18:41:59 +01:00
2008-06-28 00:54:21 +02:00
// Even older cookies
2012-09-25 07:26:19 +02:00
setcookie ( USER_COOKIE , ' ' , time () - YEAR_IN_SECONDS , COOKIEPATH , COOKIE_DOMAIN );
setcookie ( PASS_COOKIE , ' ' , time () - YEAR_IN_SECONDS , COOKIEPATH , COOKIE_DOMAIN );
setcookie ( USER_COOKIE , ' ' , time () - YEAR_IN_SECONDS , SITECOOKIEPATH , COOKIE_DOMAIN );
setcookie ( PASS_COOKIE , ' ' , time () - YEAR_IN_SECONDS , SITECOOKIEPATH , COOKIE_DOMAIN );
2005-04-20 05:37:23 +02:00
}
endif ;
2005-12-15 17:31:41 +01:00
if ( ! function_exists ( 'is_user_logged_in' ) ) :
2008-01-11 21:51:39 +01:00
/**
2008-06-22 22:23:23 +02:00
* Checks if the current visitor is a logged in user .
2008-01-11 21:51:39 +01:00
*
* @ since 2.0 . 0
*
2008-01-20 07:53:42 +01:00
* @ return bool True if user is logged in , false if not logged in .
2008-01-11 21:51:39 +01:00
*/
2005-12-15 17:31:41 +01:00
function is_user_logged_in () {
2006-02-22 20:08:55 +01:00
$user = wp_get_current_user ();
2006-02-12 08:53:23 +01:00
2012-04-06 21:18:45 +02:00
if ( ! $user -> exists () )
2005-12-15 17:31:41 +01:00
return false ;
2006-02-22 20:08:55 +01:00
2005-12-15 17:31:41 +01:00
return true ;
}
endif ;
2005-04-20 05:37:23 +02:00
if ( ! function_exists ( 'auth_redirect' ) ) :
2008-01-11 21:51:39 +01:00
/**
2008-06-22 22:23:23 +02:00
* Checks if a user is logged in , if not it redirects them to the login page .
2008-01-11 21:51:39 +01:00
*
2013-12-24 19:57:12 +01:00
* @ since 1.5 . 0
2008-01-11 21:51:39 +01:00
*/
2005-04-20 05:37:23 +02:00
function auth_redirect () {
// Checks if a user is logged in, if not redirects them to the login page
2006-02-12 08:53:23 +01:00
2010-03-19 22:15:00 +01:00
$secure = ( is_ssl () || force_ssl_admin () );
2008-05-27 19:46:01 +02:00
2011-01-06 05:08:23 +01:00
$secure = apply_filters ( 'secure_auth_redirect' , $secure );
2008-05-27 19:46:01 +02:00
// If https is required and request is http, redirect
2008-08-25 22:40:34 +02:00
if ( $secure && ! is_ssl () && false !== strpos ( $_SERVER [ 'REQUEST_URI' ], 'wp-admin' ) ) {
2012-08-30 15:33:00 +02:00
if ( 0 === strpos ( $_SERVER [ 'REQUEST_URI' ], 'http' ) ) {
wp_redirect ( set_url_scheme ( $_SERVER [ 'REQUEST_URI' ], 'https' ) );
2008-05-27 19:46:01 +02:00
exit ();
} else {
2012-08-30 15:33:00 +02:00
wp_redirect ( 'https://' . $_SERVER [ 'HTTP_HOST' ] . $_SERVER [ 'REQUEST_URI' ] );
2008-08-09 07:36:14 +02:00
exit ();
2008-05-27 19:46:01 +02:00
}
2005-04-20 05:37:23 +02:00
}
2008-05-27 19:46:01 +02:00
2010-10-07 21:34:18 +02:00
if ( is_user_admin () )
$scheme = 'logged_in' ;
else
$scheme = apply_filters ( 'auth_redirect_scheme' , '' );
if ( $user_id = wp_validate_auth_cookie ( '' , $scheme ) ) {
2009-03-03 00:42:28 +01:00
do_action ( 'auth_redirect' , $user_id );
2008-08-21 19:40:38 +02:00
// If the user wants ssl but the session is not ssl, redirect.
2008-08-25 22:40:34 +02:00
if ( ! $secure && get_user_option ( 'use_ssl' , $user_id ) && false !== strpos ( $_SERVER [ 'REQUEST_URI' ], 'wp-admin' ) ) {
2012-08-30 15:33:00 +02:00
if ( 0 === strpos ( $_SERVER [ 'REQUEST_URI' ], 'http' ) ) {
wp_redirect ( set_url_scheme ( $_SERVER [ 'REQUEST_URI' ], 'https' ) );
2008-08-21 19:40:38 +02:00
exit ();
} else {
2012-08-30 15:33:00 +02:00
wp_redirect ( 'https://' . $_SERVER [ 'HTTP_HOST' ] . $_SERVER [ 'REQUEST_URI' ] );
2008-08-21 19:40:38 +02:00
exit ();
}
}
2008-05-27 19:46:01 +02:00
return ; // The cookie is good so we're done
2008-08-21 19:40:38 +02:00
}
2008-05-27 19:46:01 +02:00
// The cookie is no good so force login
nocache_headers ();
2013-03-01 17:28:40 +01:00
$redirect = ( strpos ( $_SERVER [ 'REQUEST_URI' ], '/options.php' ) && wp_get_referer () ) ? wp_get_referer () : set_url_scheme ( 'http://' . $_SERVER [ 'HTTP_HOST' ] . $_SERVER [ 'REQUEST_URI' ] );
2008-11-19 06:07:24 +01:00
2010-05-11 15:44:40 +02:00
$login_url = wp_login_url ( $redirect , true );
2008-05-27 19:46:01 +02:00
wp_redirect ( $login_url );
exit ();
2005-04-20 05:37:23 +02:00
}
endif ;
2006-01-30 00:06:58 +01:00
if ( ! function_exists ( 'check_admin_referer' ) ) :
2008-01-11 21:51:39 +01:00
/**
2008-06-22 22:23:23 +02:00
* Makes sure that a user was referred from another admin page .
*
* To avoid security exploits .
2008-01-11 21:51:39 +01:00
*
* @ since 1.2 . 0
2008-01-20 07:53:42 +01:00
* @ uses do_action () Calls 'check_admin_referer' on $action .
2008-01-11 21:51:39 +01:00
*
2008-01-20 07:53:42 +01:00
* @ param string $action Action nonce
2008-02-06 22:19:47 +01:00
* @ param string $query_arg where to look for nonce in $_REQUEST ( since 2.5 )
2008-01-11 21:51:39 +01:00
*/
2008-03-18 03:43:20 +01:00
function check_admin_referer ( $action = - 1 , $query_arg = '_wpnonce' ) {
2011-06-08 18:56:26 +02:00
if ( - 1 == $action )
_doing_it_wrong ( __FUNCTION__ , __ ( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2' );
2008-06-06 09:39:11 +02:00
$adminurl = strtolower ( admin_url ());
2006-06-24 07:38:37 +02:00
$referer = strtolower ( wp_get_referer ());
2008-09-28 23:08:25 +02:00
$result = isset ( $_REQUEST [ $query_arg ]) ? wp_verify_nonce ( $_REQUEST [ $query_arg ], $action ) : false ;
2011-02-03 21:42:00 +01:00
if ( ! $result && ! ( - 1 == $action && strpos ( $referer , $adminurl ) === 0 ) ) {
2006-06-27 10:06:00 +02:00
wp_nonce_ays ( $action );
2006-05-18 08:49:22 +02:00
die ();
2006-05-03 00:08:34 +02:00
}
2008-03-18 03:43:20 +01:00
do_action ( 'check_admin_referer' , $action , $result );
return $result ;
2012-12-29 19:01:41 +01:00
}
endif ;
2006-03-29 03:51:55 +02:00
if ( ! function_exists ( 'check_ajax_referer' ) ) :
2008-01-20 07:53:42 +01:00
/**
2008-06-22 22:23:23 +02:00
* Verifies the AJAX request to prevent processing requests external of the blog .
2008-01-20 07:53:42 +01:00
*
2009-01-30 19:08:28 +01:00
* @ since 2.0 . 3
2008-01-20 07:53:42 +01:00
*
* @ param string $action Action nonce
2008-02-06 22:19:47 +01:00
* @ param string $query_arg where to look for nonce in $_REQUEST ( since 2.5 )
2008-01-20 07:53:42 +01:00
*/
2008-03-18 03:43:20 +01:00
function check_ajax_referer ( $action = - 1 , $query_arg = false , $die = true ) {
2013-09-14 00:18:08 +02:00
$nonce = '' ;
2013-09-21 18:26:12 +02:00
if ( $query_arg && isset ( $_REQUEST [ $query_arg ] ) )
$nonce = $_REQUEST [ $query_arg ];
elseif ( isset ( $_REQUEST [ '_ajax_nonce' ] ) )
2013-09-14 00:18:08 +02:00
$nonce = $_REQUEST [ '_ajax_nonce' ];
2013-09-21 18:26:12 +02:00
elseif ( isset ( $_REQUEST [ '_wpnonce' ] ) )
2013-09-14 00:18:08 +02:00
$nonce = $_REQUEST [ '_wpnonce' ];
2007-09-19 21:32:34 +02:00
2008-03-18 03:43:20 +01:00
$result = wp_verify_nonce ( $nonce , $action );
2012-01-31 23:12:58 +01:00
if ( $die && false == $result ) {
if ( defined ( 'DOING_AJAX' ) && DOING_AJAX )
wp_die ( - 1 );
else
die ( '-1' );
}
2007-12-17 22:12:28 +01:00
2008-03-18 03:43:20 +01:00
do_action ( 'check_ajax_referer' , $action , $result );
return $result ;
2006-03-29 03:51:55 +02:00
}
endif ;
2006-01-30 00:06:58 +01:00
2005-04-20 05:37:23 +02:00
if ( ! function_exists ( 'wp_redirect' ) ) :
2008-01-11 21:51:39 +01:00
/**
2010-10-02 06:02:24 +02:00
* Redirects to another page .
2008-01-11 21:51:39 +01:00
*
* @ since 1.5 . 1
2008-01-20 07:53:42 +01:00
* @ uses apply_filters () Calls 'wp_redirect' hook on $location and $status .
2008-01-11 21:51:39 +01:00
*
2013-09-04 10:31:09 +02:00
* @ param string $location The path to redirect to .
* @ param int $status Status code to use .
2013-08-06 19:44:32 +02:00
* @ return bool False if $location is not provided , true otherwise .
2008-01-11 21:51:39 +01:00
*/
2006-09-26 02:55:21 +02:00
function wp_redirect ( $location , $status = 302 ) {
2010-12-14 11:15:31 +01:00
global $is_IIS ;
2013-09-04 10:31:09 +02:00
/**
2013-09-06 03:38:09 +02:00
* Filter the redirect location .
2013-09-04 10:31:09 +02:00
*
* @ since 2.1 . 0
*
* @ param string $location The path to redirect to .
* @ param int $status Status code to use .
*/
$location = apply_filters ( 'wp_redirect' , $location , $status );
/**
2013-09-06 03:38:09 +02:00
* Filter the redirect status code .
2013-09-04 10:31:09 +02:00
*
* @ since 2.3 . 0
*
* @ param int $status Status code to use .
* @ param string $location The path to redirect to .
*/
$status = apply_filters ( 'wp_redirect_status' , $status , $location );
2008-08-09 07:36:14 +02:00
2013-09-04 10:31:09 +02:00
if ( ! $location )
2007-09-04 01:32:58 +02:00
return false ;
2006-10-19 00:02:30 +02:00
2007-09-19 05:47:37 +02:00
$location = wp_sanitize_redirect ( $location );
2010-12-14 11:15:31 +01:00
if ( ! $is_IIS && php_sapi_name () != 'cgi-fcgi' )
2010-10-02 06:02:24 +02:00
status_header ( $status ); // This causes problems on IIS and some FastCGI setups
2010-12-14 11:15:31 +01:00
2010-10-02 06:02:24 +02:00
header ( " Location: $location " , true , $status );
2013-08-06 19:44:32 +02:00
return true ;
2007-09-19 05:47:37 +02:00
}
endif ;
if ( ! function_exists ( 'wp_sanitize_redirect' ) ) :
/**
2008-06-22 22:23:23 +02:00
* Sanitizes a URL for use in a redirect .
2008-01-11 21:51:39 +01:00
*
2013-12-24 19:57:12 +01:00
* @ since 2.3 . 0
2008-01-11 21:51:39 +01:00
*
2007-09-19 05:47:37 +02:00
* @ return string redirect - sanitized URL
**/
function wp_sanitize_redirect ( $location ) {
2009-05-01 01:52:32 +02:00
$location = preg_replace ( '|[^a-z0-9-~+_.?#=&;,/:%!]|i' , '' , $location );
2006-07-06 02:28:37 +02:00
$location = wp_kses_no_null ( $location );
2006-06-30 02:43:23 +02:00
2007-08-30 19:46:09 +02:00
// remove %0d and %0a from location
2009-06-20 19:42:24 +02:00
$strip = array ( '%0d' , '%0a' , '%0D' , '%0A' );
$location = _deep_replace ( $strip , $location );
2007-09-19 05:47:37 +02:00
return $location ;
2005-04-20 05:37:23 +02:00
}
endif ;
2007-09-19 00:23:16 +02:00
if ( ! function_exists ( 'wp_safe_redirect' ) ) :
/**
2008-06-22 22:23:23 +02:00
* Performs a safe ( local ) redirect , using wp_redirect () .
2008-01-11 21:51:39 +01:00
*
2008-01-20 07:53:42 +01:00
* Checks whether the $location is using an allowed host , if it has an absolute
2008-06-22 22:23:23 +02:00
* path . A plugin can therefore set or remove allowed host ( s ) to or from the
* list .
2008-01-20 07:53:42 +01:00
*
* If the host is not allowed , then the redirect is to wp - admin on the siteurl
2008-06-22 22:23:23 +02:00
* instead . This prevents malicious redirects which redirect to another host ,
* but only used in a few places .
2008-01-20 07:53:42 +01:00
*
2013-12-24 19:57:12 +01:00
* @ since 2.3 . 0
*
2009-06-19 21:30:17 +02:00
* @ uses wp_validate_redirect () To validate the redirect is to an allowed host .
2008-01-11 21:51:39 +01:00
*
* @ return void Does not return anything
2007-09-19 00:23:16 +02:00
**/
function wp_safe_redirect ( $location , $status = 302 ) {
2007-09-19 05:47:37 +02:00
// Need to look at the URL the way it will end up in wp_redirect()
$location = wp_sanitize_redirect ( $location );
2009-06-19 21:30:17 +02:00
$location = wp_validate_redirect ( $location , admin_url ());
wp_redirect ( $location , $status );
}
endif ;
if ( ! function_exists ( 'wp_validate_redirect' ) ) :
/**
* Validates a URL for use in a redirect .
*
* Checks whether the $location is using an allowed host , if it has an absolute
* path . A plugin can therefore set or remove allowed host ( s ) to or from the
* list .
*
* If the host is not allowed , then the redirect is to $default supplied
*
* @ since 2.8 . 1
* @ uses apply_filters () Calls 'allowed_redirect_hosts' on an array containing
* WordPress host string and $location host string .
*
* @ param string $location The redirect to validate
2011-12-20 23:06:34 +01:00
* @ param string $default The value to return if $location is not allowed
2009-06-19 21:30:17 +02:00
* @ return string redirect - sanitized URL
**/
function wp_validate_redirect ( $location , $default = '' ) {
2013-09-10 20:07:10 +02:00
$location = trim ( $location );
2007-09-19 05:47:37 +02:00
// browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
if ( substr ( $location , 0 , 2 ) == '//' )
$location = 'http:' . $location ;
2008-07-13 07:16:54 +02:00
// In php 5 parse_url may fail if the URL query part contains http://, bug #38143
$test = ( $cut = strpos ( $location , '?' ) ) ? substr ( $location , 0 , $cut ) : $location ;
2008-08-09 07:36:14 +02:00
2008-07-13 07:16:54 +02:00
$lp = parse_url ( $test );
2010-03-11 15:54:11 +01:00
// Give up if malformed URL
if ( false === $lp )
return $default ;
// Allow only http and https schemes. No data:, etc.
if ( isset ( $lp [ 'scheme' ]) && ! ( 'http' == $lp [ 'scheme' ] || 'https' == $lp [ 'scheme' ]) )
return $default ;
2010-03-29 18:47:17 +02:00
// Reject if scheme is set but host is not. This catches urls like https:host.com for which parse_url does not set the host field.
if ( isset ( $lp [ 'scheme' ]) && ! isset ( $lp [ 'host' ]) )
return $default ;
2010-01-04 18:23:29 +01:00
$wpp = parse_url ( home_url ());
2007-09-19 05:47:37 +02:00
2008-02-02 19:42:09 +01:00
$allowed_hosts = ( array ) apply_filters ( 'allowed_redirect_hosts' , array ( $wpp [ 'host' ]), isset ( $lp [ 'host' ]) ? $lp [ 'host' ] : '' );
2007-09-19 06:14:53 +02:00
2007-10-10 21:25:23 +02:00
if ( isset ( $lp [ 'host' ]) && ( ! in_array ( $lp [ 'host' ], $allowed_hosts ) && $lp [ 'host' ] != strtolower ( $wpp [ 'host' ])) )
2009-06-19 21:30:17 +02:00
$location = $default ;
2007-09-19 00:23:16 +02:00
2009-06-19 21:30:17 +02:00
return $location ;
2007-09-19 00:23:16 +02:00
}
endif ;
2005-04-20 05:37:23 +02:00
if ( ! function_exists ( 'wp_notify_postauthor' ) ) :
2008-01-11 21:51:39 +01:00
/**
2013-11-25 02:47:10 +01:00
* Notify an author ( and / or others ) of a comment / trackback / pingback on a post .
2008-01-11 21:51:39 +01:00
*
2008-01-20 07:53:42 +01:00
* @ since 1.0 . 0
2008-01-11 21:51:39 +01:00
*
* @ param int $comment_id Comment ID
2013-11-24 17:26:10 +01:00
* @ param string $deprecated Not used
2013-11-25 02:47:10 +01:00
* @ return bool True on completion . False if no email addresses were specified .
2008-01-11 21:51:39 +01:00
*/
2013-11-24 17:26:10 +01:00
function wp_notify_postauthor ( $comment_id , $deprecated = null ) {
if ( null !== $deprecated ) {
_deprecated_argument ( __FUNCTION__ , '3.8' );
}
2010-11-11 17:28:49 +01:00
$comment = get_comment ( $comment_id );
2013-09-14 00:18:08 +02:00
if ( empty ( $comment ) )
return false ;
2010-11-11 17:28:49 +01:00
$post = get_post ( $comment -> comment_post_ID );
$author = get_userdata ( $post -> post_author );
2005-04-20 05:37:23 +02:00
2013-11-25 02:47:10 +01:00
// Who to notify? By default, just the post author, but others can be added.
$emails = array ( $author -> user_email );
2013-11-26 05:10:09 +01:00
/**
* Filter the list of emails to receive a comment notification .
*
* Normally just post authors are notified of emails .
* This filter lets you add others .
*
* @ since 3.7 . 0
*
* @ param array $emails Array of email addresses to receive a comment notification .
* @ param int $comment_id The comment ID .
*/
2013-11-25 02:47:10 +01:00
$emails = apply_filters ( 'comment_notification_recipients' , $emails , $comment_id );
$emails = array_filter ( $emails );
2010-11-06 16:20:50 +01:00
2013-11-25 02:47:10 +01:00
// If there are no addresses to send the comment to, bail.
if ( ! count ( $emails ) ) {
2010-11-11 17:28:49 +01:00
return false ;
2013-11-25 02:47:10 +01:00
}
// Facilitate unsetting below without knowing the keys.
$emails = array_flip ( $emails );
2013-11-26 05:10:09 +01:00
/**
* Filter whether to notify comment authors of their comments on their own posts .
*
* By default , comment authors don ' t get notified of their comments
* on their own post . This lets you override that .
*
* @ since 3.8 . 0
*
* @ param bool $notify Whether to notify the post author of their own comment . Default false .
* @ param int $comment_id The comment ID .
*/
2013-11-25 02:47:10 +01:00
$notify_author = apply_filters ( 'comment_notification_notify_author' , false , $comment_id );
// The comment was left by the author
if ( ! $notify_author && $comment -> user_id == $post -> post_author ) {
unset ( $emails [ $author -> user_email ] );
}
// The author moderated a comment on their own post
if ( ! $notify_author && $post -> post_author == get_current_user_id () ) {
unset ( $emails [ $author -> user_email ] );
}
2009-05-25 01:47:49 +02:00
2013-07-11 00:01:12 +02:00
// The post author is no longer a member of the blog
2013-11-25 02:47:10 +01:00
if ( ! $notify_author && ! user_can ( $post -> post_author , 'read_post' , $post -> ID ) ) {
unset ( $emails [ $author -> user_email ] );
}
2013-07-11 00:01:12 +02:00
2013-11-25 02:47:10 +01:00
// If there's no email to send the comment to, bail, otherwise flip array back around for use below
if ( ! count ( $emails ) ) {
2010-11-11 17:28:49 +01:00
return false ;
2013-11-25 02:47:10 +01:00
} else {
$emails = array_flip ( $emails );
}
2005-04-20 05:37:23 +02:00
2006-10-04 05:05:54 +02:00
$comment_author_domain = @ gethostbyaddr ( $comment -> comment_author_IP );
2010-01-15 23:11:12 +01:00
2009-12-13 12:38:45 +01:00
// The blogname option is escaped with esc_html on the way into the database in sanitize_option
// we want to reverse this for the plain text arena of emails.
$blogname = wp_specialchars_decode ( get_option ( 'blogname' ), ENT_QUOTES );
2006-02-12 08:53:23 +01:00
2013-11-25 02:47:10 +01:00
switch ( $comment -> comment_type ) {
2013-11-13 03:32:10 +01:00
case 'trackback' :
$notify_message = sprintf ( __ ( 'New trackback on your post "%s"' ), $post -> post_title ) . " \r \n " ;
/* translators: 1: website name, 2: author IP, 3: author domain */
$notify_message .= sprintf ( __ ( 'Website: %1$s (IP: %2$s , %3$s)' ), $comment -> comment_author , $comment -> comment_author_IP , $comment_author_domain ) . " \r \n " ;
$notify_message .= sprintf ( __ ( 'URL : %s' ), $comment -> comment_author_url ) . " \r \n " ;
$notify_message .= __ ( 'Excerpt: ' ) . " \r \n " . $comment -> comment_content . " \r \n \r \n " ;
$notify_message .= __ ( 'You can see all trackbacks on this post here: ' ) . " \r \n " ;
/* translators: 1: blog name, 2: post title */
$subject = sprintf ( __ ( '[%1$s] Trackback: "%2$s"' ), $blogname , $post -> post_title );
break ;
case 'pingback' :
$notify_message = sprintf ( __ ( 'New pingback on your post "%s"' ), $post -> post_title ) . " \r \n " ;
/* translators: 1: comment author, 2: author IP, 3: author domain */
$notify_message .= sprintf ( __ ( 'Website: %1$s (IP: %2$s , %3$s)' ), $comment -> comment_author , $comment -> comment_author_IP , $comment_author_domain ) . " \r \n " ;
$notify_message .= sprintf ( __ ( 'URL : %s' ), $comment -> comment_author_url ) . " \r \n " ;
$notify_message .= __ ( 'Excerpt: ' ) . " \r \n " . sprintf ( '[...] %s [...]' , $comment -> comment_content ) . " \r \n \r \n " ;
$notify_message .= __ ( 'You can see all pingbacks on this post here: ' ) . " \r \n " ;
/* translators: 1: blog name, 2: post title */
$subject = sprintf ( __ ( '[%1$s] Pingback: "%2$s"' ), $blogname , $post -> post_title );
break ;
default : // Comments
$notify_message = sprintf ( __ ( 'New comment on your post "%s"' ), $post -> post_title ) . " \r \n " ;
/* translators: 1: comment author, 2: author IP, 3: author domain */
$notify_message .= sprintf ( __ ( 'Author : %1$s (IP: %2$s , %3$s)' ), $comment -> comment_author , $comment -> comment_author_IP , $comment_author_domain ) . " \r \n " ;
$notify_message .= sprintf ( __ ( 'E-mail : %s' ), $comment -> comment_author_email ) . " \r \n " ;
$notify_message .= sprintf ( __ ( 'URL : %s' ), $comment -> comment_author_url ) . " \r \n " ;
$notify_message .= sprintf ( __ ( 'Whois : http://whois.arin.net/rest/ip/%s' ), $comment -> comment_author_IP ) . " \r \n " ;
$notify_message .= __ ( 'Comment: ' ) . " \r \n " . $comment -> comment_content . " \r \n \r \n " ;
$notify_message .= __ ( 'You can see all comments on this post here: ' ) . " \r \n " ;
/* translators: 1: blog name, 2: post title */
$subject = sprintf ( __ ( '[%1$s] Comment: "%2$s"' ), $blogname , $post -> post_title );
break ;
2005-04-20 05:37:23 +02:00
}
$notify_message .= get_permalink ( $comment -> comment_post_ID ) . " #comments \r \n \r \n " ;
2010-12-06 23:56:47 +01:00
$notify_message .= sprintf ( __ ( 'Permalink: %s' ), get_permalink ( $comment -> comment_post_ID ) . '#comment-' . $comment_id ) . " \r \n " ;
2013-07-11 00:01:12 +02:00
if ( user_can ( $post -> post_author , 'edit_comment' , $comment_id ) ) {
if ( EMPTY_TRASH_DAYS )
$notify_message .= sprintf ( __ ( 'Trash it: %s' ), admin_url ( " comment.php?action=trash&c= $comment_id " ) ) . " \r \n " ;
else
$notify_message .= sprintf ( __ ( 'Delete it: %s' ), admin_url ( " comment.php?action=delete&c= $comment_id " ) ) . " \r \n " ;
$notify_message .= sprintf ( __ ( 'Spam it: %s' ), admin_url ( " comment.php?action=spam&c= $comment_id " ) ) . " \r \n " ;
}
2005-04-20 05:37:23 +02:00
2005-11-25 23:57:26 +01:00
$wp_email = 'wordpress@' . preg_replace ( '#^www\.#' , '' , strtolower ( $_SERVER [ 'SERVER_NAME' ]));
2005-11-11 01:07:39 +01:00
if ( '' == $comment -> comment_author ) {
2005-11-25 23:57:26 +01:00
$from = " From: \" $blogname\ " < $wp_email > " ;
2005-11-11 01:07:39 +01:00
if ( '' != $comment -> comment_author_email )
$reply_to = " Reply-To: $comment->comment_author_email " ;
2006-11-19 08:56:05 +01:00
} else {
2005-11-25 23:57:26 +01:00
$from = " From: \" $comment->comment_author\ " < $wp_email > " ;
2005-11-11 01:07:39 +01:00
if ( '' != $comment -> comment_author_email )
$reply_to = " Reply-To: \" $comment->comment_author_email\ " < $comment -> comment_author_email > " ;
2006-11-19 08:56:05 +01:00
}
2005-04-20 05:37:23 +02:00
2007-06-26 22:18:56 +02:00
$message_headers = " $from\n "
2006-08-30 23:46:31 +02:00
. " Content-Type: text/plain; charset= \" " . get_option ( 'blog_charset' ) . " \" \n " ;
2005-04-20 05:37:23 +02:00
2005-11-11 03:00:06 +01:00
if ( isset ( $reply_to ) )
$message_headers .= $reply_to . " \n " ;
2013-08-23 21:36:10 +02:00
$notify_message = apply_filters ( 'comment_notification_text' , $notify_message , $comment_id );
$subject = apply_filters ( 'comment_notification_subject' , $subject , $comment_id );
$message_headers = apply_filters ( 'comment_notification_headers' , $message_headers , $comment_id );
foreach ( $emails as $email ) {
2013-08-23 22:57:11 +02:00
@ wp_mail ( $email , $subject , $notify_message , $message_headers );
2013-08-23 21:36:10 +02:00
}
2007-06-14 04:25:30 +02:00
2005-04-20 05:37:23 +02:00
return true ;
}
endif ;
if ( ! function_exists ( 'wp_notify_moderator' ) ) :
2008-01-11 21:51:39 +01:00
/**
2008-06-22 22:23:23 +02:00
* Notifies the moderator of the blog about a new comment that is awaiting approval .
2008-01-11 21:51:39 +01:00
*
2013-12-24 19:57:12 +01:00
* @ since 1.0 . 0
*
2008-01-11 21:51:39 +01:00
* @ uses $wpdb
*
* @ param int $comment_id Comment ID
* @ return bool Always returns true
*/
2005-04-20 05:37:23 +02:00
function wp_notify_moderator ( $comment_id ) {
global $wpdb ;
2010-11-06 16:20:50 +01:00
if ( 0 == get_option ( 'moderation_notify' ) )
2007-09-04 01:32:58 +02:00
return true ;
2007-06-14 04:25:30 +02:00
2010-11-06 16:20:50 +01:00
$comment = get_comment ( $comment_id );
$post = get_post ( $comment -> comment_post_ID );
$user = get_userdata ( $post -> post_author );
2011-09-05 21:08:15 +02:00
// Send to the administration and to the post author if the author can modify the comment.
2013-11-13 03:41:09 +01:00
$emails = array ( get_option ( 'admin_email' ) );
if ( user_can ( $user -> ID , 'edit_comment' , $comment_id ) && ! empty ( $user -> user_email ) ) {
if ( 0 !== strcasecmp ( $user -> user_email , get_option ( 'admin_email' ) ) )
$emails [] = $user -> user_email ;
}
2005-04-20 05:37:23 +02:00
2006-10-04 05:05:54 +02:00
$comment_author_domain = @ gethostbyaddr ( $comment -> comment_author_IP );
2005-04-20 05:37:23 +02:00
$comments_waiting = $wpdb -> get_var ( " SELECT count(comment_ID) FROM $wpdb->comments WHERE comment_approved = '0' " );
2010-01-15 23:11:12 +01:00
2009-12-13 12:38:45 +01:00
// The blogname option is escaped with esc_html on the way into the database in sanitize_option
// we want to reverse this for the plain text arena of emails.
$blogname = wp_specialchars_decode ( get_option ( 'blogname' ), ENT_QUOTES );
2010-01-15 23:11:12 +01:00
2013-11-13 03:32:10 +01:00
switch ( $comment -> comment_type ) {
2008-02-16 18:03:05 +01:00
case 'trackback' :
2010-06-06 16:44:48 +02:00
$notify_message = sprintf ( __ ( 'A new trackback on the post "%s" is waiting for your approval' ), $post -> post_title ) . " \r \n " ;
2008-02-16 18:03:05 +01:00
$notify_message .= get_permalink ( $comment -> comment_post_ID ) . " \r \n \r \n " ;
$notify_message .= sprintf ( __ ( 'Website : %1$s (IP: %2$s , %3$s)' ), $comment -> comment_author , $comment -> comment_author_IP , $comment_author_domain ) . " \r \n " ;
$notify_message .= sprintf ( __ ( 'URL : %s' ), $comment -> comment_author_url ) . " \r \n " ;
2008-02-18 18:13:21 +01:00
$notify_message .= __ ( 'Trackback excerpt: ' ) . " \r \n " . $comment -> comment_content . " \r \n \r \n " ;
2008-02-16 18:03:05 +01:00
break ;
case 'pingback' :
2010-05-22 15:48:38 +02:00
$notify_message = sprintf ( __ ( 'A new pingback on the post "%s" is waiting for your approval' ), $post -> post_title ) . " \r \n " ;
2008-02-16 18:03:05 +01:00
$notify_message .= get_permalink ( $comment -> comment_post_ID ) . " \r \n \r \n " ;
$notify_message .= sprintf ( __ ( 'Website : %1$s (IP: %2$s , %3$s)' ), $comment -> comment_author , $comment -> comment_author_IP , $comment_author_domain ) . " \r \n " ;
$notify_message .= sprintf ( __ ( 'URL : %s' ), $comment -> comment_author_url ) . " \r \n " ;
$notify_message .= __ ( 'Pingback excerpt: ' ) . " \r \n " . $comment -> comment_content . " \r \n \r \n " ;
break ;
2013-11-13 03:32:10 +01:00
default : // Comments
2010-05-22 15:48:38 +02:00
$notify_message = sprintf ( __ ( 'A new comment on the post "%s" is waiting for your approval' ), $post -> post_title ) . " \r \n " ;
2008-02-16 18:03:05 +01:00
$notify_message .= get_permalink ( $comment -> comment_post_ID ) . " \r \n \r \n " ;
$notify_message .= sprintf ( __ ( 'Author : %1$s (IP: %2$s , %3$s)' ), $comment -> comment_author , $comment -> comment_author_IP , $comment_author_domain ) . " \r \n " ;
$notify_message .= sprintf ( __ ( 'E-mail : %s' ), $comment -> comment_author_email ) . " \r \n " ;
$notify_message .= sprintf ( __ ( 'URL : %s' ), $comment -> comment_author_url ) . " \r \n " ;
2010-11-17 01:54:22 +01:00
$notify_message .= sprintf ( __ ( 'Whois : http://whois.arin.net/rest/ip/%s' ), $comment -> comment_author_IP ) . " \r \n " ;
2008-02-16 18:03:05 +01:00
$notify_message .= __ ( 'Comment: ' ) . " \r \n " . $comment -> comment_content . " \r \n \r \n " ;
break ;
}
2008-03-02 21:17:30 +01:00
2009-12-15 11:55:55 +01:00
$notify_message .= sprintf ( __ ( 'Approve it: %s' ), admin_url ( " comment.php?action=approve&c= $comment_id " ) ) . " \r \n " ;
if ( EMPTY_TRASH_DAYS )
$notify_message .= sprintf ( __ ( 'Trash it: %s' ), admin_url ( " comment.php?action=trash&c= $comment_id " ) ) . " \r \n " ;
else
$notify_message .= sprintf ( __ ( 'Delete it: %s' ), admin_url ( " comment.php?action=delete&c= $comment_id " ) ) . " \r \n " ;
$notify_message .= sprintf ( __ ( 'Spam it: %s' ), admin_url ( " comment.php?action=spam&c= $comment_id " ) ) . " \r \n " ;
2008-03-02 21:17:30 +01:00
2009-02-20 20:35:16 +01:00
$notify_message .= sprintf ( _n ( 'Currently %s comment is waiting for approval. Please visit the moderation panel:' ,
2008-05-27 13:42:32 +02:00
'Currently %s comments are waiting for approval. Please visit the moderation panel:' , $comments_waiting ), number_format_i18n ( $comments_waiting ) ) . " \r \n " ;
2008-06-06 09:39:11 +02:00
$notify_message .= admin_url ( " edit-comments.php?comment_status=moderated " ) . " \r \n " ;
2005-04-20 05:37:23 +02:00
2009-12-13 12:38:45 +01:00
$subject = sprintf ( __ ( '[%1$s] Please moderate: "%2$s"' ), $blogname , $post -> post_title );
2009-05-29 22:00:06 +02:00
$message_headers = '' ;
2005-08-31 01:17:42 +02:00
2013-08-23 21:36:10 +02:00
$emails = apply_filters ( 'comment_moderation_recipients' , $emails , $comment_id );
$notify_message = apply_filters ( 'comment_moderation_text' , $notify_message , $comment_id );
$subject = apply_filters ( 'comment_moderation_subject' , $subject , $comment_id );
$message_headers = apply_filters ( 'comment_moderation_headers' , $message_headers , $comment_id );
2005-04-20 05:37:23 +02:00
2013-08-23 21:36:10 +02:00
foreach ( $emails as $email ) {
@ wp_mail ( $email , $subject , $notify_message , $message_headers );
}
2006-11-19 08:56:05 +01:00
2005-04-20 05:37:23 +02:00
return true ;
}
endif ;
2008-07-29 22:21:34 +02:00
if ( ! function_exists ( 'wp_password_change_notification' ) ) :
/**
* Notify the blog admin of a user changing password , normally via email .
*
2013-12-24 19:57:12 +01:00
* @ since 2.7 . 0
2008-07-29 22:21:34 +02:00
*
* @ param object $user User Object
*/
function wp_password_change_notification ( & $user ) {
// send a copy of password change notification to the admin
// but check to see if it's the admin whose password we're changing, and skip this
2013-11-13 03:41:09 +01:00
if ( 0 !== strcasecmp ( $user -> user_email , get_option ( 'admin_email' ) ) ) {
2008-07-29 22:21:34 +02:00
$message = sprintf ( __ ( 'Password Lost and Changed for user: %s' ), $user -> user_login ) . " \r \n " ;
2009-12-14 23:09:54 +01:00
// The blogname option is escaped with esc_html on the way into the database in sanitize_option
// we want to reverse this for the plain text arena of emails.
$blogname = wp_specialchars_decode ( get_option ( 'blogname' ), ENT_QUOTES );
wp_mail ( get_option ( 'admin_email' ), sprintf ( __ ( '[%s] Password Lost/Changed' ), $blogname ), $message );
2008-07-29 22:21:34 +02:00
}
}
endif ;
2005-09-14 02:03:02 +02:00
if ( ! function_exists ( 'wp_new_user_notification' ) ) :
2008-01-11 21:51:39 +01:00
/**
2014-02-09 22:07:12 +01:00
* Email login credentials to a newly - registered user .
*
* A new user registration notification is also sent to admin email .
2008-01-11 21:51:39 +01:00
*
2013-12-24 19:57:12 +01:00
* @ since 2.0 . 0
2008-01-11 21:51:39 +01:00
*
2014-02-09 22:07:12 +01:00
* @ param int $user_id User ID .
* @ param string $plaintext_pass Optional . The user ' s plaintext password . Default empty .
2008-01-11 21:51:39 +01:00
*/
2005-09-14 02:03:02 +02:00
function wp_new_user_notification ( $user_id , $plaintext_pass = '' ) {
2012-08-03 03:06:05 +02:00
$user = get_userdata ( $user_id );
2006-02-12 08:53:23 +01:00
2009-12-13 12:38:45 +01:00
// The blogname option is escaped with esc_html on the way into the database in sanitize_option
// we want to reverse this for the plain text arena of emails.
$blogname = wp_specialchars_decode ( get_option ( 'blogname' ), ENT_QUOTES );
2006-02-12 08:53:23 +01:00
2010-04-30 05:17:49 +02:00
$message = sprintf ( __ ( 'New user registration on your site %s:' ), $blogname ) . " \r \n \r \n " ;
2013-03-03 21:55:30 +01:00
$message .= sprintf ( __ ( 'Username: %s' ), $user -> user_login ) . " \r \n \r \n " ;
$message .= sprintf ( __ ( 'E-mail: %s' ), $user -> user_email ) . " \r \n " ;
2006-02-12 08:53:23 +01:00
2009-12-13 12:38:45 +01:00
@ wp_mail ( get_option ( 'admin_email' ), sprintf ( __ ( '[%s] New User Registration' ), $blogname ), $message );
2005-09-14 02:03:02 +02:00
if ( empty ( $plaintext_pass ) )
return ;
2013-03-03 21:55:30 +01:00
$message = sprintf ( __ ( 'Username: %s' ), $user -> user_login ) . " \r \n " ;
2005-09-14 02:03:02 +02:00
$message .= sprintf ( __ ( 'Password: %s' ), $plaintext_pass ) . " \r \n " ;
2009-04-14 20:31:49 +02:00
$message .= wp_login_url () . " \r \n " ;
2006-02-12 08:53:23 +01:00
2013-03-03 21:55:30 +01:00
wp_mail ( $user -> user_email , sprintf ( __ ( '[%s] Your username and password' ), $blogname ), $message );
2006-02-12 08:53:23 +01:00
2005-09-14 02:03:02 +02:00
}
endif ;
2008-03-18 03:43:20 +01:00
if ( ! function_exists ( 'wp_nonce_tick' ) ) :
/**
2008-06-22 22:23:23 +02:00
* Get the time - dependent variable for nonce creation .
2008-03-18 03:43:20 +01:00
*
2008-06-22 22:23:23 +02:00
* A nonce has a lifespan of two ticks . Nonces in their second tick may be
* updated , e . g . by autosave .
2008-03-18 03:43:20 +01:00
*
2013-12-24 19:57:12 +01:00
* @ since 2.5 . 0
2008-03-18 03:43:20 +01:00
*
* @ return int
*/
function wp_nonce_tick () {
2012-09-25 07:26:19 +02:00
$nonce_life = apply_filters ( 'nonce_life' , DAY_IN_SECONDS );
2008-03-18 03:43:20 +01:00
return ceil ( time () / ( $nonce_life / 2 ));
}
endif ;
2006-05-03 00:08:34 +02:00
if ( ! function_exists ( 'wp_verify_nonce' ) ) :
2008-01-11 21:51:39 +01:00
/**
2008-06-22 22:23:23 +02:00
* Verify that correct nonce was used with time limit .
2008-01-11 21:51:39 +01:00
*
2008-06-22 22:23:23 +02:00
* The user is given an amount of time to use the token , so therefore , since the
* UID and $action remain the same , the independent variable is the time .
2008-01-11 21:51:39 +01:00
*
2009-01-30 19:08:28 +01:00
* @ since 2.0 . 3
2008-01-11 21:51:39 +01:00
*
* @ param string $nonce Nonce that was used in the form to verify
* @ param string | int $action Should give context to what is taking place and be the same when nonce was created .
* @ return bool Whether the nonce check passed or failed .
*/
2006-05-03 00:08:34 +02:00
function wp_verify_nonce ( $nonce , $action = - 1 ) {
$user = wp_get_current_user ();
2011-08-04 05:09:27 +02:00
$uid = ( int ) $user -> ID ;
2012-09-13 19:17:47 +02:00
if ( ! $uid )
$uid = apply_filters ( 'nonce_user_logged_out' , $uid , $action );
2006-05-03 00:08:34 +02:00
2008-03-18 03:43:20 +01:00
$i = wp_nonce_tick ();
2006-05-03 00:08:34 +02:00
2008-03-18 03:43:20 +01:00
// Nonce generated 0-12 hours ago
2013-06-21 04:11:31 +02:00
if ( substr ( wp_hash ( $i . $action . $uid , 'nonce' ), - 12 , 10 ) === $nonce )
2008-03-18 03:43:20 +01:00
return 1 ;
// Nonce generated 12-24 hours ago
2013-06-21 04:11:31 +02:00
if ( substr ( wp_hash (( $i - 1 ) . $action . $uid , 'nonce' ), - 12 , 10 ) === $nonce )
2008-03-18 03:43:20 +01:00
return 2 ;
// Invalid nonce
2006-05-03 00:08:34 +02:00
return false ;
}
endif ;
if ( ! function_exists ( 'wp_create_nonce' ) ) :
2008-01-11 21:51:39 +01:00
/**
2008-06-22 22:23:23 +02:00
* Creates a random , one time use token .
2008-01-11 21:51:39 +01:00
*
2009-01-30 19:08:28 +01:00
* @ since 2.0 . 3
2008-01-11 21:51:39 +01:00
*
* @ param string | int $action Scalar value to add context to the nonce .
* @ return string The one use form token
*/
2006-05-03 00:08:34 +02:00
function wp_create_nonce ( $action = - 1 ) {
$user = wp_get_current_user ();
2011-08-04 05:09:27 +02:00
$uid = ( int ) $user -> ID ;
2012-09-13 19:17:47 +02:00
if ( ! $uid )
$uid = apply_filters ( 'nonce_user_logged_out' , $uid , $action );
2006-05-03 00:08:34 +02:00
2008-03-18 03:43:20 +01:00
$i = wp_nonce_tick ();
2006-11-19 08:56:05 +01:00
2008-12-07 22:31:13 +01:00
return substr ( wp_hash ( $i . $action . $uid , 'nonce' ), - 12 , 10 );
2006-05-31 02:24:03 +02:00
}
endif ;
2006-05-31 03:40:00 +02:00
if ( ! function_exists ( 'wp_salt' ) ) :
2008-01-11 21:51:39 +01:00
/**
2012-01-09 21:52:08 +01:00
* Get salt to add to hashes .
2008-06-22 22:23:23 +02:00
*
2012-01-09 21:52:08 +01:00
* Salts are created using secret keys . Secret keys are located in two places :
* in the database and in the wp - config . php file . The secret key in the database
* is randomly generated and will be appended to the secret keys in wp - config . php .
2008-01-11 21:51:39 +01:00
*
2012-01-09 21:52:08 +01:00
* The secret keys in wp - config . php should be updated to strong , random keys to maximize
* security . Below is an example of how the secret key constants are defined .
* Do not paste this example directly into wp - config . php . Instead , have a
* { @ link https :// api . wordpress . org / secret - key / 1.1 / salt / secret key created } just
* for you .
2008-01-11 21:51:39 +01:00
*
* < code >
2012-01-09 21:52:08 +01:00
* define ( 'AUTH_KEY' , ' Xakm<o xQy rw4EMsLKM-?!T+,PFF})H4lzcW57AF0U@N@< >M%G4Yt>f`z]MON' );
* define ( 'SECURE_AUTH_KEY' , 'LzJ}op]mr|6+![P}Ak:uNdJCJZd>(Hx.-Mh#Tz)pCIU#uGEnfFz|f ;;eU%/U^O~' );
* define ( 'LOGGED_IN_KEY' , '|i|Ux`9<p-h$aFf(qnT:sDO:D1P^wZ$$/Ra@miTJi9G;ddp_<q}6H1)o|a +&JCM' );
* define ( 'NONCE_KEY' , '%:R{[P|,s.KuMltH5}cI;/k<Gx~j!f0I)m_sIyu+&NJZ)-iO>z7X>QYR0Z_XnZ@|' );
* define ( 'AUTH_SALT' , 'eZyT)-Naw]F8CwA*VaW#q*|.)g@o}||wf~@C-YSt}(dh_r6EbI#A,y|nU2{B#JBW' );
* define ( 'SECURE_AUTH_SALT' , '!=oLUTXh,QW=H `}`L|9/^4-3 STz},T(w}W<I`.JjPi)<Bmf1v,HpGe}T1:Xt7n' );
* define ( 'LOGGED_IN_SALT' , '+XSqHc;@Q*K_b|Z?NC[3H!!EONbh.n<+=uKR:>*c(u`g~EJBf#8u#R{mUEZrozmm' );
* define ( 'NONCE_SALT' , 'h`GXHhD>SLWVfg1(1(N{;.V!MoE(SfbA_ksP@&`+AycHcAV$+?@3q+rxV{%^VyKT' );
2008-01-11 21:51:39 +01:00
* </ code >
*
2008-06-22 22:23:23 +02:00
* Salting passwords helps against tools which has stored hashed values of
2012-01-09 21:52:08 +01:00
* common dictionary strings . The added values makes it harder to crack .
2008-01-11 21:51:39 +01:00
*
2013-12-24 19:57:12 +01:00
* @ since 2.5 . 0
2012-01-09 21:52:08 +01:00
*
* @ link https :// api . wordpress . org / secret - key / 1.1 / salt / Create secrets for wp - config . php
2008-01-11 21:51:39 +01:00
*
2012-01-27 19:52:20 +01:00
* @ param string $scheme Authentication scheme ( auth , secure_auth , logged_in , nonce )
2010-02-22 21:27:02 +01:00
* @ return string Salt value
2008-01-11 21:51:39 +01:00
*/
2012-01-27 19:52:20 +01:00
function wp_salt ( $scheme = 'auth' ) {
2012-03-07 04:41:56 +01:00
static $cached_salts = array ();
if ( isset ( $cached_salts [ $scheme ] ) )
return apply_filters ( 'salt' , $cached_salts [ $scheme ], $scheme );
2012-01-27 19:52:20 +01:00
static $duplicated_keys ;
if ( null === $duplicated_keys ) {
$duplicated_keys = array ( 'put your unique phrase here' => true );
foreach ( array ( 'AUTH' , 'SECURE_AUTH' , 'LOGGED_IN' , 'NONCE' , 'SECRET' ) as $first ) {
foreach ( array ( 'KEY' , 'SALT' ) as $second ) {
if ( ! defined ( " { $first } _ { $second } " ) )
continue ;
$value = constant ( " { $first } _ { $second } " );
$duplicated_keys [ $value ] = isset ( $duplicated_keys [ $value ] );
2008-06-11 19:25:55 +02:00
}
}
2012-01-27 19:52:20 +01:00
}
2008-06-11 19:25:55 +02:00
2012-01-27 19:52:20 +01:00
$key = $salt = '' ;
if ( defined ( 'SECRET_KEY' ) && SECRET_KEY && empty ( $duplicated_keys [ SECRET_KEY ] ) )
$key = SECRET_KEY ;
if ( 'auth' == $scheme && defined ( 'SECRET_SALT' ) && SECRET_SALT && empty ( $duplicated_keys [ SECRET_SALT ] ) )
$salt = SECRET_SALT ;
if ( in_array ( $scheme , array ( 'auth' , 'secure_auth' , 'logged_in' , 'nonce' ) ) ) {
foreach ( array ( 'key' , 'salt' ) as $type ) {
$const = strtoupper ( " { $scheme } _ { $type } " );
if ( defined ( $const ) && constant ( $const ) && empty ( $duplicated_keys [ constant ( $const ) ] ) ) {
$$type = constant ( $const );
} elseif ( ! $$type ) {
$$type = get_site_option ( " { $scheme } _ { $type } " );
if ( ! $$type ) {
$$type = wp_generate_password ( 64 , true , true );
update_site_option ( " { $scheme } _ { $type } " , $$type );
}
2008-06-11 19:25:55 +02:00
}
2007-12-24 07:34:12 +01:00
}
2012-01-27 19:52:20 +01:00
} else {
if ( ! $key ) {
$key = get_site_option ( 'secret_key' );
if ( ! $key ) {
$key = wp_generate_password ( 64 , true , true );
update_site_option ( 'secret_key' , $key );
2008-12-07 22:31:13 +01:00
}
}
2012-01-27 19:52:20 +01:00
$salt = hash_hmac ( 'md5' , $scheme , $key );
2007-12-16 18:41:59 +01:00
}
2006-05-31 03:40:00 +02:00
2012-03-07 04:41:56 +01:00
$cached_salts [ $scheme ] = $key . $salt ;
return apply_filters ( 'salt' , $cached_salts [ $scheme ], $scheme );
2006-05-31 03:40:00 +02:00
}
endif ;
2006-05-31 02:24:03 +02:00
if ( ! function_exists ( 'wp_hash' ) ) :
2008-01-11 21:51:39 +01:00
/**
2008-06-22 22:23:23 +02:00
* Get hash of given string .
2008-01-11 21:51:39 +01:00
*
2009-01-30 19:08:28 +01:00
* @ since 2.0 . 3
2008-01-11 21:51:39 +01:00
* @ uses wp_salt () Get WordPress salt
*
* @ param string $data Plain text to hash
* @ return string Hash of $data
*/
2008-06-11 19:25:55 +02:00
function wp_hash ( $data , $scheme = 'auth' ) {
$salt = wp_salt ( $scheme );
2006-05-31 02:24:03 +02:00
2008-04-24 02:30:49 +02:00
return hash_hmac ( 'md5' , $data , $salt );
2006-05-03 00:08:34 +02:00
}
endif ;
2007-12-02 06:14:11 +01:00
if ( ! function_exists ( 'wp_hash_password' ) ) :
2008-01-11 21:51:39 +01:00
/**
2008-06-22 22:23:23 +02:00
* Create a hash ( encrypt ) of a plain text password .
2008-01-11 21:51:39 +01:00
*
2008-06-22 22:23:23 +02:00
* For integration with other applications , this function can be overwritten to
* instead use the other package password checking algorithm .
2008-01-11 21:51:39 +01:00
*
2013-12-24 19:57:12 +01:00
* @ since 2.5 . 0
*
2008-01-11 21:51:39 +01:00
* @ global object $wp_hasher PHPass object
* @ uses PasswordHash :: HashPassword
*
* @ param string $password Plain text user password to hash
* @ return string The hash string of the password
*/
2007-12-02 06:14:11 +01:00
function wp_hash_password ( $password ) {
global $wp_hasher ;
if ( empty ( $wp_hasher ) ) {
require_once ( ABSPATH . 'wp-includes/class-phpass.php' );
// By default, use the portable hash from phpass
2012-01-05 21:50:54 +01:00
$wp_hasher = new PasswordHash ( 8 , true );
2007-12-02 06:14:11 +01:00
}
2008-02-05 07:47:27 +01:00
2013-10-07 15:54:10 +02:00
return $wp_hasher -> HashPassword ( trim ( $password ) );
2007-12-02 06:14:11 +01:00
}
endif ;
if ( ! function_exists ( 'wp_check_password' ) ) :
2008-01-11 21:51:39 +01:00
/**
2008-06-22 22:23:23 +02:00
* Checks the plaintext password against the encrypted Password .
2008-01-11 21:51:39 +01:00
*
2008-06-22 22:23:23 +02:00
* Maintains compatibility between old version and the new cookie authentication
* protocol using PHPass library . The $hash parameter is the encrypted password
2011-09-05 21:08:15 +02:00
* and the function compares the plain text password when encrypted similarly
2008-06-22 22:23:23 +02:00
* against the already encrypted password to see if they match .
2008-01-11 21:51:39 +01:00
*
2008-06-22 22:23:23 +02:00
* For integration with other applications , this function can be overwritten to
* instead use the other package password checking algorithm .
2008-01-11 21:51:39 +01:00
*
2013-12-24 19:57:12 +01:00
* @ since 2.5 . 0
*
2008-01-11 21:51:39 +01:00
* @ global object $wp_hasher PHPass object used for checking the password
* against the $hash + $password
* @ uses PasswordHash :: CheckPassword
*
* @ param string $password Plaintext user ' s password
* @ param string $hash Hash of the user ' s password to check against .
* @ return bool False , if the $password does not match the hashed password
*/
2008-03-27 23:44:47 +01:00
function wp_check_password ( $password , $hash , $user_id = '' ) {
2007-12-02 06:14:11 +01:00
global $wp_hasher ;
2008-03-27 23:44:47 +01:00
// If the hash is still md5...
if ( strlen ( $hash ) <= 32 ) {
$check = ( $hash == md5 ( $password ) );
if ( $check && $user_id ) {
// Rehash using new hash.
wp_set_password ( $password , $user_id );
$hash = wp_hash_password ( $password );
}
return apply_filters ( 'check_password' , $check , $password , $hash , $user_id );
}
2007-12-02 06:14:11 +01:00
// If the stored hash is longer than an MD5, presume the
// new style phpass portable hash.
if ( empty ( $wp_hasher ) ) {
require_once ( ABSPATH . 'wp-includes/class-phpass.php' );
// By default, use the portable hash from phpass
2012-01-05 21:50:54 +01:00
$wp_hasher = new PasswordHash ( 8 , true );
2007-12-02 06:14:11 +01:00
}
2008-01-24 19:36:45 +01:00
$check = $wp_hasher -> CheckPassword ( $password , $hash );
2008-03-27 23:44:47 +01:00
return apply_filters ( 'check_password' , $check , $password , $hash , $user_id );
2007-12-02 06:14:11 +01:00
}
endif ;
2007-12-15 06:31:16 +01:00
if ( ! function_exists ( 'wp_generate_password' ) ) :
/**
2008-06-22 22:23:23 +02:00
* Generates a random password drawn from the defined set of characters .
2008-01-11 21:51:39 +01:00
*
2013-12-24 19:57:12 +01:00
* @ since 2.5 . 0
2008-01-11 21:51:39 +01:00
*
2008-12-30 20:47:59 +01:00
* @ param int $length The length of password to generate
2010-02-14 05:06:30 +01:00
* @ param bool $special_chars Whether to include standard special characters . Default true .
2010-02-19 01:03:36 +01:00
* @ param bool $extra_special_chars Whether to include other special characters . Used when
* generating secret keys and salts . Default false .
2008-01-11 21:51:39 +01:00
* @ return string The random password
2007-12-15 06:31:16 +01:00
**/
2010-02-14 05:06:30 +01:00
function wp_generate_password ( $length = 12 , $special_chars = true , $extra_special_chars = false ) {
2008-04-25 19:12:25 +02:00
$chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789' ;
2010-02-19 01:03:36 +01:00
if ( $special_chars )
2008-04-25 19:12:25 +02:00
$chars .= '!@#$%^&*()' ;
2010-02-19 01:03:36 +01:00
if ( $extra_special_chars )
$chars .= '-_ []{}<>~`+=,.;:/?|' ;
2008-04-25 19:12:25 +02:00
2007-12-15 06:31:16 +01:00
$password = '' ;
2010-01-07 21:49:04 +01:00
for ( $i = 0 ; $i < $length ; $i ++ ) {
2008-08-25 19:52:28 +02:00
$password .= substr ( $chars , wp_rand ( 0 , strlen ( $chars ) - 1 ), 1 );
2010-01-07 21:49:04 +01:00
}
// random_password filter was previously in random_password function which was deprecated
return apply_filters ( 'random_password' , $password );
2007-12-15 06:31:16 +01:00
}
endif ;
2007-12-16 18:41:59 +01:00
2008-08-25 19:52:28 +02:00
if ( ! function_exists ( 'wp_rand' ) ) :
2012-08-31 11:45:50 +02:00
/**
2008-08-25 19:52:28 +02:00
* Generates a random number
*
* @ since 2.6 . 2
*
2012-08-31 11:45:50 +02:00
* @ param int $min Lower limit for the generated number
* @ param int $max Upper limit for the generated number
2008-08-25 19:52:28 +02:00
* @ return int A random number between min and max
*/
function wp_rand ( $min = 0 , $max = 0 ) {
global $rnd_value ;
// Reset $rnd_value after 14 uses
// 32(md5) + 40(sha1) + 40(sha1) / 8 = 14 random numbers from $rnd_value
if ( strlen ( $rnd_value ) < 8 ) {
2010-02-14 03:47:45 +01:00
if ( defined ( 'WP_SETUP_CONFIG' ) )
static $seed = '' ;
else
$seed = get_transient ( 'random_seed' );
2008-08-25 19:52:28 +02:00
$rnd_value = md5 ( uniqid ( microtime () . mt_rand (), true ) . $seed );
$rnd_value .= sha1 ( $rnd_value );
$rnd_value .= sha1 ( $rnd_value . $seed );
$seed = md5 ( $seed . $rnd_value );
2010-02-14 03:47:45 +01:00
if ( ! defined ( 'WP_SETUP_CONFIG' ) )
set_transient ( 'random_seed' , $seed );
2008-08-25 19:52:28 +02:00
}
// Take the first 8 digits for our value
$value = substr ( $rnd_value , 0 , 8 );
// Strip the first eight, leaving the remainder for the next call to wp_rand().
$rnd_value = substr ( $rnd_value , 8 );
$value = abs ( hexdec ( $value ));
2012-08-31 11:45:50 +02:00
// Some misconfigured 32bit environments (Entropy PHP, for example) truncate integers larger than PHP_INT_MAX to PHP_INT_MAX rather than overflowing them to floats.
$max_random_number = 3000000000 === 2147483647 ? ( float ) " 4294967295 " : 4294967295 ; // 4294967295 = 0xffffffff
2008-08-25 19:52:28 +02:00
// Reduce the value to be within the min - max range
if ( $max != 0 )
2012-08-31 11:45:50 +02:00
$value = $min + ( $max - $min + 1 ) * $value / ( $max_random_number + 1 );
2008-08-25 19:52:28 +02:00
2008-12-09 19:03:31 +01:00
return abs ( intval ( $value ));
2008-08-25 19:52:28 +02:00
}
endif ;
2007-12-17 07:02:45 +01:00
if ( ! function_exists ( 'wp_set_password' ) ) :
2008-01-11 21:51:39 +01:00
/**
2008-06-22 22:23:23 +02:00
* Updates the user ' s password with a new encrypted one .
2008-01-11 21:51:39 +01:00
*
2008-06-22 22:23:23 +02:00
* For integration with other applications , this function can be overwritten to
* instead use the other package password checking algorithm .
2008-01-11 21:51:39 +01:00
*
2013-12-24 19:57:12 +01:00
* @ since 2.5 . 0
*
2008-01-11 21:51:39 +01:00
* @ uses $wpdb WordPress database object for queries
* @ uses wp_hash_password () Used to encrypt the user ' s password before passing to the database
*
* @ param string $password The plaintext new user password
* @ param int $user_id User ID
*/
2007-12-17 07:02:45 +01:00
function wp_set_password ( $password , $user_id ) {
global $wpdb ;
2013-10-07 15:54:10 +02:00
$hash = wp_hash_password ( $password );
2009-03-06 05:27:51 +01:00
$wpdb -> update ( $wpdb -> users , array ( 'user_pass' => $hash , 'user_activation_key' => '' ), array ( 'ID' => $user_id ) );
2007-12-17 07:02:45 +01:00
wp_cache_delete ( $user_id , 'users' );
}
endif ;
2008-02-07 07:07:12 +01:00
if ( ! function_exists ( 'get_avatar' ) ) :
/**
2008-06-22 22:23:23 +02:00
* Retrieve the avatar for a user who provided a user ID or email address .
2008-02-07 07:07:12 +01:00
*
2013-12-24 19:57:12 +01:00
* @ since 2.5 . 0
*
2008-03-04 23:52:36 +01:00
* @ param int | string | object $id_or_email A user ID , email address , or comment object
2008-02-07 07:07:12 +01:00
* @ param int $size Size of the avatar image
* @ param string $default URL to a default image to use if no avatar is available
2012-09-19 18:55:43 +02:00
* @ param string $alt Alternative text to use in image tag . Defaults to blank
2008-02-07 07:07:12 +01:00
* @ return string < img > tag for the user ' s avatar
*/
2008-10-03 05:20:54 +02:00
function get_avatar ( $id_or_email , $size = '96' , $default = '' , $alt = false ) {
2008-02-07 07:07:12 +01:00
if ( ! get_option ( 'show_avatars' ) )
return false ;
2008-10-03 05:20:54 +02:00
if ( false === $alt )
2008-10-12 20:03:54 +02:00
$safe_alt = '' ;
else
2009-05-05 21:43:53 +02:00
$safe_alt = esc_attr ( $alt );
2008-10-03 05:20:54 +02:00
2008-03-02 22:41:35 +01:00
if ( ! is_numeric ( $size ) )
2008-03-15 09:27:28 +01:00
$size = '96' ;
2008-03-02 22:41:35 +01:00
2008-02-20 21:57:21 +01:00
$email = '' ;
2008-02-07 07:07:12 +01:00
if ( is_numeric ( $id_or_email ) ) {
$id = ( int ) $id_or_email ;
$user = get_userdata ( $id );
2008-02-20 21:57:21 +01:00
if ( $user )
2008-02-07 07:07:12 +01:00
$email = $user -> user_email ;
2008-02-20 21:57:21 +01:00
} elseif ( is_object ( $id_or_email ) ) {
2010-02-19 21:27:56 +01:00
// No avatar for pingbacks or trackbacks
$allowed_comment_types = apply_filters ( 'get_avatar_comment_types' , array ( 'comment' ) );
if ( ! empty ( $id_or_email -> comment_type ) && ! in_array ( $id_or_email -> comment_type , ( array ) $allowed_comment_types ) )
return false ;
2008-10-03 05:12:42 +02:00
2013-11-02 13:20:11 +01:00
if ( ! empty ( $id_or_email -> user_id ) ) {
2008-02-20 21:57:21 +01:00
$id = ( int ) $id_or_email -> user_id ;
2008-02-20 21:58:58 +01:00
$user = get_userdata ( $id );
2013-11-02 13:20:11 +01:00
if ( $user )
2008-02-20 21:57:21 +01:00
$email = $user -> user_email ;
}
2013-11-02 13:20:11 +01:00
if ( ! $email && ! empty ( $id_or_email -> comment_author_email ) )
$email = $id_or_email -> comment_author_email ;
2008-02-07 07:07:12 +01:00
} else {
$email = $id_or_email ;
}
2008-05-03 02:56:16 +02:00
if ( empty ( $default ) ) {
$avatar_default = get_option ( 'avatar_default' );
if ( empty ( $avatar_default ) )
2008-05-04 20:05:20 +02:00
$default = 'mystery' ;
2008-05-03 02:56:16 +02:00
else
$default = $avatar_default ;
}
2010-02-24 21:50:40 +01:00
if ( ! empty ( $email ) )
2011-12-20 23:00:44 +01:00
$email_hash = md5 ( strtolower ( trim ( $email ) ) );
2010-02-24 21:50:40 +01:00
if ( is_ssl () ) {
2009-03-18 03:43:45 +01:00
$host = 'https://secure.gravatar.com' ;
2010-02-24 21:50:40 +01:00
} else {
if ( ! empty ( $email ) )
2010-11-13 10:53:55 +01:00
$host = sprintf ( " http://%d.gravatar.com " , ( hexdec ( $email_hash [ 0 ] ) % 2 ) );
2010-02-24 21:50:40 +01:00
else
2010-03-02 22:59:15 +01:00
$host = 'http://0.gravatar.com' ;
2010-02-24 21:50:40 +01:00
}
2009-01-29 18:58:16 +01:00
2008-11-15 19:10:35 +01:00
if ( 'mystery' == $default )
2009-01-29 18:58:16 +01:00
$default = " $host /avatar/ad516503a11cd5ca435acc9bb6523536?s= { $size } " ; // ad516503a11cd5ca435acc9bb6523536 == md5('unknown@gravatar.com')
2008-05-04 20:05:20 +02:00
elseif ( 'blank' == $default )
2012-11-14 06:29:56 +01:00
$default = $email ? 'blank' : includes_url ( 'images/blank.gif' );
2008-05-03 02:56:16 +02:00
elseif ( ! empty ( $email ) && 'gravatar_default' == $default )
$default = '' ;
elseif ( 'gravatar_default' == $default )
2012-04-22 13:45:31 +02:00
$default = " $host /avatar/?s= { $size } " ;
2008-05-03 02:56:16 +02:00
elseif ( empty ( $email ) )
2009-01-29 18:58:16 +01:00
$default = " $host /avatar/?d= $default &s= { $size } " ;
2008-11-16 00:30:33 +01:00
elseif ( strpos ( $default , 'http://' ) === 0 )
2008-11-15 19:10:35 +01:00
$default = add_query_arg ( 's' , $size , $default );
2008-02-07 07:07:12 +01:00
if ( ! empty ( $email ) ) {
2009-01-29 18:58:16 +01:00
$out = " $host /avatar/ " ;
2010-02-24 21:50:40 +01:00
$out .= $email_hash ;
2008-03-15 03:23:27 +01:00
$out .= '?s=' . $size ;
$out .= '&d=' . urlencode ( $default );
2008-02-07 07:07:12 +01:00
$rating = get_option ( 'avatar_rating' );
if ( ! empty ( $rating ) )
2008-03-15 03:23:27 +01:00
$out .= " &r= { $rating } " ;
2008-02-07 07:07:12 +01:00
2013-10-25 04:29:52 +02:00
$out = str_replace ( '&' , '&' , esc_url ( $out ) );
2008-11-18 23:06:51 +01:00
$avatar = " <img alt=' { $safe_alt } ' src=' { $out } ' class='avatar avatar- { $size } photo' height=' { $size } ' width=' { $size } ' /> " ;
2008-02-07 07:07:12 +01:00
} else {
2008-11-18 23:06:51 +01:00
$avatar = " <img alt=' { $safe_alt } ' src=' { $default } ' class='avatar avatar- { $size } photo avatar-default' height=' { $size } ' width=' { $size } ' /> " ;
2008-02-07 07:07:12 +01:00
}
2008-08-17 13:23:49 +02:00
return apply_filters ( 'get_avatar' , $avatar , $id_or_email , $size , $default , $alt );
2008-02-07 07:07:12 +01:00
}
endif ;
2008-04-19 01:38:21 +02:00
if ( ! function_exists ( 'wp_text_diff' ) ) :
/**
2008-06-22 22:23:23 +02:00
* Displays a human readable HTML representation of the difference between two strings .
2008-04-19 01:38:21 +02:00
*
2008-06-22 22:23:23 +02:00
* The Diff is available for getting the changes between versions . The output is
* HTML , so the primary use is for displaying the changes . If the two strings
* are equivalent , then an empty string will be returned .
2008-04-19 01:38:21 +02:00
*
2008-06-22 22:23:23 +02:00
* The arguments supported and can be changed are listed below .
2008-04-19 01:38:21 +02:00
*
2008-06-22 22:23:23 +02:00
* 'title' : Default is an empty string . Titles the diff in a manner compatible
* with the output .
* 'title_left' : Default is an empty string . Change the HTML to the left of the
* title .
* 'title_right' : Default is an empty string . Change the HTML to the right of
* the title .
2008-04-19 01:38:21 +02:00
*
2013-12-24 19:57:12 +01:00
* @ since 2.6 . 0
*
2008-06-22 22:23:23 +02:00
* @ see wp_parse_args () Used to change defaults to user defined settings .
2008-04-19 01:38:21 +02:00
* @ uses Text_Diff
* @ uses WP_Text_Diff_Renderer_Table
*
* @ param string $left_string " old " ( left ) version of string
* @ param string $right_string " new " ( right ) version of string
2008-06-22 22:23:23 +02:00
* @ param string | array $args Optional . Change 'title' , 'title_left' , and 'title_right' defaults .
* @ return string Empty string if strings are equivalent or HTML with differences .
2008-04-19 01:38:21 +02:00
*/
function wp_text_diff ( $left_string , $right_string , $args = null ) {
2008-05-08 19:25:07 +02:00
$defaults = array ( 'title' => '' , 'title_left' => '' , 'title_right' => '' );
2008-04-19 01:38:21 +02:00
$args = wp_parse_args ( $args , $defaults );
if ( ! class_exists ( 'WP_Text_Diff_Renderer_Table' ) )
require ( ABSPATH . WPINC . '/wp-diff.php' );
2008-10-23 22:03:16 +02:00
$left_string = normalize_whitespace ( $left_string );
$right_string = normalize_whitespace ( $right_string );
2008-08-09 07:36:14 +02:00
2012-01-09 22:20:51 +01:00
$left_lines = explode ( " \n " , $left_string );
$right_lines = explode ( " \n " , $right_string );
2008-04-19 01:38:21 +02:00
$text_diff = new Text_Diff ( $left_lines , $right_lines );
2013-02-28 16:14:34 +01:00
$renderer = new WP_Text_Diff_Renderer_Table ( $args );
2008-04-19 01:38:21 +02:00
$diff = $renderer -> render ( $text_diff );
if ( ! $diff )
return '' ;
$r = " <table class='diff'> \n " ;
2013-02-28 16:14:34 +01:00
2013-03-07 16:32:26 +01:00
if ( ! empty ( $args [ 'show_split_view' ] ) ) {
2013-02-28 16:14:34 +01:00
$r .= " <col class='content diffsplit left' /><col class='content diffsplit middle' /><col class='content diffsplit right' /> " ;
} else {
$r .= " <col class='content' /> " ;
}
2008-04-19 01:38:21 +02:00
2008-05-08 19:25:07 +02:00
if ( $args [ 'title' ] || $args [ 'title_left' ] || $args [ 'title_right' ] )
$r .= " <thead> " ;
2008-04-19 01:38:21 +02:00
if ( $args [ 'title' ] )
2008-05-08 19:25:07 +02:00
$r .= " <tr class='diff-title'><th colspan='4'> $args[title] </th></tr> \n " ;
if ( $args [ 'title_left' ] || $args [ 'title_right' ] ) {
$r .= " <tr class='diff-sub-title'> \n " ;
$r .= " \t <td></td><th> $args[title_left] </th> \n " ;
$r .= " \t <td></td><th> $args[title_right] </th> \n " ;
$r .= " </tr> \n " ;
}
if ( $args [ 'title' ] || $args [ 'title_left' ] || $args [ 'title_right' ] )
$r .= " </thead> \n " ;
2008-04-19 01:38:21 +02:00
$r .= " <tbody> \n $diff\n </tbody> \n " ;
$r .= " </table> " ;
return $r ;
}
endif ;
2013-03-21 16:54:11 +01:00