WordPress/wp-includes/js/wp-auth-check.js

// Interim login dialog
(function($){
	var wrap, check, timeout;

	function show() {
		var parent = $('#wp-auth-check'), form = $('#wp-auth-check-form'), noframe = wrap.find('.wp-auth-fallback-expired'), frame, loaded = false;

		if ( form.length ) {
			// Add unload confirmation to counter (frame-busting) JS redirects
			$(window).on( 'beforeunload.wp-auth-check', function(e) {
				e.originalEvent.returnValue = window.authcheckL10n.beforeunload;
			});

			frame = $('<iframe id="wp-auth-check-frame" frameborder="0">').attr( 'title', noframe.text() );
			frame.load( function(e) {
				var height, body;

				loaded = true;

				try {
					body = $(this).contents().find('body');
					height = body.height();
				} catch(e) {
					wrap.addClass('fallback');
					form.remove();
					noframe.focus();
					return;
				}

				if ( height ) {
					if ( body && body.hasClass('interim-login-success') ) {
						height += 35;
						parent.find('.wp-auth-check-close').show();
						wrap.data('logged-in', 1);
						setTimeout( function() { hide(); }, 3000 );
					}

					parent.css( 'max-height', height + 60 + 'px' );
				}
			}).attr( 'src', form.data('src') );

			$('#wp-auth-check-form').append( frame );
		}

		wrap.removeClass('hidden');

		if ( frame ) {
			frame.focus();
			// WebKit doesn't throw an error if the iframe fails to load because of "X-Frame-Options: DENY" header.
			// Wait for 5 sec. and switch to the fallback text.
			setTimeout( function() {
				if ( ! loaded ) {
					wrap.addClass('fallback');
					form.remove();
					noframe.focus();
				}
			}, 5000 );
		} else {
			noframe.focus();
		}
	}

	function hide() {
		$(window).off( 'beforeunload.wp-auth-check' );

		wrap.fadeOut( 200, function() {
			wrap.addClass('hidden').css('display', '').find('.wp-auth-check-close').css('display', '');
			$('#wp-auth-check-frame').remove();
		});
	}

	function schedule() {
		check = false;
		window.clearTimeout( timeout );
		timeout = window.setTimeout( function(){ check = 1; }, 180000 ); // 3 min.
	}

	$( document ).on( 'heartbeat-tick.wp-auth-check', function( e, data ) {
		if ( check === 2 )
			schedule();

		if ( data['wp-auth-check'] && wrap.hasClass('hidden') ) {
			show();
		} else if ( ! data['wp-auth-check'] && ! wrap.hasClass('hidden') && ! wrap.data('logged-in') ) {
			hide();
		}
	}).ready( function() {
		schedule();
		wrap = $('#wp-auth-check-wrap').data( 'logged-in', 0 );
		wrap.find('.wp-auth-check-close').on( 'click', function(e) {
			hide();
		});
		// Bind later
		$( document ).on( 'heartbeat-send.wp-auth-check', function( e, data ) {
			var i, empty = true;
			// Check if something is using heartbeat. If yes, trigger the logged out check too.
			for ( i in data ) {
				if ( data.hasOwnProperty( i ) ) {
					empty = false;
					break;
				}
			}

			if ( check || ! empty )
				data['wp-auth-check'] = 1;

			if ( check )
				check = 2;
		});
	});

}(jQuery));
Logged out warnings: add fallback text dialog for: - The login page has "X-Frame-Options: DENY" header. - Cross-domain when displaying on the front-end on multisite with domain mapping. - The site forces ssl login but not ssl admin. Add onbeforeunload prompt to counter (frame-busting) JS redirects. Move the JS and CSS into separate files. See #23295. git-svn-id: http://core.svn.wordpress.org/trunk@23805 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2013-03-27 09:43:11 +01:00			`// Interim login dialog`
			`(function($){`
Logged out warnings: by default run the logged-out check every 3 min. Tag along if something else is using heartbeat. See #23295 git-svn-id: http://core.svn.wordpress.org/trunk@24271 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2013-05-16 03:50:43 +02:00			`var wrap, check, timeout;`
Logged out warnings: add fallback text dialog for: - The login page has "X-Frame-Options: DENY" header. - Cross-domain when displaying on the front-end on multisite with domain mapping. - The site forces ssl login but not ssl admin. Add onbeforeunload prompt to counter (frame-busting) JS redirects. Move the JS and CSS into separate files. See #23295. git-svn-id: http://core.svn.wordpress.org/trunk@23805 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2013-03-27 09:43:11 +01:00
			`function show() {`
			`var parent = $('#wp-auth-check'), form = $('#wp-auth-check-form'), noframe = wrap.find('.wp-auth-fallback-expired'), frame, loaded = false;`

			`if ( form.length ) {`
			`// Add unload confirmation to counter (frame-busting) JS redirects`
			`$(window).on( 'beforeunload.wp-auth-check', function(e) {`
			`e.originalEvent.returnValue = window.authcheckL10n.beforeunload;`
			`});`

Logged out warnings: - Don't remove login error messages coming from wp_signon(). - When the login form is shown in iframe, open all links in a new tab/window. - Add filter for the login form error message. See #23295 git-svn-id: http://core.svn.wordpress.org/trunk@24179 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2013-05-06 23:35:50 +02:00			`frame = $('<iframe id="wp-auth-check-frame" frameborder="0">').attr( 'title', noframe.text() );`
Logged out warnings: add fallback text dialog for: - The login page has "X-Frame-Options: DENY" header. - Cross-domain when displaying on the front-end on multisite with domain mapping. - The site forces ssl login but not ssl admin. Add onbeforeunload prompt to counter (frame-busting) JS redirects. Move the JS and CSS into separate files. See #23295. git-svn-id: http://core.svn.wordpress.org/trunk@23805 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2013-03-27 09:43:11 +01:00			`frame.load( function(e) {`
			`var height, body;`

			`loaded = true;`

			`try {`
			`body = $(this).contents().find('body');`
			`height = body.height();`
			`} catch(e) {`
			`wrap.addClass('fallback');`
			`form.remove();`
			`noframe.focus();`
Logged out warnings: - Don't remove login error messages coming from wp_signon(). - When the login form is shown in iframe, open all links in a new tab/window. - Add filter for the login form error message. See #23295 git-svn-id: http://core.svn.wordpress.org/trunk@24179 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2013-05-06 23:35:50 +02:00			`return;`
Logged out warnings: add fallback text dialog for: - The login page has "X-Frame-Options: DENY" header. - Cross-domain when displaying on the front-end on multisite with domain mapping. - The site forces ssl login but not ssl admin. Add onbeforeunload prompt to counter (frame-busting) JS redirects. Move the JS and CSS into separate files. See #23295. git-svn-id: http://core.svn.wordpress.org/trunk@23805 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2013-03-27 09:43:11 +01:00			`}`

			`if ( height ) {`
			`if ( body && body.hasClass('interim-login-success') ) {`
			`height += 35;`
			`parent.find('.wp-auth-check-close').show();`
			`wrap.data('logged-in', 1);`
			`setTimeout( function() { hide(); }, 3000 );`
			`}`

			`parent.css( 'max-height', height + 60 + 'px' );`
			`}`
			`}).attr( 'src', form.data('src') );`

			`$('#wp-auth-check-form').append( frame );`
			`}`

			`wrap.removeClass('hidden');`

			`if ( frame ) {`
			`frame.focus();`
			`// WebKit doesn't throw an error if the iframe fails to load because of "X-Frame-Options: DENY" header.`
			`// Wait for 5 sec. and switch to the fallback text.`
			`setTimeout( function() {`
			`if ( ! loaded ) {`
			`wrap.addClass('fallback');`
			`form.remove();`
			`noframe.focus();`
			`}`
			`}, 5000 );`
			`} else {`
			`noframe.focus();`
			`}`
			`}`

			`function hide() {`
			`$(window).off( 'beforeunload.wp-auth-check' );`

			`wrap.fadeOut( 200, function() {`
Logged out warnings: - Don't use <base> tag to set target="_blank". It can break form submission. Instead, set target only on links with JS. - Fix same domain comparison in wp_auth_check_html() when FORCE_SSL_LOGIN == true. - Properly show/hide the "Close" button when the dialog is shown multiple times. See #23295 git-svn-id: http://core.svn.wordpress.org/trunk@24208 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2013-05-09 00:45:58 +02:00			`wrap.addClass('hidden').css('display', '').find('.wp-auth-check-close').css('display', '');`
Logged out warnings: add fallback text dialog for: - The login page has "X-Frame-Options: DENY" header. - Cross-domain when displaying on the front-end on multisite with domain mapping. - The site forces ssl login but not ssl admin. Add onbeforeunload prompt to counter (frame-busting) JS redirects. Move the JS and CSS into separate files. See #23295. git-svn-id: http://core.svn.wordpress.org/trunk@23805 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2013-03-27 09:43:11 +01:00			`$('#wp-auth-check-frame').remove();`
			`});`
			`}`

Logged out warnings: by default run the logged-out check every 3 min. Tag along if something else is using heartbeat. See #23295 git-svn-id: http://core.svn.wordpress.org/trunk@24271 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2013-05-16 03:50:43 +02:00			`function schedule() {`
			`check = false;`
			`window.clearTimeout( timeout );`
Separate the nonces update from checking the post lock. Fix scheduling the logged out check. See #23697, see #23295. git-svn-id: http://core.svn.wordpress.org/trunk@24273 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2013-05-16 05:47:09 +02:00			`timeout = window.setTimeout( function(){ check = 1; }, 180000 ); // 3 min.`
Logged out warnings: by default run the logged-out check every 3 min. Tag along if something else is using heartbeat. See #23295 git-svn-id: http://core.svn.wordpress.org/trunk@24271 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2013-05-16 03:50:43 +02:00			`}`

Logged out warnings: add fallback text dialog for: - The login page has "X-Frame-Options: DENY" header. - Cross-domain when displaying on the front-end on multisite with domain mapping. - The site forces ssl login but not ssl admin. Add onbeforeunload prompt to counter (frame-busting) JS redirects. Move the JS and CSS into separate files. See #23295. git-svn-id: http://core.svn.wordpress.org/trunk@23805 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2013-03-27 09:43:11 +01:00			`$( document ).on( 'heartbeat-tick.wp-auth-check', function( e, data ) {`
Separate the nonces update from checking the post lock. Fix scheduling the logged out check. See #23697, see #23295. git-svn-id: http://core.svn.wordpress.org/trunk@24273 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2013-05-16 05:47:09 +02:00			`if ( check === 2 )`
Logged out warnings: by default run the logged-out check every 3 min. Tag along if something else is using heartbeat. See #23295 git-svn-id: http://core.svn.wordpress.org/trunk@24271 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2013-05-16 03:50:43 +02:00			`schedule();`

Logged out warnings: add fallback text dialog for: - The login page has "X-Frame-Options: DENY" header. - Cross-domain when displaying on the front-end on multisite with domain mapping. - The site forces ssl login but not ssl admin. Add onbeforeunload prompt to counter (frame-busting) JS redirects. Move the JS and CSS into separate files. See #23295. git-svn-id: http://core.svn.wordpress.org/trunk@23805 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2013-03-27 09:43:11 +01:00			`if ( data['wp-auth-check'] && wrap.hasClass('hidden') ) {`
			`show();`
			`} else if ( ! data['wp-auth-check'] && ! wrap.hasClass('hidden') && ! wrap.data('logged-in') ) {`
			`hide();`
			`}`
			`}).ready( function() {`
Logged out warnings: by default run the logged-out check every 3 min. Tag along if something else is using heartbeat. See #23295 git-svn-id: http://core.svn.wordpress.org/trunk@24271 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2013-05-16 03:50:43 +02:00			`schedule();`
			`wrap = $('#wp-auth-check-wrap').data( 'logged-in', 0 );`
Logged out warnings: add fallback text dialog for: - The login page has "X-Frame-Options: DENY" header. - Cross-domain when displaying on the front-end on multisite with domain mapping. - The site forces ssl login but not ssl admin. Add onbeforeunload prompt to counter (frame-busting) JS redirects. Move the JS and CSS into separate files. See #23295. git-svn-id: http://core.svn.wordpress.org/trunk@23805 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2013-03-27 09:43:11 +01:00			`wrap.find('.wp-auth-check-close').on( 'click', function(e) {`
			`hide();`
			`});`
Logged out warnings: by default run the logged-out check every 3 min. Tag along if something else is using heartbeat. See #23295 git-svn-id: http://core.svn.wordpress.org/trunk@24271 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2013-05-16 03:50:43 +02:00			`// Bind later`
			`$( document ).on( 'heartbeat-send.wp-auth-check', function( e, data ) {`
			`var i, empty = true;`
			`// Check if something is using heartbeat. If yes, trigger the logged out check too.`
			`for ( i in data ) {`
			`if ( data.hasOwnProperty( i ) ) {`
			`empty = false;`
			`break;`
			`}`
			`}`

			`if ( check \|\| ! empty )`
			`data['wp-auth-check'] = 1;`
Separate the nonces update from checking the post lock. Fix scheduling the logged out check. See #23697, see #23295. git-svn-id: http://core.svn.wordpress.org/trunk@24273 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2013-05-16 05:47:09 +02:00
			`if ( check )`
			`check = 2;`
Logged out warnings: by default run the logged-out check every 3 min. Tag along if something else is using heartbeat. See #23295 git-svn-id: http://core.svn.wordpress.org/trunk@24271 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2013-05-16 03:50:43 +02:00			`});`
Logged out warnings: add fallback text dialog for: - The login page has "X-Frame-Options: DENY" header. - Cross-domain when displaying on the front-end on multisite with domain mapping. - The site forces ssl login but not ssl admin. Add onbeforeunload prompt to counter (frame-busting) JS redirects. Move the JS and CSS into separate files. See #23295. git-svn-id: http://core.svn.wordpress.org/trunk@23805 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2013-03-27 09:43:11 +01:00			`});`

			`}(jQuery));`