Show the login form in a popup when autosave hits the login grace period, fixes #10704

git-svn-id: http://svn.automattic.com/wordpress/trunk@12021 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/admin-ajax.php

@@ -891,6 +891,8 @@ case 'autosave' : // The name of this action is hardcoded in edit_post()
 	$message = sprintf( __('Draft Saved at %s.'), date_i18n( $draft_saved_date_format ) );
 
 	$supplemental = array();
+	if ( isset($login_grace_period) )
+		$supplemental['session_expired'] = add_query_arg( 'interim-login', 1, wp_login_url() );
 
 	$id = $revision_id = 0;
 	if($_POST['post_ID'] < 0) {

wp-admin/css/login.css

@@ -1 +1 @@
-*{margin:0;padding:0;}body{border-top-width:30px;border-top-style:solid;font:11px "Lucida Grande",Verdana,Arial,"Bitstream Vera Sans",sans-serif;}form{margin-left:8px;padding:16px 16px 40px 16px;font-weight:normal;-moz-border-radius:11px;-khtml-border-radius:11px;-webkit-border-radius:11px;border-radius:5px;background:#fff;border:1px solid #e5e5e5;-moz-box-shadow:rgba(200,200,200,1) 0 4px 18px;-webkit-box-shadow:rgba(200,200,200,1) 0 4px 18px;-khtml-box-shadow:rgba(200,200,200,1) 0 4px 18px;box-shadow:rgba(200,200,200,1) 0 4px 18px;}form .forgetmenot{font-weight:normal;float:left;margin-bottom:0;}.button-primary{font-family:"Lucida Grande",Verdana,Arial,"Bitstream Vera Sans",sans-serif;padding:3px 10px;border:none;font-size:12px;border-width:1px;border-style:solid;-moz-border-radius:11px;-khtml-border-radius:11px;-webkit-border-radius:11px;border-radius:11px;cursor:pointer;text-decoration:none;margin-top:-3px;}#login form p{margin-bottom:0;}label{color:#777;font-size:13px;}form .forgetmenot label{font-size:11px;line-height:19px;}form .submit{float:right;}form p{margin-bottom:24px;}h1 a{background:url(../images/logo-login.gif) no-repeat top center;width:326px;height:67px;text-indent:-9999px;overflow:hidden;padding-bottom:15px;display:block;}#nav{text-shadow:rgba(255,255,255,1) 0 1px 0;}#backtoblog a{position:absolute;top:7px;left:15px;text-decoration:none;}#login{width:320px;margin:7em auto;}#login_error,.message{margin:0 0 16px 8px;border-width:1px;border-style:solid;padding:12px;-moz-border-radius:3px;-khtml-border-radius:3px;-webkit-border-radius:3px;border-radius:3px;}#nav{margin:0 0 0 8px;padding:16px;}#user_pass,#user_login,#user_email{font-size:24px;width:97%;padding:3px;margin-top:2px;margin-right:6px;margin-bottom:16px;border:1px solid #e5e5e5;background:#fbfbfb;}input{color:#555;}.clear{clear:both;}
+*{margin:0;padding:0;}body{border-top-width:30px;border-top-style:solid;font:11px "Lucida Grande",Verdana,Arial,"Bitstream Vera Sans",sans-serif;}form{margin-left:8px;padding:16px 16px 40px 16px;font-weight:normal;-moz-border-radius:11px;-khtml-border-radius:11px;-webkit-border-radius:11px;border-radius:5px;background:#fff;border:1px solid #e5e5e5;-moz-box-shadow:rgba(200,200,200,1) 0 4px 18px;-webkit-box-shadow:rgba(200,200,200,1) 0 4px 18px;-khtml-box-shadow:rgba(200,200,200,1) 0 4px 18px;box-shadow:rgba(200,200,200,1) 0 4px 18px;}form .forgetmenot{font-weight:normal;float:left;margin-bottom:0;}.button-primary{font-family:"Lucida Grande",Verdana,Arial,"Bitstream Vera Sans",sans-serif;padding:3px 10px;border:none;font-size:12px;border-width:1px;border-style:solid;-moz-border-radius:11px;-khtml-border-radius:11px;-webkit-border-radius:11px;border-radius:11px;cursor:pointer;text-decoration:none;margin-top:-3px;}#login form p{margin-bottom:0;}label{color:#777;font-size:13px;}form .forgetmenot label{font-size:11px;line-height:19px;}form .submit,.alignright{float:right;}form p{margin-bottom:24px;}h1 a{background:url(../images/logo-login.gif) no-repeat top center;width:326px;height:67px;text-indent:-9999px;overflow:hidden;padding-bottom:15px;display:block;}#nav{text-shadow:rgba(255,255,255,1) 0 1px 0;}#backtoblog a{position:absolute;top:7px;left:15px;text-decoration:none;}#login{width:320px;margin:7em auto;}#login_error,.message{margin:0 0 16px 8px;border-width:1px;border-style:solid;padding:12px;-moz-border-radius:3px;-khtml-border-radius:3px;-webkit-border-radius:3px;border-radius:3px;}#nav{margin:0 0 0 8px;padding:16px;}#user_pass,#user_login,#user_email{font-size:24px;width:97%;padding:3px;margin-top:2px;margin-right:6px;margin-bottom:16px;border:1px solid #e5e5e5;background:#fbfbfb;}input{color:#555;}.clear{clear:both;}

wp-admin/css/login.dev.css

@@ -58,7 +58,8 @@ form .forgetmenot label {
 	line-height: 19px;
 }
 
-form .submit {
+form .submit,
+.alignright {
 	float: right;
 }
 

wp-includes/js/autosave.dev.js

@@ -1,4 +1,4 @@
-var autosave, autosaveLast = '', autosavePeriodical, autosaveOldMessage = '', autosaveDelayPreview = false, notSaved = true, blockSave = false;
+var autosave, autosaveLast = '', autosavePeriodical, autosaveOldMessage = '', autosaveDelayPreview = false, notSaved = true, blockSave = false, interimLogin = false;
 
 jQuery(document).ready( function($) {
 	var dotabkey = true;
@@ -81,17 +81,25 @@ jQuery(document).ready( function($) {
 });
 
 function autosave_parse_response(response) {
-	var res = wpAjax.parseAjaxResponse(response, 'autosave'), message = '', postID;
+	var res = wpAjax.parseAjaxResponse(response, 'autosave'), message = '', postID, sup, url;
 
 	if ( res && res.responses && res.responses.length ) {
 		message = res.responses[0].data; // The saved message or error.
 		// someone else is editing: disable autosave, set errors
 		if ( res.responses[0].supplemental ) {
-			if ( 'disable' == res.responses[0].supplemental['disable_autosave'] ) {
+			sup = res.responses[0].supplemental;
+			if ( 'disable' == sup['disable_autosave'] ) {
 				autosave = function() {};
 				res = { errors: true };
 			}
-			jQuery.each(res.responses[0].supplemental, function(selector, value) {
+			if ( sup['session_expired'] && (url = sup['session_expired']) ) {
+				if ( !interimLogin || interimLogin.closed ) {
+					interimLogin = window.open(url, 'login', 'width=600,height=450,resizable=yes,scrollbars=yes,status=yes');
+					interimLogin.focus();
+				}
+				delete sup['session_expired'];
+			}
+			jQuery.each(sup, function(selector, value) {
 				if ( selector.match(/^replace-/) ) {
 					jQuery('#'+selector.replace('replace-', '')).val(value);
 				}

wp-includes/pluggable.php

@@ -539,6 +539,9 @@ function wp_validate_auth_cookie($cookie = '', $scheme = '') {
 		return false;
 	}
 
+	if ( $expiration < time() ) // AJAX/POST grace period set above
+		$GLOBALS['login_grace_period'] = 1;
+
 	do_action('auth_cookie_valid', $cookie_elements, $user);
 
 	return $user->ID;

wp-includes/script-loader.php

@@ -98,7 +98,7 @@ function wp_default_scripts( &$scripts ) {
 		'l10n_print_after' => 'try{convertEntities(wpAjax);}catch(e){};'
 	) );
 
-	$scripts->add( 'autosave', "/wp-includes/js/autosave$suffix.js", array('schedule', 'wp-ajax-response'), '20090913' );
+	$scripts->add( 'autosave', "/wp-includes/js/autosave$suffix.js", array('schedule', 'wp-ajax-response'), '20091010' );
 	$scripts->add_data( 'autosave', 'group', 1 );
 
 	$scripts->add( 'wp-lists', "/wp-includes/js/wp-lists$suffix.js", array('wp-ajax-response'), '20091007' );
@@ -479,7 +479,7 @@ function wp_default_styles( &$styles ) {
 	$styles->add( 'theme-editor', "/wp-admin/css/theme-editor$suffix.css", array(), '20090625' );
 	$styles->add( 'press-this', "/wp-admin/css/press-this$suffix.css", array(), '20090514' );
 	$styles->add( 'thickbox', '/wp-includes/js/thickbox/thickbox.css', array(), '20090514' );
-	$styles->add( 'login', "/wp-admin/css/login$suffix.css", array(), '20090824' );
+	$styles->add( 'login', "/wp-admin/css/login$suffix.css", array(), '20091010' );
 	$styles->add( 'plugin-install', "/wp-admin/css/plugin-install$suffix.css", array(), '20090514' );
 	$styles->add( 'theme-install', "/wp-admin/css/theme-install$suffix.css", array(), '20090610' );
 	$styles->add( 'farbtastic', '/wp-admin/css/farbtastic.css', array(), '1.2' );

wp-login.php

@@ -39,7 +39,7 @@ if ( force_ssl_admin() && !is_ssl() ) {
  * @param WP_Error $wp_error Optional. WordPress Error Object
  */
 function login_header($title = 'Log In', $message = '', $wp_error = '') {
-	global $error, $is_iphone;
+	global $error, $is_iphone, $interim_login;
 
 	// Don't index any of these forms
 	add_filter( 'pre_option_blog_public', create_function( '$a', 'return 0;' ) );
@@ -53,18 +53,22 @@ function login_header($title = 'Log In', $message = '', $wp_error = '') {
 <head>
 	<title><?php bloginfo('name'); ?> &rsaquo; <?php echo $title; ?></title>
 	<meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" />
-	<?php
+<?php
 	wp_admin_css( 'login', true );
 	wp_admin_css( 'colors-fresh', true );
 
-	if ( $is_iphone ) {
-	?>
+	if ( $is_iphone ) { ?>
 	<meta name="viewport" content="width=320; initial-scale=0.9; maximum-scale=1.0; user-scalable=0;" />
 	<style type="text/css" media="screen">
 	form { margin-left: 0px; }
 	#login { margin-top: 20px; }
 	</style>
-	<?php
+<?php
+	} elseif ( isset($interim_login) && $interim_login ) { ?>
+	<style type="text/css" media="all">
+	.login #login { margin: 20px auto; }
+	</style>
+<?php
 	}
 
 	do_action('login_head'); ?>
@@ -282,7 +286,7 @@ if ( isset($_GET['key']) )
 	$action = 'resetpass';
 
 // validate action so as to default to the login screen
-if ( !in_array($action, array('logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login')) && false === has_filter('login_form_' . $action) )
+if ( !in_array($action, array('logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login'), true) && false === has_filter('login_form_' . $action) )
 	$action = 'login';
 
 nocache_headers();
@@ -443,6 +447,7 @@ break;
 case 'login' :
 default:
 	$secure_cookie = '';
+	$interim_login = isset($_REQUEST['interim-login']);
 
 	// If the user wants ssl but the session is not ssl, force a secure cookie.
 	if ( !empty($_POST['log']) && !force_ssl_admin() ) {
@@ -472,6 +477,15 @@ default:
 	$redirect_to = apply_filters('login_redirect', $redirect_to, isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '', $user);
 
 	if ( !is_wp_error($user) ) {
+		if ( $interim_login ) {
+			$message = '<p class="message">' . __('You have logged in successfully.') . '</p>';
+			login_header( '', $message ); ?>
+			<script type="text/javascript">setTimeout( function(){window.close()}, 8000);</script>
+			<p class="alignright">
+			<input type="button" class="button-primary" value="<?php esc_attr_e('Close'); ?>" onclick="window.close()" /></p>
+			</div></body></html>
+<?php		exit;
+		}
 		// If the user can't edit posts, send them to their profile.
 		if ( !$user->has_cap('edit_posts') && ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url() ) )
 			$redirect_to = admin_url('profile.php');
@@ -489,11 +503,18 @@ default:
 		$errors->add('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress."));
 
 	// Some parts of this script use the main login form to display a message
-	if		( isset($_GET['loggedout']) && TRUE == $_GET['loggedout'] )			$errors->add('loggedout', __('You are now logged out.'), 'message');
-	elseif	( isset($_GET['registration']) && 'disabled' == $_GET['registration'] )	$errors->add('registerdisabled', __('User registration is currently not allowed.'));
-	elseif	( isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail'] )	$errors->add('confirm', __('Check your e-mail for the confirmation link.'), 'message');
-	elseif	( isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail'] )	$errors->add('newpass', __('Check your e-mail for your new password.'), 'message');
-	elseif	( isset($_GET['checkemail']) && 'registered' == $_GET['checkemail'] )	$errors->add('registered', __('Registration complete. Please check your e-mail.'), 'message');
+	if		( isset($_GET['loggedout']) && TRUE == $_GET['loggedout'] )
+		$errors->add('loggedout', __('You are now logged out.'), 'message');
+	elseif	( isset($_GET['registration']) && 'disabled' == $_GET['registration'] )
+		$errors->add('registerdisabled', __('User registration is currently not allowed.'));
+	elseif	( isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail'] )
+		$errors->add('confirm', __('Check your e-mail for the confirmation link.'), 'message');
+	elseif	( isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail'] )
+		$errors->add('newpass', __('Check your e-mail for your new password.'), 'message');
+	elseif	( isset($_GET['checkemail']) && 'registered' == $_GET['checkemail'] )
+		$errors->add('registered', __('Registration complete. Please check your e-mail.'), 'message');
+	elseif	( $interim_login )
+		$errors->add('expired', __('Your session has expired. Please log-in again.'), 'message');
 
 	login_header(__('Log In'), '', $errors);
 
@@ -515,12 +536,17 @@ default:
 	<p class="forgetmenot"><label><input name="rememberme" type="checkbox" id="rememberme" value="forever" tabindex="90" /> <?php esc_attr_e('Remember Me'); ?></label></p>
 	<p class="submit">
 		<input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Log In'); ?>" tabindex="100" />
+<?php	if ( $interim_login ) { ?>
+		<input type="hidden" name="interim-login" value="1" />
+<?php	} else { ?>
 		<input type="hidden" name="redirect_to" value="<?php echo esc_attr($redirect_to); ?>" />
+<?php 	} ?>
 		<input type="hidden" name="testcookie" value="1" />
 	</p>
 </form>
 <?php endif; ?>
 
+<?php if ( !$interim_login ) { ?>
 <p id="nav">
 <?php if ( isset($_GET['checkemail']) && in_array( $_GET['checkemail'], array('confirm', 'newpass') ) ) : ?>
 <?php elseif (get_option('users_can_register')) : ?>
@@ -531,12 +557,12 @@ default:
 <?php endif; ?>
 </p>
 
+<p id="backtoblog"><a href="<?php bloginfo('url'); ?>/" title="<?php _e('Are you lost?') ?>"><?php printf(__('&larr; Back to %s'), get_bloginfo('title', 'display' )); ?></a></p>
+<?php } ?>
 </div>
 
-<p id="backtoblog"><a href="<?php bloginfo('url'); ?>/" title="<?php _e('Are you lost?') ?>"><?php printf(__('&larr; Back to %s'), get_bloginfo('title', 'display' )); ?></a></p>
-
 <script type="text/javascript">
-<?php if ( $user_login ) { ?>
+<?php if ( $user_login || $interim_login ) { ?>
 setTimeout( function(){ try{
 d = document.getElementById('user_pass');
 d.value = '';