$v) { if (is_array($v)) { $array[$k] = add_magic_quotes($v); } else { $array[$k] = addslashes($v); } } return $array; } } if (!get_magic_quotes_gpc()) { $_GET = add_magic_quotes($_GET); $_POST = add_magic_quotes($_POST); $_COOKIE = add_magic_quotes($_COOKIE); } $wpvarstoreset = array('action','mode','error','text','popupurl','popuptitle'); for ($i = 0; $i < count($wpvarstoreset); $i = $i + 1) { $wpvar = $wpvarstoreset[$i]; if (!isset($$wpvar)) { if (empty($_POST["$wpvar"])) { if (empty($_GET["$wpvar"])) { $$wpvar = ''; } else { $$wpvar = $_GET["$wpvar"]; } } else { $$wpvar = $_POST["$wpvar"]; } } } switch($action) { case 'logout': setcookie('wordpressuser_'.$cookiehash, " ", time() - 31536000, COOKIEPATH); setcookie('wordpresspass_'.$cookiehash, " ", time() - 31536000, COOKIEPATH); header('Expires: Wed, 11 Jan 1984 05:00:00 GMT'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); header('Cache-Control: no-cache, must-revalidate'); header('Pragma: no-cache'); if ($is_IIS) { header('Refresh: 0;url=wp-login.php'); } else { header('Location: wp-login.php'); } exit(); break; case 'login': if(!empty($_POST)) { $log = $_POST['log']; $pwd = $_POST['pwd']; $redirect_to = $_POST['redirect_to']; } $user = get_userdatabylogin($log); if (0 == $user->user_level) { $redirect_to = get_settings('siteurl') . '/wp-admin/profile.php'; } function login() { global $wpdb, $log, $pwd, $error, $user_ID; global $pass_is_md5; $user_login = &$log; $pwd = md5($pwd); $password = &$pwd; if (!$user_login) { $error = __('Error: the login field is empty.'); return false; } if (!$password) { $error = __('Error: the password field is empty.'); return false; } $query = "SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$user_login' AND user_pass = '$password'"; $login = $wpdb->get_row($query); if (!$login) { $error = __('Error: wrong login or password.'); $pwd = ''; return false; } else { $user_ID = $login->ID; if (($pass_is_md5 == 0 && $login->user_login == $user_login && $login->user_pass == $password) || ($pass_is_md5 == 1 && $login->user_login == $user_login && $login->user_pass == md5($password))) { return true; } else { $error = __('Error: wrong login or password.'); $pwd = ''; return false; } } } if (!login()) { header('Expires: Wed, 11 Jan 1984 05:00:00 GMT'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); header('Cache-Control: no-cache, must-revalidate'); header('Pragma: no-cache'); if ($is_IIS) { header('Refresh: 0;url=wp-login.php'); } else { header('Location: wp-login.php'); } exit(); } else { $user_login = $log; $user_pass = $pwd; setcookie('wordpressuser_'.$cookiehash, $user_login, time() + 31536000, COOKIEPATH); setcookie('wordpresspass_'.$cookiehash, md5($user_pass), time() + 31536000, COOKIEPATH); header('Expires: Wed, 11 Jan 1984 05:00:00 GMT'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); header('Cache-Control: no-cache, must-revalidate'); header('Pragma: no-cache'); switch($mode) { case 'bookmarklet': $location = "wp-admin/bookmarklet.php?text=$text&popupurl=$popupurl&popuptitle=$popuptitle"; break; case 'sidebar': $location = "wp-admin/sidebar.php?text=$text&popupurl=$popupurl&popuptitle=$popuptitle"; break; case 'profile': $location = "wp-admin/profile.php?text=$text&popupurl=$popupurl&popuptitle=$popuptitle"; break; default: $location = "$redirect_to"; break; } if ($is_IIS) { header("Refresh: 0;url=$location"); } else { header("Location: $location"); } } break; case 'lostpassword': ?> <?php _e('WordPress » Lost password ?') ?>

$error
 
"; ?>


user_login; $user_email = $user_data->user_email; if (!$user_email || $user_email != $_POST['email']) die(sprintf(__('Sorry, that user does not seem to exist in our database. Perhaps you have the wrong username or e-mail address? Try again.'), 'wp-login.php?action=lostpassword')); // Generate something random for a password... md5'ing current time with a rand salt $user_pass = substr((MD5("time" . rand(1,16000))), 0, 6); // now insert the new pass md5'd into the db $wpdb->query("UPDATE $wpdb->users SET user_pass = MD5('$user_pass') WHERE user_login = '$user_login'"); $message = "Login: $user_login\r\n"; $message .= "Password: $user_pass\r\n"; $message .= 'Login at: ' . get_settings('siteurl') . '/wp-login.php'; $m = mail($user_email, '[' . get_settings('blogname') . "] Your weblog's login/password", $message); if ($m == false) { echo "


\n"; echo "

"; die(); } else { echo "


Click here to login! ') ?>

"; // send a copy of password change notification to the admin mail(get_settings('admin_email'), '[' . get_settings('blogname') . "] Password Lost/Change", "Password Lost and Changed for user: $user_login"); die(); } break; default: if((!empty($_COOKIE['wordpressuser_'.$cookiehash])) && (!empty($_COOKIE['wordpresspass_'.$cookiehash]))) { $user_login = $_COOKIE['wordpressuser_'.$cookiehash]; $user_pass_md5 = $_COOKIE['wordpresspass_'.$cookiehash]; } function checklogin() { global $user_login, $user_pass_md5, $user_ID; $userdata = get_userdatabylogin($user_login); if ($user_pass_md5 != md5($userdata->user_pass)) { return false; } else { return true; } } if ( !(checklogin()) ) { if (!empty($_COOKIE['wordpressuser_'.$cookiehash])) { $error="Error: wrong login/password"; //, or your session has expired."; } } else { header("Expires: Wed, 5 Jun 1979 23:41:00 GMT"); /* private joke: this is Michel's birthdate - though officially it's on the 6th, since he's GMT+1 :) */ header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); /* different all the time */ header("Cache-Control: no-cache, must-revalidate"); /* to cope with HTTP/1.1 */ header("Pragma: no-cache"); header("Location: wp-admin/"); exit(); } ?> <?php printf(__('WordPress > %s > Login form'), get_settings('blogname')) ?>



$error
 
"; ?>
" />