* @param WP_Error $wp_error Optional. WordPress Error Object
*/
function login_header($title = 'Log In', $message = '', $wp_error = '') {
- global $error, $is_iphone;
+ global $error, $is_iphone, $interim_login;
// Don't index any of these forms
add_filter( 'pre_option_blog_public', create_function( '$a', 'return 0;' ) );
<head>
<title><?php bloginfo('name'); ?> › <?php echo $title; ?></title>
<meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" />
- <?php
+<?php
wp_admin_css( 'login', true );
wp_admin_css( 'colors-fresh', true );
- if ( $is_iphone ) {
- ?>
- <meta name="viewport" content="width=320; initial-scale=0.9; maximum-scale=1.0; user-scalable=0;" />
- <style type="text/css" media="screen">
+ if ( $is_iphone ) { ?>
+ <meta name="viewport" content="width=320; initial-scale=0.9; maximum-scale=1.0; user-scalable=0;" />
+ <style type="text/css" media="screen">
form { margin-left: 0px; }
#login { margin-top: 20px; }
</style>
- <?php
+<?php
+ } elseif ( isset($interim_login) && $interim_login ) { ?>
+ <style type="text/css" media="all">
+ .login #login { margin: 20px auto; }
+ </style>
+<?php
}
do_action('login_head'); ?>
$message .= __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.') . "\r\n\r\n";
$message .= site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . "\r\n";
- $title = sprintf(__('[%s] Password Reset'), get_option('blogname'));
+ // The blogname option is escaped with esc_html on the way into the database in sanitize_option
+ // we want to reverse this for the plain text arena of emails.
+ $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
+
+ $title = sprintf(__('[%s] Password Reset'), $blogname);
$title = apply_filters('retrieve_password_title', $title);
$message = apply_filters('retrieve_password_message', $message, $key);
$message .= sprintf(__('Password: %s'), $new_pass) . "\r\n";
$message .= site_url('wp-login.php', 'login') . "\r\n";
- $title = sprintf(__('[%s] Your new password'), get_option('blogname'));
+ // The blogname option is escaped with esc_html on the way into the database in sanitize_option
+ // we want to reverse this for the plain text arena of emails.
+ $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
+
+ $title = sprintf(__('[%s] Your new password'), $blogname);
$title = apply_filters('password_reset_title', $title);
$message = apply_filters('password_reset_message', $message, $new_pass);
do_action('register_post', $user_login, $user_email, $errors);
- $errors = apply_filters( 'registration_errors', $errors );
+ $errors = apply_filters( 'registration_errors', $errors, $user_login, $user_email );
if ( $errors->get_error_code() )
return $errors;
$action = 'resetpass';
// validate action so as to default to the login screen
-if ( !in_array($action, array('logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login')) && false === has_filter('login_form_' . $action) )
+if ( !in_array($action, array('logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login'), true) && false === has_filter('login_form_' . $action) )
$action = 'login';
nocache_headers();
<input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" tabindex="10" /></label>
</p>
<?php do_action('lostpassword_form'); ?>
- <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" value="<?php esc_attr_e('Get New Password'); ?>" tabindex="100" /></p>
+ <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Get New Password'); ?>" tabindex="100" /></p>
</form>
<p id="nav">
<?php do_action('register_form'); ?>
<p id="reg_passmail"><?php _e('A password will be e-mailed to you.') ?></p>
<br class="clear" />
- <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" value="<?php esc_attr_e('Register'); ?>" tabindex="100" /></p>
+ <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Register'); ?>" tabindex="100" /></p>
</form>
<p id="nav">
case 'login' :
default:
$secure_cookie = '';
+ $interim_login = isset($_REQUEST['interim-login']);
// If the user wants ssl but the session is not ssl, force a secure cookie.
if ( !empty($_POST['log']) && !force_ssl_admin() ) {
$redirect_to = apply_filters('login_redirect', $redirect_to, isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '', $user);
if ( !is_wp_error($user) ) {
+ if ( $interim_login ) {
+ $message = '<p class="message">' . __('You have logged in successfully.') . '</p>';
+ login_header( '', $message ); ?>
+ <script type="text/javascript">setTimeout( function(){window.close()}, 8000);</script>
+ <p class="alignright">
+ <input type="button" class="button-primary" value="<?php esc_attr_e('Close'); ?>" onclick="window.close()" /></p>
+ </div></body></html>
+<?php exit;
+ }
// If the user can't edit posts, send them to their profile.
if ( !$user->has_cap('edit_posts') && ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url() ) )
$redirect_to = admin_url('profile.php');
$errors->add('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress."));
// Some parts of this script use the main login form to display a message
- if ( isset($_GET['loggedout']) && TRUE == $_GET['loggedout'] ) $errors->add('loggedout', __('You are now logged out.'), 'message');
- elseif ( isset($_GET['registration']) && 'disabled' == $_GET['registration'] ) $errors->add('registerdisabled', __('User registration is currently not allowed.'));
- elseif ( isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail'] ) $errors->add('confirm', __('Check your e-mail for the confirmation link.'), 'message');
- elseif ( isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail'] ) $errors->add('newpass', __('Check your e-mail for your new password.'), 'message');
- elseif ( isset($_GET['checkemail']) && 'registered' == $_GET['checkemail'] ) $errors->add('registered', __('Registration complete. Please check your e-mail.'), 'message');
+ if ( isset($_GET['loggedout']) && TRUE == $_GET['loggedout'] )
+ $errors->add('loggedout', __('You are now logged out.'), 'message');
+ elseif ( isset($_GET['registration']) && 'disabled' == $_GET['registration'] )
+ $errors->add('registerdisabled', __('User registration is currently not allowed.'));
+ elseif ( isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail'] )
+ $errors->add('confirm', __('Check your e-mail for the confirmation link.'), 'message');
+ elseif ( isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail'] )
+ $errors->add('newpass', __('Check your e-mail for your new password.'), 'message');
+ elseif ( isset($_GET['checkemail']) && 'registered' == $_GET['checkemail'] )
+ $errors->add('registered', __('Registration complete. Please check your e-mail.'), 'message');
+ elseif ( $interim_login )
+ $errors->add('expired', __('Your session has expired. Please log-in again.'), 'message');
login_header(__('Log In'), '', $errors);
<?php do_action('login_form'); ?>
<p class="forgetmenot"><label><input name="rememberme" type="checkbox" id="rememberme" value="forever" tabindex="90" /> <?php esc_attr_e('Remember Me'); ?></label></p>
<p class="submit">
- <input type="submit" name="wp-submit" id="wp-submit" value="<?php esc_attr_e('Log In'); ?>" tabindex="100" />
+ <input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php esc_attr_e('Log In'); ?>" tabindex="100" />
+<?php if ( $interim_login ) { ?>
+ <input type="hidden" name="interim-login" value="1" />
+<?php } else { ?>
<input type="hidden" name="redirect_to" value="<?php echo esc_attr($redirect_to); ?>" />
+<?php } ?>
<input type="hidden" name="testcookie" value="1" />
</p>
</form>
<?php endif; ?>
+<?php if ( !$interim_login ) { ?>
<p id="nav">
<?php if ( isset($_GET['checkemail']) && in_array( $_GET['checkemail'], array('confirm', 'newpass') ) ) : ?>
<?php elseif (get_option('users_can_register')) : ?>
<?php endif; ?>
</p>
-</div>
-
<p id="backtoblog"><a href="<?php bloginfo('url'); ?>/" title="<?php _e('Are you lost?') ?>"><?php printf(__('← Back to %s'), get_bloginfo('title', 'display' )); ?></a></p>
+<?php } ?>
+</div>
<script type="text/javascript">
-<?php if ( $user_login ) { ?>
+<?php if ( $user_login || $interim_login ) { ?>
setTimeout( function(){ try{
d = document.getElementById('user_pass');
d.value = '';