+ if ( empty( $_COOKIE[ LOGGED_IN_COOKIE ] ) ) {
+ if ( headers_sent() ) {
+ $user = new WP_Error( 'test_cookie', sprintf( __( '<strong>ERROR</strong>: Cookies are blocked due to unexpected output. For help, please see <a href="%1$s">this documentation</a> or try the <a href="%2$s">support forums</a>.' ),
+ __( 'https://codex.wordpress.org/Cookies' ), __( 'https://wordpress.org/support/' ) ) );
+ } elseif ( isset( $_POST['testcookie'] ) && empty( $_COOKIE[ TEST_COOKIE ] ) ) {
+ // If cookies are disabled we can't log in even with a valid user+pass
+ $user = new WP_Error( 'test_cookie', sprintf( __( '<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href="%s">enable cookies</a> to use WordPress.' ),
+ __( 'https://codex.wordpress.org/Cookies' ) ) );
+ }
+ }
+
+ $requested_redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
+ /**
+ * Filters the login redirect URL.
+ *
+ * @since 3.0.0
+ *
+ * @param string $redirect_to The redirect destination URL.
+ * @param string $requested_redirect_to The requested redirect destination URL passed as a parameter.
+ * @param WP_User|WP_Error $user WP_User object if login was successful, WP_Error object otherwise.
+ */
+ $redirect_to = apply_filters( 'login_redirect', $redirect_to, $requested_redirect_to, $user );
+
+ if ( !is_wp_error($user) && !$reauth ) {
+ if ( $interim_login ) {
+ $message = '<p class="message">' . __('You have logged in successfully.') . '</p>';
+ $interim_login = 'success';
+ login_header( '', $message ); ?>
+ </div>
+ <?php
+ /** This action is documented in wp-login.php */
+ do_action( 'login_footer' ); ?>
+ <?php if ( $customize_login ) : ?>
+ <script type="text/javascript">setTimeout( function(){ new wp.customize.Messenger({ url: '<?php echo wp_customize_url(); ?>', channel: 'login' }).send('login') }, 1000 );</script>
+ <?php endif; ?>
+ </body></html>
+<?php exit;
+ }
+
+ if ( ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url() ) ) {
+ // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
+ if ( is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin( $user->ID ) )
+ $redirect_to = user_admin_url();
+ elseif ( is_multisite() && !$user->has_cap('read') )
+ $redirect_to = get_dashboard_url( $user->ID );
+ elseif ( !$user->has_cap('edit_posts') )
+ $redirect_to = $user->has_cap( 'read' ) ? admin_url( 'profile.php' ) : home_url();