X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/41497a896330304904ef6d5783c724ea713739f6..11be15bd505d66a91e2c80062190b13e315a04a9:/wp-login.php
diff --git a/wp-login.php b/wp-login.php
index 50088db9..532ffd97 100644
--- a/wp-login.php
+++ b/wp-login.php
@@ -12,12 +12,12 @@
require( dirname(__FILE__) . '/wp-load.php' );
// Redirect to https login if forced to use SSL
-if ( force_ssl_admin() && !is_ssl() ) {
+if ( force_ssl_admin() && ! is_ssl() ) {
if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
- wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
+ wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
exit();
} else {
- wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
+ wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
exit();
}
}
@@ -39,7 +39,7 @@ if ( force_ssl_admin() && !is_ssl() ) {
* @param WP_Error $wp_error Optional. WordPress Error Object
*/
function login_header($title = 'Log In', $message = '', $wp_error = '') {
- global $error, $interim_login, $current_site;
+ global $error, $interim_login, $current_site, $action;
// Don't index any of these forms
add_action( 'login_head', 'wp_no_robots' );
@@ -65,7 +65,16 @@ function login_header($title = 'Log In', $message = '', $wp_error = '') {
wp_admin_css( 'colors-fresh', true );
if ( wp_is_mobile() ) { ?>
- get_error_code() ) {
+ ?>
+
+
+
+
-
+
\n" . __('Possible reason: your host may have disabled the mail() function...') );
+ wp_die( __('The e-mail could not be sent.') . "
\n" . __('Possible reason: your host may have disabled the mail() function.') );
return true;
}
@@ -309,7 +331,7 @@ function register_new_user( $user_login, $user_email ) {
$errors->add( 'invalid_username', __( '
ERROR: This username is invalid because it uses illegal characters. Please enter a valid username.' ) );
$sanitized_user_login = '';
} elseif ( username_exists( $sanitized_user_login ) ) {
- $errors->add( 'username_exists', __( '
ERROR: This username is already registered, please choose another one.' ) );
+ $errors->add( 'username_exists', __( '
ERROR: This username is already registered. Please choose another one.' ) );
}
// Check the e-mail address
@@ -332,7 +354,7 @@ function register_new_user( $user_login, $user_email ) {
$user_pass = wp_generate_password( 12, false);
$user_id = wp_create_user( $sanitized_user_login, $user_pass, $user_email );
if ( ! $user_id ) {
- $errors->add( 'registerfail', sprintf( __( '
ERROR: Couldn’t register you... please contact the
webmaster !' ), get_option( 'admin_email' ) ) );
+ $errors->add( 'registerfail', sprintf( __( '
ERROR: Couldn’t register you… please contact the
webmaster !' ), get_option( 'admin_email' ) ) );
return $errors;
}
@@ -361,13 +383,13 @@ nocache_headers();
header('Content-Type: '.get_bloginfo('html_type').'; charset='.get_bloginfo('charset'));
-if ( defined('RELOCATE') ) { // Move flag is set
+if ( defined( 'RELOCATE' ) && RELOCATE ) { // Move flag is set
if ( isset( $_SERVER['PATH_INFO'] ) && ($_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) )
$_SERVER['PHP_SELF'] = str_replace( $_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF'] );
- $schema = is_ssl() ? 'https://' : 'http://';
- if ( dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != get_option('siteurl') )
- update_option('siteurl', dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) );
+ $url = dirname( set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] ) );
+ if ( $url != get_option( 'siteurl' ) )
+ update_option( 'siteurl', $url );
}
//Set a cookie now to see if they are supported by the browser.
@@ -380,17 +402,16 @@ do_action( 'login_init' );
do_action( 'login_form_' . $action );
$http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
+$interim_login = isset($_REQUEST['interim-login']);
+
switch ($action) {
case 'postpass' :
- if ( empty( $wp_hasher ) ) {
- require_once( ABSPATH . 'wp-includes/class-phpass.php' );
- // By default, use the portable hash from phpass
- $wp_hasher = new PasswordHash(8, true);
- }
+ require_once ABSPATH . 'wp-includes/class-phpass.php';
+ $hasher = new PasswordHash( 8, true );
// 10 days
- setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 864000, COOKIEPATH );
+ setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH );
wp_safe_redirect( wp_get_referer() );
exit();
@@ -425,24 +446,24 @@ case 'retrievepassword' :
do_action('lost_password');
login_header(__('Lost Password'), '
' . __('Please enter your username or email address. You will receive a link to create a new password via email.') . '
', $errors);
- $user_login = isset($_POST['user_login']) ? stripslashes($_POST['user_login']) : '';
+ $user_login = isset($_POST['user_login']) ? wp_unslash($_POST['user_login']) : '';
?>
- |
+ | %s', esc_url( wp_registration_url() ), __( 'Register' ) ) ); ?>
@@ -459,11 +480,14 @@ case 'rp' :
exit;
}
- $errors = '';
+ $errors = new WP_Error();
+
+ if ( isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2'] )
+ $errors->add( 'password_reset_mismatch', __( 'The passwords do not match.' ) );
- if ( isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2'] ) {
- $errors = new WP_Error('password_reset_mismatch', __('The passwords do not match.'));
- } elseif ( isset($_POST['pass1']) && !empty($_POST['pass1']) ) {
+ do_action( 'validate_password_reset', $errors, $user );
+
+ if ( ( ! $errors->get_error_code() ) && isset( $_POST['pass1'] ) && !empty( $_POST['pass1'] ) ) {
reset_password($user, $_POST['pass1']);
login_header( __( 'Password Reset' ), '
' . __( 'Your password has been reset.' ) . ' ' . __( 'Log in' ) . '
' );
login_footer();
@@ -476,7 +500,7 @@ case 'rp' :
login_header(__('Reset Password'), '
' . __('Enter your new password below.') . '
', $errors );
?>
-
- |
+ | %s', esc_url( wp_registration_url() ), __( 'Register' ) ) ); ?>
@@ -509,7 +533,7 @@ break;
case 'register' :
if ( is_multisite() ) {
// Multisite uses wp-signup.php
- wp_redirect( apply_filters( 'wp_signup_location', site_url('wp-signup.php') ) );
+ wp_redirect( apply_filters( 'wp_signup_location', network_site_url('wp-signup.php') ) );
exit;
}
@@ -538,17 +562,17 @@ case 'register' :
@@ -563,7 +587,6 @@ break;
case 'login' :
default:
$secure_cookie = '';
- $interim_login = isset($_REQUEST['interim-login']);
$customize_login = isset( $_REQUEST['customize-login'] );
if ( $customize_login )
wp_enqueue_script( 'customize-base' );
@@ -603,13 +626,8 @@ default:
if ( !is_wp_error($user) && !$reauth ) {
if ( $interim_login ) {
$message = '
' . __('You have logged in successfully.') . '
';
+ $interim_login = 'success';
login_header( '', $message ); ?>
-
-
-
-
-
-
@@ -641,21 +659,26 @@ default:
if ( isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE]) )
$errors->add('test_cookie', __("