X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/76aea3697c6043c1613370f172395b4f65ee71f0..11be8dc178e77d0b46189bbd8e33a216a9b90942:/wp-login.php
diff --git a/wp-login.php b/wp-login.php
index 265a223f..dab6324f 100644
--- a/wp-login.php
+++ b/wp-login.php
@@ -18,15 +18,14 @@ if ( force_ssl_admin() && !is_ssl() ) {
exit();
} else {
wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
- exit();
+ exit();
}
}
/**
- * login_header() - Outputs the header for the login page
+ * Outputs the header for the login page.
*
- * @package WordPress
- * @uses do_action() Calls the 'login_head' for outputting HTML in the Login
+ * @uses do_action() Calls the 'login_head' for outputting HTML in the Log In
* header.
* @uses apply_filters() Calls 'login_headerurl' for the top login link.
* @uses apply_filters() Calls 'login_headertitle' for the top login title.
@@ -34,12 +33,12 @@ if ( force_ssl_admin() && !is_ssl() ) {
* header.
* @uses $error The error global, which is checked for displaying errors.
*
- * @param string $title Optional. WordPress Login Page title to display in
+ * @param string $title Optional. WordPress Log In Page title to display in
*
element.
* @param string $message Optional. Message to display in header.
* @param WP_Error $wp_error Optional. WordPress Error Object
*/
-function login_header($title = 'Login', $message = '', $wp_error = '') {
+function login_header($title = 'Log In', $message = '', $wp_error = '') {
global $error;
if ( empty($wp_error) )
@@ -87,9 +86,7 @@ function login_header($title = 'Login', $message = '', $wp_error = '') {
} // End of login_header()
/**
- * retrieve_password() - Handles sending password retrieval email to user
- *
- * {@internal Missing Long Description}}
+ * Handles sending password retrieval email to user.
*
* @uses $wpdb WordPress Database object
*
@@ -103,7 +100,7 @@ function retrieve_password() {
if ( empty( $_POST['user_login'] ) && empty( $_POST['user_email'] ) )
$errors->add('empty_username', __('ERROR: Enter a username or e-mail address.'));
- if ( strstr($_POST['user_login'], '@') ) {
+ if ( strpos($_POST['user_login'], '@') ) {
$user_data = get_user_by_email(trim($_POST['user_login']));
if ( empty($user_data) )
$errors->add('invalid_email', __('ERROR: There is no user registered with that email address.'));
@@ -135,7 +132,7 @@ function retrieve_password() {
return new WP_Error('no_password_reset', __('Password reset is not allowed for this user'));
else if ( is_wp_error($allow) )
return $allow;
-
+
$key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login));
if ( empty($key) ) {
// Generate something random for a key...
@@ -157,9 +154,7 @@ function retrieve_password() {
}
/**
- * reset_password() - Handles resetting the user's password
- *
- * {@internal Missing Long Description}}
+ * Handles resetting the user's password.
*
* @uses $wpdb WordPress Database object
*
@@ -190,20 +185,13 @@ function reset_password($key) {
if ( !wp_mail($user->user_email, sprintf(__('[%s] Your new password'), get_option('blogname')), $message) )
die('' . __('The e-mail could not be sent.') . "
\n" . __('Possible reason: your host may have disabled the mail() function...') . '
');
- // send a copy of password change notification to the admin
- // but check to see if it's the admin whose password we're changing, and skip this
- if ( $user->user_email != get_option('admin_email') ) {
- $message = sprintf(__('Password Lost and Changed for user: %s'), $user->user_login) . "\r\n";
- wp_mail(get_option('admin_email'), sprintf(__('[%s] Password Lost/Changed'), get_option('blogname')), $message);
- }
+ wp_password_change_notification($user);
return true;
}
/**
- * register_new_user() - Handles registering a new user
- *
- * {@internal Missing Long Description}}
+ * Handles registering a new user.
*
* @param string $user_login User's username for logging in
* @param string $user_email User's email address to send password and add
@@ -284,7 +272,7 @@ $http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
switch ($action) {
case 'logout' :
-
+ check_admin_referer('log-out');
wp_logout();
$redirect_to = 'wp-login.php?loggedout=true';
@@ -306,16 +294,19 @@ case 'retrievepassword' :
}
}
- if ( 'invalidkey' == $_GET['error'] ) $errors->add('invalidkey', __('Sorry, that key does not appear to be valid.'));
+ if ( isset($_GET['error']) && 'invalidkey' == $_GET['error'] ) $errors->add('invalidkey', __('Sorry, that key does not appear to be valid.'));
do_action('lost_password');
login_header(__('Lost Password'), '' . __('Please enter your username or e-mail address. You will receive a new password via e-mail.') . '
', $errors);
+
+ $user_login = isset($_POST['user_login']) ? stripslashes($_POST['user_login']) : '';
+
?>