X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/8f374b7233bc2815ccc387e448d208c5434eb961..61343b82c4f0da4c68e4c6373daafff4a81efdd1:/wp-login.php
diff --git a/wp-login.php b/wp-login.php
index 0b1df607..532ffd97 100644
--- a/wp-login.php
+++ b/wp-login.php
@@ -12,12 +12,12 @@
require( dirname(__FILE__) . '/wp-load.php' );
// Redirect to https login if forced to use SSL
-if ( force_ssl_admin() && !is_ssl() ) {
+if ( force_ssl_admin() && ! is_ssl() ) {
if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
- wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
+ wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
exit();
} else {
- wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
+ wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
exit();
}
}
@@ -39,7 +39,7 @@ if ( force_ssl_admin() && !is_ssl() ) {
* @param WP_Error $wp_error Optional. WordPress Error Object
*/
function login_header($title = 'Log In', $message = '', $wp_error = '') {
- global $error, $interim_login, $current_site, $customize_login;
+ global $error, $interim_login, $current_site, $action;
// Don't index any of these forms
add_action( 'login_head', 'wp_no_robots' );
@@ -65,11 +65,17 @@ function login_header($title = 'Log In', $message = '', $wp_error = '') {
wp_admin_css( 'colors-fresh', true );
if ( wp_is_mobile() ) { ?>
- get_error_code() ) {
+ ?>
+
+
+
+
-
+
\n" . __('Possible reason: your host may have disabled the mail() function...') );
+ wp_die( __('The e-mail could not be sent.') . "
\n" . __('Possible reason: your host may have disabled the mail() function.') );
return true;
}
@@ -312,7 +331,7 @@ function register_new_user( $user_login, $user_email ) {
$errors->add( 'invalid_username', __( '
ERROR: This username is invalid because it uses illegal characters. Please enter a valid username.' ) );
$sanitized_user_login = '';
} elseif ( username_exists( $sanitized_user_login ) ) {
- $errors->add( 'username_exists', __( '
ERROR: This username is already registered, please choose another one.' ) );
+ $errors->add( 'username_exists', __( '
ERROR: This username is already registered. Please choose another one.' ) );
}
// Check the e-mail address
@@ -335,7 +354,7 @@ function register_new_user( $user_login, $user_email ) {
$user_pass = wp_generate_password( 12, false);
$user_id = wp_create_user( $sanitized_user_login, $user_pass, $user_email );
if ( ! $user_id ) {
- $errors->add( 'registerfail', sprintf( __( '
ERROR: Couldn’t register you... please contact the
webmaster !' ), get_option( 'admin_email' ) ) );
+ $errors->add( 'registerfail', sprintf( __( '
ERROR: Couldn’t register you… please contact the
webmaster !' ), get_option( 'admin_email' ) ) );
return $errors;
}
@@ -364,13 +383,13 @@ nocache_headers();
header('Content-Type: '.get_bloginfo('html_type').'; charset='.get_bloginfo('charset'));
-if ( defined('RELOCATE') ) { // Move flag is set
+if ( defined( 'RELOCATE' ) && RELOCATE ) { // Move flag is set
if ( isset( $_SERVER['PATH_INFO'] ) && ($_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) )
$_SERVER['PHP_SELF'] = str_replace( $_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF'] );
- $schema = is_ssl() ? 'https://' : 'http://';
- if ( dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != get_option('siteurl') )
- update_option('siteurl', dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) );
+ $url = dirname( set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] ) );
+ if ( $url != get_option( 'siteurl' ) )
+ update_option( 'siteurl', $url );
}
//Set a cookie now to see if they are supported by the browser.
@@ -383,17 +402,16 @@ do_action( 'login_init' );
do_action( 'login_form_' . $action );
$http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
+$interim_login = isset($_REQUEST['interim-login']);
+
switch ($action) {
case 'postpass' :
- if ( empty( $wp_hasher ) ) {
- require_once( ABSPATH . 'wp-includes/class-phpass.php' );
- // By default, use the portable hash from phpass
- $wp_hasher = new PasswordHash(8, true);
- }
+ require_once ABSPATH . 'wp-includes/class-phpass.php';
+ $hasher = new PasswordHash( 8, true );
// 10 days
- setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 864000, COOKIEPATH );
+ setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH );
wp_safe_redirect( wp_get_referer() );
exit();
@@ -428,24 +446,24 @@ case 'retrievepassword' :
do_action('lost_password');
login_header(__('Lost Password'), '
' . __('Please enter your username or email address. You will receive a link to create a new password via email.') . '
', $errors);
- $user_login = isset($_POST['user_login']) ? stripslashes($_POST['user_login']) : '';
+ $user_login = isset($_POST['user_login']) ? wp_unslash($_POST['user_login']) : '';
?>
- |
+ | %s', esc_url( wp_registration_url() ), __( 'Register' ) ) ); ?>
@@ -462,11 +480,14 @@ case 'rp' :
exit;
}
- $errors = '';
+ $errors = new WP_Error();
+
+ if ( isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2'] )
+ $errors->add( 'password_reset_mismatch', __( 'The passwords do not match.' ) );
+
+ do_action( 'validate_password_reset', $errors, $user );
- if ( isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2'] ) {
- $errors = new WP_Error('password_reset_mismatch', __('The passwords do not match.'));
- } elseif ( isset($_POST['pass1']) && !empty($_POST['pass1']) ) {
+ if ( ( ! $errors->get_error_code() ) && isset( $_POST['pass1'] ) && !empty( $_POST['pass1'] ) ) {
reset_password($user, $_POST['pass1']);
login_header( __( 'Password Reset' ), '
' . __( 'Your password has been reset.' ) . ' ' . __( 'Log in' ) . '
' );
login_footer();
@@ -479,7 +500,7 @@ case 'rp' :
login_header(__('Reset Password'), '
' . __('Enter your new password below.') . '
', $errors );
?>
-
- |
+ | %s', esc_url( wp_registration_url() ), __( 'Register' ) ) ); ?>
@@ -512,7 +533,7 @@ break;
case 'register' :
if ( is_multisite() ) {
// Multisite uses wp-signup.php
- wp_redirect( apply_filters( 'wp_signup_location', site_url('wp-signup.php') ) );
+ wp_redirect( apply_filters( 'wp_signup_location', network_site_url('wp-signup.php') ) );
exit;
}
@@ -541,17 +562,17 @@ case 'register' :
@@ -566,8 +587,9 @@ break;
case 'login' :
default:
$secure_cookie = '';
- $interim_login = isset($_REQUEST['interim-login']);
$customize_login = isset( $_REQUEST['customize-login'] );
+ if ( $customize_login )
+ wp_enqueue_script( 'customize-base' );
// If the user wants ssl but the session is not ssl, force a secure cookie.
if ( !empty($_POST['log']) && !force_ssl_admin() ) {
@@ -604,21 +626,13 @@ default:
if ( !is_wp_error($user) && !$reauth ) {
if ( $interim_login ) {
$message = '
' . __('You have logged in successfully.') . '
';
- login_header( '', $message );
-
- if ( ! $customize_login ) : ?>
-
-
-
-
+ $interim_login = 'success';
+ login_header( '', $message ); ?>
+
+
+
-
+
add('test_cookie', __("