X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/8f374b7233bc2815ccc387e448d208c5434eb961..80e421fa26a0ef412d7c67749a64a6c1919d515a:/wp-login.php diff --git a/wp-login.php b/wp-login.php index 0b1df607..209341fa 100644 --- a/wp-login.php +++ b/wp-login.php @@ -12,12 +12,12 @@ require( dirname(__FILE__) . '/wp-load.php' ); // Redirect to https login if forced to use SSL -if ( force_ssl_admin() && !is_ssl() ) { +if ( force_ssl_admin() && ! is_ssl() ) { if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) { - wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI'])); + wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) ); exit(); } else { - wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); + wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ); exit(); } } @@ -39,7 +39,7 @@ if ( force_ssl_admin() && !is_ssl() ) { * @param WP_Error $wp_error Optional. WordPress Error Object */ function login_header($title = 'Log In', $message = '', $wp_error = '') { - global $error, $interim_login, $current_site, $customize_login; + global $error, $interim_login, $current_site, $action; // Don't index any of these forms add_action( 'login_head', 'wp_no_robots' ); @@ -68,9 +68,6 @@ function login_header($title = 'Log In', $message = '', $wp_error = '') { - +

add( 'invalid_username', __( 'ERROR: This username is invalid because it uses illegal characters. Please enter a valid username.' ) ); $sanitized_user_login = ''; } elseif ( username_exists( $sanitized_user_login ) ) { - $errors->add( 'username_exists', __( 'ERROR: This username is already registered, please choose another one.' ) ); + $errors->add( 'username_exists', __( 'ERROR: This username is already registered. Please choose another one.' ) ); } // Check the e-mail address @@ -364,13 +367,13 @@ nocache_headers(); header('Content-Type: '.get_bloginfo('html_type').'; charset='.get_bloginfo('charset')); -if ( defined('RELOCATE') ) { // Move flag is set +if ( defined( 'RELOCATE' ) && RELOCATE ) { // Move flag is set if ( isset( $_SERVER['PATH_INFO'] ) && ($_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) ) $_SERVER['PHP_SELF'] = str_replace( $_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF'] ); - $schema = is_ssl() ? 'https://' : 'http://'; - if ( dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != get_option('siteurl') ) - update_option('siteurl', dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) ); + $url = dirname( set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] ) ); + if ( $url != get_option( 'siteurl' ) ) + update_option( 'siteurl', $url ); } //Set a cookie now to see if they are supported by the browser. @@ -386,14 +389,11 @@ $http_post = ('POST' == $_SERVER['REQUEST_METHOD']); switch ($action) { case 'postpass' : - if ( empty( $wp_hasher ) ) { - require_once( ABSPATH . 'wp-includes/class-phpass.php' ); - // By default, use the portable hash from phpass - $wp_hasher = new PasswordHash(8, true); - } + require_once ABSPATH . 'wp-includes/class-phpass.php'; + $hasher = new PasswordHash( 8, true ); // 10 days - setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 864000, COOKIEPATH ); + setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH ); wp_safe_redirect( wp_get_referer() ); exit(); @@ -435,11 +435,11 @@ case 'retrievepassword' :

@@ -462,11 +462,14 @@ case 'rp' : exit; } - $errors = ''; + $errors = new WP_Error(); + + if ( isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2'] ) + $errors->add( 'password_reset_mismatch', __( 'The passwords do not match.' ) ); - if ( isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2'] ) { - $errors = new WP_Error('password_reset_mismatch', __('The passwords do not match.')); - } elseif ( isset($_POST['pass1']) && !empty($_POST['pass1']) ) { + do_action( 'validate_password_reset', $errors, $user ); + + if ( ( ! $errors->get_error_code() ) && isset( $_POST['pass1'] ) && !empty( $_POST['pass1'] ) ) { reset_password($user, $_POST['pass1']); login_header( __( 'Password Reset' ), '

' . __( 'Your password has been reset.' ) . ' ' . __( 'Log in' ) . '

' ); login_footer(); @@ -495,7 +498,7 @@ case 'rp' :

@@ -512,7 +515,7 @@ break; case 'register' : if ( is_multisite() ) { // Multisite uses wp-signup.php - wp_redirect( apply_filters( 'wp_signup_location', site_url('wp-signup.php') ) ); + wp_redirect( apply_filters( 'wp_signup_location', network_site_url('wp-signup.php') ) ); exit; } @@ -541,17 +544,17 @@ case 'register' :

@@ -568,6 +571,8 @@ default: $secure_cookie = ''; $interim_login = isset($_REQUEST['interim-login']); $customize_login = isset( $_REQUEST['customize-login'] ); + if ( $customize_login ) + wp_enqueue_script( 'customize-base' ); // If the user wants ssl but the session is not ssl, force a secure cookie. if ( !empty($_POST['log']) && !force_ssl_admin() ) { @@ -604,21 +609,18 @@ default: if ( !is_wp_error($user) && !$reauth ) { if ( $interim_login ) { $message = '

' . __('You have logged in successfully.') . '

'; - login_header( '', $message ); - - if ( ! $customize_login ) : ?> - -

+ login_header( '', $message ); ?> + + + +

+ + + + - + " method="post">

- +