X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/8f374b7233bc2815ccc387e448d208c5434eb961..80e421fa26a0ef412d7c67749a64a6c1919d515a:/wp-login.php
diff --git a/wp-login.php b/wp-login.php
index 0b1df607..209341fa 100644
--- a/wp-login.php
+++ b/wp-login.php
@@ -12,12 +12,12 @@
require( dirname(__FILE__) . '/wp-load.php' );
// Redirect to https login if forced to use SSL
-if ( force_ssl_admin() && !is_ssl() ) {
+if ( force_ssl_admin() && ! is_ssl() ) {
if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
- wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
+ wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
exit();
} else {
- wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
+ wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
exit();
}
}
@@ -39,7 +39,7 @@ if ( force_ssl_admin() && !is_ssl() ) {
* @param WP_Error $wp_error Optional. WordPress Error Object
*/
function login_header($title = 'Log In', $message = '', $wp_error = '') {
- global $error, $interim_login, $current_site, $customize_login;
+ global $error, $interim_login, $current_site, $action;
// Don't index any of these forms
add_action( 'login_head', 'wp_no_robots' );
@@ -68,9 +68,6 @@ function login_header($title = 'Log In', $message = '', $wp_error = '') {
-
+
add( 'invalid_username', __( '
ERROR: This username is invalid because it uses illegal characters. Please enter a valid username.' ) );
$sanitized_user_login = '';
} elseif ( username_exists( $sanitized_user_login ) ) {
- $errors->add( 'username_exists', __( '
ERROR: This username is already registered, please choose another one.' ) );
+ $errors->add( 'username_exists', __( '
ERROR: This username is already registered. Please choose another one.' ) );
}
// Check the e-mail address
@@ -364,13 +367,13 @@ nocache_headers();
header('Content-Type: '.get_bloginfo('html_type').'; charset='.get_bloginfo('charset'));
-if ( defined('RELOCATE') ) { // Move flag is set
+if ( defined( 'RELOCATE' ) && RELOCATE ) { // Move flag is set
if ( isset( $_SERVER['PATH_INFO'] ) && ($_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) )
$_SERVER['PHP_SELF'] = str_replace( $_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF'] );
- $schema = is_ssl() ? 'https://' : 'http://';
- if ( dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != get_option('siteurl') )
- update_option('siteurl', dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) );
+ $url = dirname( set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] ) );
+ if ( $url != get_option( 'siteurl' ) )
+ update_option( 'siteurl', $url );
}
//Set a cookie now to see if they are supported by the browser.
@@ -386,14 +389,11 @@ $http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
switch ($action) {
case 'postpass' :
- if ( empty( $wp_hasher ) ) {
- require_once( ABSPATH . 'wp-includes/class-phpass.php' );
- // By default, use the portable hash from phpass
- $wp_hasher = new PasswordHash(8, true);
- }
+ require_once ABSPATH . 'wp-includes/class-phpass.php';
+ $hasher = new PasswordHash( 8, true );
// 10 days
- setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 864000, COOKIEPATH );
+ setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH );
wp_safe_redirect( wp_get_referer() );
exit();
@@ -435,11 +435,11 @@ case 'retrievepassword' :
@@ -462,11 +462,14 @@ case 'rp' :
exit;
}
- $errors = '';
+ $errors = new WP_Error();
+
+ if ( isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2'] )
+ $errors->add( 'password_reset_mismatch', __( 'The passwords do not match.' ) );
- if ( isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2'] ) {
- $errors = new WP_Error('password_reset_mismatch', __('The passwords do not match.'));
- } elseif ( isset($_POST['pass1']) && !empty($_POST['pass1']) ) {
+ do_action( 'validate_password_reset', $errors, $user );
+
+ if ( ( ! $errors->get_error_code() ) && isset( $_POST['pass1'] ) && !empty( $_POST['pass1'] ) ) {
reset_password($user, $_POST['pass1']);
login_header( __( 'Password Reset' ), '
' . __( 'Your password has been reset.' ) . ' ' . __( 'Log in' ) . '
' );
login_footer();
@@ -495,7 +498,7 @@ case 'rp' :
-
+
@@ -512,7 +515,7 @@ break;
case 'register' :
if ( is_multisite() ) {
// Multisite uses wp-signup.php
- wp_redirect( apply_filters( 'wp_signup_location', site_url('wp-signup.php') ) );
+ wp_redirect( apply_filters( 'wp_signup_location', network_site_url('wp-signup.php') ) );
exit;
}
@@ -541,17 +544,17 @@ case 'register' :
@@ -568,6 +571,8 @@ default:
$secure_cookie = '';
$interim_login = isset($_REQUEST['interim-login']);
$customize_login = isset( $_REQUEST['customize-login'] );
+ if ( $customize_login )
+ wp_enqueue_script( 'customize-base' );
// If the user wants ssl but the session is not ssl, force a secure cookie.
if ( !empty($_POST['log']) && !force_ssl_admin() ) {
@@ -604,21 +609,18 @@ default:
if ( !is_wp_error($user) && !$reauth ) {
if ( $interim_login ) {
$message = '
' . __('You have logged in successfully.') . '
';
- login_header( '', $message );
-
- if ( ! $customize_login ) : ?>
-
-
-
-
+ login_header( '', $message ); ?>
+
+
+
+