X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/e9d988989fe37ab8c5f903e47fbe36e6e00dc51f..11be15bd505d66a91e2c80062190b13e315a04a9:/wp-login.php diff --git a/wp-login.php b/wp-login.php index 0f471b0d..532ffd97 100644 --- a/wp-login.php +++ b/wp-login.php @@ -12,12 +12,12 @@ require( dirname(__FILE__) . '/wp-load.php' ); // Redirect to https login if forced to use SSL -if ( force_ssl_admin() && !is_ssl() ) { +if ( force_ssl_admin() && ! is_ssl() ) { if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) { - wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI'])); + wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) ); exit(); } else { - wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); + wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ); exit(); } } @@ -39,11 +39,10 @@ if ( force_ssl_admin() && !is_ssl() ) { * @param WP_Error $wp_error Optional. WordPress Error Object */ function login_header($title = 'Log In', $message = '', $wp_error = '') { - global $error, $is_iphone, $interim_login, $current_site; + global $error, $interim_login, $current_site, $action; // Don't index any of these forms - add_filter( 'pre_option_blog_public', '__return_zero' ); - add_action( 'login_head', 'noindex' ); + add_action( 'login_head', 'wp_no_robots' ); if ( empty($wp_error) ) $wp_error = new WP_Error(); @@ -55,44 +54,74 @@ function login_header($title = 'Log In', $message = '', $wp_error = '') { if ( $shake_error_codes && $wp_error->get_error_code() && in_array( $wp_error->get_error_code(), $shake_error_codes ) ) add_action( 'login_head', 'wp_shake_js', 12 ); - ?> - -> - - <?php bloginfo('name'); ?> › <?php echo $title; ?> + ?> + > + - + - - - - - + get_error_code() ) { + ?> + + - - - -

- -

-site_name; + } else { + $login_header_url = __( 'http://wordpress.org/' ); + $login_header_title = __( 'Powered by WordPress' ); + } + + $login_header_url = apply_filters( 'login_headerurl', $login_header_url ); + $login_header_title = apply_filters( 'login_headertitle', $login_header_title ); + + $classes = array( 'login-action-' . $action, 'wp-core-ui' ); + if ( wp_is_mobile() ) + $classes[] = 'mobile'; + if ( is_rtl() ) + $classes[] = 'rtl'; + if ( $interim_login ) { + $classes[] = 'interim-login'; + ?> + + + + +
+

+ add('error', $error); unset($error); @@ -123,27 +152,31 @@ function login_header($title = 'Log In', $message = '', $wp_error = '') { * @param string $input_id Which input to auto-focus */ function login_footer($input_id = '') { - echo "
\n"; - - if ( !empty($input_id) ) { -?> - - -

- - - - +

+ + +
+ + + + + + +
+ + + -

-

-
+ + + + + + id) ) + if ( is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin( $user->ID ) ) $redirect_to = user_admin_url(); elseif ( is_multisite() && !$user->has_cap('read') ) - $redirect_to = get_dashboard_url( $user->id ); + $redirect_to = get_dashboard_url( $user->ID ); elseif ( !$user->has_cap('edit_posts') ) $redirect_to = admin_url('profile.php'); } @@ -607,19 +659,26 @@ default: if ( isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE]) ) $errors->add('test_cookie', __("ERROR: Cookies are blocked or not supported by your browser. You must enable cookies to use WordPress.")); - // Some parts of this script use the main login form to display a message - if ( isset($_GET['loggedout']) && TRUE == $_GET['loggedout'] ) - $errors->add('loggedout', __('You are now logged out.'), 'message'); - elseif ( isset($_GET['registration']) && 'disabled' == $_GET['registration'] ) - $errors->add('registerdisabled', __('User registration is currently not allowed.')); - elseif ( isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail'] ) - $errors->add('confirm', __('Check your e-mail for the confirmation link.'), 'message'); - elseif ( isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail'] ) - $errors->add('newpass', __('Check your e-mail for your new password.'), 'message'); - elseif ( isset($_GET['checkemail']) && 'registered' == $_GET['checkemail'] ) - $errors->add('registered', __('Registration complete. Please check your e-mail.'), 'message'); - elseif ( $interim_login ) - $errors->add('expired', __('Your session has expired. Please log-in again.'), 'message'); + if ( $interim_login ) { + if ( ! $errors->get_error_code() ) + $errors->add('expired', __('Session expired. Please log in again. You will not move away from this page.'), 'message'); + } else { + // Some parts of this script use the main login form to display a message + if ( isset($_GET['loggedout']) && true == $_GET['loggedout'] ) + $errors->add('loggedout', __('You are now logged out.'), 'message'); + elseif ( isset($_GET['registration']) && 'disabled' == $_GET['registration'] ) + $errors->add('registerdisabled', __('User registration is currently not allowed.')); + elseif ( isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail'] ) + $errors->add('confirm', __('Check your e-mail for the confirmation link.'), 'message'); + elseif ( isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail'] ) + $errors->add('newpass', __('Check your e-mail for your new password.'), 'message'); + elseif ( isset($_GET['checkemail']) && 'registered' == $_GET['checkemail'] ) + $errors->add('registered', __('Registration complete. Please check your e-mail.'), 'message'); + elseif ( strpos( $redirect_to, 'about.php?updated' ) ) + $errors->add('updated', __( 'You have successfully updated WordPress! Please log back in to experience the awesomeness.' ), 'message' ); + } + + $errors = apply_filters( 'wp_login_errors', $errors, $redirect_to ); // Clear any stale cookies. if ( $reauth ) @@ -628,46 +687,44 @@ default: login_header(__('Log In'), '', $errors); if ( isset($_POST['log']) ) - $user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? esc_attr(stripslashes($_POST['log'])) : ''; + $user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? esc_attr(wp_unslash($_POST['log'])) : ''; $rememberme = ! empty( $_POST['rememberme'] ); ?> -
+

- +

- +

-

+

- + + + +

- + - -

- - - - - -