X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/f9001779751f83dc8a10e478bfecb4d8dd5f964c..caeaf8dc94b5e3f75dc98ec92dc7b76049cdddb6:/wp-login.php diff --git a/wp-login.php b/wp-login.php index ab9cff55..3dabec4a 100644 --- a/wp-login.php +++ b/wp-login.php @@ -12,87 +12,160 @@ require( dirname(__FILE__) . '/wp-load.php' ); // Redirect to https login if forced to use SSL -if ( force_ssl_admin() && !is_ssl() ) { +if ( force_ssl_admin() && ! is_ssl() ) { if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) { - wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI'])); + wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) ); exit(); } else { - wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); + wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ); exit(); } } /** - * Outputs the header for the login page. + * Output the login page header. * - * @uses do_action() Calls the 'login_head' for outputting HTML in the Log In - * header. - * @uses apply_filters() Calls 'login_headerurl' for the top login link. - * @uses apply_filters() Calls 'login_headertitle' for the top login title. - * @uses apply_filters() Calls 'login_message' on the message to display in the - * header. - * @uses $error The error global, which is checked for displaying errors. - * - * @param string $title Optional. WordPress Log In Page title to display in - * element. - * @param string $message Optional. Message to display in header. - * @param WP_Error $wp_error Optional. WordPress Error Object + * @param string $title Optional. WordPress login Page title to display in the `<title>` element. + * Default 'Log In'. + * @param string $message Optional. Message to display in header. Default empty. + * @param WP_Error $wp_error Optional. The error to pass. Default empty. */ -function login_header($title = 'Log In', $message = '', $wp_error = '') { - global $error, $is_iphone, $interim_login, $current_site; +function login_header( $title = 'Log In', $message = '', $wp_error = '' ) { + global $error, $interim_login, $action; // Don't index any of these forms - add_filter( 'pre_option_blog_public', '__return_zero' ); - add_action( 'login_head', 'noindex' ); + add_action( 'login_head', 'wp_no_robots' ); + + if ( wp_is_mobile() ) + add_action( 'login_head', 'wp_login_viewport_meta' ); if ( empty($wp_error) ) $wp_error = new WP_Error(); // Shake it! $shake_error_codes = array( 'empty_password', 'empty_email', 'invalid_email', 'invalidcombo', 'empty_username', 'invalid_username', 'incorrect_password' ); + /** + * Filter the error codes array for shaking the login form. + * + * @since 3.0.0 + * + * @param array $shake_error_codes Error codes that shake the login form. + */ $shake_error_codes = apply_filters( 'shake_error_codes', $shake_error_codes ); if ( $shake_error_codes && $wp_error->get_error_code() && in_array( $wp_error->get_error_code(), $shake_error_codes ) ) add_action( 'login_head', 'wp_shake_js', 12 ); - ?> -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -<html xmlns="http://www.w3.org/1999/xhtml" <?php language_attributes(); ?>> -<head> - <title><?php bloginfo('name'); ?> › <?php echo $title; ?> + ?> + + + > + + - + - - - - -get_error_code() ) { + ?> + + - - - -

- -

-site_name; + } else { + $login_header_url = __( 'https://wordpress.org/' ); + $login_header_title = __( 'Powered by WordPress' ); + } + + /** + * Filter link URL of the header logo above login form. + * + * @since 2.1.0 + * + * @param string $login_header_url Login header logo URL. + */ + $login_header_url = apply_filters( 'login_headerurl', $login_header_url ); + /** + * Filter the title attribute of the header logo above login form. + * + * @since 2.1.0 + * + * @param string $login_header_title Login header logo title attribute. + */ + $login_header_title = apply_filters( 'login_headertitle', $login_header_title ); + + $classes = array( 'login-action-' . $action, 'wp-core-ui' ); + if ( wp_is_mobile() ) + $classes[] = 'mobile'; + if ( is_rtl() ) + $classes[] = 'rtl'; + if ( $interim_login ) { + $classes[] = 'interim-login'; + ?> + + + + +
+

+ add('error', $error); unset($error); @@ -102,18 +175,34 @@ function login_header($title = 'Log In', $message = '', $wp_error = '') { $errors = ''; $messages = ''; foreach ( $wp_error->get_error_codes() as $code ) { - $severity = $wp_error->get_error_data($code); - foreach ( $wp_error->get_error_messages($code) as $error ) { + $severity = $wp_error->get_error_data( $code ); + foreach ( $wp_error->get_error_messages( $code ) as $error_message ) { if ( 'message' == $severity ) - $messages .= ' ' . $error . "
\n"; + $messages .= ' ' . $error_message . "
\n"; else - $errors .= ' ' . $error . "
\n"; + $errors .= ' ' . $error_message . "
\n"; } } - if ( !empty($errors) ) - echo '
' . apply_filters('login_errors', $errors) . "
\n"; - if ( !empty($messages) ) - echo '

' . apply_filters('login_messages', $messages) . "

\n"; + if ( ! empty( $errors ) ) { + /** + * Filter the error messages displayed above the login form. + * + * @since 2.1.0 + * + * @param string $errors Login error message. + */ + echo '
' . apply_filters( 'login_errors', $errors ) . "
\n"; + } + if ( ! empty( $messages ) ) { + /** + * Filter instructional messages displayed above the login form. + * + * @since 2.5.0 + * + * @param string $messages Login messages. + */ + echo '

' . apply_filters( 'login_messages', $messages ) . "

\n"; + } } } // End of login_header() @@ -123,27 +212,37 @@ function login_header($title = 'Log In', $message = '', $wp_error = '') { * @param string $input_id Which input to auto-focus */ function login_footer($input_id = '') { - echo "
\n"; - - if ( !empty($input_id) ) { -?> - - -

- - - - +

+ + +
+ + + + + + +
+ + + -

-

-
+ + + + + + id) ) + if ( is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin( $user->ID ) ) $redirect_to = user_admin_url(); elseif ( is_multisite() && !$user->has_cap('read') ) - $redirect_to = get_dashboard_url( $user->id ); + $redirect_to = get_dashboard_url( $user->ID ); elseif ( !$user->has_cap('edit_posts') ) $redirect_to = admin_url('profile.php'); } @@ -602,23 +831,34 @@ default: if ( !empty($_GET['loggedout']) || $reauth ) $errors = new WP_Error(); - // If cookies are disabled we can't log in even with a valid user+pass - if ( isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE]) ) - $errors->add('test_cookie', __("ERROR: Cookies are blocked or not supported by your browser. You must enable cookies to use WordPress.")); - - // Some parts of this script use the main login form to display a message - if ( isset($_GET['loggedout']) && TRUE == $_GET['loggedout'] ) - $errors->add('loggedout', __('You are now logged out.'), 'message'); - elseif ( isset($_GET['registration']) && 'disabled' == $_GET['registration'] ) - $errors->add('registerdisabled', __('User registration is currently not allowed.')); - elseif ( isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail'] ) - $errors->add('confirm', __('Check your e-mail for the confirmation link.'), 'message'); - elseif ( isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail'] ) - $errors->add('newpass', __('Check your e-mail for your new password.'), 'message'); - elseif ( isset($_GET['checkemail']) && 'registered' == $_GET['checkemail'] ) - $errors->add('registered', __('Registration complete. Please check your e-mail.'), 'message'); - elseif ( $interim_login ) - $errors->add('expired', __('Your session has expired. Please log-in again.'), 'message'); + if ( $interim_login ) { + if ( ! $errors->get_error_code() ) + $errors->add('expired', __('Session expired. Please log in again. You will not move away from this page.'), 'message'); + } else { + // Some parts of this script use the main login form to display a message + if ( isset($_GET['loggedout']) && true == $_GET['loggedout'] ) + $errors->add('loggedout', __('You are now logged out.'), 'message'); + elseif ( isset($_GET['registration']) && 'disabled' == $_GET['registration'] ) + $errors->add('registerdisabled', __('User registration is currently not allowed.')); + elseif ( isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail'] ) + $errors->add('confirm', __('Check your e-mail for the confirmation link.'), 'message'); + elseif ( isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail'] ) + $errors->add('newpass', __('Check your e-mail for your new password.'), 'message'); + elseif ( isset($_GET['checkemail']) && 'registered' == $_GET['checkemail'] ) + $errors->add('registered', __('Registration complete. Please check your e-mail.'), 'message'); + elseif ( strpos( $redirect_to, 'about.php?updated' ) ) + $errors->add('updated', __( 'You have successfully updated WordPress! Please log back in to see what’s new.' ), 'message' ); + } + + /** + * Filter the login page errors. + * + * @since 3.6.0 + * + * @param object $errors WP Error object. + * @param string $redirect_to Redirect destination URL. + */ + $errors = apply_filters( 'wp_login_errors', $errors, $redirect_to ); // Clear any stale cookies. if ( $reauth ) @@ -627,52 +867,61 @@ default: login_header(__('Log In'), '', $errors); if ( isset($_POST['log']) ) - $user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? esc_attr(stripslashes($_POST['log'])) : ''; + $user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? esc_attr(wp_unslash($_POST['log'])) : ''; $rememberme = ! empty( $_POST['rememberme'] ); ?> -
+

- +

- +

- -

+ +

- + + + +

- + - -

- - - - - -