[Summary view] [Print] [Text view]

   1  <?php
   2  
   3  // Load bbPress
   4  require ( './bb-load.php' );
   5  
   6  // SSL redirect if required
   7  bb_ssl_redirect();
   8  
   9  // Don't cache this page at all
  10  nocache_headers();
  11  
  12  /** Look for redirection ******************************************************/
  13  
  14  // Look for 'redirect_to'
  15  if ( isset( $_REQUEST['redirect_to'] ) )
  16      $re = $_REQUEST['redirect_to'];
  17  
  18      // Look for 're'
  19      if ( empty( $re ) && isset( $_REQUEST['re'] ) )
  20          $re = $_REQUEST['re'];
  21  
  22          // Use referer
  23          if ( empty( $re ) )
  24              $re = wp_get_referer();
  25  
  26              // Don't redirect to register or password reset pages
  27              if ( empty( $re ) ) {
  28                  // Grab home path and URL for comparison
  29                  $home_url  = parse_url( bb_get_uri( null, null, BB_URI_CONTEXT_TEXT ) );
  30                  $home_path = $home_url['path'];
  31  
  32                  if ( false !== strpos( $re, $home_path . 'register.php' ) || false !== strpos( $re, $home_path . 'bb-reset-password.php' ) )
  33                      $re = bb_get_uri( null, null, BB_URI_CONTEXT_HEADER );
  34              }
  35  
  36  /**
  37   * If this page was accessed using SSL, make sure the redirect is a full URL so
  38   * that we don't end up on an SSL page again (unless the whole site is under SSL)
  39   */
  40  if ( is_ssl() && 0 === strpos( $re, '/' ) )
  41      $re = bb_get_uri( $re , null, BB_URI_CONTEXT_HEADER );
  42  
  43  // Clean the redirection destination
  44  if ( !empty( $re ) ) {
  45      $re = esc_url( $re );
  46      $re = esc_attr( $re );
  47      $redirect_to = $re;
  48  }
  49  
  50  // Fallback to site root
  51  if ( empty( $re ) )
  52      $re = bb_get_uri();
  53  
  54  /** Handle logout *************************************************************/
  55  
  56  // User is logged in
  57  if ( bb_is_user_logged_in() ) {
  58  
  59      // Logout requested
  60      if ( isset( $_GET['logout'] ) )
  61          $_GET['action'] = 'logout';
  62  
  63      // Check logout action
  64      if ( isset( $_GET['action'] ) && 'logout' === $_GET['action'] )
  65          bb_logout();
  66  
  67      bb_safe_redirect( $re );
  68      exit;
  69  }
  70  
  71  /** Handle login **************************************************************/
  72  
  73  // Do we allow login by email address
  74  $email_login = bb_get_option( 'email_login' );
  75  
  76  // Get the user from the login details
  77  if ( empty( $_POST['log'] ) )
  78      $_POST['log'] = !empty( $_POST['user_login'] ) ? $_POST['user_login'] : '';
  79  
  80  if ( empty( $_POST['pwd'] ) )
  81      $_POST['pwd'] = !empty( $_POST['password']   ) ? $_POST['password']   : '';
  82  
  83  if ( empty( $_POST['rememberme'] ) )
  84      $_POST['rememberme'] = !empty( $_POST['remember']   ) ? 1                    : '';
  85  
  86  // Attempt to log the user in
  87  if ( $user = bb_login( @$_POST['log'], @$_POST['pwd'], @$_POST['rememberme'] ) ) {
  88      if ( !is_wp_error( $user ) ) {
  89          bb_safe_redirect( $re );
  90          exit;
  91      } else {
  92          $bb_login_error =& $user;
  93      }
  94      
  95  // No login so prepare the error
  96  } else {
  97      $bb_login_error = new WP_Error;
  98  }
  99  
 100  /** Handle errors *************************************************************/
 101  
 102  // Get error data so we can provide feedback
 103  $error_data = $bb_login_error->get_error_data();
 104  
 105  // Does user actually exist
 106  if ( isset( $error_data['unique'] ) && false === $error_data['unique'] )
 107      $user_exists = true;
 108  else
 109      $user_exists = !empty( $_POST['log'] ) && (bool) bb_get_user( $_POST['log'], array( 'by' => 'login' ) );
 110  
 111  // Check for errors on post method
 112  if ( 'post' == strtolower( $_SERVER['REQUEST_METHOD'] ) ) {
 113      
 114      // If the user doesn't exist then add that error
 115      if ( empty( $user_exists ) ) {
 116          if ( !empty( $_POST['log'] ) ) {
 117              $bb_login_error->add( 'user_login', __( 'User does not exist.' ) );
 118          } else {
 119              $bb_login_error->add( 'user_login', $email_login ? __( 'Enter a username or email address.' ) : __( 'Enter a username.' ) );
 120          }
 121      }
 122  
 123      // If the password was wrong then add that error
 124      if ( !$bb_login_error->get_error_code() ) {
 125          $bb_login_error->add( 'password', __( 'Incorrect password.' ) );
 126      }
 127  }
 128  
 129  /**
 130   * If trying to log in with email address, don't leak whether or not email
 131   * address exists in the db. is_email() is not perfect. Usernames can be
 132   * valid email addresses potentially.
 133   */
 134  if ( !empty( $email_login ) && $bb_login_error->get_error_codes() && false !== is_email( @$_POST['log'] ) )
 135      $bb_login_error = new WP_Error( 'user_login', __( 'Username and Password do not match.' ) );
 136  
 137  /** Prepare for display *******************************************************/
 138  
 139  // Sanitze variables for display
 140  $remember_checked  = @$_POST['rememberme'] ? ' checked="checked"' : '';
 141  $user_login        = esc_attr( sanitize_user( @$_POST['log'], true ) );
 142  
 143  // Load the template
 144  bb_load_template( 'login.php', array( 'user_exists', 'user_login', 'remember_checked', 'redirect_to', 're', 'bb_login_error' ) );
 145  
 146  exit;
 147  
 148  ?>