[Summary view] [Print] [Text view]

   1  <?php
   2  
   3  // Load bbPress
   4  require ( './bb-load.php' );
   5  
   6  // SSL redirect if required
   7  bb_ssl_redirect();
   8  
   9  // Don't cache this page at all
  10  nocache_headers();
  11  
  12  /** Look for redirection ******************************************************/
  13  
  14  // Look for 'redirect_to'
  15  if ( isset( $_REQUEST['redirect_to'] ) && is_string( $_REQUEST['redirect_to'] ) )
  16      $re = $_REQUEST['redirect_to'];
  17  
  18      // Look for 're'
  19      if ( empty( $re ) && isset( $_REQUEST['re'] )  && is_string( $_REQUEST['re'] ) )
  20          $re = $_REQUEST['re'];
  21  
  22          // Use referer
  23          if ( empty( $re ) )
  24              $re = wp_get_referer();
  25  
  26              // Don't redirect to register or password reset pages
  27              if ( empty( $re ) ) {
  28                  // Grab home path and URL for comparison
  29                  $home_url  = parse_url( bb_get_uri( null, null, BB_URI_CONTEXT_TEXT ) );
  30                  $home_path = $home_url['path'];
  31  
  32                  if ( false !== strpos( $re, $home_path . 'register.php' ) || false !== strpos( $re, $home_path . 'bb-reset-password.php' ) )
  33                      $re = bb_get_uri( null, null, BB_URI_CONTEXT_HEADER );
  34  
  35              }
  36  
  37  /**
  38   * If this page was accessed using SSL, make sure the redirect is a full URL so
  39   * that we don't end up on an SSL page again (unless the whole site is under SSL)
  40   */
  41  if ( is_ssl() && 0 === strpos( $re, '/' ) )
  42      $re = bb_get_uri( $re , null, BB_URI_CONTEXT_HEADER );
  43  
  44  // Clean the redirection destination
  45  if ( !empty( $re ) ) {
  46      $re = esc_url( $re );
  47      $re = esc_attr( $re );
  48      $redirect_to = $re;
  49  }
  50  
  51  // Fallback to site root
  52  if ( empty( $re ) )
  53      $re = bb_get_uri();
  54  
  55  /** Handle logout *************************************************************/
  56  
  57  // User is logged in
  58  if ( bb_is_user_logged_in() ) {
  59  
  60      // Logout requested
  61      if ( isset( $_GET['logout'] ) )
  62          $_GET['action'] = 'logout';
  63  
  64      // Check logout action
  65      if ( isset( $_GET['action'] ) && 'logout' === $_GET['action'] )
  66          bb_logout();
  67  
  68      bb_safe_redirect( $re );
  69      exit;
  70  }
  71  
  72  /** Handle login **************************************************************/
  73  
  74  // Do we allow login by email address
  75  $email_login = bb_get_option( 'email_login' );
  76  
  77  // Get the user from the login details
  78  if ( empty( $_POST['log'] ) )
  79      $_POST['log'] = !empty( $_POST['user_login'] ) ? $_POST['user_login'] : '';
  80  
  81  if ( empty( $_POST['pwd'] ) )
  82      $_POST['pwd'] = !empty( $_POST['password']   ) ? $_POST['password']   : '';
  83  
  84  if ( empty( $_POST['rememberme'] ) )
  85      $_POST['rememberme'] = !empty( $_POST['remember']   ) ? 1                    : '';
  86  
  87  // Attempt to log the user in
  88  if ( $user = bb_login( @$_POST['log'], @$_POST['pwd'], @$_POST['rememberme'] ) ) {
  89      if ( !is_wp_error( $user ) ) {
  90          bb_safe_redirect( $re );
  91          exit;
  92      } else {
  93          $bb_login_error =& $user;
  94      }
  95      
  96  // No login so prepare the error
  97  } else {
  98      $bb_login_error = new WP_Error;
  99  }
 100  
 101  /** Handle errors *************************************************************/
 102  
 103  // Get error data so we can provide feedback
 104  $error_data = $bb_login_error->get_error_data();
 105  
 106  // Does user actually exist
 107  if ( isset( $error_data['unique'] ) && false === $error_data['unique'] )
 108      $user_exists = true;
 109  else
 110      $user_exists = !empty( $_POST['log'] ) && (bool) bb_get_user( $_POST['log'], array( 'by' => 'login' ) );
 111  
 112  // Check for errors on post method
 113  if ( 'post' == strtolower( $_SERVER['REQUEST_METHOD'] ) ) {
 114      
 115      // If the user doesn't exist then add that error
 116      if ( empty( $user_exists ) ) {
 117          if ( !empty( $_POST['log'] ) ) {
 118              $bb_login_error->add( 'user_login', __( 'User does not exist.' ) );
 119          } else {
 120              $bb_login_error->add( 'user_login', $email_login ? __( 'Enter a username or email address.' ) : __( 'Enter a username.' ) );
 121          }
 122      }
 123  
 124      // If the password was wrong then add that error
 125      if ( !$bb_login_error->get_error_code() ) {
 126          $bb_login_error->add( 'password', __( 'Incorrect password.' ) );
 127      }
 128  }
 129  
 130  /**
 131   * If trying to log in with email address, don't leak whether or not email
 132   * address exists in the db. is_email() is not perfect. Usernames can be
 133   * valid email addresses potentially.
 134   */
 135  if ( !empty( $email_login ) && $bb_login_error->get_error_codes() && false !== is_email( @$_POST['log'] ) )
 136      $bb_login_error = new WP_Error( 'user_login', __( 'Username and Password do not match.' ) );
 137  
 138  /** Prepare for display *******************************************************/
 139  
 140  // Sanitze variables for display
 141  $remember_checked  = @$_POST['rememberme'] ? ' checked="checked"' : '';
 142  $user_login        = esc_attr( sanitize_user( @$_POST['log'], true ) );
 143  
 144  // Load the template
 145  bb_load_template( 'login.php', array( 'user_exists', 'user_login', 'remember_checked', 'redirect_to', 're', 'bb_login_error' ) );
 146  
 147  exit;
 148  
 149  ?>