[ Index ] |
PHP Cross Reference of BuddyPress |
[Summary view] [Print] [Text view]
1 <?php 2 3 // Load bbPress 4 require ( './bb-load.php' ); 5 6 // SSL redirect if required 7 bb_ssl_redirect(); 8 9 // Don't cache this page at all 10 nocache_headers(); 11 12 /** Look for redirection ******************************************************/ 13 14 // Look for 'redirect_to' 15 if ( isset( $_REQUEST['redirect_to'] ) && is_string( $_REQUEST['redirect_to'] ) ) 16 $re = $_REQUEST['redirect_to']; 17 18 // Look for 're' 19 if ( empty( $re ) && isset( $_REQUEST['re'] ) && is_string( $_REQUEST['re'] ) ) 20 $re = $_REQUEST['re']; 21 22 // Use referer 23 if ( empty( $re ) ) 24 $re = wp_get_referer(); 25 26 // Don't redirect to register or password reset pages 27 if ( empty( $re ) ) { 28 // Grab home path and URL for comparison 29 $home_url = parse_url( bb_get_uri( null, null, BB_URI_CONTEXT_TEXT ) ); 30 $home_path = $home_url['path']; 31 32 if ( false !== strpos( $re, $home_path . 'register.php' ) || false !== strpos( $re, $home_path . 'bb-reset-password.php' ) ) 33 $re = bb_get_uri( null, null, BB_URI_CONTEXT_HEADER ); 34 35 } 36 37 /** 38 * If this page was accessed using SSL, make sure the redirect is a full URL so 39 * that we don't end up on an SSL page again (unless the whole site is under SSL) 40 */ 41 if ( is_ssl() && 0 === strpos( $re, '/' ) ) 42 $re = bb_get_uri( $re , null, BB_URI_CONTEXT_HEADER ); 43 44 // Clean the redirection destination 45 if ( !empty( $re ) ) { 46 $re = esc_url( $re ); 47 $re = esc_attr( $re ); 48 $redirect_to = $re; 49 } 50 51 // Fallback to site root 52 if ( empty( $re ) ) 53 $re = bb_get_uri(); 54 55 /** Handle logout *************************************************************/ 56 57 // User is logged in 58 if ( bb_is_user_logged_in() ) { 59 60 // Logout requested 61 if ( isset( $_GET['logout'] ) ) 62 $_GET['action'] = 'logout'; 63 64 // Check logout action 65 if ( isset( $_GET['action'] ) && 'logout' === $_GET['action'] ) 66 bb_logout(); 67 68 bb_safe_redirect( $re ); 69 exit; 70 } 71 72 /** Handle login **************************************************************/ 73 74 // Do we allow login by email address 75 $email_login = bb_get_option( 'email_login' ); 76 77 // Get the user from the login details 78 if ( empty( $_POST['log'] ) ) 79 $_POST['log'] = !empty( $_POST['user_login'] ) ? $_POST['user_login'] : ''; 80 81 if ( empty( $_POST['pwd'] ) ) 82 $_POST['pwd'] = !empty( $_POST['password'] ) ? $_POST['password'] : ''; 83 84 if ( empty( $_POST['rememberme'] ) ) 85 $_POST['rememberme'] = !empty( $_POST['remember'] ) ? 1 : ''; 86 87 // Attempt to log the user in 88 if ( $user = bb_login( @$_POST['log'], @$_POST['pwd'], @$_POST['rememberme'] ) ) { 89 if ( !is_wp_error( $user ) ) { 90 bb_safe_redirect( $re ); 91 exit; 92 } else { 93 $bb_login_error =& $user; 94 } 95 96 // No login so prepare the error 97 } else { 98 $bb_login_error = new WP_Error; 99 } 100 101 /** Handle errors *************************************************************/ 102 103 // Get error data so we can provide feedback 104 $error_data = $bb_login_error->get_error_data(); 105 106 // Does user actually exist 107 if ( isset( $error_data['unique'] ) && false === $error_data['unique'] ) 108 $user_exists = true; 109 else 110 $user_exists = !empty( $_POST['log'] ) && (bool) bb_get_user( $_POST['log'], array( 'by' => 'login' ) ); 111 112 // Check for errors on post method 113 if ( 'post' == strtolower( $_SERVER['REQUEST_METHOD'] ) ) { 114 115 // If the user doesn't exist then add that error 116 if ( empty( $user_exists ) ) { 117 if ( !empty( $_POST['log'] ) ) { 118 $bb_login_error->add( 'user_login', __( 'User does not exist.' ) ); 119 } else { 120 $bb_login_error->add( 'user_login', $email_login ? __( 'Enter a username or email address.' ) : __( 'Enter a username.' ) ); 121 } 122 } 123 124 // If the password was wrong then add that error 125 if ( !$bb_login_error->get_error_code() ) { 126 $bb_login_error->add( 'password', __( 'Incorrect password.' ) ); 127 } 128 } 129 130 /** 131 * If trying to log in with email address, don't leak whether or not email 132 * address exists in the db. is_email() is not perfect. Usernames can be 133 * valid email addresses potentially. 134 */ 135 if ( !empty( $email_login ) && $bb_login_error->get_error_codes() && false !== is_email( @$_POST['log'] ) ) 136 $bb_login_error = new WP_Error( 'user_login', __( 'Username and Password do not match.' ) ); 137 138 /** Prepare for display *******************************************************/ 139 140 // Sanitze variables for display 141 $remember_checked = @$_POST['rememberme'] ? ' checked="checked"' : ''; 142 $user_login = esc_attr( sanitize_user( @$_POST['log'], true ) ); 143 144 // Load the template 145 bb_load_template( 'login.php', array( 'user_exists', 'user_login', 'remember_checked', 'redirect_to', 're', 'bb_login_error' ) ); 146 147 exit; 148 149 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Thu Dec 7 01:01:35 2017 | Cross-referenced by PHPXref 0.7.1 |