| [ Index ] |
PHP Cross Reference of WordPress |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * WordPress User Page 4 * 5 * Handles authentication, registering, resetting passwords, forgot password, 6 * and other user handling. 7 * 8 * @package WordPress 9 */ 10 11 /** Make sure that the WordPress bootstrap has run before continuing. */ 12 require( dirname(__FILE__) . '/wp-load.php' ); 13 14 // Redirect to https login if forced to use SSL 15 if ( force_ssl_admin() && ! is_ssl() ) { 16 if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) { 17 wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) ); 18 exit(); 19 } else { 20 wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ); 21 exit(); 22 } 23 } 24 25 /** 26 * Output the login page header. 27 * 28 * @param string $title Optional. WordPress login Page title to display in the `<title>` element. 29 * Default 'Log In'. 30 * @param string $message Optional. Message to display in header. Default empty. 31 * @param WP_Error $wp_error Optional. The error to pass. Default empty. 32 */ 33 function login_header( $title = 'Log In', $message = '', $wp_error = '' ) { 34 global $error, $interim_login, $action; 35 36 // Don't index any of these forms 37 add_action( 'login_head', 'wp_no_robots' ); 38 39 add_action( 'login_head', 'wp_login_viewport_meta' ); 40 41 if ( empty($wp_error) ) 42 $wp_error = new WP_Error(); 43 44 // Shake it! 45 $shake_error_codes = array( 'empty_password', 'empty_email', 'invalid_email', 'invalidcombo', 'empty_username', 'invalid_username', 'incorrect_password' ); 46 /** 47 * Filters the error codes array for shaking the login form. 48 * 49 * @since 3.0.0 50 * 51 * @param array $shake_error_codes Error codes that shake the login form. 52 */ 53 $shake_error_codes = apply_filters( 'shake_error_codes', $shake_error_codes ); 54 55 if ( $shake_error_codes && $wp_error->get_error_code() && in_array( $wp_error->get_error_code(), $shake_error_codes ) ) 56 add_action( 'login_head', 'wp_shake_js', 12 ); 57 58 $separator = is_rtl() ? ' › ' : ' ‹ '; 59 60 ?><!DOCTYPE html> 61 <!--[if IE 8]> 62 <html xmlns="http://www.w3.org/1999/xhtml" class="ie8" <?php language_attributes(); ?>> 63 <![endif]--> 64 <!--[if !(IE 8) ]><!--> 65 <html xmlns="http://www.w3.org/1999/xhtml" <?php language_attributes(); ?>> 66 <!--<![endif]--> 67 <head> 68 <meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" /> 69 <title><?php echo get_bloginfo( 'name', 'display' ) . $separator . $title; ?></title> 70 <?php 71 72 wp_enqueue_style( 'login' ); 73 74 /* 75 * Remove all stored post data on logging out. 76 * This could be added by add_action('login_head'...) like wp_shake_js(), 77 * but maybe better if it's not removable by plugins 78 */ 79 if ( 'loggedout' == $wp_error->get_error_code() ) { 80 ?> 81 <script>if("sessionStorage" in window){try{for(var key in sessionStorage){if(key.indexOf("wp-autosave-")!=-1){sessionStorage.removeItem(key)}}}catch(e){}};</script> 82 <?php 83 } 84 85 /** 86 * Enqueue scripts and styles for the login page. 87 * 88 * @since 3.1.0 89 */ 90 do_action( 'login_enqueue_scripts' ); 91 92 /** 93 * Fires in the login page header after scripts are enqueued. 94 * 95 * @since 2.1.0 96 */ 97 do_action( 'login_head' ); 98 99 if ( is_multisite() ) { 100 $login_header_url = network_home_url(); 101 $login_header_title = get_network()->site_name; 102 } else { 103 $login_header_url = __( 'https://wordpress.org/' ); 104 $login_header_title = __( 'Powered by WordPress' ); 105 } 106 107 /** 108 * Filters link URL of the header logo above login form. 109 * 110 * @since 2.1.0 111 * 112 * @param string $login_header_url Login header logo URL. 113 */ 114 $login_header_url = apply_filters( 'login_headerurl', $login_header_url ); 115 116 /** 117 * Filters the title attribute of the header logo above login form. 118 * 119 * @since 2.1.0 120 * 121 * @param string $login_header_title Login header logo title attribute. 122 */ 123 $login_header_title = apply_filters( 'login_headertitle', $login_header_title ); 124 125 $classes = array( 'login-action-' . $action, 'wp-core-ui' ); 126 if ( is_rtl() ) 127 $classes[] = 'rtl'; 128 if ( $interim_login ) { 129 $classes[] = 'interim-login'; 130 ?> 131 <style type="text/css">html{background-color: transparent;}</style> 132 <?php 133 134 if ( 'success' === $interim_login ) 135 $classes[] = 'interim-login-success'; 136 } 137 $classes[] =' locale-' . sanitize_html_class( strtolower( str_replace( '_', '-', get_locale() ) ) ); 138 139 /** 140 * Filters the login page body classes. 141 * 142 * @since 3.5.0 143 * 144 * @param array $classes An array of body classes. 145 * @param string $action The action that brought the visitor to the login page. 146 */ 147 $classes = apply_filters( 'login_body_class', $classes, $action ); 148 149 ?> 150 </head> 151 <body class="login <?php echo esc_attr( implode( ' ', $classes ) ); ?>"> 152 <?php 153 /** 154 * Fires in the login page header after the body tag is opened. 155 * 156 * @since 4.6.0 157 */ 158 do_action( 'login_header' ); 159 ?> 160 <div id="login"> 161 <h1><a href="<?php echo esc_url( $login_header_url ); ?>" title="<?php echo esc_attr( $login_header_title ); ?>" tabindex="-1"><?php bloginfo( 'name' ); ?></a></h1> 162 <?php 163 164 unset( $login_header_url, $login_header_title ); 165 166 /** 167 * Filters the message to display above the login form. 168 * 169 * @since 2.1.0 170 * 171 * @param string $message Login message text. 172 */ 173 $message = apply_filters( 'login_message', $message ); 174 if ( !empty( $message ) ) 175 echo $message . "\n"; 176 177 // In case a plugin uses $error rather than the $wp_errors object 178 if ( !empty( $error ) ) { 179 $wp_error->add('error', $error); 180 unset($error); 181 } 182 183 if ( $wp_error->get_error_code() ) { 184 $errors = ''; 185 $messages = ''; 186 foreach ( $wp_error->get_error_codes() as $code ) { 187 $severity = $wp_error->get_error_data( $code ); 188 foreach ( $wp_error->get_error_messages( $code ) as $error_message ) { 189 if ( 'message' == $severity ) 190 $messages .= ' ' . $error_message . "<br />\n"; 191 else 192 $errors .= ' ' . $error_message . "<br />\n"; 193 } 194 } 195 if ( ! empty( $errors ) ) { 196 /** 197 * Filters the error messages displayed above the login form. 198 * 199 * @since 2.1.0 200 * 201 * @param string $errors Login error message. 202 */ 203 echo '<div id="login_error">' . apply_filters( 'login_errors', $errors ) . "</div>\n"; 204 } 205 if ( ! empty( $messages ) ) { 206 /** 207 * Filters instructional messages displayed above the login form. 208 * 209 * @since 2.5.0 210 * 211 * @param string $messages Login messages. 212 */ 213 echo '<p class="message">' . apply_filters( 'login_messages', $messages ) . "</p>\n"; 214 } 215 } 216 } // End of login_header() 217 218 /** 219 * Outputs the footer for the login page. 220 * 221 * @param string $input_id Which input to auto-focus 222 */ 223 function login_footer($input_id = '') { 224 global $interim_login; 225 226 // Don't allow interim logins to navigate away from the page. 227 if ( ! $interim_login ): ?> 228 <p id="backtoblog"><a href="<?php echo esc_url( home_url( '/' ) ); ?>"><?php 229 /* translators: %s: site title */ 230 printf( _x( '← Back to %s', 'site' ), get_bloginfo( 'title', 'display' ) ); 231 ?></a></p> 232 <?php endif; ?> 233 234 </div> 235 236 <?php if ( !empty($input_id) ) : ?> 237 <script type="text/javascript"> 238 try{document.getElementById('<?php echo $input_id; ?>').focus();}catch(e){} 239 if(typeof wpOnload=='function')wpOnload(); 240 </script> 241 <?php endif; ?> 242 243 <?php 244 /** 245 * Fires in the login page footer. 246 * 247 * @since 3.1.0 248 */ 249 do_action( 'login_footer' ); ?> 250 <div class="clear"></div> 251 </body> 252 </html> 253 <?php 254 } 255 256 /** 257 * @since 3.0.0 258 */ 259 function wp_shake_js() { 260 ?> 261 <script type="text/javascript"> 262 addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}}; 263 function s(id,pos){g(id).left=pos+'px';} 264 function g(id){return document.getElementById(id).style;} 265 function shake(id,a,d){c=a.shift();s(id,c);if(a.length>0){setTimeout(function(){shake(id,a,d);},d);}else{try{g(id).position='static';wp_attempt_focus();}catch(e){}}} 266 addLoadEvent(function(){ var p=new Array(15,30,15,0,-15,-30,-15,0);p=p.concat(p.concat(p));var i=document.forms[0].id;g(i).position='relative';shake(i,p,20);}); 267 </script> 268 <?php 269 } 270 271 /** 272 * @since 3.7.0 273 */ 274 function wp_login_viewport_meta() { 275 ?> 276 <meta name="viewport" content="width=device-width" /> 277 <?php 278 } 279 280 /** 281 * Handles sending password retrieval email to user. 282 * 283 * @return bool|WP_Error True: when finish. WP_Error on error 284 */ 285 function retrieve_password() { 286 $errors = new WP_Error(); 287 288 if ( empty( $_POST['user_login'] ) ) { 289 $errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or email address.')); 290 } elseif ( strpos( $_POST['user_login'], '@' ) ) { 291 $user_data = get_user_by( 'email', trim( wp_unslash( $_POST['user_login'] ) ) ); 292 if ( empty( $user_data ) ) 293 $errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.')); 294 } else { 295 $login = trim($_POST['user_login']); 296 $user_data = get_user_by('login', $login); 297 } 298 299 /** 300 * Fires before errors are returned from a password reset request. 301 * 302 * @since 2.1.0 303 * @since 4.4.0 Added the `$errors` parameter. 304 * 305 * @param WP_Error $errors A WP_Error object containing any errors generated 306 * by using invalid credentials. 307 */ 308 do_action( 'lostpassword_post', $errors ); 309 310 if ( $errors->get_error_code() ) 311 return $errors; 312 313 if ( !$user_data ) { 314 $errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or email.')); 315 return $errors; 316 } 317 318 // Redefining user_login ensures we return the right case in the email. 319 $user_login = $user_data->user_login; 320 $user_email = $user_data->user_email; 321 $key = get_password_reset_key( $user_data ); 322 323 if ( is_wp_error( $key ) ) { 324 return $key; 325 } 326 327 $message = __('Someone has requested a password reset for the following account:') . "\r\n\r\n"; 328 $message .= network_home_url( '/' ) . "\r\n\r\n"; 329 $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n"; 330 $message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n"; 331 $message .= __('To reset your password, visit the following address:') . "\r\n\r\n"; 332 $message .= '<' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ">\r\n"; 333 334 if ( is_multisite() ) { 335 $blogname = get_network()->site_name; 336 } else { 337 /* 338 * The blogname option is escaped with esc_html on the way into the database 339 * in sanitize_option we want to reverse this for the plain text arena of emails. 340 */ 341 $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES); 342 } 343 344 /* translators: Password reset email subject. 1: Site name */ 345 $title = sprintf( __('[%s] Password Reset'), $blogname ); 346 347 /** 348 * Filters the subject of the password reset email. 349 * 350 * @since 2.8.0 351 * @since 4.4.0 Added the `$user_login` and `$user_data` parameters. 352 * 353 * @param string $title Default email title. 354 * @param string $user_login The username for the user. 355 * @param WP_User $user_data WP_User object. 356 */ 357 $title = apply_filters( 'retrieve_password_title', $title, $user_login, $user_data ); 358 359 /** 360 * Filters the message body of the password reset mail. 361 * 362 * If the filtered message is empty, the password reset email will not be sent. 363 * 364 * @since 2.8.0 365 * @since 4.1.0 Added `$user_login` and `$user_data` parameters. 366 * 367 * @param string $message Default mail message. 368 * @param string $key The activation key. 369 * @param string $user_login The username for the user. 370 * @param WP_User $user_data WP_User object. 371 */ 372 $message = apply_filters( 'retrieve_password_message', $message, $key, $user_login, $user_data ); 373 374 if ( $message && !wp_mail( $user_email, wp_specialchars_decode( $title ), $message ) ) 375 wp_die( __('The email could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function.') ); 376 377 return true; 378 } 379 380 // 381 // Main 382 // 383 384 $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'login'; 385 $errors = new WP_Error(); 386 387 if ( isset($_GET['key']) ) 388 $action = 'resetpass'; 389 390 // validate action so as to default to the login screen 391 if ( !in_array( $action, array( 'postpass', 'logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login' ), true ) && false === has_filter( 'login_form_' . $action ) ) 392 $action = 'login'; 393 394 nocache_headers(); 395 396 header('Content-Type: '.get_bloginfo('html_type').'; charset='.get_bloginfo('charset')); 397 398 if ( defined( 'RELOCATE' ) && RELOCATE ) { // Move flag is set 399 if ( isset( $_SERVER['PATH_INFO'] ) && ($_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) ) 400 $_SERVER['PHP_SELF'] = str_replace( $_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF'] ); 401 402 $url = dirname( set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] ) ); 403 if ( $url != get_option( 'siteurl' ) ) 404 update_option( 'siteurl', $url ); 405 } 406 407 //Set a cookie now to see if they are supported by the browser. 408 $secure = ( 'https' === parse_url( wp_login_url(), PHP_URL_SCHEME ) ); 409 setcookie( TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN, $secure ); 410 if ( SITECOOKIEPATH != COOKIEPATH ) 411 setcookie( TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN, $secure ); 412 413 /** 414 * Fires when the login form is initialized. 415 * 416 * @since 3.2.0 417 */ 418 do_action( 'login_init' ); 419 /** 420 * Fires before a specified login form action. 421 * 422 * The dynamic portion of the hook name, `$action`, refers to the action 423 * that brought the visitor to the login form. Actions include 'postpass', 424 * 'logout', 'lostpassword', etc. 425 * 426 * @since 2.8.0 427 */ 428 do_action( "login_form_{$action}" ); 429 430 $http_post = ('POST' == $_SERVER['REQUEST_METHOD']); 431 $interim_login = isset($_REQUEST['interim-login']); 432 433 switch ($action) { 434 435 case 'postpass' : 436 if ( ! array_key_exists( 'post_password', $_POST ) ) { 437 wp_safe_redirect( wp_get_referer() ); 438 exit(); 439 } 440 441 require_once ABSPATH . WPINC . '/class-phpass.php'; 442 $hasher = new PasswordHash( 8, true ); 443 444 /** 445 * Filters the life span of the post password cookie. 446 * 447 * By default, the cookie expires 10 days from creation. To turn this 448 * into a session cookie, return 0. 449 * 450 * @since 3.7.0 451 * 452 * @param int $expires The expiry time, as passed to setcookie(). 453 */ 454 $expire = apply_filters( 'post_password_expires', time() + 10 * DAY_IN_SECONDS ); 455 $referer = wp_get_referer(); 456 if ( $referer ) { 457 $secure = ( 'https' === parse_url( $referer, PHP_URL_SCHEME ) ); 458 } else { 459 $secure = false; 460 } 461 setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure ); 462 463 wp_safe_redirect( wp_get_referer() ); 464 exit(); 465 466 case 'logout' : 467 check_admin_referer('log-out'); 468 469 $user = wp_get_current_user(); 470 471 wp_logout(); 472 473 if ( ! empty( $_REQUEST['redirect_to'] ) ) { 474 $redirect_to = $requested_redirect_to = $_REQUEST['redirect_to']; 475 } else { 476 $redirect_to = 'wp-login.php?loggedout=true'; 477 $requested_redirect_to = ''; 478 } 479 480 /** 481 * Filters the log out redirect URL. 482 * 483 * @since 4.2.0 484 * 485 * @param string $redirect_to The redirect destination URL. 486 * @param string $requested_redirect_to The requested redirect destination URL passed as a parameter. 487 * @param WP_User $user The WP_User object for the user that's logging out. 488 */ 489 $redirect_to = apply_filters( 'logout_redirect', $redirect_to, $requested_redirect_to, $user ); 490 wp_safe_redirect( $redirect_to ); 491 exit(); 492 493 case 'lostpassword' : 494 case 'retrievepassword' : 495 496 if ( $http_post ) { 497 $errors = retrieve_password(); 498 if ( !is_wp_error($errors) ) { 499 $redirect_to = !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : 'wp-login.php?checkemail=confirm'; 500 wp_safe_redirect( $redirect_to ); 501 exit(); 502 } 503 } 504 505 if ( isset( $_GET['error'] ) ) { 506 if ( 'invalidkey' == $_GET['error'] ) { 507 $errors->add( 'invalidkey', __( 'Your password reset link appears to be invalid. Please request a new link below.' ) ); 508 } elseif ( 'expiredkey' == $_GET['error'] ) { 509 $errors->add( 'expiredkey', __( 'Your password reset link has expired. Please request a new link below.' ) ); 510 } 511 } 512 513 $lostpassword_redirect = ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : ''; 514 /** 515 * Filters the URL redirected to after submitting the lostpassword/retrievepassword form. 516 * 517 * @since 3.0.0 518 * 519 * @param string $lostpassword_redirect The redirect destination URL. 520 */ 521 $redirect_to = apply_filters( 'lostpassword_redirect', $lostpassword_redirect ); 522 523 /** 524 * Fires before the lost password form. 525 * 526 * @since 1.5.1 527 */ 528 do_action( 'lost_password' ); 529 530 login_header(__('Lost Password'), '<p class="message">' . __('Please enter your username or email address. You will receive a link to create a new password via email.') . '</p>', $errors); 531 532 $user_login = isset($_POST['user_login']) ? wp_unslash($_POST['user_login']) : ''; 533 534 ?> 535 536 <form name="lostpasswordform" id="lostpasswordform" action="<?php echo esc_url( network_site_url( 'wp-login.php?action=lostpassword', 'login_post' ) ); ?>" method="post"> 537 <p> 538 <label for="user_login" ><?php _e( 'Username or Email Address' ); ?><br /> 539 <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label> 540 </p> 541 <?php 542 /** 543 * Fires inside the lostpassword form tags, before the hidden fields. 544 * 545 * @since 2.1.0 546 */ 547 do_action( 'lostpassword_form' ); ?> 548 <input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" /> 549 <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Get New Password'); ?>" /></p> 550 </form> 551 552 <p id="nav"> 553 <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e('Log in') ?></a> 554 <?php 555 if ( get_option( 'users_can_register' ) ) : 556 $registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) ); 557 558 /** This filter is documented in wp-includes/general-template.php */ 559 echo ' | ' . apply_filters( 'register', $registration_url ); 560 endif; 561 ?> 562 </p> 563 564 <?php 565 login_footer('user_login'); 566 break; 567 568 case 'resetpass' : 569 case 'rp' : 570 list( $rp_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) ); 571 $rp_cookie = 'wp-resetpass-' . COOKIEHASH; 572 if ( isset( $_GET['key'] ) ) { 573 $value = sprintf( '%s:%s', wp_unslash( $_GET['login'] ), wp_unslash( $_GET['key'] ) ); 574 setcookie( $rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true ); 575 wp_safe_redirect( remove_query_arg( array( 'key', 'login' ) ) ); 576 exit; 577 } 578 579 if ( isset( $_COOKIE[ $rp_cookie ] ) && 0 < strpos( $_COOKIE[ $rp_cookie ], ':' ) ) { 580 list( $rp_login, $rp_key ) = explode( ':', wp_unslash( $_COOKIE[ $rp_cookie ] ), 2 ); 581 $user = check_password_reset_key( $rp_key, $rp_login ); 582 if ( isset( $_POST['pass1'] ) && ! hash_equals( $rp_key, $_POST['rp_key'] ) ) { 583 $user = false; 584 } 585 } else { 586 $user = false; 587 } 588 589 if ( ! $user || is_wp_error( $user ) ) { 590 setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true ); 591 if ( $user && $user->get_error_code() === 'expired_key' ) 592 wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=expiredkey' ) ); 593 else 594 wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=invalidkey' ) ); 595 exit; 596 } 597 598 $errors = new WP_Error(); 599 600 if ( isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2'] ) 601 $errors->add( 'password_reset_mismatch', __( 'The passwords do not match.' ) ); 602 603 /** 604 * Fires before the password reset procedure is validated. 605 * 606 * @since 3.5.0 607 * 608 * @param object $errors WP Error object. 609 * @param WP_User|WP_Error $user WP_User object if the login and reset key match. WP_Error object otherwise. 610 */ 611 do_action( 'validate_password_reset', $errors, $user ); 612 613 if ( ( ! $errors->get_error_code() ) && isset( $_POST['pass1'] ) && !empty( $_POST['pass1'] ) ) { 614 reset_password($user, $_POST['pass1']); 615 setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true ); 616 login_header( __( 'Password Reset' ), '<p class="message reset-pass">' . __( 'Your password has been reset.' ) . ' <a href="' . esc_url( wp_login_url() ) . '">' . __( 'Log in' ) . '</a></p>' ); 617 login_footer(); 618 exit; 619 } 620 621 wp_enqueue_script('utils'); 622 wp_enqueue_script('user-profile'); 623 624 login_header(__('Reset Password'), '<p class="message reset-pass">' . __('Enter your new password below.') . '</p>', $errors ); 625 626 ?> 627 <form name="resetpassform" id="resetpassform" action="<?php echo esc_url( network_site_url( 'wp-login.php?action=resetpass', 'login_post' ) ); ?>" method="post" autocomplete="off"> 628 <input type="hidden" id="user_login" value="<?php echo esc_attr( $rp_login ); ?>" autocomplete="off" /> 629 630 <div class="user-pass1-wrap"> 631 <p> 632 <label for="pass1"><?php _e( 'New password' ) ?></label> 633 </p> 634 635 <div class="wp-pwd"> 636 <span class="password-input-wrapper"> 637 <input type="password" data-reveal="1" data-pw="<?php echo esc_attr( wp_generate_password( 16 ) ); ?>" name="pass1" id="pass1" class="input" size="20" value="" autocomplete="off" aria-describedby="pass-strength-result" /> 638 </span> 639 <div id="pass-strength-result" class="hide-if-no-js" aria-live="polite"><?php _e( 'Strength indicator' ); ?></div> 640 </div> 641 </div> 642 643 <p class="user-pass2-wrap"> 644 <label for="pass2"><?php _e( 'Confirm new password' ) ?></label><br /> 645 <input type="password" name="pass2" id="pass2" class="input" size="20" value="" autocomplete="off" /> 646 </p> 647 648 <p class="description indicator-hint"><?php echo wp_get_password_hint(); ?></p> 649 <br class="clear" /> 650 651 <?php 652 /** 653 * Fires following the 'Strength indicator' meter in the user password reset form. 654 * 655 * @since 3.9.0 656 * 657 * @param WP_User $user User object of the user whose password is being reset. 658 */ 659 do_action( 'resetpass_form', $user ); 660 ?> 661 <input type="hidden" name="rp_key" value="<?php echo esc_attr( $rp_key ); ?>" /> 662 <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Reset Password'); ?>" /></p> 663 </form> 664 665 <p id="nav"> 666 <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log in' ); ?></a> 667 <?php 668 if ( get_option( 'users_can_register' ) ) : 669 $registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) ); 670 671 /** This filter is documented in wp-includes/general-template.php */ 672 echo ' | ' . apply_filters( 'register', $registration_url ); 673 endif; 674 ?> 675 </p> 676 677 <?php 678 login_footer('user_pass'); 679 break; 680 681 case 'register' : 682 if ( is_multisite() ) { 683 /** 684 * Filters the Multisite sign up URL. 685 * 686 * @since 3.0.0 687 * 688 * @param string $sign_up_url The sign up URL. 689 */ 690 wp_redirect( apply_filters( 'wp_signup_location', network_site_url( 'wp-signup.php' ) ) ); 691 exit; 692 } 693 694 if ( !get_option('users_can_register') ) { 695 wp_redirect( site_url('wp-login.php?registration=disabled') ); 696 exit(); 697 } 698 699 $user_login = ''; 700 $user_email = ''; 701 if ( $http_post ) { 702 $user_login = isset( $_POST['user_login'] ) ? $_POST['user_login'] : ''; 703 $user_email = isset( $_POST['user_email'] ) ? wp_unslash( $_POST['user_email'] ) : ''; 704 $errors = register_new_user($user_login, $user_email); 705 if ( !is_wp_error($errors) ) { 706 $redirect_to = !empty( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : 'wp-login.php?checkemail=registered'; 707 wp_safe_redirect( $redirect_to ); 708 exit(); 709 } 710 } 711 712 $registration_redirect = ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : ''; 713 /** 714 * Filters the registration redirect URL. 715 * 716 * @since 3.0.0 717 * 718 * @param string $registration_redirect The redirect destination URL. 719 */ 720 $redirect_to = apply_filters( 'registration_redirect', $registration_redirect ); 721 login_header(__('Registration Form'), '<p class="message register">' . __('Register For This Site') . '</p>', $errors); 722 ?> 723 <form name="registerform" id="registerform" action="<?php echo esc_url( site_url( 'wp-login.php?action=register', 'login_post' ) ); ?>" method="post" novalidate="novalidate"> 724 <p> 725 <label for="user_login"><?php _e('Username') ?><br /> 726 <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr(wp_unslash($user_login)); ?>" size="20" /></label> 727 </p> 728 <p> 729 <label for="user_email"><?php _e('Email') ?><br /> 730 <input type="email" name="user_email" id="user_email" class="input" value="<?php echo esc_attr( wp_unslash( $user_email ) ); ?>" size="25" /></label> 731 </p> 732 <?php 733 /** 734 * Fires following the 'Email' field in the user registration form. 735 * 736 * @since 2.1.0 737 */ 738 do_action( 'register_form' ); 739 ?> 740 <p id="reg_passmail"><?php _e( 'Registration confirmation will be emailed to you.' ); ?></p> 741 <br class="clear" /> 742 <input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" /> 743 <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Register'); ?>" /></p> 744 </form> 745 746 <p id="nav"> 747 <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log in' ); ?></a> | 748 <a href="<?php echo esc_url( wp_lostpassword_url() ); ?>"><?php _e( 'Lost your password?' ); ?></a> 749 </p> 750 751 <?php 752 login_footer('user_login'); 753 break; 754 755 case 'login' : 756 default: 757 $secure_cookie = ''; 758 $customize_login = isset( $_REQUEST['customize-login'] ); 759 if ( $customize_login ) 760 wp_enqueue_script( 'customize-base' ); 761 762 // If the user wants ssl but the session is not ssl, force a secure cookie. 763 if ( !empty($_POST['log']) && !force_ssl_admin() ) { 764 $user_name = sanitize_user($_POST['log']); 765 $user = get_user_by( 'login', $user_name ); 766 767 if ( ! $user && strpos( $user_name, '@' ) ) { 768 $user = get_user_by( 'email', $user_name ); 769 } 770 771 if ( $user ) { 772 if ( get_user_option('use_ssl', $user->ID) ) { 773 $secure_cookie = true; 774 force_ssl_admin(true); 775 } 776 } 777 } 778 779 if ( isset( $_REQUEST['redirect_to'] ) ) { 780 $redirect_to = $_REQUEST['redirect_to']; 781 // Redirect to https if user wants ssl 782 if ( $secure_cookie && false !== strpos($redirect_to, 'wp-admin') ) 783 $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to); 784 } else { 785 $redirect_to = admin_url(); 786 } 787 788 $reauth = empty($_REQUEST['reauth']) ? false : true; 789 790 $user = wp_signon( array(), $secure_cookie ); 791 792 if ( empty( $_COOKIE[ LOGGED_IN_COOKIE ] ) ) { 793 if ( headers_sent() ) { 794 /* translators: 1: Browser cookie documentation URL, 2: Support forums URL */ 795 $user = new WP_Error( 'test_cookie', sprintf( __( '<strong>ERROR</strong>: Cookies are blocked due to unexpected output. For help, please see <a href="%1$s">this documentation</a> or try the <a href="%2$s">support forums</a>.' ), 796 __( 'https://codex.wordpress.org/Cookies' ), __( 'https://wordpress.org/support/' ) ) ); 797 } elseif ( isset( $_POST['testcookie'] ) && empty( $_COOKIE[ TEST_COOKIE ] ) ) { 798 // If cookies are disabled we can't log in even with a valid user+pass 799 /* translators: 1: Browser cookie documentation URL */ 800 $user = new WP_Error( 'test_cookie', sprintf( __( '<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href="%s">enable cookies</a> to use WordPress.' ), 801 __( 'https://codex.wordpress.org/Cookies' ) ) ); 802 } 803 } 804 805 $requested_redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : ''; 806 /** 807 * Filters the login redirect URL. 808 * 809 * @since 3.0.0 810 * 811 * @param string $redirect_to The redirect destination URL. 812 * @param string $requested_redirect_to The requested redirect destination URL passed as a parameter. 813 * @param WP_User|WP_Error $user WP_User object if login was successful, WP_Error object otherwise. 814 */ 815 $redirect_to = apply_filters( 'login_redirect', $redirect_to, $requested_redirect_to, $user ); 816 817 if ( !is_wp_error($user) && !$reauth ) { 818 if ( $interim_login ) { 819 $message = '<p class="message">' . __('You have logged in successfully.') . '</p>'; 820 $interim_login = 'success'; 821 login_header( '', $message ); ?> 822 </div> 823 <?php 824 /** This action is documented in wp-login.php */ 825 do_action( 'login_footer' ); ?> 826 <?php if ( $customize_login ) : ?> 827 <script type="text/javascript">setTimeout( function(){ new wp.customize.Messenger({ url: '<?php echo wp_customize_url(); ?>', channel: 'login' }).send('login') }, 1000 );</script> 828 <?php endif; ?> 829 </body></html> 830 <?php exit; 831 } 832 833 if ( ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url() ) ) { 834 // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile. 835 if ( is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin( $user->ID ) ) 836 $redirect_to = user_admin_url(); 837 elseif ( is_multisite() && !$user->has_cap('read') ) 838 $redirect_to = get_dashboard_url( $user->ID ); 839 elseif ( !$user->has_cap('edit_posts') ) 840 $redirect_to = $user->has_cap( 'read' ) ? admin_url( 'profile.php' ) : home_url(); 841 842 wp_redirect( $redirect_to ); 843 exit(); 844 } 845 wp_safe_redirect($redirect_to); 846 exit(); 847 } 848 849 $errors = $user; 850 // Clear errors if loggedout is set. 851 if ( !empty($_GET['loggedout']) || $reauth ) 852 $errors = new WP_Error(); 853 854 if ( $interim_login ) { 855 if ( ! $errors->get_error_code() ) 856 $errors->add( 'expired', __( 'Your session has expired. Please log in to continue where you left off.' ), 'message' ); 857 } else { 858 // Some parts of this script use the main login form to display a message 859 if ( isset($_GET['loggedout']) && true == $_GET['loggedout'] ) 860 $errors->add('loggedout', __('You are now logged out.'), 'message'); 861 elseif ( isset($_GET['registration']) && 'disabled' == $_GET['registration'] ) 862 $errors->add('registerdisabled', __('User registration is currently not allowed.')); 863 elseif ( isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail'] ) 864 $errors->add('confirm', __('Check your email for the confirmation link.'), 'message'); 865 elseif ( isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail'] ) 866 $errors->add('newpass', __('Check your email for your new password.'), 'message'); 867 elseif ( isset($_GET['checkemail']) && 'registered' == $_GET['checkemail'] ) 868 $errors->add('registered', __('Registration complete. Please check your email.'), 'message'); 869 elseif ( strpos( $redirect_to, 'about.php?updated' ) ) 870 $errors->add('updated', __( '<strong>You have successfully updated WordPress!</strong> Please log back in to see what’s new.' ), 'message' ); 871 } 872 873 /** 874 * Filters the login page errors. 875 * 876 * @since 3.6.0 877 * 878 * @param object $errors WP Error object. 879 * @param string $redirect_to Redirect destination URL. 880 */ 881 $errors = apply_filters( 'wp_login_errors', $errors, $redirect_to ); 882 883 // Clear any stale cookies. 884 if ( $reauth ) 885 wp_clear_auth_cookie(); 886 887 login_header(__('Log In'), '', $errors); 888 889 if ( isset($_POST['log']) ) 890 $user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? esc_attr(wp_unslash($_POST['log'])) : ''; 891 $rememberme = ! empty( $_POST['rememberme'] ); 892 893 if ( ! empty( $errors->errors ) ) { 894 $aria_describedby_error = ' aria-describedby="login_error"'; 895 } else { 896 $aria_describedby_error = ''; 897 } 898 ?> 899 900 <form name="loginform" id="loginform" action="<?php echo esc_url( site_url( 'wp-login.php', 'login_post' ) ); ?>" method="post"> 901 <p> 902 <label for="user_login"><?php _e( 'Username or Email Address' ); ?><br /> 903 <input type="text" name="log" id="user_login"<?php echo $aria_describedby_error; ?> class="input" value="<?php echo esc_attr( $user_login ); ?>" size="20" /></label> 904 </p> 905 <p> 906 <label for="user_pass"><?php _e( 'Password' ); ?><br /> 907 <input type="password" name="pwd" id="user_pass"<?php echo $aria_describedby_error; ?> class="input" value="" size="20" /></label> 908 </p> 909 <?php 910 /** 911 * Fires following the 'Password' field in the login form. 912 * 913 * @since 2.1.0 914 */ 915 do_action( 'login_form' ); 916 ?> 917 <p class="forgetmenot"><label for="rememberme"><input name="rememberme" type="checkbox" id="rememberme" value="forever" <?php checked( $rememberme ); ?> /> <?php esc_html_e( 'Remember Me' ); ?></label></p> 918 <p class="submit"> 919 <input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Log In'); ?>" /> 920 <?php if ( $interim_login ) { ?> 921 <input type="hidden" name="interim-login" value="1" /> 922 <?php } else { ?> 923 <input type="hidden" name="redirect_to" value="<?php echo esc_attr($redirect_to); ?>" /> 924 <?php } ?> 925 <?php if ( $customize_login ) : ?> 926 <input type="hidden" name="customize-login" value="1" /> 927 <?php endif; ?> 928 <input type="hidden" name="testcookie" value="1" /> 929 </p> 930 </form> 931 932 <?php if ( ! $interim_login ) { ?> 933 <p id="nav"> 934 <?php if ( ! isset( $_GET['checkemail'] ) || ! in_array( $_GET['checkemail'], array( 'confirm', 'newpass' ) ) ) : 935 if ( get_option( 'users_can_register' ) ) : 936 $registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) ); 937 938 /** This filter is documented in wp-includes/general-template.php */ 939 echo apply_filters( 'register', $registration_url ) . ' | '; 940 endif; 941 ?> 942 <a href="<?php echo esc_url( wp_lostpassword_url() ); ?>"><?php _e( 'Lost your password?' ); ?></a> 943 <?php endif; ?> 944 </p> 945 <?php } ?> 946 947 <script type="text/javascript"> 948 function wp_attempt_focus(){ 949 setTimeout( function(){ try{ 950 <?php if ( $user_login ) { ?> 951 d = document.getElementById('user_pass'); 952 d.value = ''; 953 <?php } else { ?> 954 d = document.getElementById('user_login'); 955 <?php if ( 'invalid_username' == $errors->get_error_code() ) { ?> 956 if( d.value != '' ) 957 d.value = ''; 958 <?php 959 } 960 }?> 961 d.focus(); 962 d.select(); 963 } catch(e){} 964 }, 200); 965 } 966 967 <?php 968 /** 969 * Filters whether to print the call to `wp_attempt_focus()` on the login screen. 970 * 971 * @since 4.8.0 972 * 973 * @param bool $print Whether to print the function call. Default true. 974 */ 975 if ( apply_filters( 'enable_login_autofocus', true ) && ! $error ) { ?> 976 wp_attempt_focus(); 977 <?php } ?> 978 if(typeof wpOnload=='function')wpOnload(); 979 <?php if ( $interim_login ) { ?> 980 (function(){ 981 try { 982 var i, links = document.getElementsByTagName('a'); 983 for ( i in links ) { 984 if ( links[i].href ) 985 links[i].target = '_blank'; 986 } 987 } catch(e){} 988 }()); 989 <?php } ?> 990 </script> 991 992 <?php 993 login_footer(); 994 break; 995 } // end action switch
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed Aug 16 01:00:03 2017 | Cross-referenced by PHPXref 0.7.1 |