All In One WP Security & Firewall - Version 4.3.9.1

Version Description

  • Fixed rename login page feature bug introduced after WP core change in version 5.2.
Download this release

Release Info

Developer wpsolutions
Plugin Icon 128x128 All In One WP Security & Firewall
Version 4.3.9.1
Comparing to
See all releases

Code changes from version 4.3.8.3 to 4.3.9.1

Files changed (22) hide show
  1. admin/general/wp-security-list-table.php +815 -322
  2. admin/wp-security-admin-menu.php +11 -0
  3. admin/wp-security-dashboard-menu.php +11 -10
  4. admin/wp-security-database-menu.php +2 -1
  5. admin/wp-security-list-acct-activity.php +22 -8
  6. admin/wp-security-list-login-fails.php +19 -7
  7. admin/wp-security-list-permanent-blocked-ip.php +20 -8
  8. admin/wp-security-list-registered-users.php +11 -3
  9. admin/wp-security-user-accounts-menu.php +1 -3
  10. admin/wp-security-user-login-menu.php +18 -8
  11. admin/wp-security-user-registration-menu.php +8 -1
  12. classes/wp-security-captcha.php +25 -13
  13. classes/wp-security-general-init-tasks.php +3 -2
  14. classes/wp-security-process-renamed-login-page.php +7 -1
  15. classes/wp-security-utility-file.php +1 -1
  16. classes/wp-security-utility-ip-address.php +3 -1
  17. css/wp-security-admin-styles.css +16 -0
  18. other-includes/wp-security-rename-login-feature-pre-5-2.php +1136 -0
  19. other-includes/wp-security-rename-login-feature.php +1038 -994
  20. readme.txt +12 -2
  21. wp-security-core.php +1 -1
  22. wp-security.php +1 -1
admin/general/wp-security-list-table.php CHANGED
@@ -1,141 +1,298 @@
1
  <?php
 
 
 
 
 
 
 
 
2
  /**
3
  * Base class for displaying a list of items in an ajaxified HTML table.
 
 
 
4
  */
5
  if(!defined('ABSPATH')){
6
  exit;//Exit if accessed directly
7
  }
8
 
9
- class AIOWPSecurity_List_Table
10
- {
11
  /**
12
- * The current list of items
13
  *
14
  * @since 3.1.0
15
  * @var array
16
- * @access protected
17
  */
18
- var $items;
19
 
20
  /**
21
- * Various information about the current table
22
  *
23
  * @since 3.1.0
24
  * @var array
25
- * @access private
26
  */
27
- var $_args;
28
 
29
  /**
30
- * Various information needed for displaying the pagination
31
  *
32
  * @since 3.1.0
33
  * @var array
34
- * @access private
35
  */
36
- var $_pagination_args = array();
37
 
38
  /**
39
- * The current screen
40
  *
41
  * @since 3.1.0
42
  * @var object
43
- * @access protected
44
  */
45
- var $screen;
46
 
47
  /**
48
- * Cached bulk actions
49
  *
50
  * @since 3.1.0
51
  * @var array
52
- * @access private
53
  */
54
- var $_actions;
55
 
56
  /**
57
- * Cached pagination output
58
  *
59
  * @since 3.1.0
60
  * @var string
61
- * @access private
62
  */
63
- var $_pagination;
64
 
65
  /**
66
- * Constructor. The child class should call this constructor from it's own constructor
67
  *
68
- * @param array $args An associative array with information about the current table
69
- * @access protected
70
  */
71
- function __construct( $args = array() ) {
72
- $args = wp_parse_args( $args, array(
73
- 'plural' => '',
74
- 'singular' => '',
75
- 'ajax' => false,
76
- 'screen' => null,
77
- ) );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
78
 
79
  $this->screen = convert_to_screen( $args['screen'] );
80
 
81
- add_filter( "manage_{$this->screen->id}_columns", array( &$this, 'get_columns' ), 0 );
82
 
83
- if ( !$args['plural'] )
84
  $args['plural'] = $this->screen->base;
 
85
 
86
- $args['plural'] = sanitize_key( $args['plural'] );
87
  $args['singular'] = sanitize_key( $args['singular'] );
88
 
89
  $this->_args = $args;
90
 
91
  if ( $args['ajax'] ) {
92
  // wp_enqueue_script( 'list-table' );
93
- add_action( 'admin_footer', array( &$this, '_js_vars' ) );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
94
  }
 
95
  }
96
 
97
  /**
98
  * Checks the current user's permissions
99
- * @uses wp_die()
100
  *
101
  * @since 3.1.0
102
- * @access public
103
  * @abstract
104
  */
105
- function ajax_user_can() {
106
  die( 'function AIOWPSecurity_List_Table::ajax_user_can() must be over-ridden in a sub-class.' );
107
  }
108
 
109
  /**
110
  * Prepares the list of items for displaying.
 
111
  * @uses AIOWPSecurity_List_Table::set_pagination_args()
112
  *
113
  * @since 3.1.0
114
- * @access public
115
  * @abstract
116
  */
117
- function prepare_items() {
118
  die( 'function AIOWPSecurity_List_Table::prepare_items() must be over-ridden in a sub-class.' );
119
  }
120
 
121
  /**
122
  * An internal method that sets all the necessary pagination arguments
123
  *
124
- * @param array $args An associative array with information about the pagination
125
- * @access protected
 
126
  */
127
- function set_pagination_args( $args ) {
128
- $args = wp_parse_args( $args, array(
129
- 'total_items' => 0,
130
- 'total_pages' => 0,
131
- 'per_page' => 0,
132
- ) );
 
 
 
133
 
134
- if ( !$args['total_pages'] && $args['per_page'] > 0 )
135
  $args['total_pages'] = ceil( $args['total_items'] / $args['per_page'] );
 
136
 
137
- // redirect if page number is invalid and headers are not already sent
138
- if ( ! headers_sent() && ( ! defined( 'DOING_AJAX' ) || ! DOING_AJAX ) && $args['total_pages'] > 0 && $this->get_pagenum() > $args['total_pages'] ) {
139
  wp_redirect( add_query_arg( 'paged', $args['total_pages'] ) );
140
  exit;
141
  }
@@ -144,74 +301,78 @@ class AIOWPSecurity_List_Table
144
  }
145
 
146
  /**
147
- * Access the pagination args
148
  *
149
  * @since 3.1.0
150
- * @access public
151
  *
152
- * @param string $key
153
- * @return array
 
154
  */
155
- function get_pagination_arg( $key ) {
156
- if ( 'page' == $key )
157
  return $this->get_pagenum();
 
158
 
159
- if ( isset( $this->_pagination_args[$key] ) )
160
- return $this->_pagination_args[$key];
 
161
  }
162
 
163
  /**
164
  * Whether the table has items to display or not
165
  *
166
  * @since 3.1.0
167
- * @access public
168
  *
169
  * @return bool
170
  */
171
- function has_items() {
172
- return !empty( $this->items );
173
  }
174
 
175
  /**
176
  * Message to be displayed when there are no items
177
  *
178
  * @since 3.1.0
179
- * @access public
180
  */
181
- function no_items() {
182
  _e( 'No items found.' );
183
  }
184
 
185
  /**
186
- * Display the search box.
187
  *
188
  * @since 3.1.0
189
- * @access public
190
  *
191
- * @param string $text The search button text
192
- * @param string $input_id The search input id
193
  */
194
- function search_box( $text, $input_id ) {
195
- if ( empty( $_REQUEST['s'] ) && !$this->has_items() )
196
  return;
 
197
 
198
  $input_id = $input_id . '-search-input';
199
 
200
- if ( ! empty( $_REQUEST['orderby'] ) )
201
  echo '<input type="hidden" name="orderby" value="' . esc_attr( $_REQUEST['orderby'] ) . '" />';
202
- if ( ! empty( $_REQUEST['order'] ) )
 
203
  echo '<input type="hidden" name="order" value="' . esc_attr( $_REQUEST['order'] ) . '" />';
204
- if ( ! empty( $_REQUEST['post_mime_type'] ) )
 
205
  echo '<input type="hidden" name="post_mime_type" value="' . esc_attr( $_REQUEST['post_mime_type'] ) . '" />';
206
- if ( ! empty( $_REQUEST['detached'] ) )
 
207
  echo '<input type="hidden" name="detached" value="' . esc_attr( $_REQUEST['detached'] ) . '" />';
208
- ?>
 
209
  <p class="search-box">
210
- <label class="screen-reader-text" for="<?php echo $input_id ?>"><?php echo $text; ?>:</label>
211
- <input type="search" id="<?php echo $input_id ?>" name="s" value="<?php _admin_search_query(); ?>" />
212
- <?php submit_button( $text, 'button', false, false, array('id' => 'search-submit') ); ?>
213
  </p>
214
- <?php
215
  }
216
 
217
  /**
@@ -219,11 +380,10 @@ class AIOWPSecurity_List_Table
219
  * of views available on this table.
220
  *
221
  * @since 3.1.0
222
- * @access protected
223
  *
224
  * @return array
225
  */
226
- function get_views() {
227
  return array();
228
  }
229
 
@@ -231,21 +391,33 @@ class AIOWPSecurity_List_Table
231
  * Display the list of views available on this table.
232
  *
233
  * @since 3.1.0
234
- * @access public
235
  */
236
- function views() {
237
  $views = $this->get_views();
238
- $views = apply_filters( 'views_' . $this->screen->id, $views );
239
-
240
- if ( empty( $views ) )
 
 
 
 
 
 
 
 
 
 
241
  return;
 
 
 
242
 
243
  echo "<ul class='subsubsub'>\n";
244
  foreach ( $views as $class => $view ) {
245
  $views[ $class ] = "\t<li class='$class'>$view";
246
  }
247
  echo implode( " |</li>\n", $views ) . "</li>\n";
248
- echo "</ul>";
249
  }
250
 
251
  /**
@@ -253,11 +425,10 @@ class AIOWPSecurity_List_Table
253
  * of bulk actions available on this table.
254
  *
255
  * @since 3.1.0
256
- * @access protected
257
  *
258
  * @return array
259
  */
260
- function get_bulk_actions() {
261
  return array();
262
  }
263
 
@@ -265,34 +436,48 @@ class AIOWPSecurity_List_Table
265
  * Display the bulk actions dropdown.
266
  *
267
  * @since 3.1.0
268
- * @access public
 
 
269
  */
270
- function bulk_actions() {
271
  if ( is_null( $this->_actions ) ) {
272
- $no_new_actions = $this->_actions = $this->get_bulk_actions();
273
- // This filter can currently only be used to remove actions.
274
- $this->_actions = apply_filters( 'bulk_actions-' . $this->screen->id, $this->_actions );
275
- $this->_actions = array_intersect_assoc( $this->_actions, $no_new_actions );
276
- $two = '';
 
 
 
 
 
 
 
 
 
 
277
  } else {
278
  $two = '2';
279
  }
280
 
281
- if ( empty( $this->_actions ) )
282
  return;
 
283
 
284
- echo "<select name='action$two'>\n";
285
- echo "<option value='-1' selected='selected'>" . __( 'Bulk Actions' ) . "</option>\n";
 
286
 
287
  foreach ( $this->_actions as $name => $title ) {
288
- $class = 'edit' == $name ? ' class="hide-if-no-js"' : '';
289
 
290
- echo "\t<option value='$name'$class>$title</option>\n";
291
  }
292
 
293
  echo "</select>\n";
294
 
295
- submit_button( __( 'Apply' ), 'action', false, false, array( 'id' => "doaction$two", 'onClick' => 'return confirm("Are you sure you want to perform this bulk operation on the selected entries?")' ) );
296
  echo "\n";
297
  }
298
 
@@ -300,16 +485,21 @@ class AIOWPSecurity_List_Table
300
  * Get the current action selected from the bulk actions dropdown.
301
  *
302
  * @since 3.1.0
303
- * @access public
304
  *
305
- * @return string|bool The action name or False if no action was selected
306
  */
307
- function current_action() {
308
- if ( isset( $_REQUEST['action'] ) && -1 != $_REQUEST['action'] )
 
 
 
 
309
  return $_REQUEST['action'];
 
310
 
311
- if ( isset( $_REQUEST['action2'] ) && -1 != $_REQUEST['action2'] )
312
  return $_REQUEST['action2'];
 
313
 
314
  return false;
315
  }
@@ -318,27 +508,29 @@ class AIOWPSecurity_List_Table
318
  * Generate row actions div
319
  *
320
  * @since 3.1.0
321
- * @access protected
322
  *
323
- * @param array $actions The list of actions
324
- * @param bool $always_visible Whether the actions should be always visible
325
  * @return string
326
  */
327
- function row_actions( $actions, $always_visible = false ) {
328
  $action_count = count( $actions );
329
- $i = 0;
330
 
331
- if ( !$action_count )
332
  return '';
 
333
 
334
- $out = '<div class="' . ( $always_visible ? 'row-actions-visible' : 'row-actions' ) . '">';
335
  foreach ( $actions as $action => $link ) {
336
  ++$i;
337
  ( $i == $action_count ) ? $sep = '' : $sep = ' | ';
338
- $out .= "<span class='$action'>$link$sep</span>";
339
  }
340
  $out .= '</div>';
341
 
 
 
342
  return $out;
343
  }
344
 
@@ -346,106 +538,204 @@ class AIOWPSecurity_List_Table
346
  * Display a monthly dropdown for filtering items
347
  *
348
  * @since 3.1.0
349
- * @access protected
 
 
 
 
350
  */
351
- function months_dropdown( $post_type ) {
352
  global $wpdb, $wp_locale;
353
 
354
- $months = $wpdb->get_results( $wpdb->prepare( "
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
355
  SELECT DISTINCT YEAR( post_date ) AS year, MONTH( post_date ) AS month
356
  FROM $wpdb->posts
357
  WHERE post_type = %s
 
358
  ORDER BY post_date DESC
359
- ", $post_type ) );
 
 
 
 
 
 
 
 
 
 
 
 
 
360
 
361
  $month_count = count( $months );
362
 
363
- if ( !$month_count || ( 1 == $month_count && 0 == $months[0]->month ) )
364
  return;
 
365
 
366
  $m = isset( $_GET['m'] ) ? (int) $_GET['m'] : 0;
367
- ?>
368
- <select name='m'>
369
- <option<?php selected( $m, 0 ); ?> value='0'><?php _e( 'Show all dates' ); ?></option>
370
- <?php
 
371
  foreach ( $months as $arc_row ) {
372
- if ( 0 == $arc_row->year )
373
  continue;
 
374
 
375
  $month = zeroise( $arc_row->month, 2 );
376
- $year = $arc_row->year;
377
 
378
- printf( "<option %s value='%s'>%s</option>\n",
 
379
  selected( $m, $year . $month, false ),
380
  esc_attr( $arc_row->year . $month ),
381
  /* translators: 1: month name, 2: 4-digit year */
382
  sprintf( __( '%1$s %2$d' ), $wp_locale->get_month( $month ), $year )
383
  );
384
  }
385
- ?>
386
  </select>
387
- <?php
388
  }
389
 
390
  /**
391
  * Display a view switcher
392
  *
393
  * @since 3.1.0
394
- * @access protected
 
395
  */
396
- function view_switcher( $current_mode ) {
397
- $modes = array(
398
- 'list' => __( 'List View' ),
399
- 'excerpt' => __( 'Excerpt View' )
400
- );
401
-
402
- ?>
403
  <input type="hidden" name="mode" value="<?php echo esc_attr( $current_mode ); ?>" />
404
  <div class="view-switch">
405
- <?php
406
- foreach ( $modes as $mode => $title ) {
407
- $class = ( $current_mode == $mode ) ? 'class="current"' : '';
408
- echo "<a href='" . esc_url( add_query_arg( 'mode', $mode, $_SERVER['REQUEST_URI'] ) ) . "' $class><img id='view-switch-$mode' src='" . esc_url( includes_url( 'images/blank.gif' ) ) . "' width='20' height='20' title='$title' alt='$title' /></a>\n";
 
409
  }
 
 
 
 
 
 
 
410
  ?>
411
  </div>
412
- <?php
413
  }
414
 
415
  /**
416
  * Display a comment count bubble
417
  *
418
  * @since 3.1.0
419
- * @access protected
420
  *
421
- * @param int $post_id
422
- * @param int $pending_comments
423
  */
424
- function comments_bubble( $post_id, $pending_comments ) {
425
- $pending_phrase = sprintf( __( '%s pending' ), number_format( $pending_comments ) );
 
 
 
426
 
427
- if ( $pending_comments )
428
- echo '<strong>';
 
429
 
430
- echo "<a href='" . esc_url( add_query_arg( 'p', $post_id, admin_url( 'edit-comments.php' ) ) ) . "' title='" . esc_attr( $pending_phrase ) . "' class='post-com-count'><span class='comment-count'>" . number_format_i18n( get_comments_number() ) . "</span></a>";
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
431
 
432
- if ( $pending_comments )
433
- echo '</strong>';
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
434
  }
435
 
436
  /**
437
  * Get the current page number
438
  *
439
  * @since 3.1.0
440
- * @access protected
441
  *
442
  * @return int
443
  */
444
- function get_pagenum() {
445
  $pagenum = isset( $_REQUEST['paged'] ) ? absint( $_REQUEST['paged'] ) : 0;
446
 
447
- if( isset( $this->_pagination_args['total_pages'] ) && $pagenum > $this->_pagination_args['total_pages'] )
448
  $pagenum = $this->_pagination_args['total_pages'];
 
449
 
450
  return max( 1, $pagenum );
451
  }
@@ -454,96 +744,156 @@ class AIOWPSecurity_List_Table
454
  * Get number of items to display on a single page
455
  *
456
  * @since 3.1.0
457
- * @access protected
458
  *
 
 
459
  * @return int
460
  */
461
- function get_items_per_page( $option, $default = 20 ) {
462
  $per_page = (int) get_user_option( $option );
463
- if ( empty( $per_page ) || $per_page < 1 )
464
  $per_page = $default;
 
465
 
466
- return (int) apply_filters( $option, $per_page );
 
 
 
 
 
 
 
 
 
 
 
 
 
467
  }
468
 
469
  /**
470
  * Display the pagination.
471
  *
472
  * @since 3.1.0
473
- * @access protected
 
474
  */
475
- function pagination( $which ) {
476
- if ( empty( $this->_pagination_args ) )
477
  return;
 
478
 
479
- extract( $this->_pagination_args, EXTR_SKIP );
 
 
 
 
 
 
 
 
 
480
 
481
- $output = '<span class="displaying-num">' . sprintf( _n( '1 item', '%s items', $total_items ), number_format_i18n( $total_items ) ) . '</span>';
482
 
483
- $current = $this->get_pagenum();
 
484
 
485
  $current_url = set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
486
 
487
- $current_url = remove_query_arg( array( 'hotkeys_highlight_last', 'hotkeys_highlight_first' ), $current_url );
488
 
489
  $page_links = array();
490
 
491
- $disable_first = $disable_last = '';
492
- if ( $current == 1 )
493
- $disable_first = ' disabled';
494
- if ( $current == $total_pages )
495
- $disable_last = ' disabled';
496
-
497
- $page_links[] = sprintf( "<a class='%s' title='%s' href='%s'>%s</a>",
498
- 'first-page' . $disable_first,
499
- esc_attr__( 'Go to the first page' ),
500
- esc_url( remove_query_arg( 'paged', $current_url ) ),
501
- '&laquo;'
502
- );
503
 
504
- $page_links[] = sprintf( "<a class='%s' title='%s' href='%s'>%s</a>",
505
- 'prev-page' . $disable_first,
506
- esc_attr__( 'Go to the previous page' ),
507
- esc_url( add_query_arg( 'paged', max( 1, $current-1 ), $current_url ) ),
508
- '&lsaquo;'
509
- );
 
 
 
 
 
 
 
 
 
 
510
 
511
- if ( 'bottom' == $which )
512
- $html_current_page = $current;
513
- else
514
- $html_current_page = sprintf( "<input class='current-page' title='%s' type='text' name='paged' value='%s' size='%d' />",
515
- esc_attr__( 'Current page' ),
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
516
  $current,
517
  strlen( $total_pages )
518
  );
519
-
520
  $html_total_pages = sprintf( "<span class='total-pages'>%s</span>", number_format_i18n( $total_pages ) );
521
- $page_links[] = '<span class="paging-input">' . sprintf( _x( '%1$s of %2$s', 'paging' ), $html_current_page, $html_total_pages ) . '</span>';
522
 
523
- $page_links[] = sprintf( "<a class='%s' title='%s' href='%s'>%s</a>",
524
- 'next-page' . $disable_last,
525
- esc_attr__( 'Go to the next page' ),
526
- esc_url( add_query_arg( 'paged', min( $total_pages, $current+1 ), $current_url ) ),
527
- '&rsaquo;'
528
- );
 
 
 
 
529
 
530
- $page_links[] = sprintf( "<a class='%s' title='%s' href='%s'>%s</a>",
531
- 'last-page' . $disable_last,
532
- esc_attr__( 'Go to the last page' ),
533
- esc_url( add_query_arg( 'paged', $total_pages, $current_url ) ),
534
- '&raquo;'
535
- );
 
 
 
 
536
 
537
  $pagination_links_class = 'pagination-links';
538
- if ( ! empty( $infinite_scroll ) )
539
- $pagination_links_class = ' hide-if-js';
 
540
  $output .= "\n<span class='$pagination_links_class'>" . join( "\n", $page_links ) . '</span>';
541
 
542
- if ( $total_pages )
543
  $page_class = $total_pages < 2 ? ' one-page' : '';
544
- else
545
  $page_class = ' no-pages';
546
-
547
  $this->_pagination = "<div class='tablenav-pages{$page_class}'>$output</div>";
548
 
549
  echo $this->_pagination;
@@ -554,12 +904,11 @@ class AIOWPSecurity_List_Table
554
  * 'internal-name' => 'Title'
555
  *
556
  * @since 3.1.0
557
- * @access protected
558
  * @abstract
559
  *
560
  * @return array
561
  */
562
- function get_columns() {
563
  die( 'function AIOWPSecurity_List_Table::get_columns() must be over-ridden in a sub-class.' );
564
  }
565
 
@@ -572,44 +921,139 @@ class AIOWPSecurity_List_Table
572
  * The second format will make the initial sorting order be descending
573
  *
574
  * @since 3.1.0
575
- * @access protected
576
  *
577
  * @return array
578
  */
579
- function get_sortable_columns() {
580
  return array();
581
  }
582
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
583
  /**
584
  * Get a list of all, hidden and sortable columns, with filter applied
585
  *
586
  * @since 3.1.0
587
- * @access protected
588
  *
589
  * @return array
590
  */
591
- function get_column_info() {
592
- if ( isset( $this->_column_headers ) )
593
- return $this->_column_headers;
 
 
 
 
 
 
594
 
595
- $columns = get_column_headers( $this->screen );
596
- $hidden = get_hidden_columns( $this->screen );
597
 
598
- $_sortable = apply_filters( "manage_{$this->screen->id}_sortable_columns", $this->get_sortable_columns() );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
599
 
600
  $sortable = array();
601
  foreach ( $_sortable as $id => $data ) {
602
- if ( empty( $data ) )
603
  continue;
 
604
 
605
  $data = (array) $data;
606
- if ( !isset( $data[1] ) )
607
  $data[1] = false;
 
608
 
609
- $sortable[$id] = $data;
610
  }
611
 
612
- $this->_column_headers = array( $columns, $hidden, $sortable );
 
613
 
614
  return $this->_column_headers;
615
  }
@@ -618,13 +1062,12 @@ class AIOWPSecurity_List_Table
618
  * Return number of visible columns
619
  *
620
  * @since 3.1.0
621
- * @access public
622
  *
623
  * @return int
624
  */
625
- function get_column_count() {
626
  list ( $columns, $hidden ) = $this->get_column_info();
627
- $hidden = array_intersect( array_keys( $columns ), array_filter( $hidden ) );
628
  return count( $columns ) - count( $hidden );
629
  }
630
 
@@ -632,29 +1075,32 @@ class AIOWPSecurity_List_Table
632
  * Print column headers, accounting for hidden and sortable columns.
633
  *
634
  * @since 3.1.0
635
- * @access protected
 
636
  *
637
  * @param bool $with_id Whether to set the id attribute or not
638
  */
639
- function print_column_headers( $with_id = true ) {
640
- list( $columns, $hidden, $sortable ) = $this->get_column_info();
641
 
642
  $current_url = set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
643
  $current_url = remove_query_arg( 'paged', $current_url );
644
 
645
- if ( isset( $_GET['orderby'] ) )
646
  $current_orderby = $_GET['orderby'];
647
- else
648
  $current_orderby = '';
 
649
 
650
- if ( isset( $_GET['order'] ) && 'desc' == $_GET['order'] )
651
  $current_order = 'desc';
652
- else
653
  $current_order = 'asc';
 
654
 
655
  if ( ! empty( $columns['cb'] ) ) {
656
  static $cb_counter = 1;
657
- $columns['cb'] = '<label class="screen-reader-text" for="cb-select-all-' . $cb_counter . '">' . __( 'Select All' ) . '</label>'
658
  . '<input id="cb-select-all-' . $cb_counter . '" type="checkbox" />';
659
  $cb_counter++;
660
  }
@@ -662,26 +1108,29 @@ class AIOWPSecurity_List_Table
662
  foreach ( $columns as $column_key => $column_display_name ) {
663
  $class = array( 'manage-column', "column-$column_key" );
664
 
665
- $style = '';
666
- if ( in_array( $column_key, $hidden ) )
667
- $style = 'display:none;';
668
-
669
- $style = ' style="' . $style . '"';
670
 
671
- if ( 'cb' == $column_key )
672
  $class[] = 'check-column';
673
- elseif ( in_array( $column_key, array( 'posts', 'comments', 'links' ) ) )
674
  $class[] = 'num';
 
 
 
 
 
675
 
676
- if ( isset( $sortable[$column_key] ) ) {
677
- list( $orderby, $desc_first ) = $sortable[$column_key];
678
 
679
- if ( $current_orderby == $orderby ) {
680
- $order = 'asc' == $current_order ? 'desc' : 'asc';
681
  $class[] = 'sorted';
682
  $class[] = $current_order;
683
  } else {
684
- $order = $desc_first ? 'desc' : 'asc';
685
  $class[] = 'sortable';
686
  $class[] = $desc_first ? 'asc' : 'desc';
687
  }
@@ -689,12 +1138,15 @@ class AIOWPSecurity_List_Table
689
  $column_display_name = '<a href="' . esc_url( add_query_arg( compact( 'orderby', 'order' ), $current_url ) ) . '"><span>' . $column_display_name . '</span><span class="sorting-indicator"></span></a>';
690
  }
691
 
692
- $id = $with_id ? "id='$column_key'" : '';
 
 
693
 
694
- if ( !empty( $class ) )
695
  $class = "class='" . join( ' ', $class ) . "'";
 
696
 
697
- echo "<th scope='col' $id $class $style>$column_display_name</th>";
698
  }
699
  }
700
 
@@ -702,91 +1154,99 @@ class AIOWPSecurity_List_Table
702
  * Display the table
703
  *
704
  * @since 3.1.0
705
- * @access public
706
  */
707
- function display() {
708
- extract( $this->_args );
709
 
710
  $this->display_tablenav( 'top' );
711
 
712
- ?>
713
- <table class="wp-list-table <?php echo implode( ' ', $this->get_table_classes() ); ?>" cellspacing="0">
 
714
  <thead>
715
  <tr>
716
  <?php $this->print_column_headers(); ?>
717
  </tr>
718
  </thead>
719
 
 
 
 
 
 
 
 
 
 
 
720
  <tfoot>
721
  <tr>
722
  <?php $this->print_column_headers( false ); ?>
723
  </tr>
724
  </tfoot>
725
 
726
- <tbody id="the-list"<?php if ( $singular ) echo " data-wp-lists='list:$singular'"; ?>>
727
- <?php $this->display_rows_or_placeholder(); ?>
728
- </tbody>
729
  </table>
730
- <?php
731
  $this->display_tablenav( 'bottom' );
732
  }
733
 
734
  /**
735
- * Get a list of CSS classes for the <table> tag
736
  *
737
  * @since 3.1.0
738
- * @access protected
739
  *
740
- * @return array
741
  */
742
- function get_table_classes() {
743
- return array( 'widefat', 'fixed', $this->_args['plural'] );
744
  }
745
 
746
  /**
747
  * Generate the table navigation above or below the table
748
  *
749
  * @since 3.1.0
750
- * @access protected
751
  */
752
- function display_tablenav( $which ) {
753
- if ( 'top' == $which )
754
  wp_nonce_field( 'bulk-' . $this->_args['plural'] );
755
- ?>
 
756
  <div class="tablenav <?php echo esc_attr( $which ); ?>">
757
 
758
- <div class="alignleft actions">
759
- <?php $this->bulk_actions(); ?>
 
760
  </div>
761
- <?php
 
762
  $this->extra_tablenav( $which );
763
  $this->pagination( $which );
764
- ?>
765
 
766
  <br class="clear" />
767
  </div>
768
- <?php
769
  }
770
 
771
  /**
772
  * Extra controls to be displayed between bulk actions and pagination
773
  *
774
  * @since 3.1.0
775
- * @access protected
 
776
  */
777
- function extra_tablenav( $which ) {}
778
 
779
  /**
780
- * Generate the <tbody> part of the table
781
  *
782
  * @since 3.1.0
783
- * @access protected
784
  */
785
- function display_rows_or_placeholder() {
786
  if ( $this->has_items() ) {
787
  $this->display_rows();
788
  } else {
789
- list( $columns, $hidden ) = $this->get_column_info();
790
  echo '<tr class="no-items"><td class="colspanchange" colspan="' . $this->get_column_count() . '">';
791
  $this->no_items();
792
  echo '</td></tr>';
@@ -797,115 +1257,148 @@ class AIOWPSecurity_List_Table
797
  * Generate the table rows
798
  *
799
  * @since 3.1.0
800
- * @access protected
801
  */
802
- function display_rows() {
803
- foreach ( $this->items as $item )
804
  $this->single_row( $item );
 
805
  }
806
 
807
  /**
808
  * Generates content for a single row of the table
809
  *
810
  * @since 3.1.0
811
- * @access protected
812
  *
813
  * @param object $item The current item
814
  */
815
- function single_row( $item ) {
816
- static $row_class = '';
817
- $row_class = ( $row_class == '' ? ' class="alternate"' : '' );
818
-
819
- echo '<tr' . $row_class . '>';
820
- echo $this->single_row_columns( $item );
821
  echo '</tr>';
822
  }
823
 
 
 
 
 
 
 
 
 
 
 
 
824
  /**
825
  * Generates the columns for a single row of the table
826
  *
827
  * @since 3.1.0
828
- * @access protected
829
  *
830
  * @param object $item The current item
831
  */
832
- function single_row_columns( $item ) {
833
- list( $columns, $hidden ) = $this->get_column_info();
834
 
835
  foreach ( $columns as $column_name => $column_display_name ) {
836
- $class = "class='$column_name column-$column_name'";
 
 
 
 
 
 
 
837
 
838
- $style = '';
839
- if ( in_array( $column_name, $hidden ) )
840
- $style = ' style="display:none;"';
841
 
842
- $attributes = "$class$style";
843
 
844
- if ( 'cb' == $column_name ) {
845
  echo '<th scope="row" class="check-column">';
846
  echo $this->column_cb( $item );
847
  echo '</th>';
848
- }
849
- elseif ( method_exists( $this, 'column_' . $column_name ) ) {
 
 
 
 
 
 
 
850
  echo "<td $attributes>";
851
- echo call_user_func( array( &$this, 'column_' . $column_name ), $item );
852
- echo "</td>";
853
- }
854
- else {
855
  echo "<td $attributes>";
856
  echo $this->column_default( $item, $column_name );
857
- echo "</td>";
 
858
  }
859
  }
860
  }
861
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
862
  /**
863
  * Handle an incoming ajax request (called from admin-ajax.php)
864
  *
865
  * @since 3.1.0
866
- * @access public
867
  */
868
- function ajax_response() {
869
  $this->prepare_items();
870
 
871
- extract( $this->_args );
872
- extract( $this->_pagination_args, EXTR_SKIP );
873
-
874
  ob_start();
875
- if ( ! empty( $_REQUEST['no_placeholder'] ) )
876
  $this->display_rows();
877
- else
878
  $this->display_rows_or_placeholder();
 
879
 
880
  $rows = ob_get_clean();
881
 
882
  $response = array( 'rows' => $rows );
883
 
884
- if ( isset( $total_items ) )
885
- $response['total_items_i18n'] = sprintf( _n( '1 item', '%s items', $total_items ), number_format_i18n( $total_items ) );
886
-
887
- if ( isset( $total_pages ) ) {
888
- $response['total_pages'] = $total_pages;
889
- $response['total_pages_i18n'] = number_format_i18n( $total_pages );
 
 
 
890
  }
891
 
892
- die( json_encode( $response ) );
893
  }
894
 
895
  /**
896
  * Send required variables to JavaScript land
897
- *
898
- * @access private
899
  */
900
- function _js_vars() {
901
  $args = array(
902
  'class' => get_class( $this ),
903
  'screen' => array(
904
  'id' => $this->screen->id,
905
  'base' => $this->screen->base,
906
- )
907
  );
908
 
909
- printf( "<script type='text/javascript'>list_args = %s;</script>\n", json_encode( $args ) );
910
  }
911
  }
1
  <?php
2
+ /**
3
+ * Administration API: AIOWPSecurity_List_Table class
4
+ * Copied from:
5
+ * @package WordPress
6
+ * @subpackage List_Table
7
+ * @since 3.1.0
8
+ */
9
+
10
  /**
11
  * Base class for displaying a list of items in an ajaxified HTML table.
12
+ *
13
+ * @since 3.1.0
14
+ * @access private
15
  */
16
  if(!defined('ABSPATH')){
17
  exit;//Exit if accessed directly
18
  }
19
 
20
+ class AIOWPSecurity_List_Table {
21
+
22
  /**
23
+ * The current list of items.
24
  *
25
  * @since 3.1.0
26
  * @var array
 
27
  */
28
+ public $items;
29
 
30
  /**
31
+ * Various information about the current table.
32
  *
33
  * @since 3.1.0
34
  * @var array
 
35
  */
36
+ protected $_args;
37
 
38
  /**
39
+ * Various information needed for displaying the pagination.
40
  *
41
  * @since 3.1.0
42
  * @var array
 
43
  */
44
+ protected $_pagination_args = array();
45
 
46
  /**
47
+ * The current screen.
48
  *
49
  * @since 3.1.0
50
  * @var object
 
51
  */
52
+ protected $screen;
53
 
54
  /**
55
+ * Cached bulk actions.
56
  *
57
  * @since 3.1.0
58
  * @var array
 
59
  */
60
+ private $_actions;
61
 
62
  /**
63
+ * Cached pagination output.
64
  *
65
  * @since 3.1.0
66
  * @var string
 
67
  */
68
+ private $_pagination;
69
 
70
  /**
71
+ * The view switcher modes.
72
  *
73
+ * @since 4.1.0
74
+ * @var array
75
  */
76
+ protected $modes = array();
77
+
78
+ /**
79
+ * Stores the value returned by ->get_column_info().
80
+ *
81
+ * @since 4.1.0
82
+ * @var array
83
+ */
84
+ protected $_column_headers;
85
+
86
+ /**
87
+ * {@internal Missing Summary}
88
+ *
89
+ * @var array
90
+ */
91
+ protected $compat_fields = array( '_args', '_pagination_args', 'screen', '_actions', '_pagination' );
92
+
93
+ /**
94
+ * {@internal Missing Summary}
95
+ *
96
+ * @var array
97
+ */
98
+ protected $compat_methods = array(
99
+ 'set_pagination_args',
100
+ 'get_views',
101
+ 'get_bulk_actions',
102
+ 'bulk_actions',
103
+ 'row_actions',
104
+ 'months_dropdown',
105
+ 'view_switcher',
106
+ 'comments_bubble',
107
+ 'get_items_per_page',
108
+ 'pagination',
109
+ 'get_sortable_columns',
110
+ 'get_column_info',
111
+ 'get_table_classes',
112
+ 'display_tablenav',
113
+ 'extra_tablenav',
114
+ 'single_row_columns',
115
+ );
116
+
117
+ /**
118
+ * Constructor.
119
+ *
120
+ * The child class should call this constructor from its own constructor to override
121
+ * the default $args.
122
+ *
123
+ * @since 3.1.0
124
+ *
125
+ * @param array|string $args {
126
+ * Array or string of arguments.
127
+ *
128
+ * @type string $plural Plural value used for labels and the objects being listed.
129
+ * This affects things such as CSS class-names and nonces used
130
+ * in the list table, e.g. 'posts'. Default empty.
131
+ * @type string $singular Singular label for an object being listed, e.g. 'post'.
132
+ * Default empty
133
+ * @type bool $ajax Whether the list table supports Ajax. This includes loading
134
+ * and sorting data, for example. If true, the class will call
135
+ * the _js_vars() method in the footer to provide variables
136
+ * to any scripts handling Ajax events. Default false.
137
+ * @type string $screen String containing the hook name used to determine the current
138
+ * screen. If left null, the current screen will be automatically set.
139
+ * Default null.
140
+ * }
141
+ */
142
+ public function __construct( $args = array() ) {
143
+ $args = wp_parse_args(
144
+ $args,
145
+ array(
146
+ 'plural' => '',
147
+ 'singular' => '',
148
+ 'ajax' => false,
149
+ 'screen' => null,
150
+ )
151
+ );
152
 
153
  $this->screen = convert_to_screen( $args['screen'] );
154
 
155
+ add_filter( "manage_{$this->screen->id}_columns", array( $this, 'get_columns' ), 0 );
156
 
157
+ if ( ! $args['plural'] ) {
158
  $args['plural'] = $this->screen->base;
159
+ }
160
 
161
+ $args['plural'] = sanitize_key( $args['plural'] );
162
  $args['singular'] = sanitize_key( $args['singular'] );
163
 
164
  $this->_args = $args;
165
 
166
  if ( $args['ajax'] ) {
167
  // wp_enqueue_script( 'list-table' );
168
+ add_action( 'admin_footer', array( $this, '_js_vars' ) );
169
+ }
170
+
171
+ if ( empty( $this->modes ) ) {
172
+ $this->modes = array(
173
+ 'list' => __( 'List View' ),
174
+ 'excerpt' => __( 'Excerpt View' ),
175
+ );
176
+ }
177
+ }
178
+
179
+ /**
180
+ * Make private properties readable for backward compatibility.
181
+ *
182
+ * @since 4.0.0
183
+ *
184
+ * @param string $name Property to get.
185
+ * @return mixed Property.
186
+ */
187
+ public function __get( $name ) {
188
+ if ( in_array( $name, $this->compat_fields ) ) {
189
+ return $this->$name;
190
+ }
191
+ }
192
+
193
+ /**
194
+ * Make private properties settable for backward compatibility.
195
+ *
196
+ * @since 4.0.0
197
+ *
198
+ * @param string $name Property to check if set.
199
+ * @param mixed $value Property value.
200
+ * @return mixed Newly-set property.
201
+ */
202
+ public function __set( $name, $value ) {
203
+ if ( in_array( $name, $this->compat_fields ) ) {
204
+ return $this->$name = $value;
205
+ }
206
+ }
207
+
208
+ /**
209
+ * Make private properties checkable for backward compatibility.
210
+ *
211
+ * @since 4.0.0
212
+ *
213
+ * @param string $name Property to check if set.
214
+ * @return bool Whether the property is set.
215
+ */
216
+ public function __isset( $name ) {
217
+ if ( in_array( $name, $this->compat_fields ) ) {
218
+ return isset( $this->$name );
219
+ }
220
+ }
221
+
222
+ /**
223
+ * Make private properties un-settable for backward compatibility.
224
+ *
225
+ * @since 4.0.0
226
+ *
227
+ * @param string $name Property to unset.
228
+ */
229
+ public function __unset( $name ) {
230
+ if ( in_array( $name, $this->compat_fields ) ) {
231
+ unset( $this->$name );
232
+ }
233
+ }
234
+
235
+ /**
236
+ * Make private/protected methods readable for backward compatibility.
237
+ *
238
+ * @since 4.0.0
239
+ *
240
+ * @param string $name Method to call.
241
+ * @param array $arguments Arguments to pass when calling.
242
+ * @return mixed|bool Return value of the callback, false otherwise.
243
+ */
244
+ public function __call( $name, $arguments ) {
245
+ if ( in_array( $name, $this->compat_methods ) ) {
246
+ return call_user_func_array( array( $this, $name ), $arguments );
247
  }
248
+ return false;
249
  }
250
 
251
  /**
252
  * Checks the current user's permissions
 
253
  *
254
  * @since 3.1.0
 
255
  * @abstract
256
  */
257
+ public function ajax_user_can() {
258
  die( 'function AIOWPSecurity_List_Table::ajax_user_can() must be over-ridden in a sub-class.' );
259
  }
260
 
261
  /**
262
  * Prepares the list of items for displaying.
263
+ *
264
  * @uses AIOWPSecurity_List_Table::set_pagination_args()
265
  *
266
  * @since 3.1.0
 
267
  * @abstract
268
  */
269
+ public function prepare_items() {
270
  die( 'function AIOWPSecurity_List_Table::prepare_items() must be over-ridden in a sub-class.' );
271
  }
272
 
273
  /**
274
  * An internal method that sets all the necessary pagination arguments
275
  *
276
+ * @since 3.1.0
277
+ *
278
+ * @param array|string $args Array or string of arguments with information about the pagination.
279
  */
280
+ protected function set_pagination_args( $args ) {
281
+ $args = wp_parse_args(
282
+ $args,
283
+ array(
284
+ 'total_items' => 0,
285
+ 'total_pages' => 0,
286
+ 'per_page' => 0,
287
+ )
288
+ );
289
 
290
+ if ( ! $args['total_pages'] && $args['per_page'] > 0 ) {
291
  $args['total_pages'] = ceil( $args['total_items'] / $args['per_page'] );
292
+ }
293
 
294
+ // Redirect if page number is invalid and headers are not already sent.
295
+ if ( ! headers_sent() && ! wp_doing_ajax() && $args['total_pages'] > 0 && $this->get_pagenum() > $args['total_pages'] ) {
296
  wp_redirect( add_query_arg( 'paged', $args['total_pages'] ) );
297
  exit;
298
  }
301
  }
302
 
303
  /**
304
+ * Access the pagination args.
305
  *
306
  * @since 3.1.0
 
307
  *
308
+ * @param string $key Pagination argument to retrieve. Common values include 'total_items',
309
+ * 'total_pages', 'per_page', or 'infinite_scroll'.
310
+ * @return int Number of items that correspond to the given pagination argument.
311
  */
312
+ public function get_pagination_arg( $key ) {
313
+ if ( 'page' === $key ) {
314
  return $this->get_pagenum();
315
+ }
316
 
317
+ if ( isset( $this->_pagination_args[ $key ] ) ) {
318
+ return $this->_pagination_args[ $key ];
319
+ }
320
  }
321
 
322
  /**
323
  * Whether the table has items to display or not
324
  *
325
  * @since 3.1.0
 
326
  *
327
  * @return bool
328
  */
329
+ public function has_items() {
330
+ return ! empty( $this->items );
331
  }
332
 
333
  /**
334
  * Message to be displayed when there are no items
335
  *
336
  * @since 3.1.0
 
337
  */
338
+ public function no_items() {
339
  _e( 'No items found.' );
340
  }
341
 
342
  /**
343
+ * Displays the search box.
344
  *
345
  * @since 3.1.0
 
346
  *
347
+ * @param string $text The 'submit' button label.
348
+ * @param string $input_id ID attribute value for the search input field.
349
  */
350
+ public function search_box( $text, $input_id ) {
351
+ if ( empty( $_REQUEST['s'] ) && ! $this->has_items() ) {
352
  return;
353
+ }
354
 
355
  $input_id = $input_id . '-search-input';
356
 
357
+ if ( ! empty( $_REQUEST['orderby'] ) ) {
358
  echo '<input type="hidden" name="orderby" value="' . esc_attr( $_REQUEST['orderby'] ) . '" />';
359
+ }
360
+ if ( ! empty( $_REQUEST['order'] ) ) {
361
  echo '<input type="hidden" name="order" value="' . esc_attr( $_REQUEST['order'] ) . '" />';
362
+ }
363
+ if ( ! empty( $_REQUEST['post_mime_type'] ) ) {
364
  echo '<input type="hidden" name="post_mime_type" value="' . esc_attr( $_REQUEST['post_mime_type'] ) . '" />';
365
+ }
366
+ if ( ! empty( $_REQUEST['detached'] ) ) {
367
  echo '<input type="hidden" name="detached" value="' . esc_attr( $_REQUEST['detached'] ) . '" />';
368
+ }
369
+ ?>
370
  <p class="search-box">
371
+ <label class="screen-reader-text" for="<?php echo esc_attr( $input_id ); ?>"><?php echo $text; ?>:</label>
372
+ <input type="search" id="<?php echo esc_attr( $input_id ); ?>" name="s" value="<?php _admin_search_query(); ?>" />
373
+ <?php submit_button( $text, '', '', false, array( 'id' => 'search-submit' ) ); ?>
374
  </p>
375
+ <?php
376
  }
377
 
378
  /**
380
  * of views available on this table.
381
  *
382
  * @since 3.1.0
 
383
  *
384
  * @return array
385
  */
386
+ protected function get_views() {
387
  return array();
388
  }
389
 
391
  * Display the list of views available on this table.
392
  *
393
  * @since 3.1.0
 
394
  */
395
+ public function views() {
396
  $views = $this->get_views();
397
+ /**
398
+ * Filters the list of available list table views.
399
+ *
400
+ * The dynamic portion of the hook name, `$this->screen->id`, refers
401
+ * to the ID of the current screen, usually a string.
402
+ *
403
+ * @since 3.5.0
404
+ *
405
+ * @param string[] $views An array of available list table views.
406
+ */
407
+ $views = apply_filters( "views_{$this->screen->id}", $views );
408
+
409
+ if ( empty( $views ) ) {
410
  return;
411
+ }
412
+
413
+ $this->screen->render_screen_reader_content( 'heading_views' );
414
 
415
  echo "<ul class='subsubsub'>\n";
416
  foreach ( $views as $class => $view ) {
417
  $views[ $class ] = "\t<li class='$class'>$view";
418
  }
419
  echo implode( " |</li>\n", $views ) . "</li>\n";
420
+ echo '</ul>';
421
  }
422
 
423
  /**
425
  * of bulk actions available on this table.
426
  *
427
  * @since 3.1.0
 
428
  *
429
  * @return array
430
  */
431
+ protected function get_bulk_actions() {
432
  return array();
433
  }
434
 
436
  * Display the bulk actions dropdown.
437
  *
438
  * @since 3.1.0
439
+ *
440
+ * @param string $which The location of the bulk actions: 'top' or 'bottom'.
441
+ * This is designated as optional for backward compatibility.
442
  */
443
+ protected function bulk_actions( $which = '' ) {
444
  if ( is_null( $this->_actions ) ) {
445
+ $this->_actions = $this->get_bulk_actions();
446
+ /**
447
+ * Filters the list table Bulk Actions drop-down.
448
+ *
449
+ * The dynamic portion of the hook name, `$this->screen->id`, refers
450
+ * to the ID of the current screen, usually a string.
451
+ *
452
+ * This filter can currently only be used to remove bulk actions.
453
+ *
454
+ * @since 3.5.0
455
+ *
456
+ * @param string[] $actions An array of the available bulk actions.
457
+ */
458
+ $this->_actions = apply_filters( "bulk_actions-{$this->screen->id}", $this->_actions );
459
+ $two = '';
460
  } else {
461
  $two = '2';
462
  }
463
 
464
+ if ( empty( $this->_actions ) ) {
465
  return;
466
+ }
467
 
468
+ echo '<label for="bulk-action-selector-' . esc_attr( $which ) . '" class="screen-reader-text">' . __( 'Select bulk action' ) . '</label>';
469
+ echo '<select name="action' . $two . '" id="bulk-action-selector-' . esc_attr( $which ) . "\">\n";
470
+ echo '<option value="-1">' . __( 'Bulk Actions' ) . "</option>\n";
471
 
472
  foreach ( $this->_actions as $name => $title ) {
473
+ $class = 'edit' === $name ? ' class="hide-if-no-js"' : '';
474
 
475
+ echo "\t" . '<option value="' . $name . '"' . $class . '>' . $title . "</option>\n";
476
  }
477
 
478
  echo "</select>\n";
479
 
480
+ submit_button( __( 'Apply' ), 'action', '', false, array( 'id' => "doaction$two", 'onclick' => "return confirm('Are you sure you want to perform this bulk action?')" ) );
481
  echo "\n";
482
  }
483
 
485
  * Get the current action selected from the bulk actions dropdown.
486
  *
487
  * @since 3.1.0
 
488
  *
489
+ * @return string|false The action name or False if no action was selected
490
  */
491
+ public function current_action() {
492
+ if ( isset( $_REQUEST['filter_action'] ) && ! empty( $_REQUEST['filter_action'] ) ) {
493
+ return false;
494
+ }
495
+
496
+ if ( isset( $_REQUEST['action'] ) && -1 != $_REQUEST['action'] ) {
497
  return $_REQUEST['action'];
498
+ }
499
 
500
+ if ( isset( $_REQUEST['action2'] ) && -1 != $_REQUEST['action2'] ) {
501
  return $_REQUEST['action2'];
502
+ }
503
 
504
  return false;
505
  }
508
  * Generate row actions div
509
  *
510
  * @since 3.1.0
 
511
  *
512
+ * @param string[] $actions An array of action links.
513
+ * @param bool $always_visible Whether the actions should be always visible.
514
  * @return string
515
  */
516
+ protected function row_actions( $actions, $always_visible = false ) {
517
  $action_count = count( $actions );
518
+ $i = 0;
519
 
520
+ if ( ! $action_count ) {
521
  return '';
522
+ }
523
 
524
+ $out = '<div class="' . ( $always_visible ? 'row-actions visible' : 'row-actions' ) . '">';
525
  foreach ( $actions as $action => $link ) {
526
  ++$i;
527
  ( $i == $action_count ) ? $sep = '' : $sep = ' | ';
528
+ $out .= "<span class='$action'>$link$sep</span>";
529
  }
530
  $out .= '</div>';
531
 
532
+ $out .= '<button type="button" class="toggle-row"><span class="screen-reader-text">' . __( 'Show more details' ) . '</span></button>';
533
+
534
  return $out;
535
  }
536
 
538
  * Display a monthly dropdown for filtering items
539
  *
540
  * @since 3.1.0
541
+ *
542
+ * @global wpdb $wpdb
543
+ * @global WP_Locale $wp_locale
544
+ *
545
+ * @param string $post_type
546
  */
547
+ protected function months_dropdown( $post_type ) {
548
  global $wpdb, $wp_locale;
549
 
550
+ /**
551
+ * Filters whether to remove the 'Months' drop-down from the post list table.
552
+ *
553
+ * @since 4.2.0
554
+ *
555
+ * @param bool $disable Whether to disable the drop-down. Default false.
556
+ * @param string $post_type The post type.
557
+ */
558
+ if ( apply_filters( 'disable_months_dropdown', false, $post_type ) ) {
559
+ return;
560
+ }
561
+
562
+ $extra_checks = "AND post_status != 'auto-draft'";
563
+ if ( ! isset( $_GET['post_status'] ) || 'trash' !== $_GET['post_status'] ) {
564
+ $extra_checks .= " AND post_status != 'trash'";
565
+ } elseif ( isset( $_GET['post_status'] ) ) {
566
+ $extra_checks = $wpdb->prepare( ' AND post_status = %s', $_GET['post_status'] );
567
+ }
568
+
569
+ $months = $wpdb->get_results(
570
+ $wpdb->prepare(
571
+ "
572
  SELECT DISTINCT YEAR( post_date ) AS year, MONTH( post_date ) AS month
573
  FROM $wpdb->posts
574
  WHERE post_type = %s
575
+ $extra_checks
576
  ORDER BY post_date DESC
577
+ ",
578
+ $post_type
579
+ )
580
+ );
581
+
582
+ /**
583
+ * Filters the 'Months' drop-down results.
584
+ *
585
+ * @since 3.7.0
586
+ *
587
+ * @param object $months The months drop-down query results.
588
+ * @param string $post_type The post type.
589
+ */
590
+ $months = apply_filters( 'months_dropdown_results', $months, $post_type );
591
 
592
  $month_count = count( $months );
593
 
594
+ if ( ! $month_count || ( 1 == $month_count && 0 == $months[0]->month ) ) {
595
  return;
596
+ }
597
 
598
  $m = isset( $_GET['m'] ) ? (int) $_GET['m'] : 0;
599
+ ?>
600
+ <label for="filter-by-date" class="screen-reader-text"><?php _e( 'Filter by date' ); ?></label>
601
+ <select name="m" id="filter-by-date">
602
+ <option<?php selected( $m, 0 ); ?> value="0"><?php _e( 'All dates' ); ?></option>
603
+ <?php
604
  foreach ( $months as $arc_row ) {
605
+ if ( 0 == $arc_row->year ) {
606
  continue;
607
+ }
608
 
609
  $month = zeroise( $arc_row->month, 2 );
610
+ $year = $arc_row->year;
611
 
612
+ printf(
613
+ "<option %s value='%s'>%s</option>\n",
614
  selected( $m, $year . $month, false ),
615
  esc_attr( $arc_row->year . $month ),
616
  /* translators: 1: month name, 2: 4-digit year */
617
  sprintf( __( '%1$s %2$d' ), $wp_locale->get_month( $month ), $year )
618
  );
619
  }
620
+ ?>
621
  </select>
622
+ <?php
623
  }
624
 
625
  /**
626
  * Display a view switcher
627
  *
628
  * @since 3.1.0
629
+ *
630
+ * @param string $current_mode
631
  */
632
+ protected function view_switcher( $current_mode ) {
633
+ ?>
 
 
 
 
 
634
  <input type="hidden" name="mode" value="<?php echo esc_attr( $current_mode ); ?>" />
635
  <div class="view-switch">
636
+ <?php
637
+ foreach ( $this->modes as $mode => $title ) {
638
+ $classes = array( 'view-' . $mode );
639
+ if ( $current_mode === $mode ) {
640
+ $classes[] = 'current';
641
  }
642
+ printf(
643
+ "<a href='%s' class='%s' id='view-switch-$mode'><span class='screen-reader-text'>%s</span></a>\n",
644
+ esc_url( add_query_arg( 'mode', $mode ) ),
645
+ implode( ' ', $classes ),
646
+ $title
647
+ );
648
+ }
649
  ?>
650
  </div>
651
+ <?php
652
  }
653
 
654
  /**
655
  * Display a comment count bubble
656
  *
657
  * @since 3.1.0
 
658
  *
659
+ * @param int $post_id The post ID.
660
+ * @param int $pending_comments Number of pending comments.
661
  */
662
+ protected function comments_bubble( $post_id, $pending_comments ) {
663
+ $approved_comments = get_comments_number();
664
+
665
+ $approved_comments_number = number_format_i18n( $approved_comments );
666
+ $pending_comments_number = number_format_i18n( $pending_comments );
667
 
668
+ $approved_only_phrase = sprintf( _n( '%s comment', '%s comments', $approved_comments ), $approved_comments_number );
669
+ $approved_phrase = sprintf( _n( '%s approved comment', '%s approved comments', $approved_comments ), $approved_comments_number );
670
+ $pending_phrase = sprintf( _n( '%s pending comment', '%s pending comments', $pending_comments ), $pending_comments_number );
671
 
672
+ // No comments at all.
673
+ if ( ! $approved_comments && ! $pending_comments ) {
674
+ printf(
675
+ '<span aria-hidden="true">&#8212;</span><span class="screen-reader-text">%s</span>',
676
+ __( 'No comments' )
677
+ );
678
+ // Approved comments have different display depending on some conditions.
679
+ } elseif ( $approved_comments ) {
680
+ printf(
681
+ '<a href="%s" class="post-com-count post-com-count-approved"><span class="comment-count-approved" aria-hidden="true">%s</span><span class="screen-reader-text">%s</span></a>',
682
+ esc_url(
683
+ add_query_arg(
684
+ array(
685
+ 'p' => $post_id,
686
+ 'comment_status' => 'approved',
687
+ ),
688
+ admin_url( 'edit-comments.php' )
689
+ )
690
+ ),
691
+ $approved_comments_number,
692
+ $pending_comments ? $approved_phrase : $approved_only_phrase
693
+ );
694
+ } else {
695
+ printf(
696
+ '<span class="post-com-count post-com-count-no-comments"><span class="comment-count comment-count-no-comments" aria-hidden="true">%s</span><span class="screen-reader-text">%s</span></span>',
697
+ $approved_comments_number,
698
+ $pending_comments ? __( 'No approved comments' ) : __( 'No comments' )
699
+ );
700
+ }
701
 
702
+ if ( $pending_comments ) {
703
+ printf(
704
+ '<a href="%s" class="post-com-count post-com-count-pending"><span class="comment-count-pending" aria-hidden="true">%s</span><span class="screen-reader-text">%s</span></a>',
705
+ esc_url(
706
+ add_query_arg(
707
+ array(
708
+ 'p' => $post_id,
709
+ 'comment_status' => 'moderated',
710
+ ),
711
+ admin_url( 'edit-comments.php' )
712
+ )
713
+ ),
714
+ $pending_comments_number,
715
+ $pending_phrase
716
+ );
717
+ } else {
718
+ printf(
719
+ '<span class="post-com-count post-com-count-pending post-com-count-no-pending"><span class="comment-count comment-count-no-pending" aria-hidden="true">%s</span><span class="screen-reader-text">%s</span></span>',
720
+ $pending_comments_number,
721
+ $approved_comments ? __( 'No pending comments' ) : __( 'No comments' )
722
+ );
723
+ }
724
  }
725
 
726
  /**
727
  * Get the current page number
728
  *
729
  * @since 3.1.0
 
730
  *
731
  * @return int
732
  */
733
+ public function get_pagenum() {
734
  $pagenum = isset( $_REQUEST['paged'] ) ? absint( $_REQUEST['paged'] ) : 0;
735
 
736
+ if ( isset( $this->_pagination_args['total_pages'] ) && $pagenum > $this->_pagination_args['total_pages'] ) {
737
  $pagenum = $this->_pagination_args['total_pages'];
738
+ }
739
 
740
  return max( 1, $pagenum );
741
  }
744
  * Get number of items to display on a single page
745
  *
746
  * @since 3.1.0
 
747
  *
748
+ * @param string $option
749
+ * @param int $default
750
  * @return int
751
  */
752
+ protected function get_items_per_page( $option, $default = 20 ) {
753
  $per_page = (int) get_user_option( $option );
754
+ if ( empty( $per_page ) || $per_page < 1 ) {
755
  $per_page = $default;
756
+ }
757
 
758
+ /**
759
+ * Filters the number of items to be displayed on each page of the list table.
760
+ *
761
+ * The dynamic hook name, $option, refers to the `per_page` option depending
762
+ * on the type of list table in use. Possible values include: 'edit_comments_per_page',
763
+ * 'sites_network_per_page', 'site_themes_network_per_page', 'themes_network_per_page',
764
+ * 'users_network_per_page', 'edit_post_per_page', 'edit_page_per_page',
765
+ * 'edit_{$post_type}_per_page', etc.
766
+ *
767
+ * @since 2.9.0
768
+ *
769
+ * @param int $per_page Number of items to be displayed. Default 20.
770
+ */
771
+ return (int) apply_filters( "{$option}", $per_page );
772
  }
773
 
774
  /**
775
  * Display the pagination.
776
  *
777
  * @since 3.1.0
778
+ *
779
+ * @param string $which
780
  */
781
+ protected function pagination( $which ) {
782
+ if ( empty( $this->_pagination_args ) ) {
783
  return;
784
+ }
785
 
786
+ $total_items = $this->_pagination_args['total_items'];
787
+ $total_pages = $this->_pagination_args['total_pages'];
788
+ $infinite_scroll = false;
789
+ if ( isset( $this->_pagination_args['infinite_scroll'] ) ) {
790
+ $infinite_scroll = $this->_pagination_args['infinite_scroll'];
791
+ }
792
+
793
+ if ( 'top' === $which && $total_pages > 1 ) {
794
+ $this->screen->render_screen_reader_content( 'heading_pagination' );
795
+ }
796
 
797
+ $output = '<span class="displaying-num">' . sprintf( _n( '%s item', '%s items', $total_items ), number_format_i18n( $total_items ) ) . '</span>';
798
 
799
+ $current = $this->get_pagenum();
800
+ $removable_query_args = wp_removable_query_args();
801
 
802
  $current_url = set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
803
 
804
+ $current_url = remove_query_arg( $removable_query_args, $current_url );
805
 
806
  $page_links = array();
807
 
808
+ $total_pages_before = '<span class="paging-input">';
809
+ $total_pages_after = '</span></span>';
 
 
 
 
 
 
 
 
 
 
810
 
811
+ $disable_first = $disable_last = $disable_prev = $disable_next = false;
812
+
813
+ if ( $current == 1 ) {
814
+ $disable_first = true;
815
+ $disable_prev = true;
816
+ }
817
+ if ( $current == 2 ) {
818
+ $disable_first = true;
819
+ }
820
+ if ( $current == $total_pages ) {
821
+ $disable_last = true;
822
+ $disable_next = true;
823
+ }
824
+ if ( $current == $total_pages - 1 ) {
825
+ $disable_last = true;
826
+ }
827
 
828
+ if ( $disable_first ) {
829
+ $page_links[] = '<span class="tablenav-pages-navspan button disabled" aria-hidden="true">&laquo;</span>';
830
+ } else {
831
+ $page_links[] = sprintf(
832
+ "<a class='first-page button' href='%s'><span class='screen-reader-text'>%s</span><span aria-hidden='true'>%s</span></a>",
833
+ esc_url( remove_query_arg( 'paged', $current_url ) ),
834
+ __( 'First page' ),
835
+ '&laquo;'
836
+ );
837
+ }
838
+
839
+ if ( $disable_prev ) {
840
+ $page_links[] = '<span class="tablenav-pages-navspan button disabled" aria-hidden="true">&lsaquo;</span>';
841
+ } else {
842
+ $page_links[] = sprintf(
843
+ "<a class='prev-page button' href='%s'><span class='screen-reader-text'>%s</span><span aria-hidden='true'>%s</span></a>",
844
+ esc_url( add_query_arg( 'paged', max( 1, $current - 1 ), $current_url ) ),
845
+ __( 'Previous page' ),
846
+ '&lsaquo;'
847
+ );
848
+ }
849
+
850
+ if ( 'bottom' === $which ) {
851
+ $html_current_page = $current;
852
+ $total_pages_before = '<span class="screen-reader-text">' . __( 'Current Page' ) . '</span><span id="table-paging" class="paging-input"><span class="tablenav-paging-text">';
853
+ } else {
854
+ $html_current_page = sprintf(
855
+ "%s<input class='current-page' id='current-page-selector' type='text' name='paged' value='%s' size='%d' aria-describedby='table-paging' /><span class='tablenav-paging-text'>",
856
+ '<label for="current-page-selector" class="screen-reader-text">' . __( 'Current Page' ) . '</label>',
857
  $current,
858
  strlen( $total_pages )
859
  );
860
+ }
861
  $html_total_pages = sprintf( "<span class='total-pages'>%s</span>", number_format_i18n( $total_pages ) );
862
+ $page_links[] = $total_pages_before . sprintf( _x( '%1$s of %2$s', 'paging' ), $html_current_page, $html_total_pages ) . $total_pages_after;
863
 
864
+ if ( $disable_next ) {
865
+ $page_links[] = '<span class="tablenav-pages-navspan button disabled" aria-hidden="true">&rsaquo;</span>';
866
+ } else {
867
+ $page_links[] = sprintf(
868
+ "<a class='next-page button' href='%s'><span class='screen-reader-text'>%s</span><span aria-hidden='true'>%s</span></a>",
869
+ esc_url( add_query_arg( 'paged', min( $total_pages, $current + 1 ), $current_url ) ),
870
+ __( 'Next page' ),
871
+ '&rsaquo;'
872
+ );
873
+ }
874
 
875
+ if ( $disable_last ) {
876
+ $page_links[] = '<span class="tablenav-pages-navspan button disabled" aria-hidden="true">&raquo;</span>';
877
+ } else {
878
+ $page_links[] = sprintf(
879
+ "<a class='last-page button' href='%s'><span class='screen-reader-text'>%s</span><span aria-hidden='true'>%s</span></a>",
880
+ esc_url( add_query_arg( 'paged', $total_pages, $current_url ) ),
881
+ __( 'Last page' ),
882
+ '&raquo;'
883
+ );
884
+ }
885
 
886
  $pagination_links_class = 'pagination-links';
887
+ if ( ! empty( $infinite_scroll ) ) {
888
+ $pagination_links_class .= ' hide-if-js';
889
+ }
890
  $output .= "\n<span class='$pagination_links_class'>" . join( "\n", $page_links ) . '</span>';
891
 
892
+ if ( $total_pages ) {
893
  $page_class = $total_pages < 2 ? ' one-page' : '';
894
+ } else {
895
  $page_class = ' no-pages';
896
+ }
897
  $this->_pagination = "<div class='tablenav-pages{$page_class}'>$output</div>";
898
 
899
  echo $this->_pagination;
904
  * 'internal-name' => 'Title'
905
  *
906
  * @since 3.1.0
 
907
  * @abstract
908
  *
909
  * @return array
910
  */
911
+ public function get_columns() {
912
  die( 'function AIOWPSecurity_List_Table::get_columns() must be over-ridden in a sub-class.' );
913
  }
914
 
921
  * The second format will make the initial sorting order be descending
922
  *
923
  * @since 3.1.0
 
924
  *
925
  * @return array
926
  */
927
+ protected function get_sortable_columns() {
928
  return array();
929
  }
930
 
931
+ /**
932
+ * Gets the name of the default primary column.
933
+ *
934
+ * @since 4.3.0
935
+ *
936
+ * @return string Name of the default primary column, in this case, an empty string.
937
+ */
938
+ protected function get_default_primary_column_name() {
939
+ $columns = $this->get_columns();
940
+ $column = '';
941
+
942
+ if ( empty( $columns ) ) {
943
+ return $column;
944
+ }
945
+
946
+ // We need a primary defined so responsive views show something,
947
+ // so let's fall back to the first non-checkbox column.
948
+ foreach ( $columns as $col => $column_name ) {
949
+ if ( 'cb' === $col ) {
950
+ continue;
951
+ }
952
+
953
+ $column = $col;
954
+ break;
955
+ }
956
+
957
+ return $column;
958
+ }
959
+
960
+ /**
961
+ * Public wrapper for AIOWPSecurity_List_Table::get_default_primary_column_name().
962
+ *
963
+ * @since 4.4.0
964
+ *
965
+ * @return string Name of the default primary column.
966
+ */
967
+ public function get_primary_column() {
968
+ return $this->get_primary_column_name();
969
+ }
970
+
971
+ /**
972
+ * Gets the name of the primary column.
973
+ *
974
+ * @since 4.3.0
975
+ *
976
+ * @return string The name of the primary column.
977
+ */
978
+ protected function get_primary_column_name() {
979
+ $columns = get_column_headers( $this->screen );
980
+ $default = $this->get_default_primary_column_name();
981
+
982
+ // If the primary column doesn't exist fall back to the
983
+ // first non-checkbox column.
984
+ if ( ! isset( $columns[ $default ] ) ) {
985
+ $default = AIOWPSecurity_List_Table::get_default_primary_column_name();
986
+ }
987
+
988
+ /**
989
+ * Filters the name of the primary column for the current list table.
990
+ *
991
+ * @since 4.3.0
992
+ *
993
+ * @param string $default Column name default for the specific list table, e.g. 'name'.
994
+ * @param string $context Screen ID for specific list table, e.g. 'plugins'.
995
+ */
996
+ $column = apply_filters( 'list_table_primary_column', $default, $this->screen->id );
997
+
998
+ if ( empty( $column ) || ! isset( $columns[ $column ] ) ) {
999
+ $column = $default;
1000
+ }
1001
+
1002
+ return $column;
1003
+ }
1004
+
1005
  /**
1006
  * Get a list of all, hidden and sortable columns, with filter applied
1007
  *
1008
  * @since 3.1.0
 
1009
  *
1010
  * @return array
1011
  */
1012
+ protected function get_column_info() {
1013
+ // $_column_headers is already set / cached
1014
+ if ( isset( $this->_column_headers ) && is_array( $this->_column_headers ) ) {
1015
+ // Back-compat for list tables that have been manually setting $_column_headers for horse reasons.
1016
+ // In 4.3, we added a fourth argument for primary column.
1017
+ $column_headers = array( array(), array(), array(), $this->get_primary_column_name() );
1018
+ foreach ( $this->_column_headers as $key => $value ) {
1019
+ $column_headers[ $key ] = $value;
1020
+ }
1021
 
1022
+ return $column_headers;
1023
+ }
1024
 
1025
+ $columns = get_column_headers( $this->screen );
1026
+ $hidden = get_hidden_columns( $this->screen );
1027
+
1028
+ $sortable_columns = $this->get_sortable_columns();
1029
+ /**
1030
+ * Filters the list table sortable columns for a specific screen.
1031
+ *
1032
+ * The dynamic portion of the hook name, `$this->screen->id`, refers
1033
+ * to the ID of the current screen, usually a string.
1034
+ *
1035
+ * @since 3.5.0
1036
+ *
1037
+ * @param array $sortable_columns An array of sortable columns.
1038
+ */
1039
+ $_sortable = apply_filters( "manage_{$this->screen->id}_sortable_columns", $sortable_columns );
1040
 
1041
  $sortable = array();
1042
  foreach ( $_sortable as $id => $data ) {
1043
+ if ( empty( $data ) ) {
1044
  continue;
1045
+ }
1046
 
1047
  $data = (array) $data;
1048
+ if ( ! isset( $data[1] ) ) {
1049
  $data[1] = false;
1050
+ }
1051
 
1052
+ $sortable[ $id ] = $data;
1053
  }
1054
 
1055
+ $primary = $this->get_primary_column_name();
1056
+ $this->_column_headers = array( $columns, $hidden, $sortable, $primary );
1057
 
1058
  return $this->_column_headers;
1059
  }
1062
  * Return number of visible columns
1063
  *
1064
  * @since 3.1.0
 
1065
  *
1066
  * @return int
1067
  */
1068
+ public function get_column_count() {
1069
  list ( $columns, $hidden ) = $this->get_column_info();
1070
+ $hidden = array_intersect( array_keys( $columns ), array_filter( $hidden ) );
1071
  return count( $columns ) - count( $hidden );
1072
  }
1073
 
1075
  * Print column headers, accounting for hidden and sortable columns.
1076
  *
1077
  * @since 3.1.0
1078
+ *
1079
+ * @staticvar int $cb_counter
1080
  *
1081
  * @param bool $with_id Whether to set the id attribute or not
1082
  */
1083
+ public function print_column_headers( $with_id = true ) {
1084
+ list( $columns, $hidden, $sortable, $primary ) = $this->get_column_info();
1085
 
1086
  $current_url = set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
1087
  $current_url = remove_query_arg( 'paged', $current_url );
1088
 
1089
+ if ( isset( $_GET['orderby'] ) ) {
1090
  $current_orderby = $_GET['orderby'];
1091
+ } else {
1092
  $current_orderby = '';
1093
+ }
1094
 
1095
+ if ( isset( $_GET['order'] ) && 'desc' === $_GET['order'] ) {
1096
  $current_order = 'desc';
1097
+ } else {
1098
  $current_order = 'asc';
1099
+ }
1100
 
1101
  if ( ! empty( $columns['cb'] ) ) {
1102
  static $cb_counter = 1;
1103
+ $columns['cb'] = '<label class="screen-reader-text" for="cb-select-all-' . $cb_counter . '">' . __( 'Select All' ) . '</label>'
1104
  . '<input id="cb-select-all-' . $cb_counter . '" type="checkbox" />';
1105
  $cb_counter++;
1106
  }
1108
  foreach ( $columns as $column_key => $column_display_name ) {
1109
  $class = array( 'manage-column', "column-$column_key" );
1110
 
1111
+ if ( in_array( $column_key, $hidden ) ) {
1112
+ $class[] = 'hidden';
1113
+ }
 
 
1114
 
1115
+ if ( 'cb' === $column_key ) {
1116
  $class[] = 'check-column';
1117
+ } elseif ( in_array( $column_key, array( 'posts', 'comments', 'links' ) ) ) {
1118
  $class[] = 'num';
1119
+ }
1120
+
1121
+ if ( $column_key === $primary ) {
1122
+ $class[] = 'column-primary';
1123
+ }
1124
 
1125
+ if ( isset( $sortable[ $column_key ] ) ) {
1126
+ list( $orderby, $desc_first ) = $sortable[ $column_key ];
1127
 
1128
+ if ( $current_orderby === $orderby ) {
1129
+ $order = 'asc' === $current_order ? 'desc' : 'asc';
1130
  $class[] = 'sorted';
1131
  $class[] = $current_order;
1132
  } else {
1133
+ $order = $desc_first ? 'desc' : 'asc';
1134
  $class[] = 'sortable';
1135
  $class[] = $desc_first ? 'asc' : 'desc';
1136
  }
1138
  $column_display_name = '<a href="' . esc_url( add_query_arg( compact( 'orderby', 'order' ), $current_url ) ) . '"><span>' . $column_display_name . '</span><span class="sorting-indicator"></span></a>';
1139
  }
1140
 
1141
+ $tag = ( 'cb' === $column_key ) ? 'td' : 'th';
1142
+ $scope = ( 'th' === $tag ) ? 'scope="col"' : '';
1143
+ $id = $with_id ? "id='$column_key'" : '';
1144
 
1145
+ if ( ! empty( $class ) ) {
1146
  $class = "class='" . join( ' ', $class ) . "'";
1147
+ }
1148
 
1149
+ echo "<$tag $scope $id $class>$column_display_name</$tag>";
1150
  }
1151
  }
1152
 
1154
  * Display the table
1155
  *
1156
  * @since 3.1.0
 
1157
  */
1158
+ public function display() {
1159
+ $singular = $this->_args['singular'];
1160
 
1161
  $this->display_tablenav( 'top' );
1162
 
1163
+ $this->screen->render_screen_reader_content( 'heading_list' );
1164
+ ?>
1165
+ <table class="wp-list-table <?php echo implode( ' ', $this->get_table_classes() ); ?>">
1166
  <thead>
1167
  <tr>
1168
  <?php $this->print_column_headers(); ?>
1169
  </tr>
1170
  </thead>
1171
 
1172
+ <tbody id="the-list"
1173
+ <?php
1174
+ if ( $singular ) {
1175
+ echo " data-wp-lists='list:$singular'";
1176
+ }
1177
+ ?>
1178
+ >
1179
+ <?php $this->display_rows_or_placeholder(); ?>
1180
+ </tbody>
1181
+
1182
  <tfoot>
1183
  <tr>
1184
  <?php $this->print_column_headers( false ); ?>
1185
  </tr>
1186
  </tfoot>
1187
 
 
 
 
1188
  </table>
1189
+ <?php
1190
  $this->display_tablenav( 'bottom' );
1191
  }
1192
 
1193
  /**
1194
+ * Get a list of CSS classes for the AIOWPSecurity_List_Table table tag.
1195
  *
1196
  * @since 3.1.0
 
1197
  *
1198
+ * @return array List of CSS classes for the table tag.
1199
  */
1200
+ protected function get_table_classes() {
1201
+ return array( 'widefat', 'fixed', 'striped', $this->_args['plural'] );
1202
  }
1203
 
1204
  /**
1205
  * Generate the table navigation above or below the table
1206
  *
1207
  * @since 3.1.0
1208
+ * @param string $which
1209
  */
1210
+ protected function display_tablenav( $which ) {
1211
+ if ( 'top' === $which ) {
1212
  wp_nonce_field( 'bulk-' . $this->_args['plural'] );
1213
+ }
1214
+ ?>
1215
  <div class="tablenav <?php echo esc_attr( $which ); ?>">
1216
 
1217
+ <?php if ( $this->has_items() ) : ?>
1218
+ <div class="alignleft actions bulkactions">
1219
+ <?php $this->bulk_actions( $which ); ?>
1220
  </div>
1221
+ <?php
1222
+ endif;
1223
  $this->extra_tablenav( $which );
1224
  $this->pagination( $which );
1225
+ ?>
1226
 
1227
  <br class="clear" />
1228
  </div>
1229
+ <?php
1230
  }
1231
 
1232
  /**
1233
  * Extra controls to be displayed between bulk actions and pagination
1234
  *
1235
  * @since 3.1.0
1236
+ *
1237
+ * @param string $which
1238
  */
1239
+ protected function extra_tablenav( $which ) {}
1240
 
1241
  /**
1242
+ * Generate the tbody element for the list table.
1243
  *
1244
  * @since 3.1.0
 
1245
  */
1246
+ public function display_rows_or_placeholder() {
1247
  if ( $this->has_items() ) {
1248
  $this->display_rows();
1249
  } else {
 
1250
  echo '<tr class="no-items"><td class="colspanchange" colspan="' . $this->get_column_count() . '">';
1251
  $this->no_items();
1252
  echo '</td></tr>';
1257
  * Generate the table rows
1258
  *
1259
  * @since 3.1.0
 
1260
  */
1261
+ public function display_rows() {
1262
+ foreach ( $this->items as $item ) {
1263
  $this->single_row( $item );
1264
+ }
1265
  }
1266
 
1267
  /**
1268
  * Generates content for a single row of the table
1269
  *
1270
  * @since 3.1.0
 
1271
  *
1272
  * @param object $item The current item
1273
  */
1274
+ public function single_row( $item ) {
1275
+ echo '<tr>';
1276
+ $this->single_row_columns( $item );
 
 
 
1277
  echo '</tr>';
1278
  }
1279
 
1280
+ /**
1281
+ * @param object $item
1282
+ * @param string $column_name
1283
+ */
1284
+ protected function column_default( $item, $column_name ) {}
1285
+
1286
+ /**
1287
+ * @param object $item
1288
+ */
1289
+ protected function column_cb( $item ) {}
1290
+
1291
  /**
1292
  * Generates the columns for a single row of the table
1293
  *
1294
  * @since 3.1.0
 
1295
  *
1296
  * @param object $item The current item
1297
  */
1298
+ protected function single_row_columns( $item ) {
1299
+ list( $columns, $hidden, $sortable, $primary ) = $this->get_column_info();
1300
 
1301
  foreach ( $columns as $column_name => $column_display_name ) {
1302
+ $classes = "$column_name column-$column_name";
1303
+ if ( $primary === $column_name ) {
1304
+ $classes .= ' has-row-actions column-primary';
1305
+ }
1306
+
1307
+ if ( in_array( $column_name, $hidden ) ) {
1308
+ $classes .= ' hidden';
1309
+ }
1310
 
1311
+ // Comments column uses HTML in the display name with screen reader text.
1312
+ // Instead of using esc_attr(), we strip tags to get closer to a user-friendly string.
1313
+ $data = 'data-colname="' . wp_strip_all_tags( $column_display_name ) . '"';
1314
 
1315
+ $attributes = "class='$classes' $data";
1316
 
1317
+ if ( 'cb' === $column_name ) {
1318
  echo '<th scope="row" class="check-column">';
1319
  echo $this->column_cb( $item );
1320
  echo '</th>';
1321
+ } elseif ( method_exists( $this, '_column_' . $column_name ) ) {
1322
+ echo call_user_func(
1323
+ array( $this, '_column_' . $column_name ),
1324
+ $item,
1325
+ $classes,
1326
+ $data,
1327
+ $primary
1328
+ );
1329
+ } elseif ( method_exists( $this, 'column_' . $column_name ) ) {
1330
  echo "<td $attributes>";
1331
+ echo call_user_func( array( $this, 'column_' . $column_name ), $item );
1332
+ echo $this->handle_row_actions( $item, $column_name, $primary );
1333
+ echo '</td>';
1334
+ } else {
1335
  echo "<td $attributes>";
1336
  echo $this->column_default( $item, $column_name );
1337
+ echo $this->handle_row_actions( $item, $column_name, $primary );
1338
+ echo '</td>';
1339
  }
1340
  }
1341
  }
1342
 
1343
+ /**
1344
+ * Generates and display row actions links for the list table.
1345
+ *
1346
+ * @since 4.3.0
1347
+ *
1348
+ * @param object $item The item being acted upon.
1349
+ * @param string $column_name Current column name.
1350
+ * @param string $primary Primary column name.
1351
+ * @return string The row actions HTML, or an empty string if the current column is the primary column.
1352
+ */
1353
+ protected function handle_row_actions( $item, $column_name, $primary ) {
1354
+ return $column_name === $primary ? '<button type="button" class="toggle-row"><span class="screen-reader-text">' . __( 'Show more details' ) . '</span></button>' : '';
1355
+ }
1356
+
1357
  /**
1358
  * Handle an incoming ajax request (called from admin-ajax.php)
1359
  *
1360
  * @since 3.1.0
 
1361
  */
1362
+ public function ajax_response() {
1363
  $this->prepare_items();
1364
 
 
 
 
1365
  ob_start();
1366
+ if ( ! empty( $_REQUEST['no_placeholder'] ) ) {
1367
  $this->display_rows();
1368
+ } else {
1369
  $this->display_rows_or_placeholder();
1370
+ }
1371
 
1372
  $rows = ob_get_clean();
1373
 
1374
  $response = array( 'rows' => $rows );
1375
 
1376
+ if ( isset( $this->_pagination_args['total_items'] ) ) {
1377
+ $response['total_items_i18n'] = sprintf(
1378
+ _n( '%s item', '%s items', $this->_pagination_args['total_items'] ),
1379
+ number_format_i18n( $this->_pagination_args['total_items'] )
1380
+ );
1381
+ }
1382
+ if ( isset( $this->_pagination_args['total_pages'] ) ) {
1383
+ $response['total_pages'] = $this->_pagination_args['total_pages'];
1384
+ $response['total_pages_i18n'] = number_format_i18n( $this->_pagination_args['total_pages'] );
1385
  }
1386
 
1387
+ die( wp_json_encode( $response ) );
1388
  }
1389
 
1390
  /**
1391
  * Send required variables to JavaScript land
 
 
1392
  */
1393
+ public function _js_vars() {
1394
  $args = array(
1395
  'class' => get_class( $this ),
1396
  'screen' => array(
1397
  'id' => $this->screen->id,
1398
  'base' => $this->screen->base,
1399
+ ),
1400
  );
1401
 
1402
+ printf( "<script type='text/javascript'>list_args = %s;</script>\n", wp_json_encode( $args ) );
1403
  }
1404
  }
admin/wp-security-admin-menu.php CHANGED
@@ -95,4 +95,15 @@ abstract class AIOWPSecurity_Admin_Menu
95
  ob_end_clean();
96
  return $output;
97
  }
 
 
 
 
 
 
 
 
 
 
 
98
  }
95
  ob_end_clean();
96
  return $output;
97
  }
98
+
99
+ static function display_bulk_result_message()
100
+ {
101
+ if(isset($_GET['bulk_count'])) {
102
+ AIOWPSecurity_Admin_Menu::show_msg_updated_st(__('The bulk action was successful', 'all-in-one-wp-security-and-firewall'));
103
+ }
104
+
105
+ if(isset($_GET['bulk_error'])) {
106
+ AIOWPSecurity_Admin_Menu::show_msg_error_st(__('The bulk action failed', 'all-in-one-wp-security-and-firewall'));
107
+ }
108
+ }
109
  }
admin/wp-security-dashboard-menu.php CHANGED
@@ -304,6 +304,7 @@ class AIOWPSecurity_Dashboard_Menu extends AIOWPSecurity_Admin_Menu
304
  $blocked_ip_list->unblock_ip_address(strip_tags($_REQUEST['blocked_id']));
305
  }
306
  }
 
307
 
308
  ?>
309
  <div class="aio_blue_box">
@@ -323,7 +324,7 @@ class AIOWPSecurity_Dashboard_Menu extends AIOWPSecurity_Admin_Menu
323
  //Fetch, prepare, sort, and filter our data...
324
  $blocked_ip_list->prepare_items();
325
  ?>
326
- <form id="tables-filter" method="post">
327
  <!-- For plugins, we also need to ensure that the form posts back to our current page -->
328
  <input type="hidden" name="page" value="<?php echo esc_attr($_REQUEST['page']); ?>"/>
329
  <?php
@@ -474,19 +475,19 @@ class AIOWPSecurity_Dashboard_Menu extends AIOWPSecurity_Admin_Menu
474
  $screen = get_current_screen();
475
 
476
  // Add widgets
477
- wp_add_dashboard_widget( 'security_strength_meter', __( 'Security Strength Meter' ), array(&$this, 'widget_security_strength_meter') );
478
- wp_add_dashboard_widget( 'security_points_breakdown', __( 'Security Points Breakdown' ), array(&$this, 'widget_security_points_breakdown') );
479
- wp_add_dashboard_widget( 'spread_the_word', __( 'Spread the Word' ), array(&$this, 'widget_spread_the_word') );
480
- wp_add_dashboard_widget( 'know_developers', __( 'Get To Know The Developers' ), array(&$this, 'widget_know_developers') );
481
- wp_add_dashboard_widget( 'critical_feature_status', __( 'Critical Feature Status' ), array(&$this, 'widget_critical_feature_status') );
482
- wp_add_dashboard_widget( 'last_5_logins', __( 'Last 5 Logins' ), array(&$this, 'widget_last_5_logins') );
483
- wp_add_dashboard_widget( 'maintenance_mode_status', __( 'Maintenance Mode Status' ), array(&$this, 'widget_maintenance_mode_status') );
484
  if ($aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention') == '1' ||
485
  $aio_wp_security->configs->get_value('aiowps_enable_rename_login_page') == '1') {
486
  wp_add_dashboard_widget( 'brute_force', __( 'Brute Force Prevention Login Page' ), array(&$this, 'widget_brute_force') );
487
  }
488
- wp_add_dashboard_widget( 'logged_in_users', __( 'Logged In Users' ), array(&$this, 'widget_logged_in_users') );
489
- wp_add_dashboard_widget( 'locked_ip_addresses', __( 'Locked IP Addresses' ), array(&$this, 'widget_locked_ip_addresses') );
490
 
491
  do_action( 'aiowps_dashboard_setup' );
492
  $dashboard_widgets = apply_filters( 'aiowps_dashboard_widgets', array() );
304
  $blocked_ip_list->unblock_ip_address(strip_tags($_REQUEST['blocked_id']));
305
  }
306
  }
307
+ AIOWPSecurity_Admin_Menu::display_bulk_result_message();
308
 
309
  ?>
310
  <div class="aio_blue_box">
324
  //Fetch, prepare, sort, and filter our data...
325
  $blocked_ip_list->prepare_items();
326
  ?>
327
+ <form id="tables-filter" method="get">
328
  <!-- For plugins, we also need to ensure that the form posts back to our current page -->
329
  <input type="hidden" name="page" value="<?php echo esc_attr($_REQUEST['page']); ?>"/>
330
  <?php
475
  $screen = get_current_screen();
476
 
477
  // Add widgets
478
+ wp_add_dashboard_widget( 'security_strength_meter', __( 'Security Strength Meter', 'all-in-one-wp-security-and-firewall' ), array(&$this, 'widget_security_strength_meter') );
479
+ wp_add_dashboard_widget( 'security_points_breakdown', __( 'Security Points Breakdown', 'all-in-one-wp-security-and-firewall' ), array(&$this, 'widget_security_points_breakdown') );
480
+ wp_add_dashboard_widget( 'spread_the_word', __( 'Spread the Word', 'all-in-one-wp-security-and-firewall' ), array(&$this, 'widget_spread_the_word') );
481
+ wp_add_dashboard_widget( 'know_developers', __( 'Get To Know The Developers', 'all-in-one-wp-security-and-firewall' ), array(&$this, 'widget_know_developers') );
482
+ wp_add_dashboard_widget( 'critical_feature_status', __( 'Critical Feature Status', 'all-in-one-wp-security-and-firewall' ), array(&$this, 'widget_critical_feature_status') );
483
+ wp_add_dashboard_widget( 'last_5_logins', __( 'Last 5 Logins', 'all-in-one-wp-security-and-firewall' ), array(&$this, 'widget_last_5_logins') );
484
+ wp_add_dashboard_widget( 'maintenance_mode_status', __( 'Maintenance Mode Status', 'all-in-one-wp-security-and-firewall' ), array(&$this, 'widget_maintenance_mode_status') );
485
  if ($aio_wp_security->configs->get_value('aiowps_enable_brute_force_attack_prevention') == '1' ||
486
  $aio_wp_security->configs->get_value('aiowps_enable_rename_login_page') == '1') {
487
  wp_add_dashboard_widget( 'brute_force', __( 'Brute Force Prevention Login Page' ), array(&$this, 'widget_brute_force') );
488
  }
489
+ wp_add_dashboard_widget( 'logged_in_users', __( 'Logged In Users', 'all-in-one-wp-security-and-firewall' ), array(&$this, 'widget_logged_in_users') );
490
+ wp_add_dashboard_widget( 'locked_ip_addresses', __( 'Locked IP Addresses', 'all-in-one-wp-security-and-firewall' ), array(&$this, 'widget_locked_ip_addresses') );
491
 
492
  do_action( 'aiowps_dashboard_setup' );
493
  $dashboard_widgets = apply_filters( 'aiowps_dashboard_widgets', array() );
admin/wp-security-database-menu.php CHANGED
@@ -575,11 +575,12 @@ class AIOWPSecurity_Database_Menu extends AIOWPSecurity_Admin_Menu
575
  {
576
  global $wpdb;
577
  $table_count = 0;
 
578
  $info_msg_string = '<p class="aio_info_with_icon">'.__('Checking for MySQL tables of type "view".....', 'all-in-one-wp-security-and-firewall').'</p>';
579
  echo ($info_msg_string);
580
 
581
  //get tables which are views
582
- $query = "SELECT * FROM INFORMATION_SCHEMA.VIEWS";
583
  $res = $wpdb->get_results($query);
584
  if(empty($res)) return;
585
  $view_count = 0;
575
  {
576
  global $wpdb;
577
  $table_count = 0;
578
+ $db_name = $wpdb->dbname;
579
  $info_msg_string = '<p class="aio_info_with_icon">'.__('Checking for MySQL tables of type "view".....', 'all-in-one-wp-security-and-firewall').'</p>';
580
  echo ($info_msg_string);
581
 
582
  //get tables which are views
583
+ $query = "SELECT * FROM INFORMATION_SCHEMA.VIEWS WHERE TABLE_SCHEMA LIKE '".$db_name."'";
584
  $res = $wpdb->get_results($query);
585
  if(empty($res)) return;
586
  $view_count = 0;
admin/wp-security-list-acct-activity.php CHANGED
@@ -108,16 +108,24 @@ class AIOWPSecurity_List_Account_Activity extends AIOWPSecurity_List_Table {
108
  if (isset($_REQUEST['_wp_http_referer']))
109
  {
110
  //Delete multiple records
 
 
111
  $entries = array_filter($entries, 'is_numeric'); //discard non-numeric ID values
112
  $id_list = "(" .implode(",",$entries) .")"; //Create comma separate list for DB operation
113
  $delete_command = "DELETE FROM ".$login_activity_table." WHERE id IN ".$id_list;
114
  $result = $wpdb->query($delete_command);
115
- if($result != NULL)
116
  {
117
- $success_msg = '<div id="message" class="updated fade"><p><strong>';
118
- $success_msg .= __('The selected entries were deleted successfully!','all-in-one-wp-security-and-firewall');
119
- $success_msg .= '</strong></p></div>';
120
- _e($success_msg);
 
 
 
 
 
 
121
  }
122
  }
123
  }
@@ -132,12 +140,12 @@ class AIOWPSecurity_List_Account_Activity extends AIOWPSecurity_List_Table {
132
  //Delete single record
133
  $delete_command = "DELETE FROM ".$login_activity_table." WHERE id = '".absint($entries)."'";
134
  $result = $wpdb->query($delete_command);
135
- if($result != NULL)
136
  {
137
  $success_msg = '<div id="message" class="updated fade"><p><strong>';
138
  $success_msg .= __('The selected entry was deleted successfully!','all-in-one-wp-security-and-firewall');
139
  $success_msg .= '</strong></p></div>';
140
- _e($success_msg);
141
  }
142
  }
143
  }
@@ -150,6 +158,7 @@ class AIOWPSecurity_List_Account_Activity extends AIOWPSecurity_List_Table {
150
  $columns = $this->get_columns();
151
  $hidden = array();
152
  $sortable = $this->get_sortable_columns();
 
153
 
154
  $this->_column_headers = array($columns, $hidden, $sortable);
155
 
@@ -170,7 +179,12 @@ class AIOWPSecurity_List_Account_Activity extends AIOWPSecurity_List_Table {
170
  $orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
171
  $order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
172
 
173
- $data = $wpdb->get_results($wpdb->prepare("SELECT * FROM $login_activity_table ORDER BY $orderby $order LIMIT %d", 50), ARRAY_A); //Get the last 50 records
 
 
 
 
 
174
  if (!$ignore_pagination) {
175
  $current_page = $this->get_pagenum();
176
  $total_items = count($data);
108
  if (isset($_REQUEST['_wp_http_referer']))
109
  {
110
  //Delete multiple records
111
+ $tab = strip_tags($_REQUEST['tab']);
112
+
113
  $entries = array_filter($entries, 'is_numeric'); //discard non-numeric ID values
114
  $id_list = "(" .implode(",",$entries) .")"; //Create comma separate list for DB operation
115
  $delete_command = "DELETE FROM ".$login_activity_table." WHERE id IN ".$id_list;
116
  $result = $wpdb->query($delete_command);
117
+ if($result !== false)
118
  {
119
+ $redir_url = sprintf('admin.php?page=%s&tab=%s&bulk_count=%s', AIOWPSEC_USER_LOGIN_MENU_SLUG, $tab, count($entries));
120
+ wp_redirect($redir_url);
121
+ exit;
122
+ } else {
123
+ // error on bulk delete
124
+ $aio_wp_security->debug_logger->log_debug("DB error: ".$wpdb->last_error,4);
125
+ $redir_url = sprintf('admin.php?page=%s&tab=%s&bulk_error=%s', AIOWPSEC_USER_LOGIN_MENU_SLUG, $tab, 1);
126
+ wp_redirect($redir_url);
127
+ exit;
128
+
129
  }
130
  }
131
  }
140
  //Delete single record
141
  $delete_command = "DELETE FROM ".$login_activity_table." WHERE id = '".absint($entries)."'";
142
  $result = $wpdb->query($delete_command);
143
+ if($result !== false)
144
  {
145
  $success_msg = '<div id="message" class="updated fade"><p><strong>';
146
  $success_msg .= __('The selected entry was deleted successfully!','all-in-one-wp-security-and-firewall');
147
  $success_msg .= '</strong></p></div>';
148
+ echo $success_msg;
149
  }
150
  }
151
  }
158
  $columns = $this->get_columns();
159
  $hidden = array();
160
  $sortable = $this->get_sortable_columns();
161
+ $search = isset( $_REQUEST['s'] ) ? sanitize_text_field( $_REQUEST['s'] ) : '';
162
 
163
  $this->_column_headers = array($columns, $hidden, $sortable);
164
 
179
  $orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
180
  $order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
181
 
182
+ if(empty($search)) {
183
+ $data = $wpdb->get_results("SELECT * FROM $login_activity_table ORDER BY $orderby $order", ARRAY_A);
184
+ } else {
185
+ $data = $wpdb->get_results($wpdb->prepare("SELECT * FROM $login_activity_table WHERE `user_login` LIKE '%%%s%%' OR `login_ip` LIKE '%%%s%%' ORDER BY $orderby $order LIMIT %d", $search, $search, 50), ARRAY_A);
186
+ }
187
+
188
  if (!$ignore_pagination) {
189
  $current_page = $this->get_pagenum();
190
  $total_items = count($data);
admin/wp-security-list-login-fails.php CHANGED
@@ -108,16 +108,23 @@ class AIOWPSecurity_List_Login_Failed_Attempts extends AIOWPSecurity_List_Table
108
  if (isset($_REQUEST['_wp_http_referer']))
109
  {
110
  //Delete multiple records
 
111
  $entries = array_filter($entries, 'is_numeric'); //discard non-numeric ID values
112
  $id_list = "(" .implode(",",$entries) .")"; //Create comma separate list for DB operation
113
  $delete_command = "DELETE FROM ".$failed_login_table." WHERE ID IN ".$id_list;
114
  $result = $wpdb->query($delete_command);
115
- if($result != NULL)
116
  {
117
- $success_msg = '<div id="message" class="updated fade"><p><strong>';
118
- $success_msg .= __('The selected entries were deleted successfully!','all-in-one-wp-security-and-firewall');
119
- $success_msg .= '</strong></p></div>';
120
- _e($success_msg);
 
 
 
 
 
 
121
  }
122
  }
123
 
@@ -132,7 +139,7 @@ class AIOWPSecurity_List_Login_Failed_Attempts extends AIOWPSecurity_List_Table
132
  //Delete single record
133
  $delete_command = "DELETE FROM ".$failed_login_table." WHERE ID = '".absint($entries)."'";
134
  $result = $wpdb->query($delete_command);
135
- if($result != NULL)
136
  {
137
  $success_msg = '<div id="message" class="updated fade"><p><strong>';
138
  $success_msg .= __('The selected entry was deleted successfully!','all-in-one-wp-security-and-firewall');
@@ -150,6 +157,7 @@ class AIOWPSecurity_List_Login_Failed_Attempts extends AIOWPSecurity_List_Table
150
  $columns = $this->get_columns();
151
  $hidden = array();
152
  $sortable = $this->get_sortable_columns();
 
153
 
154
  $this->_column_headers = array($columns, $hidden, $sortable);
155
 
@@ -168,8 +176,12 @@ class AIOWPSecurity_List_Login_Failed_Attempts extends AIOWPSecurity_List_Table
168
 
169
  $orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
170
  $order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
 
 
 
 
 
171
 
172
- $data = $wpdb->get_results("SELECT * FROM $failed_logins_table_name ORDER BY $orderby $order", ARRAY_A);
173
  if (!$ignore_pagination) {
174
  $current_page = $this->get_pagenum();
175
  $total_items = count($data);
108
  if (isset($_REQUEST['_wp_http_referer']))
109
  {
110
  //Delete multiple records
111
+ $tab = strip_tags($_REQUEST['tab']);
112
  $entries = array_filter($entries, 'is_numeric'); //discard non-numeric ID values
113
  $id_list = "(" .implode(",",$entries) .")"; //Create comma separate list for DB operation
114
  $delete_command = "DELETE FROM ".$failed_login_table." WHERE ID IN ".$id_list;
115
  $result = $wpdb->query($delete_command);
116
+ if($result !== false)
117
  {
118
+ $redir_url = sprintf('admin.php?page=%s&tab=%s&bulk_count=%s', AIOWPSEC_USER_LOGIN_MENU_SLUG, $tab, count($entries));
119
+ wp_redirect($redir_url);
120
+ exit;
121
+ } else {
122
+ // error on bulk delete
123
+ $aio_wp_security->debug_logger->log_debug("DB error: ".$wpdb->last_error,4);
124
+ $redir_url = sprintf('admin.php?page=%s&tab=%s&bulk_error=%s', AIOWPSEC_USER_LOGIN_MENU_SLUG, $tab, 1);
125
+ wp_redirect($redir_url);
126
+ exit;
127
+
128
  }
129
  }
130
 
139
  //Delete single record
140
  $delete_command = "DELETE FROM ".$failed_login_table." WHERE ID = '".absint($entries)."'";
141
  $result = $wpdb->query($delete_command);
142
+ if($result !== false)
143
  {
144
  $success_msg = '<div id="message" class="updated fade"><p><strong>';
145
  $success_msg .= __('The selected entry was deleted successfully!','all-in-one-wp-security-and-firewall');
157
  $columns = $this->get_columns();
158
  $hidden = array();
159
  $sortable = $this->get_sortable_columns();
160
+ $search = isset( $_REQUEST['s'] ) ? sanitize_text_field( $_REQUEST['s'] ) : '';
161
 
162
  $this->_column_headers = array($columns, $hidden, $sortable);
163
 
176
 
177
  $orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
178
  $order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
179
+ if(empty($search)) {
180
+ $data = $wpdb->get_results("SELECT * FROM " . $failed_logins_table_name . " ORDER BY $orderby $order", ARRAY_A);
181
+ } else {
182
+ $data = $wpdb->get_results($wpdb->prepare("SELECT * FROM $failed_logins_table_name WHERE `user_login` LIKE '%%%s%%' OR `login_attempt_ip` LIKE '%%%s%%' ORDER BY $orderby $order", $search, $search), ARRAY_A);
183
+ }
184
 
 
185
  if (!$ignore_pagination) {
186
  $current_page = $this->get_pagenum();
187
  $total_items = count($data);
admin/wp-security-list-permanent-blocked-ip.php CHANGED
@@ -110,13 +110,25 @@ class AIOWPSecurity_List_Blocked_IP extends AIOWPSecurity_List_Table
110
  global $wpdb, $aio_wp_security;
111
  if (is_array($entries)) {
112
  if (isset($_REQUEST['_wp_http_referer'])) {
113
- //Delete multiple records
 
 
114
  $entries = array_filter($entries, 'is_numeric'); //discard non-numeric ID values
115
  $id_list = "(" . implode(",", $entries) . ")"; //Create comma separate list for DB operation
116
  $delete_command = "DELETE FROM " . AIOWPSEC_TBL_PERM_BLOCK . " WHERE id IN " . $id_list;
117
  $result = $wpdb->query($delete_command);
118
- if ($result != NULL) {
119
- AIOWPSecurity_Admin_Menu::show_msg_record_deleted_st();
 
 
 
 
 
 
 
 
 
 
120
  }
121
  }
122
  } elseif ($entries != NULL) {
@@ -128,7 +140,7 @@ class AIOWPSecurity_List_Blocked_IP extends AIOWPSecurity_List_Table
128
  //Delete single record
129
  $delete_command = "DELETE FROM " . AIOWPSEC_TBL_PERM_BLOCK . " WHERE id = '" . absint($entries) . "'";
130
  $result = $wpdb->query($delete_command);
131
- if ($result != NULL) {
132
  AIOWPSecurity_Admin_Menu::show_msg_record_deleted_st();
133
  }
134
  }
@@ -143,6 +155,7 @@ class AIOWPSecurity_List_Blocked_IP extends AIOWPSecurity_List_Table
143
  $columns = $this->get_columns();
144
  $hidden = array();
145
  $sortable = $this->get_sortable_columns();
 
146
 
147
  $this->_column_headers = array($columns, $hidden, $sortable);
148
 
@@ -162,11 +175,10 @@ class AIOWPSecurity_List_Blocked_IP extends AIOWPSecurity_List_Table
162
  $orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
163
  $order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
164
 
165
- if (isset($_POST['s'])) {
166
- $search_term = trim($_POST['s']);
167
- $data = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $block_table_name . " WHERE `blocked_ip` LIKE '%%%s%%' OR `block_reason` LIKE '%%%s%%' OR `country_origin` LIKE '%%%s%%' OR `blocked_date` LIKE '%%%s%%'", $search_term, $search_term, $search_term, $search_term), ARRAY_A);
168
- } else {
169
  $data = $wpdb->get_results("SELECT * FROM " . $block_table_name . " ORDER BY $orderby $order", ARRAY_A);
 
 
170
  }
171
 
172
  $current_page = $this->get_pagenum();
110
  global $wpdb, $aio_wp_security;
111
  if (is_array($entries)) {
112
  if (isset($_REQUEST['_wp_http_referer'])) {
113
+ // multiple records
114
+ $tab = strip_tags($_REQUEST['tab']);
115
+
116
  $entries = array_filter($entries, 'is_numeric'); //discard non-numeric ID values
117
  $id_list = "(" . implode(",", $entries) . ")"; //Create comma separate list for DB operation
118
  $delete_command = "DELETE FROM " . AIOWPSEC_TBL_PERM_BLOCK . " WHERE id IN " . $id_list;
119
  $result = $wpdb->query($delete_command);
120
+ if($result !== false)
121
+ {
122
+ $redir_url = sprintf('admin.php?page=%s&tab=%s&bulk_count=%s', AIOWPSEC_MAIN_MENU_SLUG, $tab, count($entries));
123
+ wp_redirect($redir_url);
124
+ exit;
125
+ } else {
126
+ // error on bulk delete
127
+ $aio_wp_security->debug_logger->log_debug("DB error: ".$wpdb->last_error,4);
128
+ $redir_url = sprintf('admin.php?page=%s&tab=%s&bulk_error=%s', AIOWPSEC_MAIN_MENU_SLUG, $tab, 1);
129
+ wp_redirect($redir_url);
130
+ exit;
131
+
132
  }
133
  }
134
  } elseif ($entries != NULL) {
140
  //Delete single record
141
  $delete_command = "DELETE FROM " . AIOWPSEC_TBL_PERM_BLOCK . " WHERE id = '" . absint($entries) . "'";
142
  $result = $wpdb->query($delete_command);
143
+ if ($result !== false) {
144
  AIOWPSecurity_Admin_Menu::show_msg_record_deleted_st();
145
  }
146
  }
155
  $columns = $this->get_columns();
156
  $hidden = array();
157
  $sortable = $this->get_sortable_columns();
158
+ $search = isset( $_REQUEST['s'] ) ? sanitize_text_field( $_REQUEST['s'] ) : '';
159
 
160
  $this->_column_headers = array($columns, $hidden, $sortable);
161
 
175
  $orderby = AIOWPSecurity_Utility::sanitize_value_by_array($orderby, $sortable);
176
  $order = AIOWPSecurity_Utility::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
177
 
178
+ if(empty($search)) {
 
 
 
179
  $data = $wpdb->get_results("SELECT * FROM " . $block_table_name . " ORDER BY $orderby $order", ARRAY_A);
180
+ } else {
181
+ $data = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $block_table_name . " WHERE `blocked_ip` LIKE '%%%s%%' OR `block_reason` LIKE '%%%s%%' OR `country_origin` LIKE '%%%s%%' OR `blocked_date` LIKE '%%%s%%' ORDER BY $orderby $order", $search, $search, $search, $search), ARRAY_A);
182
  }
183
 
184
  $current_page = $this->get_pagenum();
admin/wp-security-list-registered-users.php CHANGED
@@ -304,13 +304,14 @@ class AIOWPSecurity_List_Registered_Users extends AIOWPSecurity_List_Table {
304
  $columns = $this->get_columns();
305
  $hidden = array();
306
  $sortable = $this->get_sortable_columns();
 
307
 
308
  $this->_column_headers = array($columns, $hidden, $sortable);
309
 
310
  $this->process_bulk_action();
311
 
312
  //Get registered users which have the special 'aiowps_account_status' meta key set to 'pending'
313
- $data = $this->get_registered_user_data('pending');
314
 
315
  $current_page = $this->get_pagenum();
316
  $total_items = count($data);
@@ -324,7 +325,7 @@ class AIOWPSecurity_List_Registered_Users extends AIOWPSecurity_List_Table {
324
  }
325
 
326
  //Returns all users who have the special 'aiowps_account_status' meta key
327
- function get_registered_user_data($status='')
328
  {
329
  $user_fields = array( 'ID', 'user_login', 'user_email', 'user_registered');
330
  $user_query = new WP_User_Query(array('meta_key' => 'aiowps_account_status', 'meta_value' => $status, 'fields' => $user_fields));
@@ -337,7 +338,14 @@ class AIOWPSecurity_List_Registered_Users extends AIOWPSecurity_List_Table {
337
  $temp_array['account_status'] = get_user_meta($temp_array['ID'], 'aiowps_account_status', true);
338
  $ip = get_user_meta($temp_array['ID'], 'aiowps_registrant_ip', true);
339
  $temp_array['ip_address'] = empty($ip)?'':$ip;
340
- $final_data[] = $temp_array;
 
 
 
 
 
 
 
341
  }
342
  return $final_data;
343
  }
304
  $columns = $this->get_columns();
305
  $hidden = array();
306
  $sortable = $this->get_sortable_columns();
307
+ $search = isset( $_REQUEST['s'] ) ? sanitize_text_field( $_REQUEST['s'] ) : '';
308
 
309
  $this->_column_headers = array($columns, $hidden, $sortable);
310
 
311
  $this->process_bulk_action();
312
 
313
  //Get registered users which have the special 'aiowps_account_status' meta key set to 'pending'
314
+ $data = $this->get_registered_user_data('pending', $search);
315
 
316
  $current_page = $this->get_pagenum();
317
  $total_items = count($data);
325
  }
326
 
327
  //Returns all users who have the special 'aiowps_account_status' meta key
328
+ function get_registered_user_data($status='', $search='')
329
  {
330
  $user_fields = array( 'ID', 'user_login', 'user_email', 'user_registered');
331
  $user_query = new WP_User_Query(array('meta_key' => 'aiowps_account_status', 'meta_value' => $status, 'fields' => $user_fields));
338
  $temp_array['account_status'] = get_user_meta($temp_array['ID'], 'aiowps_account_status', true);
339
  $ip = get_user_meta($temp_array['ID'], 'aiowps_registrant_ip', true);
340
  $temp_array['ip_address'] = empty($ip)?'':$ip;
341
+ if(empty($search)) {
342
+ $final_data[] = $temp_array;
343
+ } else {
344
+ $input = preg_quote($search, '~'); // don't forget to quote input string!
345
+
346
+ $result = preg_grep('~' . $input . '~', $temp_array);
347
+ if(!empty($result)) $final_data[] = $temp_array;
348
+ }
349
  }
350
  return $final_data;
351
  }
admin/wp-security-user-accounts-menu.php CHANGED
@@ -116,9 +116,7 @@ class AIOWPSecurity_User_Accounts_Menu extends AIOWPSecurity_Admin_Menu
116
 
117
  if (AIOWPSecurity_Utility::check_user_exists('admin') || AIOWPSecurity_Utility::check_user_exists('Admin'))
118
  {
119
- echo '<div class="aio_red_box"><p>'.__('Your site currently has an account which uses the default "admin" username.
120
- It is highly recommended that you change this name to something else.
121
- Use the following field to change the admin username.', 'all-in-one-wp-security-and-firewall').'</p></div>';
122
  ?>
123
  <form action="" method="POST">
124
  <?php wp_nonce_field('aiowpsec-change-admin-nonce'); ?>
116
 
117
  if (AIOWPSecurity_Utility::check_user_exists('admin') || AIOWPSecurity_Utility::check_user_exists('Admin'))
118
  {
119
+ echo '<div class="aio_red_box"><p>'.__('Your site currently has an account which uses the default "admin" username. It is highly recommended that you change this name to something else. Use the following field to change the admin username.', 'all-in-one-wp-security-and-firewall').'</p></div>';
 
 
120
  ?>
121
  <form action="" method="POST">
122
  <?php wp_nonce_field('aiowpsec-change-admin-nonce'); ?>
admin/wp-security-user-login-menu.php CHANGED
@@ -404,6 +404,8 @@ class AIOWPSecurity_User_Login_Menu extends AIOWPSecurity_Admin_Menu
404
  $failed_login_list->delete_login_failed_records(strip_tags($_REQUEST['failed_login_id']));
405
  }
406
  }
 
 
407
  ?>
408
  <div class="aio_blue_box">
409
  <?php
@@ -420,10 +422,15 @@ class AIOWPSecurity_User_Login_Menu extends AIOWPSecurity_Admin_Menu
420
  $failed_login_list->prepare_items();
421
  //echo "put table of locked entries here";
422
  ?>
423
- <form id="tables-filter" method="get" onSubmit="return confirm('Are you sure you want to perform this bulk operation on the selected entries?');">
424
  <!-- For plugins, we also need to ensure that the form posts back to our current page -->
425
  <input type="hidden" name="page" value="<?php echo esc_attr($_REQUEST['page']); ?>" />
426
- <input type="hidden" name="tab" value="<?php echo esc_attr($_REQUEST['tab']); ?>" />
 
 
 
 
 
427
  <!-- Now we can render the completed list table -->
428
  <?php $failed_login_list->display(); ?>
429
  </form>
@@ -551,10 +558,8 @@ class AIOWPSecurity_User_Login_Menu extends AIOWPSecurity_Admin_Menu
551
  $acct_activity_list->delete_login_activity_records(strip_tags($_REQUEST['activity_login_rec']));
552
  }
553
  }
554
- if (isset($_POST['aiowpsec_export_to_csv'])) {
555
- echo'yo';
556
- die;
557
- }
558
  ?>
559
  <div class="aio_blue_box">
560
  <?php
@@ -571,10 +576,15 @@ class AIOWPSecurity_User_Login_Menu extends AIOWPSecurity_Admin_Menu
571
  $acct_activity_list->prepare_items();
572
  //echo "put table of locked entries here";
573
  ?>
574
- <form id="tables-filter" method="get" onSubmit="return confirm('Are you sure you want to perform this bulk operation on the selected entries?');">
575
  <!-- For plugins, we also need to ensure that the form posts back to our current page -->
576
  <input type="hidden" name="page" value="<?php echo esc_attr($_REQUEST['page']); ?>" />
577
- <input type="hidden" name="tab" value="<?php echo esc_attr($_REQUEST['tab']); ?>" />
 
 
 
 
 
578
  <!-- Now we can render the completed list table -->
579
  <?php $acct_activity_list->display(); ?>
580
  </form>
404
  $failed_login_list->delete_login_failed_records(strip_tags($_REQUEST['failed_login_id']));
405
  }
406
  }
407
+
408
+ AIOWPSecurity_Admin_Menu::display_bulk_result_message();
409
  ?>
410
  <div class="aio_blue_box">
411
  <?php
422
  $failed_login_list->prepare_items();
423
  //echo "put table of locked entries here";
424
  ?>
425
+ <form id="tables-filter" method="get">
426
  <!-- For plugins, we also need to ensure that the form posts back to our current page -->
427
  <input type="hidden" name="page" value="<?php echo esc_attr($_REQUEST['page']); ?>" />
428
+ <?php
429
+ $failed_login_list->search_box('Search', 'search_failed_login');
430
+ if (isset($_REQUEST["tab"])) {
431
+ echo '<input type="hidden" name="tab" value="' . esc_attr($_REQUEST["tab"]) . '" />';
432
+ }
433
+ ?>
434
  <!-- Now we can render the completed list table -->
435
  <?php $failed_login_list->display(); ?>
436
  </form>
558
  $acct_activity_list->delete_login_activity_records(strip_tags($_REQUEST['activity_login_rec']));
559
  }
560
  }
561
+
562
+ AIOWPSecurity_Admin_Menu::display_bulk_result_message();
 
 
563
  ?>
564
  <div class="aio_blue_box">
565
  <?php
576
  $acct_activity_list->prepare_items();
577
  //echo "put table of locked entries here";
578
  ?>
579
+ <form id="tables-filter" method="get">
580
  <!-- For plugins, we also need to ensure that the form posts back to our current page -->
581
  <input type="hidden" name="page" value="<?php echo esc_attr($_REQUEST['page']); ?>" />
582
+ <?php
583
+ $acct_activity_list->search_box('Search', 'search_login_activity');
584
+ if (isset($_REQUEST["tab"])) {
585
+ echo '<input type="hidden" name="tab" value="' . esc_attr($_REQUEST["tab"]) . '" />';
586
+ }
587
+ ?>
588
  <!-- Now we can render the completed list table -->
589
  <?php $acct_activity_list->display(); ?>
590
  </form>
admin/wp-security-user-registration-menu.php CHANGED
@@ -164,11 +164,18 @@ class AIOWPSecurity_User_Registration_Menu extends AIOWPSecurity_Admin_Menu
164
  //Fetch, prepare, sort, and filter our data...
165
  $user_list->prepare_items();
166
  ?>
167
- <form id="tables-filter" method="get" onSubmit="return confirm('Are you sure you want to perform this bulk operation on the selected entries?');">
168
  <!-- For plugins, we also need to ensure that the form posts back to our current page -->
169
  <input type="hidden" name="page" value="<?php echo esc_attr($_REQUEST['page']); ?>" />
 
 
 
 
 
 
170
  <!-- Now we can render the completed list table -->
171
  <?php $user_list->display(); ?>
 
172
  </div></div>
173
  <?php
174
  }
164
  //Fetch, prepare, sort, and filter our data...
165
  $user_list->prepare_items();
166
  ?>
167
+ <form id="tables-filter" method="get">
168
  <!-- For plugins, we also need to ensure that the form posts back to our current page -->
169
  <input type="hidden" name="page" value="<?php echo esc_attr($_REQUEST['page']); ?>" />
170
+ <?php
171
+ $user_list->search_box('Search', 'search_user_registration');
172
+ if (isset($_REQUEST["tab"])) {
173
+ echo '<input type="hidden" name="tab" value="' . esc_attr($_REQUEST["tab"]) . '" />';
174
+ }
175
+ ?>
176
  <!-- Now we can render the completed list table -->
177
  <?php $user_list->display(); ?>
178
+ </form>
179
  </div></div>
180
  <?php
181
  }
classes/wp-security-captcha.php CHANGED
@@ -153,19 +153,31 @@ class AIOWPSecurity_Captcha
153
  */
154
  function maybe_verify_captcha () {
155
  global $aio_wp_security;
156
- if (array_key_exists('aiowps-captcha-answer', $_POST)) {
157
- $captcha_answer = isset($_POST['aiowps-captcha-answer'])?sanitize_text_field($_POST['aiowps-captcha-answer']):'';
158
-
159
- $verify_captcha = $this->verify_math_captcha_answer($captcha_answer);
160
- if ( $verify_captcha === false ) {
161
- return false; // wrong answer was entered
162
- }
163
- } else if (array_key_exists('g-recaptcha-response', $_POST)) {
164
- $g_recaptcha_response = isset($_POST['g-recaptcha-response'])?sanitize_text_field($_POST['g-recaptcha-response']):'';
165
- $verify_captcha = $this->verify_google_recaptcha($g_recaptcha_response);
166
- if($verify_captcha === false) {
167
- return false; // wrong answer was entered
168
- }
 
 
 
 
 
 
 
 
 
 
 
 
169
  }
170
  return true;
171
  }
153
  */
154
  function maybe_verify_captcha () {
155
  global $aio_wp_security;
156
+ if($aio_wp_security->configs->get_value('aiowps_enable_login_captcha') && $aio_wp_security->configs->get_value('aiowps_default_recaptcha')){
157
+ //Google reCaptcha enabled
158
+ if (array_key_exists('g-recaptcha-response', $_POST)) {
159
+ $g_recaptcha_response = isset($_POST['g-recaptcha-response'])?sanitize_text_field($_POST['g-recaptcha-response']):'';
160
+ $verify_captcha = $this->verify_google_recaptcha($g_recaptcha_response);
161
+ if($verify_captcha === false) {
162
+ return false; // wrong answer was entered
163
+ }
164
+ }else {
165
+ //no captcha form data submitted
166
+ return false;
167
+ }
168
+ }else if($aio_wp_security->configs->get_value('aiowps_enable_login_captcha')) {
169
+ // this means basic math captcha is enabled
170
+ if (array_key_exists('aiowps-captcha-answer', $_POST)) {
171
+ $captcha_answer = isset($_POST['aiowps-captcha-answer'])?sanitize_text_field($_POST['aiowps-captcha-answer']):'';
172
+
173
+ $verify_captcha = $this->verify_math_captcha_answer($captcha_answer);
174
+ if ( $verify_captcha === false ) {
175
+ return false; // wrong answer was entered
176
+ }
177
+ } else {
178
+ //no captcha form data submitted
179
+ return false;
180
+ }
181
  }
182
  return true;
183
  }
classes/wp-security-general-init-tasks.php CHANGED
@@ -15,9 +15,10 @@ class AIOWPSecurity_General_Init_Tasks
15
 
16
  add_action( 'permalink_structure_changed', array(&$this, 'refresh_firewall_rules' ), 10, 2);
17
 
18
- if ($aio_wp_security->configs->get_value('aiowps_enable_autoblock_spam_ip') == '1') {
19
- AIOWPSecurity_Blocking::check_visitor_ip_and_perform_blocking();
20
 
 
21
  //add_action( 'spammed_comment', array(&$this, 'process_spammed_comment' )); //this hook gets fired when admin marks comment as spam
22
  //add_action( 'akismet_submit_spam_comment', array(&$this, 'process_akismet_submit_spam_comment' ), 10, 2); //this hook gets fired when akismet marks a comment as spam
23
  add_action( 'comment_post', array(&$this, 'spam_detect_process_comment_post' ), 10, 2); //this hook gets fired just after comment is saved to DB
15
 
16
  add_action( 'permalink_structure_changed', array(&$this, 'refresh_firewall_rules' ), 10, 2);
17
 
18
+ // Check permanent block list and block if applicable (ie, do PHP blocking)
19
+ AIOWPSecurity_Blocking::check_visitor_ip_and_perform_blocking();
20
 
21
+ if ($aio_wp_security->configs->get_value('aiowps_enable_autoblock_spam_ip') == '1') {
22
  //add_action( 'spammed_comment', array(&$this, 'process_spammed_comment' )); //this hook gets fired when admin marks comment as spam
23
  //add_action( 'akismet_submit_spam_comment', array(&$this, 'process_akismet_submit_spam_comment' ), 10, 2); //this hook gets fired when akismet marks a comment as spam
24
  add_action( 'comment_post', array(&$this, 'spam_detect_process_comment_post' ), 10, 2); //this hook gets fired just after comment is saved to DB
classes/wp-security-process-renamed-login-page.php CHANGED
@@ -208,8 +208,14 @@ class AIOWPSecurity_Process_Renamed_Login_Page
208
  //if user is already logged in but tries to access the renamed login page, send them to the dashboard
209
  AIOWPSecurity_Utility::redirect_to_url(AIOWPSEC_WP_URL."/wp-admin");
210
  }else{
 
211
  status_header( 200 );
212
- require_once(AIO_WP_SECURITY_PATH . '/other-includes/wp-security-rename-login-feature.php' );
 
 
 
 
 
213
  die;
214
  }
215
  }
208
  //if user is already logged in but tries to access the renamed login page, send them to the dashboard
209
  AIOWPSecurity_Utility::redirect_to_url(AIOWPSEC_WP_URL."/wp-admin");
210
  }else{
211
+ global $wp_version;
212
  status_header( 200 );
213
+ if ( version_compare( $wp_version, '5.2', '>=' ) ) {
214
+ require_once(AIO_WP_SECURITY_PATH . '/other-includes/wp-security-rename-login-feature.php' );
215
+ } else {
216
+ require_once(AIO_WP_SECURITY_PATH . '/other-includes/wp-security-rename-login-feature-pre-5-2.php' );
217
+ }
218
+
219
  die;
220
  }
221
  }
classes/wp-security-utility-file.php CHANGED
@@ -29,7 +29,7 @@ class AIOWPSecurity_Utility_File
29
  array('name'=>'wp-content/plugins/','path'=>ABSPATH."wp-content/plugins",'permissions'=>'0755'),
30
  array('name'=>'wp-admin/','path'=>ABSPATH."wp-admin",'permissions'=>'0755'),
31
  array('name'=>'wp-content/','path'=>ABSPATH."wp-content",'permissions'=>'0755'),
32
- array('name'=>'wp-config.php','path'=>$wp_config_path,'permissions'=>'0644')
33
  //Add as many files or dirs as needed by following the convention above
34
  );
35
 
29
  array('name'=>'wp-content/plugins/','path'=>ABSPATH."wp-content/plugins",'permissions'=>'0755'),
30
  array('name'=>'wp-admin/','path'=>ABSPATH."wp-admin",'permissions'=>'0755'),
31
  array('name'=>'wp-content/','path'=>ABSPATH."wp-content",'permissions'=>'0755'),
32
+ array('name'=>'wp-config.php','path'=>$wp_config_path,'permissions'=>'0640')
33
  //Add as many files or dirs as needed by following the convention above
34
  );
35
 
classes/wp-security-utility-ip-address.php CHANGED
@@ -76,7 +76,7 @@ class AIOWPSecurity_Utility_IP
76
 
77
  static function create_ip_list_array_from_string_with_newline($ip_addresses)
78
  {
79
- $ip_list_array = explode(PHP_EOL, $ip_addresses);
80
  return $ip_list_array;
81
  }
82
 
@@ -220,6 +220,8 @@ class AIOWPSecurity_Utility_IP
220
 
221
  $ip_list_array = AIOWPSecurity_Utility_IP::create_ip_list_array_from_string_with_newline($whitelisted_ips);
222
 
 
 
223
  $visitor_ipParts = explode('.', $ip_address);
224
  foreach ($ip_list_array as $white_ip){
225
  $ipParts = explode('.', $white_ip);
76
 
77
  static function create_ip_list_array_from_string_with_newline($ip_addresses)
78
  {
79
+ $ip_list_array = preg_split("/\R/", $ip_addresses);
80
  return $ip_list_array;
81
  }
82
 
220
 
221
  $ip_list_array = AIOWPSecurity_Utility_IP::create_ip_list_array_from_string_with_newline($whitelisted_ips);
222
 
223
+ if(empty($ip_list_array)) return false;
224
+
225
  $visitor_ipParts = explode('.', $ip_address);
226
  foreach ($ip_list_array as $white_ip){
227
  $ipParts = explode('.', $white_ip);
css/wp-security-admin-styles.css CHANGED
@@ -397,3 +397,19 @@
397
  vertical-align: baseline;
398
  white-space: nowrap;
399
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
397
  vertical-align: baseline;
398
  white-space: nowrap;
399
  }
400
+
401
+ /* Fix for wp list table nav buttons style messed up in 5.1 */
402
+ .tablenav .tablenav-pages .pagination-links a {
403
+ display: inline-block;
404
+ padding: 4px 5px 6px;
405
+ font-size: 16px;
406
+ line-height: 1;
407
+ text-align: center;
408
+ text-decoration: none;
409
+ }
410
+
411
+ .tablenav .tablenav-pages .pagination-links a {
412
+ min-width: 17px;
413
+ border: 1px solid #ccc;
414
+ background: #f7f7f7;
415
+ }
other-includes/wp-security-rename-login-feature-pre-5-2.php ADDED
@@ -0,0 +1,1136 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * WordPress User Page
4
+ *
5
+ * Handles authentication, registering, resetting passwords, forgot password,
6
+ * and other user handling.
7
+ *
8
+ * @package WordPress
9
+ */
10
+
11
+
12
+ // Redirect to https login if forced to use SSL
13
+ if ( force_ssl_admin() && ! is_ssl() ) {
14
+ if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
15
+ wp_safe_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
16
+ exit();
17
+ } else {
18
+ wp_safe_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
19
+ exit();
20
+ }
21
+ }
22
+
23
+ /**
24
+ * Output the login page header.
25
+ *
26
+ * @param string $title Optional. WordPress login Page title to display in the `<title>` element.
27
+ * Default 'Log In'.
28
+ * @param string $message Optional. Message to display in header. Default empty.
29
+ * @param WP_Error $wp_error Optional. The error to pass. Default empty.
30
+ */
31
+ function login_header( $title = 'Log In', $message = '', $wp_error = '' ) {
32
+ global $error, $interim_login, $action;
33
+
34
+ // Don't index any of these forms
35
+ add_action( 'login_head', 'wp_no_robots' );
36
+
37
+ add_action( 'login_head', 'wp_login_viewport_meta' );
38
+
39
+ if ( empty($wp_error) )
40
+ $wp_error = new WP_Error();
41
+
42
+ // Shake it!
43
+ $shake_error_codes = array( 'empty_password', 'empty_email', 'invalid_email', 'invalidcombo', 'empty_username', 'invalid_username', 'incorrect_password' );
44
+ /**
45
+ * Filter the error codes array for shaking the login form.
46
+ *
47
+ * @since 3.0.0
48
+ *
49
+ * @param array $shake_error_codes Error codes that shake the login form.
50
+ */
51
+ $shake_error_codes = apply_filters( 'shake_error_codes', $shake_error_codes );
52
+
53
+ if ( $shake_error_codes && $wp_error->get_error_code() && in_array( $wp_error->get_error_code(), $shake_error_codes ) )
54
+ add_action( 'login_head', 'wp_shake_js', 12 );
55
+
56
+ $login_title = get_bloginfo( 'name', 'display' );
57
+
58
+ /* translators: Login screen title. 1: Login screen name, 2: Network or site name */
59
+ $login_title = sprintf( __( '%1$s &lsaquo; %2$s &#8212; WordPress' ), $title, $login_title );
60
+
61
+ /**
62
+ * Filters the title tag content for login page.
63
+ *
64
+ * @since 4.9.0
65
+ *
66
+ * @param string $login_title The page title, with extra context added.
67
+ * @param string $title The original page title.
68
+ */
69
+ $login_title = apply_filters( 'login_title', $login_title, $title );
70
+
71
+ ?><!DOCTYPE html>
72
+ <!--[if IE 8]>
73
+ <html xmlns="http://www.w3.org/1999/xhtml" class="ie8" <?php language_attributes(); ?>>
74
+ <![endif]-->
75
+ <!--[if !(IE 8) ]><!-->
76
+ <html xmlns="http://www.w3.org/1999/xhtml" <?php language_attributes(); ?>>
77
+ <!--<![endif]-->
78
+ <head>
79
+ <meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" />
80
+ <title><?php echo $login_title; ?></title>
81
+ <?php
82
+
83
+ wp_enqueue_style( 'login' );
84
+
85
+ /*
86
+ * Remove all stored post data on logging out.
87
+ * This could be added by add_action('login_head'...) like wp_shake_js(),
88
+ * but maybe better if it's not removable by plugins
89
+ */
90
+ if ( 'loggedout' == $wp_error->get_error_code() ) {
91
+ ?>
92
+ <script>if("sessionStorage" in window){try{for(var key in sessionStorage){if(key.indexOf("wp-autosave-")!=-1){sessionStorage.removeItem(key)}}}catch(e){}};</script>
93
+ <?php
94
+ }
95
+
96
+ /**
97
+ * Enqueue scripts and styles for the login page.
98
+ *
99
+ * @since 3.1.0
100
+ */
101
+ do_action( 'login_enqueue_scripts' );
102
+
103
+ /**
104
+ * Fires in the login page header after scripts are enqueued.
105
+ *
106
+ * @since 2.1.0
107
+ */
108
+ do_action( 'login_head' );
109
+
110
+ if ( is_multisite() ) {
111
+ $login_header_url = network_home_url();
112
+ $login_header_title = get_network()->site_name;
113
+ } else {
114
+ $login_header_url = __( 'https://wordpress.org/' );
115
+ $login_header_title = __( 'Powered by WordPress' );
116
+ }
117
+
118
+ /**
119
+ * Filter link URL of the header logo above login form.
120
+ *
121
+ * @since 2.1.0
122
+ *
123
+ * @param string $login_header_url Login header logo URL.
124
+ */
125
+ $login_header_url = apply_filters( 'login_headerurl', $login_header_url );
126
+
127
+ /**
128
+ * Filter the title attribute of the header logo above login form.
129
+ *
130
+ * @since 2.1.0
131
+ *
132
+ * @param string $login_header_title Login header logo title attribute.
133
+ */
134
+ $login_header_title = apply_filters( 'login_headertitle', $login_header_title );
135
+
136
+ /*
137
+ * To match the URL/title set above, Multisite sites have the blog name,
138
+ * while single sites get the header title.
139
+ */
140
+ if ( is_multisite() ) {
141
+ $login_header_text = get_bloginfo( 'name', 'display' );
142
+ } else {
143
+ $login_header_text = $login_header_title;
144
+ }
145
+
146
+ $classes = array( 'login-action-' . $action, 'wp-core-ui' );
147
+ if ( is_rtl() )
148
+ $classes[] = 'rtl';
149
+ if ( $interim_login ) {
150
+ $classes[] = 'interim-login';
151
+ ?>
152
+ <style type="text/css">html{background-color: transparent;}</style>
153
+ <?php
154
+
155
+ if ( 'success' === $interim_login )
156
+ $classes[] = 'interim-login-success';
157
+ }
158
+ $classes[] =' locale-' . sanitize_html_class( strtolower( str_replace( '_', '-', get_locale() ) ) );
159
+
160
+ /**
161
+ * Filter the login page body classes.
162
+ *
163
+ * @since 3.5.0
164
+ *
165
+ * @param array $classes An array of body classes.
166
+ * @param string $action The action that brought the visitor to the login page.
167
+ */
168
+ $classes = apply_filters( 'login_body_class', $classes, $action );
169
+
170
+ ?>
171
+ </head>
172
+ <body class="login <?php echo esc_attr( implode( ' ', $classes ) ); ?>">
173
+ <?php
174
+ /**
175
+ * Fires in the login page header after the body tag is opened.
176
+ *
177
+ * @since 4.6.0
178
+ */
179
+ do_action( 'login_header' );
180
+ ?>
181
+ <div id="login">
182
+ <h1><a href="<?php echo esc_url( $login_header_url ); ?>" title="<?php echo esc_attr( $login_header_title ); ?>" tabindex="-1"><?php echo $login_header_text; ?></a></h1>
183
+ <?php
184
+
185
+ unset( $login_header_url, $login_header_title );
186
+
187
+ /**
188
+ * Filter the message to display above the login form.
189
+ *
190
+ * @since 2.1.0
191
+ *
192
+ * @param string $message Login message text.
193
+ */
194
+
195
+ $message = apply_filters( 'login_message', $message );
196
+ if ( !empty( $message ) )
197
+ echo $message . "\n";
198
+
199
+ // In case a plugin uses $error rather than the $wp_errors object
200
+ if ( !empty( $error ) ) {
201
+ $wp_error->add('error', $error);
202
+ unset($error);
203
+ }
204
+
205
+ if ( $wp_error->get_error_code() ) {
206
+ $errors = '';
207
+ $messages = '';
208
+ foreach ( $wp_error->get_error_codes() as $code ) {
209
+ $severity = $wp_error->get_error_data( $code );
210
+ foreach ( $wp_error->get_error_messages( $code ) as $error_message ) {
211
+ if ( 'message' == $severity )
212
+ $messages .= ' ' . $error_message . "<br />\n";
213
+ else
214
+ $errors .= ' ' . $error_message . "<br />\n";
215
+ }
216
+ }
217
+ if ( ! empty( $errors ) ) {
218
+ /**
219
+ * Filter the error messages displayed above the login form.
220
+ *
221
+ * @since 2.1.0
222
+ *
223
+ * @param string $errors Login error message.
224
+ */
225
+ echo '<div id="login_error">' . apply_filters( 'login_errors', $errors ) . "</div>\n";
226
+ }
227
+ if ( ! empty( $messages ) ) {
228
+ /**
229
+ * Filter instructional messages displayed above the login form.
230
+ *
231
+ * @since 2.5.0
232
+ *
233
+ * @param string $messages Login messages.
234
+ */
235
+ echo '<p class="message">' . apply_filters( 'login_messages', $messages ) . "</p>\n";
236
+ }
237
+ }
238
+ } // End of login_header()
239
+
240
+ /**
241
+ * Outputs the footer for the login page.
242
+ *
243
+ * @param string $input_id Which input to auto-focus
244
+ */
245
+ function login_footer($input_id = '') {
246
+ global $interim_login;
247
+
248
+ // Don't allow interim logins to navigate away from the page.
249
+ if ( ! $interim_login ): ?>
250
+ <p id="backtoblog"><a href="<?php echo esc_url( home_url( '/' ) ); ?>"><?php
251
+ /* translators: %s: site title */
252
+ printf( _x( '&larr; Back to %s', 'site' ), get_bloginfo( 'title', 'display' ) );
253
+ ?></a></p>
254
+ <?php
255
+ if(function_exists('the_privacy_policy_link')){
256
+ the_privacy_policy_link( '<div class="privacy-policy-page-link">', '</div>' );
257
+ }
258
+ ?>
259
+ <?php endif; ?>
260
+
261
+ </div>
262
+
263
+ <?php if ( !empty($input_id) ) : ?>
264
+ <script type="text/javascript">
265
+ try{document.getElementById('<?php echo $input_id; ?>').focus();}catch(e){}
266
+ if(typeof wpOnload=='function')wpOnload();
267
+ </script>
268
+ <?php endif; ?>
269
+
270
+ <?php
271
+ /**
272
+ * Fires in the login page footer.
273
+ *
274
+ * @since 3.1.0
275
+ */
276
+ do_action( 'login_footer' ); ?>
277
+ <div class="clear"></div>
278
+ </body>
279
+ </html>
280
+ <?php
281
+ }
282
+
283
+ /**
284
+ * @since 3.0.0
285
+ */
286
+ function wp_shake_js() {
287
+ ?>
288
+ <script type="text/javascript">
289
+ addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
290
+ function s(id,pos){g(id).left=pos+'px';}
291
+ function g(id){return document.getElementById(id).style;}
292
+ function shake(id,a,d){c=a.shift();s(id,c);if(a.length>0){setTimeout(function(){shake(id,a,d);},d);}else{try{g(id).position='static';wp_attempt_focus();}catch(e){}}}
293
+ addLoadEvent(function(){ var p=new Array(15,30,15,0,-15,-30,-15,0);p=p.concat(p.concat(p));var i=document.forms[0].id;g(i).position='relative';shake(i,p,20);});
294
+ </script>
295
+ <?php
296
+ }
297
+
298
+ /**
299
+ * @since 3.7.0
300
+ */
301
+ function wp_login_viewport_meta() {
302
+ ?>
303
+ <meta name="viewport" content="width=device-width" />
304
+ <?php
305
+ }
306
+
307
+ /**
308
+ * Handles sending password retrieval email to user.
309
+ *
310
+ * @return bool|WP_Error True: when finish. WP_Error on error
311
+ */
312
+ function retrieve_password() {
313
+ $errors = new WP_Error();
314
+
315
+ if ( empty( $_POST['user_login'] ) || ! is_string( $_POST['user_login'] ) ) {
316
+ $errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or email address.' ));
317
+ } elseif ( strpos( $_POST['user_login'], '@' ) ) {
318
+ $user_data = get_user_by( 'email', trim( wp_unslash( $_POST['user_login'] ) ) );
319
+ if ( empty( $user_data ) )
320
+ $errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.' ));
321
+ } else {
322
+ $login = trim($_POST['user_login']);
323
+ $user_data = get_user_by('login', $login);
324
+ }
325
+
326
+ /**
327
+ * Fires before errors are returned from a password reset request.
328
+ *
329
+ * @since 2.1.0
330
+ * @since 4.4.0 Added the `$errors` parameter.
331
+ *
332
+ * @param WP_Error $errors A WP_Error object containing any errors generated
333
+ * by using invalid credentials.
334
+ */
335
+ do_action( 'lostpassword_post', $errors );
336
+
337
+ if ( $errors->get_error_code() )
338
+ return $errors;
339
+
340
+ if ( !$user_data ) {
341
+ $errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or email.' ));
342
+ return $errors;
343
+ }
344
+
345
+ // Redefining user_login ensures we return the right case in the email.
346
+ $user_login = $user_data->user_login;
347
+ $user_email = $user_data->user_email;
348
+ $key = get_password_reset_key( $user_data );
349
+
350
+ if ( is_wp_error( $key ) ) {
351
+ return $key;
352
+ }
353
+
354
+ if ( is_multisite() ) {
355
+ $site_name = get_network()->site_name;
356
+ } else {
357
+ /*
358
+ * The blogname option is escaped with esc_html on the way into the database
359
+ * in sanitize_option we want to reverse this for the plain text arena of emails.
360
+ */
361
+ $site_name = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
362
+ }
363
+
364
+ $message = __( 'Someone has requested a password reset for the following account:' ) . "\r\n\r\n";
365
+ /* translators: %s: site name */
366
+ $message .= sprintf( __( 'Site Name: %s'), $site_name ) . "\r\n\r\n";
367
+ /* translators: %s: user login */
368
+ $message .= sprintf( __( 'Username: %s'), $user_login ) . "\r\n\r\n";
369
+ $message .= __( 'If this was a mistake, just ignore this email and nothing will happen.' ) . "\r\n\r\n";
370
+ $message .= __( 'To reset your password, visit the following address:' ) . "\r\n\r\n";
371
+ $message .= '<' . network_site_url( "wp-login.php?action=rp&key=$key&login=" . rawurlencode( $user_login ), 'login' ) . ">\r\n";
372
+
373
+ /* translators: Password reset email subject. %s: Site name */
374
+ $title = sprintf( __( '[%s] Password Reset' ), $site_name );
375
+
376
+ /**
377
+ * Filters the subject of the password reset email.
378
+ *
379
+ * @since 2.8.0
380
+ * @since 4.4.0 Added the `$user_login` and `$user_data` parameters.
381
+ *
382
+ * @param string $title Default email title.
383
+ * @param string $user_login The username for the user.
384
+ * @param WP_User $user_data WP_User object.
385
+ */
386
+ $title = apply_filters( 'retrieve_password_title', $title, $user_login, $user_data );
387
+
388
+ /**
389
+ * Filter the message body of the password reset mail.
390
+ *
391
+ * If the filtered message is empty, the password reset email will not be sent.
392
+ *
393
+ * @since 2.8.0
394
+ * @since 4.1.0 Added `$user_login` and `$user_data` parameters.
395
+ *
396
+ * @param string $message Default mail message.
397
+ * @param string $key The activation key.
398
+ * @param string $user_login The username for the user.
399
+ * @param WP_User $user_data WP_User object.
400
+ */
401
+ $message = apply_filters( 'retrieve_password_message', $message, $key, $user_login, $user_data );
402
+
403
+ if ( $message && !wp_mail( $user_email, wp_specialchars_decode( $title ), $message ) )
404
+ wp_die( __('The email could not be sent.' ) . "<br />\n" . __('Possible reason: your host may have disabled the mail() function.' ) );
405
+
406
+ return true;
407
+ }
408
+
409
+ //
410
+ // Main
411
+ //
412
+
413
+ $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'login';
414
+ $errors = new WP_Error();
415
+
416
+ if ( isset($_GET['key']) )
417
+ $action = 'resetpass';
418
+
419
+ // validate action so as to default to the login screen
420
+ if ( !in_array( $action, array( 'postpass', 'logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login', 'confirmaction' ), true ) && false === has_filter( 'login_form_' . $action ) )
421
+ $action = 'login';
422
+
423
+ nocache_headers();
424
+
425
+ header('Content-Type: '.get_bloginfo('html_type').'; charset='.get_bloginfo('charset'));
426
+
427
+ if ( defined( 'RELOCATE' ) && RELOCATE ) { // Move flag is set
428
+ if ( isset( $_SERVER['PATH_INFO'] ) && ($_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) )
429
+ $_SERVER['PHP_SELF'] = str_replace( $_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF'] );
430
+
431
+ $url = dirname( set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] ) );
432
+ if ( $url != get_option( 'siteurl' ) )
433
+ update_option( 'siteurl', $url );
434
+ }
435
+
436
+ //Set a cookie now to see if they are supported by the browser.
437
+ $secure = ( 'https' === parse_url( wp_login_url(), PHP_URL_SCHEME ) );
438
+ setcookie( TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN, $secure );
439
+ if ( SITECOOKIEPATH != COOKIEPATH )
440
+ setcookie( TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN, $secure );
441
+
442
+ $lang = ! empty( $_GET['wp_lang'] ) ? sanitize_text_field( $_GET['wp_lang'] ) : '';
443
+ $switched_locale = switch_to_locale( $lang );
444
+
445
+ /**
446
+ * Fires when the login form is initialized.
447
+ *
448
+ * @since 3.2.0
449
+ */
450
+ do_action( 'login_init' );
451
+
452
+ /**
453
+ * Fires before a specified login form action.
454
+ *
455
+ * The dynamic portion of the hook name, `$action`, refers to the action
456
+ * that brought the visitor to the login form. Actions include 'postpass',
457
+ * 'logout', 'lostpassword', etc.
458
+ *
459
+ * @since 2.8.0
460
+ */
461
+ do_action( "login_form_{$action}" );
462
+
463
+ $http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
464
+ $interim_login = isset($_REQUEST['interim-login']);
465
+
466
+ /**
467
+ * Filters the separator used between login form navigation links.
468
+ *
469
+ * @since 4.9.0
470
+ *
471
+ * @param string $login_link_separator The separator used between login form navigation links.
472
+ */
473
+ $login_link_separator = apply_filters( 'login_link_separator', ' | ' );
474
+
475
+ switch ($action) {
476
+
477
+ case 'postpass' :
478
+ if ( ! array_key_exists( 'post_password', $_POST ) ) {
479
+ wp_safe_redirect( wp_get_referer() );
480
+ exit();
481
+ }
482
+
483
+ require_once ABSPATH . WPINC . '/class-phpass.php';
484
+ $hasher = new PasswordHash( 8, true );
485
+
486
+ /**
487
+ * Filter the life span of the post password cookie.
488
+ *
489
+ * By default, the cookie expires 10 days from creation. To turn this
490
+ * into a session cookie, return 0.
491
+ *
492
+ * @since 3.7.0
493
+ *
494
+ * @param int $expires The expiry time, as passed to setcookie().
495
+ */
496
+ $expire = apply_filters( 'post_password_expires', time() + 10 * DAY_IN_SECONDS );
497
+ $referer = wp_get_referer();
498
+ if ( $referer ) {
499
+ $secure = ( 'https' === parse_url( $referer, PHP_URL_SCHEME ) );
500
+ } else {
501
+ $secure = false;
502
+ }
503
+ setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure );
504
+
505
+ if ( $switched_locale ) {
506
+ restore_previous_locale();
507
+ }
508
+
509
+ wp_safe_redirect( wp_get_referer() );
510
+ exit();
511
+
512
+ case 'logout' :
513
+ check_admin_referer('log-out');
514
+
515
+ $user = wp_get_current_user();
516
+
517
+ wp_logout();
518
+
519
+ if ( ! empty( $_REQUEST['redirect_to'] ) ) {
520
+ $redirect_to = $requested_redirect_to = $_REQUEST['redirect_to'];
521
+ } else {
522
+ $redirect_to = 'wp-login.php?loggedout=true';
523
+ $requested_redirect_to = '';
524
+ }
525
+
526
+ if ( $switched_locale ) {
527
+ restore_previous_locale();
528
+ }
529
+
530
+ /**
531
+ * Filter the log out redirect URL.
532
+ *
533
+ * @since 4.2.0
534
+ *
535
+ * @param string $redirect_to The redirect destination URL.
536
+ * @param string $requested_redirect_to The requested redirect destination URL passed as a parameter.
537
+ * @param WP_User $user The WP_User object for the user that's logging out.
538
+ */
539
+ $redirect_to = apply_filters( 'logout_redirect', $redirect_to, $requested_redirect_to, $user );
540
+ wp_safe_redirect( $redirect_to );
541
+ exit();
542
+
543
+ case 'lostpassword' :
544
+ case 'retrievepassword' :
545
+
546
+ if ( $http_post ) {
547
+ $errors = retrieve_password();
548
+ if ( !is_wp_error($errors) ) {
549
+ $redirect_to = !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : 'wp-login.php?checkemail=confirm';
550
+ wp_safe_redirect( $redirect_to );
551
+ exit();
552
+ }
553
+ }
554
+
555
+ if ( isset( $_GET['error'] ) ) {
556
+ if ( 'invalidkey' == $_GET['error'] ) {
557
+ $errors->add( 'invalidkey', __( 'Your password reset link appears to be invalid. Please request a new link below.' ) );
558
+ } elseif ( 'expiredkey' == $_GET['error'] ) {
559
+ $errors->add( 'expiredkey', __( 'Your password reset link has expired. Please request a new link below.' ) );
560
+ }
561
+ }
562
+
563
+ $lostpassword_redirect = ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
564
+ /**
565
+ * Filter the URL redirected to after submitting the lostpassword/retrievepassword form.
566
+ *
567
+ * @since 3.0.0
568
+ *
569
+ * @param string $lostpassword_redirect The redirect destination URL.
570
+ */
571
+ $redirect_to = apply_filters( 'lostpassword_redirect', $lostpassword_redirect );
572
+
573
+ /**
574
+ * Fires before the lost password form.
575
+ *
576
+ * @since 1.5.1
577
+ */
578
+ do_action( 'lost_password' );
579
+
580
+ login_header(__('Lost Password' ), '<p class="message">' . __('Please enter your username or email address. You will receive a link to create a new password via email.' ) . '</p>', $errors);
581
+
582
+ $user_login = '';
583
+
584
+ if ( isset( $_POST['user_login'] ) && is_string( $_POST['user_login'] ) ) {
585
+ $user_login = wp_unslash( $_POST['user_login'] );
586
+ }
587
+
588
+ ?>
589
+
590
+ <form name="lostpasswordform" id="lostpasswordform" action="<?php echo esc_url( network_site_url( 'wp-login.php?action=lostpassword', 'login_post' ) ); ?>" method="post">
591
+ <p>
592
+ <label for="user_login" ><?php _e('Username or Email Address'); ?><br />
593
+ <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label>
594
+ </p>
595
+ <?php
596
+ /**
597
+ * Fires inside the lostpassword form tags, before the hidden fields.
598
+ *
599
+ * @since 2.1.0
600
+ */
601
+ do_action( 'lostpassword_form' ); ?>
602
+ <input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />
603
+ <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Get New Password'); ?>" /></p>
604
+ </form>
605
+
606
+ <p id="nav">
607
+ <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e('Log in') ?></a>
608
+ <?php
609
+ if ( get_option( 'users_can_register' ) ) :
610
+ $registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) );
611
+
612
+ echo esc_html( $login_link_separator );
613
+
614
+ /** This filter is documented in wp-includes/general-template.php */
615
+ echo apply_filters( 'register', $registration_url );
616
+ endif;
617
+ ?>
618
+ </p>
619
+
620
+ <?php
621
+ login_footer('user_login');
622
+
623
+ if ( $switched_locale ) {
624
+ restore_previous_locale();
625
+ }
626
+
627
+ break;
628
+
629
+ case 'resetpass' :
630
+ case 'rp' :
631
+ list( $rp_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) );
632
+ $rp_cookie = 'wp-resetpass-' . COOKIEHASH;
633
+ if ( isset( $_GET['key'] ) ) {
634
+ $value = sprintf( '%s:%s', wp_unslash( $_GET['login'] ), wp_unslash( $_GET['key'] ) );
635
+ setcookie( $rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
636
+ wp_safe_redirect( remove_query_arg( array( 'key', 'login' ) ) );
637
+ exit;
638
+ }
639
+
640
+ if ( isset( $_COOKIE[ $rp_cookie ] ) && 0 < strpos( $_COOKIE[ $rp_cookie ], ':' ) ) {
641
+ list( $rp_login, $rp_key ) = explode( ':', wp_unslash( $_COOKIE[ $rp_cookie ] ), 2 );
642
+ $user = check_password_reset_key( $rp_key, $rp_login );
643
+ if ( isset( $_POST['pass1'] ) && ! hash_equals( $rp_key, $_POST['rp_key'] ) ) {
644
+ $user = false;
645
+ }
646
+ } else {
647
+ $user = false;
648
+ }
649
+
650
+ if ( ! $user || is_wp_error( $user ) ) {
651
+ setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
652
+ if ( $user && $user->get_error_code() === 'expired_key' )
653
+ wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=expiredkey' ) );
654
+ else
655
+ wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=invalidkey' ) );
656
+ exit;
657
+ }
658
+
659
+ $errors = new WP_Error();
660
+
661
+ if ( isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2'] )
662
+ $errors->add( 'password_reset_mismatch', __( 'The passwords do not match.' ) );
663
+
664
+ /**
665
+ * Fires before the password reset procedure is validated.
666
+ *
667
+ * @since 3.5.0
668
+ *
669
+ * @param object $errors WP Error object.
670
+ * @param WP_User|WP_Error $user WP_User object if the login and reset key match. WP_Error object otherwise.
671
+ */
672
+ do_action( 'validate_password_reset', $errors, $user );
673
+
674
+ if ( ( ! $errors->get_error_code() ) && isset( $_POST['pass1'] ) && !empty( $_POST['pass1'] ) ) {
675
+ reset_password($user, $_POST['pass1']);
676
+ setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
677
+ login_header( __( 'Password Reset' ), '<p class="message reset-pass">' . __( 'Your password has been reset.' ) . ' <a href="' . esc_url( wp_login_url() ) . '">' . __( 'Log in' ) . '</a></p>' );
678
+ login_footer();
679
+ exit;
680
+ }
681
+
682
+ wp_enqueue_script('utils');
683
+ wp_enqueue_script('user-profile');
684
+
685
+ login_header(__('Reset Password' ), '<p class="message reset-pass">' . __('Enter your new password below.' ) . '</p>', $errors );
686
+
687
+ ?>
688
+ <form name="resetpassform" id="resetpassform" action="<?php echo esc_url( network_site_url( 'wp-login.php?action=resetpass', 'login_post' ) ); ?>" method="post" autocomplete="off">
689
+ <input type="hidden" id="user_login" value="<?php echo esc_attr( $rp_login ); ?>" autocomplete="off" />
690
+
691
+ <div class="user-pass1-wrap">
692
+ <p>
693
+ <label for="pass1"><?php _e( 'New password' ) ?></label>
694
+ </p>
695
+
696
+ <div class="wp-pwd">
697
+ <div class="password-input-wrapper">
698
+ <input type="password" data-reveal="1" data-pw="<?php echo esc_attr( wp_generate_password( 16 ) ); ?>" name="pass1" id="pass1" class="input password-input" size="24" value="" autocomplete="off" aria-describedby="pass-strength-result" />
699
+ <span class="button button-secondary wp-hide-pw hide-if-no-js">
700
+ <span class="dashicons dashicons-hidden"></span>
701
+ </span>
702
+ </div>
703
+ <div id="pass-strength-result" class="hide-if-no-js" aria-live="polite"><?php _e( 'Strength indicator' ); ?></div>
704
+ </div>
705
+ <div class="pw-weak">
706
+ <label>
707
+ <input type="checkbox" name="pw_weak" class="pw-checkbox" />
708
+ <?php _e( 'Confirm use of weak password' ); ?>
709
+ </label>
710
+ </div>
711
+ </div>
712
+ <p class="user-pass2-wrap">
713
+ <label for="pass2"><?php _e('Confirm new password') ?></label><br />
714
+ <input type="password" name="pass2" id="pass2" class="input" size="20" value="" autocomplete="off" />
715
+ </p>
716
+
717
+ <p class="description indicator-hint"><?php echo wp_get_password_hint(); ?></p>
718
+ <br class="clear" />
719
+
720
+ <?php
721
+ /**
722
+ * Fires following the 'Strength indicator' meter in the user password reset form.
723
+ *
724
+ * @since 3.9.0
725
+ *
726
+ * @param WP_User $user User object of the user whose password is being reset.
727
+ */
728
+ do_action( 'resetpass_form', $user );
729
+ ?>
730
+ <input type="hidden" name="rp_key" value="<?php echo esc_attr( $rp_key ); ?>" />
731
+ <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Reset Password'); ?>" /></p>
732
+ </form>
733
+
734
+ <p id="nav">
735
+ <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log in' ); ?></a>
736
+ <?php
737
+ if ( get_option( 'users_can_register' ) ) :
738
+ $registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) );
739
+
740
+ echo esc_html( $login_link_separator );
741
+
742
+ /** This filter is documented in wp-includes/general-template.php */
743
+ echo apply_filters( 'register', $registration_url );
744
+ endif;
745
+ ?>
746
+ </p>
747
+
748
+ <?php
749
+ login_footer('user_pass');
750
+
751
+ if ( $switched_locale ) {
752
+ restore_previous_locale();
753
+ }
754
+
755
+ break;
756
+
757
+ case 'register' :
758
+ if ( is_multisite() ) {
759
+ /**
760
+ * Filter the Multisite sign up URL.
761
+ *
762
+ * @since 3.0.0
763
+ *
764
+ * @param string $sign_up_url The sign up URL.
765
+ */
766
+ wp_redirect( apply_filters( 'wp_signup_location', network_site_url( 'wp-signup.php' ) ) );
767
+ exit;
768
+ }
769
+
770
+ if ( !get_option('users_can_register') ) {
771
+ wp_redirect( site_url('wp-login.php?registration=disabled') );
772
+ exit();
773
+ }
774
+
775
+ $user_login = '';
776
+ $user_email = '';
777
+ if ( $http_post ) {
778
+ if ( isset( $_POST['user_login'] ) && is_string( $_POST['user_login'] ) ) {
779
+ $user_login = $_POST['user_login'];
780
+ }
781
+
782
+ if ( isset( $_POST['user_email'] ) && is_string( $_POST['user_email'] ) ) {
783
+ $user_email = wp_unslash( $_POST['user_email'] );
784
+ }
785
+
786
+ $errors = register_new_user($user_login, $user_email);
787
+ if ( !is_wp_error($errors) ) {
788
+ $redirect_to = !empty( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : 'wp-login.php?checkemail=registered';
789
+ wp_safe_redirect( $redirect_to );
790
+ exit();
791
+ }
792
+ }
793
+
794
+ $registration_redirect = ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
795
+ /**
796
+ * Filter the registration redirect URL.
797
+ *
798
+ * @since 3.0.0
799
+ *
800
+ * @param string $registration_redirect The redirect destination URL.
801
+ */
802
+ $redirect_to = apply_filters( 'registration_redirect', $registration_redirect );
803
+ login_header(__('Registration Form' ), '<p class="message register">' . __('Register For This Site' ) . '</p>', $errors);
804
+ ?>
805
+
806
+ <form name="registerform" id="registerform" action="<?php echo esc_url( site_url( 'wp-login.php?action=register', 'login_post' ) ); ?>" method="post" novalidate="novalidate">
807
+ <p>
808
+ <label for="user_login"><?php _e('Username') ?><br />
809
+ <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr(wp_unslash($user_login)); ?>" size="20" /></label>
810
+ </p>
811
+ <p>
812
+ <label for="user_email"><?php _e('Email') ?><br />
813
+ <input type="email" name="user_email" id="user_email" class="input" value="<?php echo esc_attr( wp_unslash( $user_email ) ); ?>" size="25" /></label>
814
+ </p>
815
+ <?php
816
+ /**
817
+ * Fires following the 'Email' field in the user registration form.
818
+ *
819
+ * @since 2.1.0
820
+ */
821
+ do_action( 'register_form' );
822
+ ?>
823
+ <p id="reg_passmail"><?php _e( 'Registration confirmation will be emailed to you.' ); ?></p>
824
+ <br class="clear" />
825
+ <input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />
826
+ <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Register'); ?>" /></p>
827
+ </form>
828
+
829
+ <p id="nav">
830
+ <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log in' ); ?></a>
831
+ <?php echo esc_html( $login_link_separator ); ?>
832
+ <a href="<?php echo esc_url( wp_lostpassword_url() ); ?>"><?php _e( 'Lost your password?' ); ?></a>
833
+ </p>
834
+
835
+ <?php
836
+ login_footer('user_login');
837
+
838
+ if ( $switched_locale ) {
839
+ restore_previous_locale();
840
+ }
841
+
842
+ break;
843
+
844
+ case 'confirmaction' :
845
+ if ( ! isset( $_GET['request_id'] ) ) {
846
+ wp_die( __( 'Invalid request.' ) );
847
+ }
848
+
849
+ $request_id = (int) $_GET['request_id'];
850
+
851
+ if ( isset( $_GET['confirm_key'] ) ) {
852
+ $key = sanitize_text_field( wp_unslash( $_GET['confirm_key'] ) );
853
+ $result = wp_validate_user_request_key( $request_id, $key );
854
+ } else {
855
+ $result = new WP_Error( 'invalid_key', __( 'Invalid key' ) );
856
+ }
857
+
858
+ if ( is_wp_error( $result ) ) {
859
+ wp_die( $result );
860
+ }
861
+
862
+ /**
863
+ * Fires an action hook when the account action has been confirmed by the user.
864
+ *
865
+ * Using this you can assume the user has agreed to perform the action by
866
+ * clicking on the link in the confirmation email.
867
+ *
868
+ * After firing this action hook the page will redirect to wp-login a callback
869
+ * redirects or exits first.
870
+ *
871
+ * @param int $request_id Request ID.
872
+ */
873
+ do_action( 'user_request_action_confirmed', $request_id );
874
+
875
+ $message = _wp_privacy_account_request_confirmed_message( $request_id );
876
+
877
+ login_header( __( 'User action confirmed.' ), $message );
878
+ login_footer();
879
+ exit;
880
+
881
+ case 'login' :
882
+ default:
883
+ $secure_cookie = '';
884
+ $customize_login = isset( $_REQUEST['customize-login'] );
885
+ if ( $customize_login )
886
+ wp_enqueue_script( 'customize-base' );
887
+
888
+ // If the user wants ssl but the session is not ssl, force a secure cookie.
889
+ if ( !empty($_POST['log']) && !force_ssl_admin() ) {
890
+ $user_name = sanitize_user($_POST['log']);
891
+ $user = get_user_by( 'login', $user_name );
892
+
893
+ if ( ! $user && strpos( $user_name, '@' ) ) {
894
+ $user = get_user_by( 'email', $user_name );
895
+ }
896
+
897
+ if ( $user ) {
898
+ if ( get_user_option('use_ssl', $user->ID) ) {
899
+ $secure_cookie = true;
900
+ force_ssl_admin(true);
901
+ }
902
+ }
903
+ }
904
+
905
+ if ( isset( $_REQUEST['redirect_to'] ) ) {
906
+ $redirect_to = $_REQUEST['redirect_to'];
907
+ // Redirect to https if user wants ssl
908
+ if ( $secure_cookie && false !== strpos($redirect_to, 'wp-admin') )
909
+ $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
910
+ } else {
911
+ $redirect_to = admin_url();
912
+ }
913
+
914
+ $reauth = empty($_REQUEST['reauth']) ? false : true;
915
+
916
+ $user = wp_signon( array(), $secure_cookie );
917
+
918
+ if ( empty( $_COOKIE[ LOGGED_IN_COOKIE ] ) ) {
919
+ if ( headers_sent() ) {
920
+ /* translators: 1: Browser cookie documentation URL, 2: Support forums URL */
921
+ $user = new WP_Error( 'test_cookie', sprintf( __( '<strong>ERROR</strong>: Cookies are blocked due to unexpected output. For help, please see <a href="%1$s">this documentation</a> or try the <a href="%2$s">support forums</a>.' ),
922
+ __( 'https://codex.wordpress.org/Cookies' ), __( 'https://wordpress.org/support/' ) ) );
923
+ } elseif ( isset( $_POST['testcookie'] ) && empty( $_COOKIE[ TEST_COOKIE ] ) ) {
924
+ // If cookies are disabled we can't log in even with a valid user+pass
925
+ /* translators: 1: Browser cookie documentation URL */
926
+ $user = new WP_Error( 'test_cookie', sprintf( __( '<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href="%s">enable cookies</a> to use WordPress.' ),
927
+ __( 'https://codex.wordpress.org/Cookies' ) ) );
928
+ }
929
+ }
930
+
931
+ $requested_redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
932
+ /**
933
+ * Filter the login redirect URL.
934
+ *
935
+ * @since 3.0.0
936
+ *
937
+ * @param string $redirect_to The redirect destination URL.
938
+ * @param string $requested_redirect_to The requested redirect destination URL passed as a parameter.
939
+ * @param WP_User|WP_Error $user WP_User object if login was successful, WP_Error object otherwise.
940
+ */
941
+ $redirect_to = apply_filters( 'login_redirect', $redirect_to, $requested_redirect_to, $user );
942
+
943
+ if ( !is_wp_error($user) && !$reauth ) {
944
+ if ( $interim_login ) {
945
+ $message = '<p class="message">' . __('You have logged in successfully.' ) . '</p>';
946
+ $interim_login = 'success';
947
+ login_header( '', $message ); ?>
948
+ </div>
949
+ <?php
950
+ /** This action is documented in wp-login.php */
951
+ do_action( 'login_footer' ); ?>
952
+ <?php if ( $customize_login ) : ?>
953
+ <script type="text/javascript">setTimeout( function(){ new wp.customize.Messenger({ url: '<?php echo wp_customize_url(); ?>', channel: 'login' }).send('login') }, 1000 );</script>
954
+ <?php endif; ?>
955
+ </body></html>
956
+ <?php exit;
957
+ }
958
+
959
+ if ( ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url() ) ) {
960
+ // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
961
+ if ( is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin( $user->ID ) )
962
+ $redirect_to = user_admin_url();
963
+ elseif ( is_multisite() && !$user->has_cap('read') )
964
+ $redirect_to = get_dashboard_url( $user->ID );
965
+ elseif ( !$user->has_cap('edit_posts') )
966
+ $redirect_to = $user->has_cap( 'read' ) ? admin_url( 'profile.php' ) : home_url();
967
+
968
+ wp_redirect( $redirect_to );
969
+ exit();
970
+ }
971
+ wp_safe_redirect($redirect_to);
972
+ exit();
973
+ }
974
+
975
+ $errors = $user;
976
+ // Clear errors if loggedout is set.
977
+ if ( !empty($_GET['loggedout']) || $reauth )
978
+ $errors = new WP_Error();
979
+
980
+ if ( $interim_login ) {
981
+ if ( ! $errors->get_error_code() )
982
+ $errors->add('expired', __('Your session has expired. Please log in to continue where you left off.' ), 'message');
983
+ } else {
984
+ // Some parts of this script use the main login form to display a message
985
+ if ( isset($_GET['loggedout']) && true == $_GET['loggedout'] )
986
+ $errors->add('loggedout', __('You are now logged out.' ), 'message');
987
+ elseif ( isset($_GET['registration']) && 'disabled' == $_GET['registration'] )
988
+ $errors->add('registerdisabled', __('User registration is currently not allowed.' ));
989
+ elseif ( isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail'] )
990
+ $errors->add('confirm', __('Check your email for the confirmation link.' ), 'message');
991
+ elseif ( isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail'] )
992
+ $errors->add('newpass', __('Check your email for your new password.' ), 'message');
993
+ elseif ( isset($_GET['checkemail']) && 'registered' == $_GET['checkemail'] )
994
+ $errors->add('registered', __('Registration complete. Please check your email.' ), 'message');
995
+ elseif ( strpos( $redirect_to, 'about.php?updated' ) )
996
+ $errors->add('updated', __( '<strong>You have successfully updated WordPress!</strong> Please log back in to see what&#8217;s new.' ), 'message' );
997
+ }
998
+
999
+ /**
1000
+ * Filter the login page errors.
1001
+ *
1002
+ * @since 3.6.0
1003
+ *
1004
+ * @param object $errors WP Error object.
1005
+ * @param string $redirect_to Redirect destination URL.
1006
+ */
1007
+ $errors = apply_filters( 'wp_login_errors', $errors, $redirect_to );
1008
+
1009
+ // Clear any stale cookies.
1010
+ if ( $reauth )
1011
+ wp_clear_auth_cookie();
1012
+
1013
+ login_header(__('Log In' ), '', $errors);
1014
+
1015
+ if ( isset($_POST['log']) )
1016
+ $user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? esc_attr(wp_unslash($_POST['log'])) : '';
1017
+ $rememberme = ! empty( $_POST['rememberme'] );
1018
+
1019
+ if ( ! empty( $errors->errors ) ) {
1020
+ $aria_describedby_error = ' aria-describedby="login_error"';
1021
+ } else {
1022
+ $aria_describedby_error = '';
1023
+ }
1024
+
1025
+ //aiowps - this check is necessary because otherwise if variables are undefined we get a warning!
1026
+ if(empty($user_login)){
1027
+ $user_login = '';
1028
+ }
1029
+ if(empty($error)){
1030
+ $error = '';
1031
+ }
1032
+ ?>
1033
+
1034
+ <form name="loginform" id="loginform" action="<?php echo esc_url( site_url( 'wp-login.php', 'login_post' ) ); ?>" method="post">
1035
+ <p>
1036
+ <label for="user_login"><?php _e('Username or Email Address'); ?><br />
1037
+ <input type="text" name="log" id="user_login"<?php echo $aria_describedby_error; ?> class="input" value="<?php echo esc_attr( $user_login ); ?>" size="20" /></label>
1038
+ </p>
1039
+ <p>
1040
+ <label for="user_pass"><?php _e('Password'); ?><br />
1041
+ <input type="password" name="pwd" id="user_pass"<?php echo $aria_describedby_error; ?> class="input" value="" size="20" /></label>
1042
+ </p>
1043
+ <?php
1044
+ /**
1045
+ * Fires following the 'Password' field in the login form.
1046
+ *
1047
+ * @since 2.1.0
1048
+ */
1049
+ do_action( 'login_form' );
1050
+ ?>
1051
+ <p class="forgetmenot"><label for="rememberme"><input name="rememberme" type="checkbox" id="rememberme" value="forever" <?php checked( $rememberme ); ?> /> <?php esc_html_e('Remember Me'); ?></label></p>
1052
+ <p class="submit">
1053
+ <input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Log In'); ?>" />
1054
+ <?php if ( $interim_login ) { ?>
1055
+ <input type="hidden" name="interim-login" value="1" />
1056
+ <?php } else { ?>
1057
+ <input type="hidden" name="redirect_to" value="<?php echo esc_attr($redirect_to); ?>" />
1058
+ <?php } ?>
1059
+ <?php if ( $customize_login ) : ?>
1060
+ <input type="hidden" name="customize-login" value="1" />
1061
+ <?php endif; ?>
1062
+ <input type="hidden" name="testcookie" value="1" />
1063
+ </p>
1064
+ </form>
1065
+
1066
+ <?php if ( ! $interim_login ) { ?>
1067
+ <p id="nav">
1068
+ <?php if ( ! isset( $_GET['checkemail'] ) || ! in_array( $_GET['checkemail'], array( 'confirm', 'newpass' ) ) ) :
1069
+ if ( get_option( 'users_can_register' ) ) :
1070
+ $registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) );
1071
+
1072
+ /** This filter is documented in wp-includes/general-template.php */
1073
+ echo apply_filters( 'register', $registration_url );
1074
+
1075
+ echo esc_html( $login_link_separator );
1076
+ endif;
1077
+ ?>
1078
+ <a href="<?php echo esc_url( wp_lostpassword_url() ); ?>"><?php _e( 'Lost your password?' ); ?></a>
1079
+ <?php endif; ?>
1080
+ </p>
1081
+ <?php } ?>
1082
+
1083
+ <script type="text/javascript">
1084
+ function wp_attempt_focus(){
1085
+ setTimeout( function(){ try{
1086
+ <?php if ( $user_login ) { ?>
1087
+ d = document.getElementById('user_pass');
1088
+ d.value = '';
1089
+ <?php } else { ?>
1090
+ d = document.getElementById('user_login');
1091
+ <?php if ( 'invalid_username' == $errors->get_error_code() ) { ?>
1092
+ if( d.value != '' )
1093
+ d.value = '';
1094
+ <?php
1095
+ }
1096
+ }?>
1097
+ d.focus();
1098
+ d.select();
1099
+ } catch(e){}
1100
+ }, 200);
1101
+ }
1102
+
1103
+ <?php
1104
+ /**
1105
+ * Filters whether to print the call to `wp_attempt_focus()` on the login screen.
1106
+ *
1107
+ * @since 4.8.0
1108
+ *
1109
+ * @param bool $print Whether to print the function call. Default true.
1110
+ */
1111
+ if ( apply_filters( 'enable_login_autofocus', true ) && ! $error ) { ?>
1112
+ wp_attempt_focus();
1113
+ <?php } ?>
1114
+ if(typeof wpOnload=='function')wpOnload();
1115
+ <?php if ( $interim_login ) { ?>
1116
+ (function(){
1117
+ try {
1118
+ var i, links = document.getElementsByTagName('a');
1119
+ for ( i in links ) {
1120
+ if ( links[i].href )
1121
+ links[i].target = '_blank';
1122
+ }
1123
+ } catch(e){}
1124
+ }());
1125
+ <?php } ?>
1126
+ </script>
1127
+
1128
+ <?php
1129
+ login_footer();
1130
+
1131
+ if ( $switched_locale ) {
1132
+ restore_previous_locale();
1133
+ }
1134
+
1135
+ break;
1136
+ } // end action switch
other-includes/wp-security-rename-login-feature.php CHANGED
@@ -8,439 +8,466 @@
8
  * @package WordPress
9
  */
10
 
 
11
 
12
- // Redirect to https login if forced to use SSL
13
  if ( force_ssl_admin() && ! is_ssl() ) {
14
- if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
15
- wp_safe_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
16
- exit();
17
- } else {
18
- wp_safe_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
19
- exit();
20
- }
21
  }
22
 
23
  /**
24
  * Output the login page header.
25
  *
 
 
26
  * @param string $title Optional. WordPress login Page title to display in the `<title>` element.
27
  * Default 'Log In'.
28
  * @param string $message Optional. Message to display in header. Default empty.
29
- * @param WP_Error $wp_error Optional. The error to pass. Default empty.
30
  */
31
- function login_header( $title = 'Log In', $message = '', $wp_error = '' ) {
32
- global $error, $interim_login, $action;
33
 
34
- // Don't index any of these forms
35
- add_action( 'login_head', 'wp_no_robots' );
36
 
37
- add_action( 'login_head', 'wp_login_viewport_meta' );
38
 
39
- if ( empty($wp_error) )
40
- $wp_error = new WP_Error();
 
41
 
42
- // Shake it!
43
- $shake_error_codes = array( 'empty_password', 'empty_email', 'invalid_email', 'invalidcombo', 'empty_username', 'invalid_username', 'incorrect_password' );
44
- /**
45
- * Filter the error codes array for shaking the login form.
46
- *
47
- * @since 3.0.0
48
- *
49
- * @param array $shake_error_codes Error codes that shake the login form.
50
- */
51
- $shake_error_codes = apply_filters( 'shake_error_codes', $shake_error_codes );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
52
 
53
- if ( $shake_error_codes && $wp_error->get_error_code() && in_array( $wp_error->get_error_code(), $shake_error_codes ) )
54
- add_action( 'login_head', 'wp_shake_js', 12 );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
55
 
56
- $login_title = get_bloginfo( 'name', 'display' );
57
 
58
- /* translators: Login screen title. 1: Login screen name, 2: Network or site name */
59
- $login_title = sprintf( __( '%1$s &lsaquo; %2$s &#8212; WordPress' ), $title, $login_title );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
60
 
61
  /**
62
- * Filters the title tag content for login page.
63
- *
64
- * @since 4.9.0
65
  *
66
- * @param string $login_title The page title, with extra context added.
67
- * @param string $title The original page title.
68
- */
69
- $login_title = apply_filters( 'login_title', $login_title, $title );
70
-
71
- ?><!DOCTYPE html>
72
- <!--[if IE 8]>
73
- <html xmlns="http://www.w3.org/1999/xhtml" class="ie8" <?php language_attributes(); ?>>
74
- <![endif]-->
75
- <!--[if !(IE 8) ]><!-->
76
- <html xmlns="http://www.w3.org/1999/xhtml" <?php language_attributes(); ?>>
77
- <!--<![endif]-->
78
- <head>
79
- <meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" />
80
- <title><?php echo $login_title; ?></title>
81
- <?php
82
-
83
- wp_enqueue_style( 'login' );
84
-
85
- /*
86
- * Remove all stored post data on logging out.
87
- * This could be added by add_action('login_head'...) like wp_shake_js(),
88
- * but maybe better if it's not removable by plugins
89
- */
90
- if ( 'loggedout' == $wp_error->get_error_code() ) {
91
- ?>
92
- <script>if("sessionStorage" in window){try{for(var key in sessionStorage){if(key.indexOf("wp-autosave-")!=-1){sessionStorage.removeItem(key)}}}catch(e){}};</script>
93
- <?php
94
- }
95
-
96
- /**
97
- * Enqueue scripts and styles for the login page.
98
- *
99
- * @since 3.1.0
100
- */
101
- do_action( 'login_enqueue_scripts' );
102
-
103
- /**
104
- * Fires in the login page header after scripts are enqueued.
105
- *
106
- * @since 2.1.0
107
- */
108
- do_action( 'login_head' );
109
-
110
- if ( is_multisite() ) {
111
- $login_header_url = network_home_url();
112
- $login_header_title = get_network()->site_name;
113
- } else {
114
- $login_header_url = __( 'https://wordpress.org/' );
115
- $login_header_title = __( 'Powered by WordPress' );
116
- }
117
-
118
- /**
119
- * Filter link URL of the header logo above login form.
120
- *
121
- * @since 2.1.0
122
- *
123
- * @param string $login_header_url Login header logo URL.
124
- */
125
- $login_header_url = apply_filters( 'login_headerurl', $login_header_url );
126
-
127
- /**
128
- * Filter the title attribute of the header logo above login form.
129
- *
130
- * @since 2.1.0
131
- *
132
- * @param string $login_header_title Login header logo title attribute.
133
- */
134
- $login_header_title = apply_filters( 'login_headertitle', $login_header_title );
135
-
136
- /*
137
- * To match the URL/title set above, Multisite sites have the blog name,
138
- * while single sites get the header title.
139
- */
140
- if ( is_multisite() ) {
141
- $login_header_text = get_bloginfo( 'name', 'display' );
142
- } else {
143
- $login_header_text = $login_header_title;
144
- }
145
-
146
- $classes = array( 'login-action-' . $action, 'wp-core-ui' );
147
- if ( is_rtl() )
148
- $classes[] = 'rtl';
149
- if ( $interim_login ) {
150
- $classes[] = 'interim-login';
151
- ?>
152
- <style type="text/css">html{background-color: transparent;}</style>
153
- <?php
154
-
155
- if ( 'success' === $interim_login )
156
- $classes[] = 'interim-login-success';
157
- }
158
- $classes[] =' locale-' . sanitize_html_class( strtolower( str_replace( '_', '-', get_locale() ) ) );
159
-
160
- /**
161
- * Filter the login page body classes.
162
- *
163
- * @since 3.5.0
164
- *
165
- * @param array $classes An array of body classes.
166
- * @param string $action The action that brought the visitor to the login page.
167
- */
168
- $classes = apply_filters( 'login_body_class', $classes, $action );
169
-
170
- ?>
171
- </head>
172
- <body class="login <?php echo esc_attr( implode( ' ', $classes ) ); ?>">
173
- <?php
174
- /**
175
- * Fires in the login page header after the body tag is opened.
176
  *
177
- * @since 4.6.0
178
  */
179
- do_action( 'login_header' );
180
- ?>
181
- <div id="login">
182
- <h1><a href="<?php echo esc_url( $login_header_url ); ?>" title="<?php echo esc_attr( $login_header_title ); ?>" tabindex="-1"><?php echo $login_header_text; ?></a></h1>
183
- <?php
184
-
185
- unset( $login_header_url, $login_header_title );
186
-
187
- /**
188
- * Filter the message to display above the login form.
189
- *
190
- * @since 2.1.0
191
- *
192
- * @param string $message Login message text.
193
- */
194
-
195
- $message = apply_filters( 'login_message', $message );
196
- if ( !empty( $message ) )
197
- echo $message . "\n";
198
-
199
- // In case a plugin uses $error rather than the $wp_errors object
200
- if ( !empty( $error ) ) {
201
- $wp_error->add('error', $error);
202
- unset($error);
203
- }
204
-
205
- if ( $wp_error->get_error_code() ) {
206
- $errors = '';
207
- $messages = '';
208
- foreach ( $wp_error->get_error_codes() as $code ) {
209
- $severity = $wp_error->get_error_data( $code );
210
- foreach ( $wp_error->get_error_messages( $code ) as $error_message ) {
211
- if ( 'message' == $severity )
212
- $messages .= ' ' . $error_message . "<br />\n";
213
- else
214
- $errors .= ' ' . $error_message . "<br />\n";
215
- }
216
- }
217
- if ( ! empty( $errors ) ) {
218
- /**
219
- * Filter the error messages displayed above the login form.
220
- *
221
- * @since 2.1.0
222
- *
223
- * @param string $errors Login error message.
224
- */
225
- echo '<div id="login_error">' . apply_filters( 'login_errors', $errors ) . "</div>\n";
226
- }
227
- if ( ! empty( $messages ) ) {
228
- /**
229
- * Filter instructional messages displayed above the login form.
230
- *
231
- * @since 2.5.0
232
- *
233
- * @param string $messages Login messages.
234
- */
235
- echo '<p class="message">' . apply_filters( 'login_messages', $messages ) . "</p>\n";
236
- }
237
- }
238
- } // End of login_header()
239
-
240
- /**
241
- * Outputs the footer for the login page.
242
- *
243
- * @param string $input_id Which input to auto-focus
244
- */
245
- function login_footer($input_id = '') {
246
- global $interim_login;
247
-
248
- // Don't allow interim logins to navigate away from the page.
249
- if ( ! $interim_login ): ?>
250
- <p id="backtoblog"><a href="<?php echo esc_url( home_url( '/' ) ); ?>"><?php
251
  /* translators: %s: site title */
252
  printf( _x( '&larr; Back to %s', 'site' ), get_bloginfo( 'title', 'display' ) );
253
- ?></a></p>
254
- <?php
255
- if(function_exists('the_privacy_policy_link')){
256
- the_privacy_policy_link( '<div class="privacy-policy-page-link">', '</div>' );
257
- }
258
- ?>
259
- <?php endif; ?>
260
-
261
- </div>
262
-
263
- <?php if ( !empty($input_id) ) : ?>
264
- <script type="text/javascript">
265
- try{document.getElementById('<?php echo $input_id; ?>').focus();}catch(e){}
266
- if(typeof wpOnload=='function')wpOnload();
267
- </script>
268
- <?php endif; ?>
269
 
270
- <?php
271
- /**
272
- * Fires in the login page footer.
273
- *
274
- * @since 3.1.0
275
- */
276
- do_action( 'login_footer' ); ?>
277
- <div class="clear"></div>
278
- </body>
279
- </html>
280
- <?php
 
 
 
 
 
 
 
 
 
 
281
  }
282
 
283
  /**
 
 
284
  * @since 3.0.0
285
  */
286
  function wp_shake_js() {
287
- ?>
288
- <script type="text/javascript">
289
- addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
290
- function s(id,pos){g(id).left=pos+'px';}
291
- function g(id){return document.getElementById(id).style;}
292
- function shake(id,a,d){c=a.shift();s(id,c);if(a.length>0){setTimeout(function(){shake(id,a,d);},d);}else{try{g(id).position='static';wp_attempt_focus();}catch(e){}}}
293
- addLoadEvent(function(){ var p=new Array(15,30,15,0,-15,-30,-15,0);p=p.concat(p.concat(p));var i=document.forms[0].id;g(i).position='relative';shake(i,p,20);});
294
- </script>
295
- <?php
296
  }
297
 
298
  /**
 
 
299
  * @since 3.7.0
300
  */
301
  function wp_login_viewport_meta() {
302
- ?>
303
- <meta name="viewport" content="width=device-width" />
304
- <?php
305
  }
306
 
307
  /**
308
  * Handles sending password retrieval email to user.
309
  *
 
 
310
  * @return bool|WP_Error True: when finish. WP_Error on error
311
  */
312
  function retrieve_password() {
313
- $errors = new WP_Error();
314
-
315
- if ( empty( $_POST['user_login'] ) || ! is_string( $_POST['user_login'] ) ) {
316
- $errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or email address.' ));
317
- } elseif ( strpos( $_POST['user_login'], '@' ) ) {
318
- $user_data = get_user_by( 'email', trim( wp_unslash( $_POST['user_login'] ) ) );
319
- if ( empty( $user_data ) )
320
- $errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.' ));
321
- } else {
322
- $login = trim($_POST['user_login']);
323
- $user_data = get_user_by('login', $login);
324
- }
325
-
326
- /**
327
- * Fires before errors are returned from a password reset request.
328
- *
329
- * @since 2.1.0
330
- * @since 4.4.0 Added the `$errors` parameter.
331
- *
332
- * @param WP_Error $errors A WP_Error object containing any errors generated
333
- * by using invalid credentials.
334
- */
335
- do_action( 'lostpassword_post', $errors );
336
-
337
- if ( $errors->get_error_code() )
338
- return $errors;
339
-
340
- if ( !$user_data ) {
341
- $errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or email.' ));
342
- return $errors;
343
- }
344
-
345
- // Redefining user_login ensures we return the right case in the email.
346
- $user_login = $user_data->user_login;
347
- $user_email = $user_data->user_email;
348
- $key = get_password_reset_key( $user_data );
349
-
350
- if ( is_wp_error( $key ) ) {
351
- return $key;
352
- }
353
-
354
- if ( is_multisite() ) {
355
- $site_name = get_network()->site_name;
356
- } else {
357
- /*
358
- * The blogname option is escaped with esc_html on the way into the database
359
- * in sanitize_option we want to reverse this for the plain text arena of emails.
360
- */
361
- $site_name = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
362
- }
363
-
364
- $message = __( 'Someone has requested a password reset for the following account:' ) . "\r\n\r\n";
365
- /* translators: %s: site name */
366
- $message .= sprintf( __( 'Site Name: %s'), $site_name ) . "\r\n\r\n";
367
- /* translators: %s: user login */
368
- $message .= sprintf( __( 'Username: %s'), $user_login ) . "\r\n\r\n";
369
- $message .= __( 'If this was a mistake, just ignore this email and nothing will happen.' ) . "\r\n\r\n";
370
- $message .= __( 'To reset your password, visit the following address:' ) . "\r\n\r\n";
371
- $message .= '<' . network_site_url( "wp-login.php?action=rp&key=$key&login=" . rawurlencode( $user_login ), 'login' ) . ">\r\n";
372
-
373
- /* translators: Password reset email subject. %s: Site name */
374
- $title = sprintf( __( '[%s] Password Reset' ), $site_name );
375
-
376
- /**
377
- * Filters the subject of the password reset email.
378
- *
379
- * @since 2.8.0
380
- * @since 4.4.0 Added the `$user_login` and `$user_data` parameters.
381
- *
382
- * @param string $title Default email title.
383
- * @param string $user_login The username for the user.
384
- * @param WP_User $user_data WP_User object.
385
- */
386
- $title = apply_filters( 'retrieve_password_title', $title, $user_login, $user_data );
387
-
388
- /**
389
- * Filter the message body of the password reset mail.
390
- *
391
- * If the filtered message is empty, the password reset email will not be sent.
392
- *
393
- * @since 2.8.0
394
- * @since 4.1.0 Added `$user_login` and `$user_data` parameters.
395
- *
396
- * @param string $message Default mail message.
397
- * @param string $key The activation key.
398
- * @param string $user_login The username for the user.
399
- * @param WP_User $user_data WP_User object.
400
- */
401
- $message = apply_filters( 'retrieve_password_message', $message, $key, $user_login, $user_data );
402
-
403
- if ( $message && !wp_mail( $user_email, wp_specialchars_decode( $title ), $message ) )
404
- wp_die( __('The email could not be sent.' ) . "<br />\n" . __('Possible reason: your host may have disabled the mail() function.' ) );
405
-
406
- return true;
 
 
 
407
  }
408
 
409
  //
410
- // Main
411
  //
412
 
413
- $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'login';
414
  $errors = new WP_Error();
415
 
416
- if ( isset($_GET['key']) )
417
- $action = 'resetpass';
 
418
 
419
- // validate action so as to default to the login screen
420
- if ( !in_array( $action, array( 'postpass', 'logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login', 'confirmaction' ), true ) && false === has_filter( 'login_form_' . $action ) )
421
- $action = 'login';
 
422
 
423
  nocache_headers();
424
 
425
- header('Content-Type: '.get_bloginfo('html_type').'; charset='.get_bloginfo('charset'));
426
 
427
  if ( defined( 'RELOCATE' ) && RELOCATE ) { // Move flag is set
428
- if ( isset( $_SERVER['PATH_INFO'] ) && ($_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) )
429
- $_SERVER['PHP_SELF'] = str_replace( $_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF'] );
 
430
 
431
- $url = dirname( set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] ) );
432
- if ( $url != get_option( 'siteurl' ) )
433
- update_option( 'siteurl', $url );
 
434
  }
435
 
436
  //Set a cookie now to see if they are supported by the browser.
437
  $secure = ( 'https' === parse_url( wp_login_url(), PHP_URL_SCHEME ) );
438
  setcookie( TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN, $secure );
439
- if ( SITECOOKIEPATH != COOKIEPATH )
440
- setcookie( TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN, $secure );
441
-
442
- $lang = ! empty( $_GET['wp_lang'] ) ? sanitize_text_field( $_GET['wp_lang'] ) : '';
443
- $switched_locale = switch_to_locale( $lang );
444
 
445
  /**
446
  * Fires when the login form is initialized.
@@ -460,8 +487,8 @@ do_action( 'login_init' );
460
  */
461
  do_action( "login_form_{$action}" );
462
 
463
- $http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
464
- $interim_login = isset($_REQUEST['interim-login']);
465
 
466
  /**
467
  * Filters the separator used between login form navigation links.
@@ -472,665 +499,682 @@ $interim_login = isset($_REQUEST['interim-login']);
472
  */
473
  $login_link_separator = apply_filters( 'login_link_separator', ' | ' );
474
 
475
- switch ($action) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
476
 
477
- case 'postpass' :
478
- if ( ! array_key_exists( 'post_password', $_POST ) ) {
479
  wp_safe_redirect( wp_get_referer() );
480
  exit();
481
- }
482
-
483
- require_once ABSPATH . WPINC . '/class-phpass.php';
484
- $hasher = new PasswordHash( 8, true );
485
-
486
- /**
487
- * Filter the life span of the post password cookie.
488
- *
489
- * By default, the cookie expires 10 days from creation. To turn this
490
- * into a session cookie, return 0.
491
- *
492
- * @since 3.7.0
493
- *
494
- * @param int $expires The expiry time, as passed to setcookie().
495
- */
496
- $expire = apply_filters( 'post_password_expires', time() + 10 * DAY_IN_SECONDS );
497
- $referer = wp_get_referer();
498
- if ( $referer ) {
499
- $secure = ( 'https' === parse_url( $referer, PHP_URL_SCHEME ) );
500
- } else {
501
- $secure = false;
502
- }
503
- setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure );
504
 
505
- if ( $switched_locale ) {
506
- restore_previous_locale();
507
- }
508
-
509
- wp_safe_redirect( wp_get_referer() );
510
- exit();
511
 
512
- case 'logout' :
513
- check_admin_referer('log-out');
514
 
515
- $user = wp_get_current_user();
516
 
517
- wp_logout();
 
 
 
 
 
518
 
519
- if ( ! empty( $_REQUEST['redirect_to'] ) ) {
520
- $redirect_to = $requested_redirect_to = $_REQUEST['redirect_to'];
521
- } else {
522
- $redirect_to = 'wp-login.php?loggedout=true';
523
- $requested_redirect_to = '';
524
- }
 
 
 
 
 
 
525
 
526
- if ( $switched_locale ) {
527
- restore_previous_locale();
528
- }
529
-
530
- /**
531
- * Filter the log out redirect URL.
532
- *
533
- * @since 4.2.0
534
- *
535
- * @param string $redirect_to The redirect destination URL.
536
- * @param string $requested_redirect_to The requested redirect destination URL passed as a parameter.
537
- * @param WP_User $user The WP_User object for the user that's logging out.
538
- */
539
- $redirect_to = apply_filters( 'logout_redirect', $redirect_to, $requested_redirect_to, $user );
540
- wp_safe_redirect( $redirect_to );
541
- exit();
542
-
543
- case 'lostpassword' :
544
- case 'retrievepassword' :
545
-
546
- if ( $http_post ) {
547
- $errors = retrieve_password();
548
- if ( !is_wp_error($errors) ) {
549
- $redirect_to = !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : 'wp-login.php?checkemail=confirm';
550
- wp_safe_redirect( $redirect_to );
551
- exit();
552
- }
553
- }
554
-
555
- if ( isset( $_GET['error'] ) ) {
556
- if ( 'invalidkey' == $_GET['error'] ) {
557
- $errors->add( 'invalidkey', __( 'Your password reset link appears to be invalid. Please request a new link below.' ) );
558
- } elseif ( 'expiredkey' == $_GET['error'] ) {
559
- $errors->add( 'expiredkey', __( 'Your password reset link has expired. Please request a new link below.' ) );
560
- }
561
- }
562
-
563
- $lostpassword_redirect = ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
564
- /**
565
- * Filter the URL redirected to after submitting the lostpassword/retrievepassword form.
566
- *
567
- * @since 3.0.0
568
- *
569
- * @param string $lostpassword_redirect The redirect destination URL.
570
- */
571
- $redirect_to = apply_filters( 'lostpassword_redirect', $lostpassword_redirect );
572
-
573
- /**
574
- * Fires before the lost password form.
575
- *
576
- * @since 1.5.1
577
- */
578
- do_action( 'lost_password' );
579
-
580
- login_header(__('Lost Password' ), '<p class="message">' . __('Please enter your username or email address. You will receive a link to create a new password via email.' ) . '</p>', $errors);
581
-
582
- $user_login = '';
583
-
584
- if ( isset( $_POST['user_login'] ) && is_string( $_POST['user_login'] ) ) {
585
- $user_login = wp_unslash( $_POST['user_login'] );
586
- }
587
-
588
- ?>
589
-
590
- <form name="lostpasswordform" id="lostpasswordform" action="<?php echo esc_url( network_site_url( 'wp-login.php?action=lostpassword', 'login_post' ) ); ?>" method="post">
591
- <p>
592
- <label for="user_login" ><?php _e('Username or Email Address'); ?><br />
593
- <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label>
594
- </p>
595
- <?php
596
- /**
597
- * Fires inside the lostpassword form tags, before the hidden fields.
598
- *
599
- * @since 2.1.0
600
- */
601
- do_action( 'lostpassword_form' ); ?>
602
- <input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />
603
- <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Get New Password'); ?>" /></p>
604
- </form>
605
-
606
- <p id="nav">
607
- <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e('Log in') ?></a>
608
- <?php
609
- if ( get_option( 'users_can_register' ) ) :
610
- $registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) );
611
-
612
- echo esc_html( $login_link_separator );
613
-
614
- /** This filter is documented in wp-includes/general-template.php */
615
- echo apply_filters( 'register', $registration_url );
616
- endif;
617
- ?>
618
- </p>
619
-
620
- <?php
621
- login_footer('user_login');
622
-
623
- if ( $switched_locale ) {
624
- restore_previous_locale();
625
- }
626
-
627
- break;
628
-
629
- case 'resetpass' :
630
- case 'rp' :
631
- list( $rp_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) );
632
- $rp_cookie = 'wp-resetpass-' . COOKIEHASH;
633
- if ( isset( $_GET['key'] ) ) {
634
- $value = sprintf( '%s:%s', wp_unslash( $_GET['login'] ), wp_unslash( $_GET['key'] ) );
635
- setcookie( $rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
636
- wp_safe_redirect( remove_query_arg( array( 'key', 'login' ) ) );
637
- exit;
638
- }
639
-
640
- if ( isset( $_COOKIE[ $rp_cookie ] ) && 0 < strpos( $_COOKIE[ $rp_cookie ], ':' ) ) {
641
- list( $rp_login, $rp_key ) = explode( ':', wp_unslash( $_COOKIE[ $rp_cookie ] ), 2 );
642
- $user = check_password_reset_key( $rp_key, $rp_login );
643
- if ( isset( $_POST['pass1'] ) && ! hash_equals( $rp_key, $_POST['rp_key'] ) ) {
644
- $user = false;
645
- }
646
- } else {
647
- $user = false;
648
- }
649
-
650
- if ( ! $user || is_wp_error( $user ) ) {
651
- setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
652
- if ( $user && $user->get_error_code() === 'expired_key' )
653
- wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=expiredkey' ) );
654
- else
655
- wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=invalidkey' ) );
656
- exit;
657
- }
658
-
659
- $errors = new WP_Error();
660
-
661
- if ( isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2'] )
662
- $errors->add( 'password_reset_mismatch', __( 'The passwords do not match.' ) );
663
-
664
- /**
665
- * Fires before the password reset procedure is validated.
666
- *
667
- * @since 3.5.0
668
- *
669
- * @param object $errors WP Error object.
670
- * @param WP_User|WP_Error $user WP_User object if the login and reset key match. WP_Error object otherwise.
671
- */
672
- do_action( 'validate_password_reset', $errors, $user );
673
-
674
- if ( ( ! $errors->get_error_code() ) && isset( $_POST['pass1'] ) && !empty( $_POST['pass1'] ) ) {
675
- reset_password($user, $_POST['pass1']);
676
- setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
677
- login_header( __( 'Password Reset' ), '<p class="message reset-pass">' . __( 'Your password has been reset.' ) . ' <a href="' . esc_url( wp_login_url() ) . '">' . __( 'Log in' ) . '</a></p>' );
678
- login_footer();
679
- exit;
680
- }
681
-
682
- wp_enqueue_script('utils');
683
- wp_enqueue_script('user-profile');
684
-
685
- login_header(__('Reset Password' ), '<p class="message reset-pass">' . __('Enter your new password below.' ) . '</p>', $errors );
686
-
687
- ?>
688
- <form name="resetpassform" id="resetpassform" action="<?php echo esc_url( network_site_url( 'wp-login.php?action=resetpass', 'login_post' ) ); ?>" method="post" autocomplete="off">
689
- <input type="hidden" id="user_login" value="<?php echo esc_attr( $rp_login ); ?>" autocomplete="off" />
690
-
691
- <div class="user-pass1-wrap">
692
- <p>
693
- <label for="pass1"><?php _e( 'New password' ) ?></label>
694
- </p>
695
-
696
- <div class="wp-pwd">
697
- <div class="password-input-wrapper">
698
- <input type="password" data-reveal="1" data-pw="<?php echo esc_attr( wp_generate_password( 16 ) ); ?>" name="pass1" id="pass1" class="input password-input" size="24" value="" autocomplete="off" aria-describedby="pass-strength-result" />
699
- <span class="button button-secondary wp-hide-pw hide-if-no-js">
700
- <span class="dashicons dashicons-hidden"></span>
701
- </span>
702
- </div>
703
- <div id="pass-strength-result" class="hide-if-no-js" aria-live="polite"><?php _e( 'Strength indicator' ); ?></div>
704
- </div>
705
- <div class="pw-weak">
706
- <label>
707
- <input type="checkbox" name="pw_weak" class="pw-checkbox" />
708
- <?php _e( 'Confirm use of weak password' ); ?>
709
- </label>
710
- </div>
711
- </div>
712
- <p class="user-pass2-wrap">
713
- <label for="pass2"><?php _e('Confirm new password') ?></label><br />
714
- <input type="password" name="pass2" id="pass2" class="input" size="20" value="" autocomplete="off" />
715
- </p>
716
-
717
- <p class="description indicator-hint"><?php echo wp_get_password_hint(); ?></p>
718
- <br class="clear" />
719
-
720
- <?php
721
- /**
722
- * Fires following the 'Strength indicator' meter in the user password reset form.
723
- *
724
- * @since 3.9.0
725
- *
726
- * @param WP_User $user User object of the user whose password is being reset.
727
- */
728
- do_action( 'resetpass_form', $user );
729
- ?>
730
- <input type="hidden" name="rp_key" value="<?php echo esc_attr( $rp_key ); ?>" />
731
- <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Reset Password'); ?>" /></p>
732
- </form>
733
-
734
- <p id="nav">
735
- <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log in' ); ?></a>
736
- <?php
737
- if ( get_option( 'users_can_register' ) ) :
738
- $registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) );
739
-
740
- echo esc_html( $login_link_separator );
741
-
742
- /** This filter is documented in wp-includes/general-template.php */
743
- echo apply_filters( 'register', $registration_url );
744
- endif;
745
- ?>
746
- </p>
747
-
748
- <?php
749
- login_footer('user_pass');
750
-
751
- if ( $switched_locale ) {
752
- restore_previous_locale();
753
- }
754
-
755
- break;
756
-
757
- case 'register' :
758
- if ( is_multisite() ) {
759
- /**
760
- * Filter the Multisite sign up URL.
761
- *
762
- * @since 3.0.0
763
- *
764
- * @param string $sign_up_url The sign up URL.
765
- */
766
- wp_redirect( apply_filters( 'wp_signup_location', network_site_url( 'wp-signup.php' ) ) );
767
- exit;
768
- }
769
-
770
- if ( !get_option('users_can_register') ) {
771
- wp_redirect( site_url('wp-login.php?registration=disabled') );
772
- exit();
773
- }
774
-
775
- $user_login = '';
776
- $user_email = '';
777
- if ( $http_post ) {
778
- if ( isset( $_POST['user_login'] ) && is_string( $_POST['user_login'] ) ) {
779
- $user_login = $_POST['user_login'];
780
- }
781
-
782
- if ( isset( $_POST['user_email'] ) && is_string( $_POST['user_email'] ) ) {
783
- $user_email = wp_unslash( $_POST['user_email'] );
784
- }
785
-
786
- $errors = register_new_user($user_login, $user_email);
787
- if ( !is_wp_error($errors) ) {
788
- $redirect_to = !empty( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : 'wp-login.php?checkemail=registered';
789
- wp_safe_redirect( $redirect_to );
790
- exit();
791
- }
792
- }
793
-
794
- $registration_redirect = ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
795
- /**
796
- * Filter the registration redirect URL.
797
- *
798
- * @since 3.0.0
799
- *
800
- * @param string $registration_redirect The redirect destination URL.
801
- */
802
- $redirect_to = apply_filters( 'registration_redirect', $registration_redirect );
803
- login_header(__('Registration Form' ), '<p class="message register">' . __('Register For This Site' ) . '</p>', $errors);
804
- ?>
805
-
806
- <form name="registerform" id="registerform" action="<?php echo esc_url( site_url( 'wp-login.php?action=register', 'login_post' ) ); ?>" method="post" novalidate="novalidate">
807
- <p>
808
- <label for="user_login"><?php _e('Username') ?><br />
809
- <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr(wp_unslash($user_login)); ?>" size="20" /></label>
810
- </p>
811
- <p>
812
- <label for="user_email"><?php _e('Email') ?><br />
813
- <input type="email" name="user_email" id="user_email" class="input" value="<?php echo esc_attr( wp_unslash( $user_email ) ); ?>" size="25" /></label>
814
- </p>
815
- <?php
816
- /**
817
- * Fires following the 'Email' field in the user registration form.
818
- *
819
- * @since 2.1.0
820
- */
821
- do_action( 'register_form' );
822
- ?>
823
- <p id="reg_passmail"><?php _e( 'Registration confirmation will be emailed to you.' ); ?></p>
824
- <br class="clear" />
825
- <input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />
826
- <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Register'); ?>" /></p>
827
- </form>
828
-
829
- <p id="nav">
830
- <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log in' ); ?></a>
831
- <?php echo esc_html( $login_link_separator ); ?>
832
- <a href="<?php echo esc_url( wp_lostpassword_url() ); ?>"><?php _e( 'Lost your password?' ); ?></a>
833
- </p>
834
-
835
- <?php
836
- login_footer('user_login');
837
-
838
- if ( $switched_locale ) {
839
- restore_previous_locale();
840
- }
841
-
842
- break;
843
-
844
- case 'confirmaction' :
845
- if ( ! isset( $_GET['request_id'] ) ) {
846
- wp_die( __( 'Invalid request.' ) );
847
- }
848
 
849
- $request_id = (int) $_GET['request_id'];
 
 
 
 
 
 
850
 
851
- if ( isset( $_GET['confirm_key'] ) ) {
852
- $key = sanitize_text_field( wp_unslash( $_GET['confirm_key'] ) );
853
- $result = wp_validate_user_request_key( $request_id, $key );
854
- } else {
855
- $result = new WP_Error( 'invalid_key', __( 'Invalid key' ) );
856
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
857
 
858
- if ( is_wp_error( $result ) ) {
859
- wp_die( $result );
860
- }
861
-
862
- /**
863
- * Fires an action hook when the account action has been confirmed by the user.
864
- *
865
- * Using this you can assume the user has agreed to perform the action by
866
- * clicking on the link in the confirmation email.
867
- *
868
- * After firing this action hook the page will redirect to wp-login a callback
869
- * redirects or exits first.
870
- *
871
- * @param int $request_id Request ID.
872
- */
873
- do_action( 'user_request_action_confirmed', $request_id );
874
 
875
- $message = _wp_privacy_account_request_confirmed_message( $request_id );
 
 
 
 
876
 
877
- login_header( __( 'User action confirmed.' ), $message );
878
- login_footer();
879
- exit;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
880
 
881
- case 'login' :
882
- default:
883
- $secure_cookie = '';
884
- $customize_login = isset( $_REQUEST['customize-login'] );
885
- if ( $customize_login )
886
- wp_enqueue_script( 'customize-base' );
887
 
888
- // If the user wants ssl but the session is not ssl, force a secure cookie.
889
- if ( !empty($_POST['log']) && !force_ssl_admin() ) {
890
- $user_name = sanitize_user($_POST['log']);
891
- $user = get_user_by( 'login', $user_name );
892
 
893
- if ( ! $user && strpos( $user_name, '@' ) ) {
894
- $user = get_user_by( 'email', $user_name );
 
 
 
 
 
 
 
895
  }
896
 
897
- if ( $user ) {
898
- if ( get_user_option('use_ssl', $user->ID) ) {
899
- $secure_cookie = true;
900
- force_ssl_admin(true);
 
901
  }
 
 
902
  }
903
- }
904
 
905
- if ( isset( $_REQUEST['redirect_to'] ) ) {
906
- $redirect_to = $_REQUEST['redirect_to'];
907
- // Redirect to https if user wants ssl
908
- if ( $secure_cookie && false !== strpos($redirect_to, 'wp-admin') )
909
- $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
910
- } else {
911
- $redirect_to = admin_url();
912
- }
913
-
914
- $reauth = empty($_REQUEST['reauth']) ? false : true;
915
-
916
- $user = wp_signon( array(), $secure_cookie );
917
-
918
- if ( empty( $_COOKIE[ LOGGED_IN_COOKIE ] ) ) {
919
- if ( headers_sent() ) {
920
- /* translators: 1: Browser cookie documentation URL, 2: Support forums URL */
921
- $user = new WP_Error( 'test_cookie', sprintf( __( '<strong>ERROR</strong>: Cookies are blocked due to unexpected output. For help, please see <a href="%1$s">this documentation</a> or try the <a href="%2$s">support forums</a>.' ),
922
- __( 'https://codex.wordpress.org/Cookies' ), __( 'https://wordpress.org/support/' ) ) );
923
- } elseif ( isset( $_POST['testcookie'] ) && empty( $_COOKIE[ TEST_COOKIE ] ) ) {
924
- // If cookies are disabled we can't log in even with a valid user+pass
925
- /* translators: 1: Browser cookie documentation URL */
926
- $user = new WP_Error( 'test_cookie', sprintf( __( '<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href="%s">enable cookies</a> to use WordPress.' ),
927
- __( 'https://codex.wordpress.org/Cookies' ) ) );
928
- }
929
- }
930
-
931
- $requested_redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
932
- /**
933
- * Filter the login redirect URL.
934
- *
935
- * @since 3.0.0
936
- *
937
- * @param string $redirect_to The redirect destination URL.
938
- * @param string $requested_redirect_to The requested redirect destination URL passed as a parameter.
939
- * @param WP_User|WP_Error $user WP_User object if login was successful, WP_Error object otherwise.
940
- */
941
- $redirect_to = apply_filters( 'login_redirect', $redirect_to, $requested_redirect_to, $user );
942
-
943
- if ( !is_wp_error($user) && !$reauth ) {
944
- if ( $interim_login ) {
945
- $message = '<p class="message">' . __('You have logged in successfully.' ) . '</p>';
946
- $interim_login = 'success';
947
- login_header( '', $message ); ?>
 
 
 
 
 
 
 
 
 
 
 
948
  </div>
949
- <?php
950
- /** This action is documented in wp-login.php */
951
- do_action( 'login_footer' ); ?>
952
- <?php if ( $customize_login ) : ?>
953
- <script type="text/javascript">setTimeout( function(){ new wp.customize.Messenger({ url: '<?php echo wp_customize_url(); ?>', channel: 'login' }).send('login') }, 1000 );</script>
954
- <?php endif; ?>
955
- </body></html>
956
- <?php exit;
957
- }
958
-
959
- if ( ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url() ) ) {
960
- // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
961
- if ( is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin( $user->ID ) )
962
- $redirect_to = user_admin_url();
963
- elseif ( is_multisite() && !$user->has_cap('read') )
964
- $redirect_to = get_dashboard_url( $user->ID );
965
- elseif ( !$user->has_cap('edit_posts') )
966
- $redirect_to = $user->has_cap( 'read' ) ? admin_url( 'profile.php' ) : home_url();
967
-
968
- wp_redirect( $redirect_to );
969
- exit();
970
- }
971
- wp_safe_redirect($redirect_to);
972
- exit();
973
- }
974
-
975
- $errors = $user;
976
- // Clear errors if loggedout is set.
977
- if ( !empty($_GET['loggedout']) || $reauth )
978
- $errors = new WP_Error();
979
-
980
- if ( $interim_login ) {
981
- if ( ! $errors->get_error_code() )
982
- $errors->add('expired', __('Your session has expired. Please log in to continue where you left off.' ), 'message');
983
- } else {
984
- // Some parts of this script use the main login form to display a message
985
- if ( isset($_GET['loggedout']) && true == $_GET['loggedout'] )
986
- $errors->add('loggedout', __('You are now logged out.' ), 'message');
987
- elseif ( isset($_GET['registration']) && 'disabled' == $_GET['registration'] )
988
- $errors->add('registerdisabled', __('User registration is currently not allowed.' ));
989
- elseif ( isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail'] )
990
- $errors->add('confirm', __('Check your email for the confirmation link.' ), 'message');
991
- elseif ( isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail'] )
992
- $errors->add('newpass', __('Check your email for your new password.' ), 'message');
993
- elseif ( isset($_GET['checkemail']) && 'registered' == $_GET['checkemail'] )
994
- $errors->add('registered', __('Registration complete. Please check your email.' ), 'message');
995
- elseif ( strpos( $redirect_to, 'about.php?updated' ) )
996
- $errors->add('updated', __( '<strong>You have successfully updated WordPress!</strong> Please log back in to see what&#8217;s new.' ), 'message' );
997
- }
998
-
999
- /**
1000
- * Filter the login page errors.
1001
- *
1002
- * @since 3.6.0
1003
- *
1004
- * @param object $errors WP Error object.
1005
- * @param string $redirect_to Redirect destination URL.
1006
- */
1007
- $errors = apply_filters( 'wp_login_errors', $errors, $redirect_to );
1008
-
1009
- // Clear any stale cookies.
1010
- if ( $reauth )
1011
- wp_clear_auth_cookie();
1012
-
1013
- login_header(__('Log In' ), '', $errors);
1014
-
1015
- if ( isset($_POST['log']) )
1016
- $user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? esc_attr(wp_unslash($_POST['log'])) : '';
1017
- $rememberme = ! empty( $_POST['rememberme'] );
1018
-
1019
- if ( ! empty( $errors->errors ) ) {
1020
- $aria_describedby_error = ' aria-describedby="login_error"';
1021
- } else {
1022
- $aria_describedby_error = '';
1023
- }
1024
-
1025
- //aiowps - this check is necessary because otherwise if variables are undefined we get a warning!
1026
- if(empty($user_login)){
1027
  $user_login = '';
1028
- }
1029
- if(empty($error)){
1030
- $error = '';
1031
- }
1032
- ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
1033
 
1034
- <form name="loginform" id="loginform" action="<?php echo esc_url( site_url( 'wp-login.php', 'login_post' ) ); ?>" method="post">
 
 
 
 
 
 
 
 
 
 
 
1035
  <p>
1036
- <label for="user_login"><?php _e('Username or Email Address'); ?><br />
1037
- <input type="text" name="log" id="user_login"<?php echo $aria_describedby_error; ?> class="input" value="<?php echo esc_attr( $user_login ); ?>" size="20" /></label>
1038
  </p>
1039
  <p>
1040
- <label for="user_pass"><?php _e('Password'); ?><br />
1041
- <input type="password" name="pwd" id="user_pass"<?php echo $aria_describedby_error; ?> class="input" value="" size="20" /></label>
1042
  </p>
1043
- <?php
1044
- /**
1045
- * Fires following the 'Password' field in the login form.
1046
- *
1047
- * @since 2.1.0
1048
- */
1049
- do_action( 'login_form' );
1050
- ?>
1051
- <p class="forgetmenot"><label for="rememberme"><input name="rememberme" type="checkbox" id="rememberme" value="forever" <?php checked( $rememberme ); ?> /> <?php esc_html_e('Remember Me'); ?></label></p>
1052
- <p class="submit">
1053
- <input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Log In'); ?>" />
1054
- <?php if ( $interim_login ) { ?>
1055
- <input type="hidden" name="interim-login" value="1" />
1056
- <?php } else { ?>
1057
- <input type="hidden" name="redirect_to" value="<?php echo esc_attr($redirect_to); ?>" />
1058
- <?php } ?>
1059
- <?php if ( $customize_login ) : ?>
1060
- <input type="hidden" name="customize-login" value="1" />
1061
- <?php endif; ?>
1062
- <input type="hidden" name="testcookie" value="1" />
1063
  </p>
1064
- </form>
1065
 
1066
- <?php if ( ! $interim_login ) { ?>
1067
- <p id="nav">
1068
- <?php if ( ! isset( $_GET['checkemail'] ) || ! in_array( $_GET['checkemail'], array( 'confirm', 'newpass' ) ) ) :
1069
- if ( get_option( 'users_can_register' ) ) :
1070
- $registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) );
1071
 
1072
- /** This filter is documented in wp-includes/general-template.php */
1073
- echo apply_filters( 'register', $registration_url );
1074
 
1075
- echo esc_html( $login_link_separator );
1076
- endif;
1077
- ?>
1078
- <a href="<?php echo esc_url( wp_lostpassword_url() ); ?>"><?php _e( 'Lost your password?' ); ?></a>
1079
- <?php endif; ?>
1080
- </p>
1081
- <?php } ?>
1082
 
1083
- <script type="text/javascript">
1084
- function wp_attempt_focus(){
1085
- setTimeout( function(){ try{
1086
- <?php if ( $user_login ) { ?>
1087
- d = document.getElementById('user_pass');
1088
- d.value = '';
1089
- <?php } else { ?>
1090
- d = document.getElementById('user_login');
1091
- <?php if ( 'invalid_username' == $errors->get_error_code() ) { ?>
1092
- if( d.value != '' )
1093
- d.value = '';
1094
- <?php
1095
- }
1096
- }?>
1097
- d.focus();
1098
- d.select();
1099
- } catch(e){}
1100
- }, 200);
1101
- }
1102
 
1103
- <?php
1104
- /**
1105
- * Filters whether to print the call to `wp_attempt_focus()` on the login screen.
1106
- *
1107
- * @since 4.8.0
1108
- *
1109
- * @param bool $print Whether to print the function call. Default true.
1110
- */
1111
- if ( apply_filters( 'enable_login_autofocus', true ) && ! $error ) { ?>
1112
- wp_attempt_focus();
1113
- <?php } ?>
1114
- if(typeof wpOnload=='function')wpOnload();
1115
- <?php if ( $interim_login ) { ?>
1116
- (function(){
1117
- try {
1118
- var i, links = document.getElementsByTagName('a');
1119
- for ( i in links ) {
1120
- if ( links[i].href )
1121
- links[i].target = '_blank';
1122
- }
1123
- } catch(e){}
1124
- }());
1125
- <?php } ?>
1126
- </script>
1127
 
1128
- <?php
1129
- login_footer();
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1130
 
1131
- if ( $switched_locale ) {
1132
- restore_previous_locale();
1133
- }
1134
 
1135
- break;
1136
- } // end action switch
8
  * @package WordPress
9
  */
10
 
11
+ /** Make sure that the WordPress bootstrap has run before continuing. */
12
 
13
+ // Redirect to HTTPS login if forced to use SSL.
14
  if ( force_ssl_admin() && ! is_ssl() ) {
15
+ if ( 0 === strpos( $_SERVER['REQUEST_URI'], 'http' ) ) {
16
+ wp_safe_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
17
+ exit();
18
+ } else {
19
+ wp_safe_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
20
+ exit();
21
+ }
22
  }
23
 
24
  /**
25
  * Output the login page header.
26
  *
27
+ * @since 2.1.0
28
+ *
29
  * @param string $title Optional. WordPress login Page title to display in the `<title>` element.
30
  * Default 'Log In'.
31
  * @param string $message Optional. Message to display in header. Default empty.
32
+ * @param WP_Error $wp_error Optional. The error to pass. Default is a WP_Error instance.
33
  */
34
+ function login_header( $title = 'Log In', $message = '', $wp_error = null ) {
35
+ global $error, $interim_login, $action;
36
 
37
+ // Don't index any of these forms
38
+ add_action( 'login_head', 'wp_sensitive_page_meta' );
39
 
40
+ add_action( 'login_head', 'wp_login_viewport_meta' );
41
 
42
+ if ( ! is_wp_error( $wp_error ) ) {
43
+ $wp_error = new WP_Error();
44
+ }
45
 
46
+ // Shake it!
47
+ $shake_error_codes = array( 'empty_password', 'empty_email', 'invalid_email', 'invalidcombo', 'empty_username', 'invalid_username', 'incorrect_password' );
48
+ /**
49
+ * Filters the error codes array for shaking the login form.
50
+ *
51
+ * @since 3.0.0
52
+ *
53
+ * @param array $shake_error_codes Error codes that shake the login form.
54
+ */
55
+ $shake_error_codes = apply_filters( 'shake_error_codes', $shake_error_codes );
56
+
57
+ if ( $shake_error_codes && $wp_error->has_errors() && in_array( $wp_error->get_error_code(), $shake_error_codes ) ) {
58
+ add_action( 'login_head', 'wp_shake_js', 12 );
59
+ }
60
+
61
+ $login_title = get_bloginfo( 'name', 'display' );
62
+
63
+ /* translators: Login screen title. 1: Login screen name, 2: Network or site name */
64
+ $login_title = sprintf( __( '%1$s &lsaquo; %2$s &#8212; WordPress' ), $title, $login_title );
65
+
66
+ if ( wp_is_recovery_mode() ) {
67
+ /* translators: %s: Login screen title. */
68
+ $login_title = sprintf( __( 'Recovery Mode &#8212; %s' ), $login_title );
69
+ }
70
+
71
+ /**
72
+ * Filters the title tag content for login page.
73
+ *
74
+ * @since 4.9.0
75
+ *
76
+ * @param string $login_title The page title, with extra context added.
77
+ * @param string $title The original page title.
78
+ */
79
+ $login_title = apply_filters( 'login_title', $login_title, $title );
80
+
81
+ ?><!DOCTYPE html>
82
+ <!--[if IE 8]>
83
+ <html xmlns="http://www.w3.org/1999/xhtml" class="ie8" <?php language_attributes(); ?>>
84
+ <![endif]-->
85
+ <!--[if !(IE 8) ]><!-->
86
+ <html xmlns="http://www.w3.org/1999/xhtml" <?php language_attributes(); ?>>
87
+ <!--<![endif]-->
88
+ <head>
89
+ <meta http-equiv="Content-Type" content="<?php bloginfo( 'html_type' ); ?>; charset=<?php bloginfo( 'charset' ); ?>" />
90
+ <title><?php echo $login_title; ?></title>
91
+ <?php
92
+
93
+ wp_enqueue_style( 'login' );
94
+
95
+ /*
96
+ * Remove all stored post data on logging out.
97
+ * This could be added by add_action('login_head'...) like wp_shake_js(),
98
+ * but maybe better if it's not removable by plugins.
99
+ */
100
+ if ( 'loggedout' == $wp_error->get_error_code() ) {
101
+ ?>
102
+ <script>if("sessionStorage" in window){try{for(var key in sessionStorage){if(key.indexOf("wp-autosave-")!=-1){sessionStorage.removeItem(key)}}}catch(e){}};</script>
103
+ <?php
104
+ }
105
+
106
+ /**
107
+ * Enqueue scripts and styles for the login page.
108
+ *
109
+ * @since 3.1.0
110
+ */
111
+ do_action( 'login_enqueue_scripts' );
112
 
113
+ /**
114
+ * Fires in the login page header after scripts are enqueued.
115
+ *
116
+ * @since 2.1.0
117
+ */
118
+ do_action( 'login_head' );
119
+
120
+ $login_header_url = __( 'https://wordpress.org/' );
121
+
122
+ /**
123
+ * Filters link URL of the header logo above login form.
124
+ *
125
+ * @since 2.1.0
126
+ *
127
+ * @param string $login_header_url Login header logo URL.
128
+ */
129
+ $login_header_url = apply_filters( 'login_headerurl', $login_header_url );
130
 
131
+ $login_header_title = '';
132
 
133
+ /**
134
+ * Filters the title attribute of the header logo above login form.
135
+ *
136
+ * @since 2.1.0
137
+ * @deprecated 5.2.0 Use login_headertext
138
+ *
139
+ * @param string $login_header_title Login header logo title attribute.
140
+ */
141
+ $login_header_title = apply_filters_deprecated(
142
+ 'login_headertitle',
143
+ array( $login_header_title ),
144
+ '5.2.0',
145
+ 'login_headertext',
146
+ __( 'Usage of the title attribute on the login logo is not recommended for accessibility reasons. Use the link text instead.' )
147
+ );
148
+
149
+ $login_header_text = empty( $login_header_title ) ? __( 'Powered by WordPress' ) : $login_header_title;
150
+
151
+ /**
152
+ * Filters the link text of the header logo above the login form.
153
+ *
154
+ * @since 5.2.0
155
+ *
156
+ * @param string $login_header_text The login header logo link text.
157
+ */
158
+ $login_header_text = apply_filters( 'login_headertext', $login_header_text );
159
+
160
+ $classes = array( 'login-action-' . $action, 'wp-core-ui' );
161
+ if ( is_rtl() ) {
162
+ $classes[] = 'rtl';
163
+ }
164
+ if ( $interim_login ) {
165
+ $classes[] = 'interim-login';
166
+ ?>
167
+ <style type="text/css">html{background-color: transparent;}</style>
168
+ <?php
169
+
170
+ if ( 'success' === $interim_login ) {
171
+ $classes[] = 'interim-login-success';
172
+ }
173
+ }
174
+ $classes[] = ' locale-' . sanitize_html_class( strtolower( str_replace( '_', '-', get_locale() ) ) );
175
+
176
+ /**
177
+ * Filters the login page body classes.
178
+ *
179
+ * @since 3.5.0
180
+ *
181
+ * @param array $classes An array of body classes.
182
+ * @param string $action The action that brought the visitor to the login page.
183
+ */
184
+ $classes = apply_filters( 'login_body_class', $classes, $action );
185
+
186
+ ?>
187
+ </head>
188
+ <body class="login <?php echo esc_attr( implode( ' ', $classes ) ); ?>">
189
+ <?php
190
+ /**
191
+ * Fires in the login page header after the body tag is opened.
192
+ *
193
+ * @since 4.6.0
194
+ */
195
+ do_action( 'login_header' );
196
+ ?>
197
+ <div id="login">
198
+ <h1><a href="<?php echo esc_url( $login_header_url ); ?>"><?php echo $login_header_text; ?></a></h1>
199
+ <?php
200
+ /**
201
+ * Filters the message to display above the login form.
202
+ *
203
+ * @since 2.1.0
204
+ *
205
+ * @param string $message Login message text.
206
+ */
207
+ $message = apply_filters( 'login_message', $message );
208
+ if ( ! empty( $message ) ) {
209
+ echo $message . "\n";
210
+ }
211
+
212
+ // In case a plugin uses $error rather than the $wp_errors object.
213
+ if ( ! empty( $error ) ) {
214
+ $wp_error->add( 'error', $error );
215
+ unset( $error );
216
+ }
217
+
218
+ if ( $wp_error->has_errors() ) {
219
+ $errors = '';
220
+ $messages = '';
221
+ foreach ( $wp_error->get_error_codes() as $code ) {
222
+ $severity = $wp_error->get_error_data( $code );
223
+ foreach ( $wp_error->get_error_messages( $code ) as $error_message ) {
224
+ if ( 'message' == $severity ) {
225
+ $messages .= ' ' . $error_message . "<br />\n";
226
+ } else {
227
+ $errors .= ' ' . $error_message . "<br />\n";
228
+ }
229
+ }
230
+ }
231
+ if ( ! empty( $errors ) ) {
232
+ /**
233
+ * Filters the error messages displayed above the login form.
234
+ *
235
+ * @since 2.1.0
236
+ *
237
+ * @param string $errors Login error message.
238
+ */
239
+ echo '<div id="login_error">' . apply_filters( 'login_errors', $errors ) . "</div>\n";
240
+ }
241
+ if ( ! empty( $messages ) ) {
242
+ /**
243
+ * Filters instructional messages displayed above the login form.
244
+ *
245
+ * @since 2.5.0
246
+ *
247
+ * @param string $messages Login messages.
248
+ */
249
+ echo '<p class="message">' . apply_filters( 'login_messages', $messages ) . "</p>\n";
250
+ }
251
+ }
252
+ } // End of login_header()
253
 
254
  /**
255
+ * Outputs the footer for the login page.
 
 
256
  *
257
+ * @since 3.1.0
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
258
  *
259
+ * @param string $input_id Which input to auto-focus.
260
  */
261
+ function login_footer( $input_id = '' ) {
262
+ global $interim_login;
263
+
264
+ // Don't allow interim logins to navigate away from the page.
265
+ if ( ! $interim_login ) :
266
+ ?>
267
+ <p id="backtoblog"><a href="<?php echo esc_url( home_url( '/' ) ); ?>">
268
+ <?php
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
269
  /* translators: %s: site title */
270
  printf( _x( '&larr; Back to %s', 'site' ), get_bloginfo( 'title', 'display' ) );
271
+ ?>
272
+ </a></p>
273
+ <?php the_privacy_policy_link( '<div class="privacy-policy-page-link">', '</div>' ); ?>
274
+ <?php endif; ?>
 
 
 
 
 
 
 
 
 
 
 
 
275
 
276
+ </div>
277
+
278
+ <?php if ( ! empty( $input_id ) ) : ?>
279
+ <script type="text/javascript">
280
+ try{document.getElementById('<?php echo $input_id; ?>').focus();}catch(e){}
281
+ if(typeof wpOnload=='function')wpOnload();
282
+ </script>
283
+ <?php endif; ?>
284
+
285
+ <?php
286
+ /**
287
+ * Fires in the login page footer.
288
+ *
289
+ * @since 3.1.0
290
+ */
291
+ do_action( 'login_footer' );
292
+ ?>
293
+ <div class="clear"></div>
294
+ </body>
295
+ </html>
296
+ <?php
297
  }
298
 
299
  /**
300
+ * Outputs the Javascript to handle the form shaking.
301
+ *
302
  * @since 3.0.0
303
  */
304
  function wp_shake_js() {
305
+ ?>
306
+ <script type="text/javascript">
307
+ addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
308
+ function s(id,pos){g(id).left=pos+'px';}
309
+ function g(id){return document.getElementById(id).style;}
310
+ function shake(id,a,d){c=a.shift();s(id,c);if(a.length>0){setTimeout(function(){shake(id,a,d);},d);}else{try{g(id).position='static';wp_attempt_focus();}catch(e){}}}
311
+ addLoadEvent(function(){ var p=new Array(15,30,15,0,-15,-30,-15,0);p=p.concat(p.concat(p));var i=document.forms[0].id;g(i).position='relative';shake(i,p,20);});
312
+ </script>
313
+ <?php
314
  }
315
 
316
  /**
317
+ * Outputs the viewport meta tag.
318
+ *
319
  * @since 3.7.0
320
  */
321
  function wp_login_viewport_meta() {
322
+ ?>
323
+ <meta name="viewport" content="width=device-width" />
324
+ <?php
325
  }
326
 
327
  /**
328
  * Handles sending password retrieval email to user.
329
  *
330
+ * @since 2.5.0
331
+ *
332
  * @return bool|WP_Error True: when finish. WP_Error on error
333
  */
334
  function retrieve_password() {
335
+ $errors = new WP_Error();
336
+
337
+ if ( empty( $_POST['user_login'] ) || ! is_string( $_POST['user_login'] ) ) {
338
+ $errors->add( 'empty_username', __( '<strong>ERROR</strong>: Enter a username or email address.' ) );
339
+ } elseif ( strpos( $_POST['user_login'], '@' ) ) {
340
+ $user_data = get_user_by( 'email', trim( wp_unslash( $_POST['user_login'] ) ) );
341
+ if ( empty( $user_data ) ) {
342
+ $errors->add( 'invalid_email', __( '<strong>ERROR</strong>: There is no account with that username or email address.' ) );
343
+ }
344
+ } else {
345
+ $login = trim( $_POST['user_login'] );
346
+ $user_data = get_user_by( 'login', $login );
347
+ }
348
+
349
+ /**
350
+ * Fires before errors are returned from a password reset request.
351
+ *
352
+ * @since 2.1.0
353
+ * @since 4.4.0 Added the `$errors` parameter.
354
+ *
355
+ * @param WP_Error $errors A WP_Error object containing any errors generated
356
+ * by using invalid credentials.
357
+ */
358
+ do_action( 'lostpassword_post', $errors );
359
+
360
+ if ( $errors->has_errors() ) {
361
+ return $errors;
362
+ }
363
+
364
+ if ( ! $user_data ) {
365
+ $errors->add( 'invalidcombo', __( '<strong>ERROR</strong>: There is no account with that username or email address.' ) );
366
+ return $errors;
367
+ }
368
+
369
+ // Redefining user_login ensures we return the right case in the email.
370
+ $user_login = $user_data->user_login;
371
+ $user_email = $user_data->user_email;
372
+ $key = get_password_reset_key( $user_data );
373
+
374
+ if ( is_wp_error( $key ) ) {
375
+ return $key;
376
+ }
377
+
378
+ if ( is_multisite() ) {
379
+ $site_name = get_network()->site_name;
380
+ } else {
381
+ /*
382
+ * The blogname option is escaped with esc_html on the way into the database
383
+ * in sanitize_option we want to reverse this for the plain text arena of emails.
384
+ */
385
+ $site_name = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
386
+ }
387
+
388
+ $message = __( 'Someone has requested a password reset for the following account:' ) . "\r\n\r\n";
389
+ /* translators: %s: site name */
390
+ $message .= sprintf( __( 'Site Name: %s' ), $site_name ) . "\r\n\r\n";
391
+ /* translators: %s: user login */
392
+ $message .= sprintf( __( 'Username: %s' ), $user_login ) . "\r\n\r\n";
393
+ $message .= __( 'If this was a mistake, just ignore this email and nothing will happen.' ) . "\r\n\r\n";
394
+ $message .= __( 'To reset your password, visit the following address:' ) . "\r\n\r\n";
395
+ $message .= '<' . network_site_url( "wp-login.php?action=rp&key=$key&login=" . rawurlencode( $user_login ), 'login' ) . ">\r\n";
396
+
397
+ /* translators: Password reset notification email subject. %s: Site title */
398
+ $title = sprintf( __( '[%s] Password Reset' ), $site_name );
399
+
400
+ /**
401
+ * Filters the subject of the password reset email.
402
+ *
403
+ * @since 2.8.0
404
+ * @since 4.4.0 Added the `$user_login` and `$user_data` parameters.
405
+ *
406
+ * @param string $title Default email title.
407
+ * @param string $user_login The username for the user.
408
+ * @param WP_User $user_data WP_User object.
409
+ */
410
+ $title = apply_filters( 'retrieve_password_title', $title, $user_login, $user_data );
411
+
412
+ /**
413
+ * Filters the message body of the password reset mail.
414
+ *
415
+ * If the filtered message is empty, the password reset email will not be sent.
416
+ *
417
+ * @since 2.8.0
418
+ * @since 4.1.0 Added `$user_login` and `$user_data` parameters.
419
+ *
420
+ * @param string $message Default mail message.
421
+ * @param string $key The activation key.
422
+ * @param string $user_login The username for the user.
423
+ * @param WP_User $user_data WP_User object.
424
+ */
425
+ $message = apply_filters( 'retrieve_password_message', $message, $key, $user_login, $user_data );
426
+
427
+ if ( $message && ! wp_mail( $user_email, wp_specialchars_decode( $title ), $message ) ) {
428
+ wp_die( __( 'The email could not be sent.' ) . "<br />\n" . __( 'Possible reason: your host may have disabled the mail() function.' ) );
429
+ }
430
+
431
+ return true;
432
  }
433
 
434
  //
435
+ // Main.
436
  //
437
 
438
+ $action = isset( $_REQUEST['action'] ) ? $_REQUEST['action'] : 'login';
439
  $errors = new WP_Error();
440
 
441
+ if ( isset( $_GET['key'] ) ) {
442
+ $action = 'resetpass';
443
+ }
444
 
445
+ // Validate action so as to default to the login screen.
446
+ if ( ! in_array( $action, array( 'postpass', 'logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login', 'confirmaction', WP_Recovery_Mode_Link_Service::LOGIN_ACTION_ENTERED ), true ) && false === has_filter( 'login_form_' . $action ) ) {
447
+ $action = 'login';
448
+ }
449
 
450
  nocache_headers();
451
 
452
+ header( 'Content-Type: ' . get_bloginfo( 'html_type' ) . '; charset=' . get_bloginfo( 'charset' ) );
453
 
454
  if ( defined( 'RELOCATE' ) && RELOCATE ) { // Move flag is set
455
+ if ( isset( $_SERVER['PATH_INFO'] ) && ( $_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF'] ) ) {
456
+ $_SERVER['PHP_SELF'] = str_replace( $_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF'] );
457
+ }
458
 
459
+ $url = dirname( set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] ) );
460
+ if ( $url != get_option( 'siteurl' ) ) {
461
+ update_option( 'siteurl', $url );
462
+ }
463
  }
464
 
465
  //Set a cookie now to see if they are supported by the browser.
466
  $secure = ( 'https' === parse_url( wp_login_url(), PHP_URL_SCHEME ) );
467
  setcookie( TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN, $secure );
468
+ if ( SITECOOKIEPATH != COOKIEPATH ) {
469
+ setcookie( TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN, $secure );
470
+ }
 
 
471
 
472
  /**
473
  * Fires when the login form is initialized.
487
  */
488
  do_action( "login_form_{$action}" );
489
 
490
+ $http_post = ( 'POST' == $_SERVER['REQUEST_METHOD'] );
491
+ $interim_login = isset( $_REQUEST['interim-login'] );
492
 
493
  /**
494
  * Filters the separator used between login form navigation links.
499
  */
500
  $login_link_separator = apply_filters( 'login_link_separator', ' | ' );
501
 
502
+ switch ( $action ) {
503
+
504
+ case 'postpass':
505
+ if ( ! array_key_exists( 'post_password', $_POST ) ) {
506
+ wp_safe_redirect( wp_get_referer() );
507
+ exit();
508
+ }
509
+
510
+ require_once ABSPATH . WPINC . '/class-phpass.php';
511
+ $hasher = new PasswordHash( 8, true );
512
+
513
+ /**
514
+ * Filters the life span of the post password cookie.
515
+ *
516
+ * By default, the cookie expires 10 days from creation. To turn this
517
+ * into a session cookie, return 0.
518
+ *
519
+ * @since 3.7.0
520
+ *
521
+ * @param int $expires The expiry time, as passed to setcookie().
522
+ */
523
+ $expire = apply_filters( 'post_password_expires', time() + 10 * DAY_IN_SECONDS );
524
+ $referer = wp_get_referer();
525
+ if ( $referer ) {
526
+ $secure = ( 'https' === parse_url( $referer, PHP_URL_SCHEME ) );
527
+ } else {
528
+ $secure = false;
529
+ }
530
+ setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure );
531
 
 
 
532
  wp_safe_redirect( wp_get_referer() );
533
  exit();
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
534
 
535
+ case 'logout':
536
+ check_admin_referer( 'log-out' );
 
 
 
 
537
 
538
+ $user = wp_get_current_user();
 
539
 
540
+ wp_logout();
541
 
542
+ if ( ! empty( $_REQUEST['redirect_to'] ) ) {
543
+ $redirect_to = $requested_redirect_to = $_REQUEST['redirect_to'];
544
+ } else {
545
+ $redirect_to = 'wp-login.php?loggedout=true';
546
+ $requested_redirect_to = '';
547
+ }
548
 
549
+ /**
550
+ * Filters the log out redirect URL.
551
+ *
552
+ * @since 4.2.0
553
+ *
554
+ * @param string $redirect_to The redirect destination URL.
555
+ * @param string $requested_redirect_to The requested redirect destination URL passed as a parameter.
556
+ * @param WP_User $user The WP_User object for the user that's logging out.
557
+ */
558
+ $redirect_to = apply_filters( 'logout_redirect', $redirect_to, $requested_redirect_to, $user );
559
+ wp_safe_redirect( $redirect_to );
560
+ exit();
561
 
562
+ case 'lostpassword':
563
+ case 'retrievepassword':
564
+ if ( $http_post ) {
565
+ $errors = retrieve_password();
566
+ if ( ! is_wp_error( $errors ) ) {
567
+ $redirect_to = ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : 'wp-login.php?checkemail=confirm';
568
+ wp_safe_redirect( $redirect_to );
569
+ exit();
570
+ }
571
+ }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
572
 
573
+ if ( isset( $_GET['error'] ) ) {
574
+ if ( 'invalidkey' == $_GET['error'] ) {
575
+ $errors->add( 'invalidkey', __( 'Your password reset link appears to be invalid. Please request a new link below.' ) );
576
+ } elseif ( 'expiredkey' == $_GET['error'] ) {
577
+ $errors->add( 'expiredkey', __( 'Your password reset link has expired. Please request a new link below.' ) );
578
+ }
579
+ }
580
 
581
+ $lostpassword_redirect = ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
582
+ /**
583
+ * Filters the URL redirected to after submitting the lostpassword/retrievepassword form.
584
+ *
585
+ * @since 3.0.0
586
+ *
587
+ * @param string $lostpassword_redirect The redirect destination URL.
588
+ */
589
+ $redirect_to = apply_filters( 'lostpassword_redirect', $lostpassword_redirect );
590
+
591
+ /**
592
+ * Fires before the lost password form.
593
+ *
594
+ * @since 1.5.1
595
+ * @since 5.1.0 Added the `$errors` parameter.
596
+ *
597
+ * @param WP_Error $errors A `WP_Error` object containing any errors generated by using invalid
598
+ * credentials. Note that the error object may not contain any errors.
599
+ */
600
+ do_action( 'lost_password', $errors );
601
+
602
+ login_header( __( 'Lost Password' ), '<p class="message">' . __( 'Please enter your username or email address. You will receive a link to create a new password via email.' ) . '</p>', $errors );
603
 
604
+ $user_login = '';
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
605
 
606
+ if ( isset( $_POST['user_login'] ) && is_string( $_POST['user_login'] ) ) {
607
+ $user_login = wp_unslash( $_POST['user_login'] );
608
+ }
609
+
610
+ ?>
611
 
612
+ <form name="lostpasswordform" id="lostpasswordform" action="<?php echo esc_url( network_site_url( 'wp-login.php?action=lostpassword', 'login_post' ) ); ?>" method="post">
613
+ <p>
614
+ <label for="user_login" ><?php _e( 'Username or Email Address' ); ?><br />
615
+ <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr( $user_login ); ?>" size="20" autocapitalize="off" /></label>
616
+ </p>
617
+ <?php
618
+ /**
619
+ * Fires inside the lostpassword form tags, before the hidden fields.
620
+ *
621
+ * @since 2.1.0
622
+ */
623
+ do_action( 'lostpassword_form' );
624
+ ?>
625
+ <input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />
626
+ <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e( 'Get New Password' ); ?>" /></p>
627
+ </form>
628
+
629
+ <p id="nav">
630
+ <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log in' ); ?></a>
631
+ <?php
632
+ if ( get_option( 'users_can_register' ) ) :
633
+ $registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) );
634
+
635
+ echo esc_html( $login_link_separator );
636
+
637
+ /** This filter is documented in wp-includes/general-template.php */
638
+ echo apply_filters( 'register', $registration_url );
639
+ endif;
640
+ ?>
641
+ </p>
642
 
643
+ <?php
644
+ login_footer( 'user_login' );
 
 
 
 
645
 
646
+ break;
 
 
 
647
 
648
+ case 'resetpass':
649
+ case 'rp':
650
+ list( $rp_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) );
651
+ $rp_cookie = 'wp-resetpass-' . COOKIEHASH;
652
+ if ( isset( $_GET['key'] ) ) {
653
+ $value = sprintf( '%s:%s', wp_unslash( $_GET['login'] ), wp_unslash( $_GET['key'] ) );
654
+ setcookie( $rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
655
+ wp_safe_redirect( remove_query_arg( array( 'key', 'login' ) ) );
656
+ exit;
657
  }
658
 
659
+ if ( isset( $_COOKIE[ $rp_cookie ] ) && 0 < strpos( $_COOKIE[ $rp_cookie ], ':' ) ) {
660
+ list( $rp_login, $rp_key ) = explode( ':', wp_unslash( $_COOKIE[ $rp_cookie ] ), 2 );
661
+ $user = check_password_reset_key( $rp_key, $rp_login );
662
+ if ( isset( $_POST['pass1'] ) && ! hash_equals( $rp_key, $_POST['rp_key'] ) ) {
663
+ $user = false;
664
  }
665
+ } else {
666
+ $user = false;
667
  }
 
668
 
669
+ if ( ! $user || is_wp_error( $user ) ) {
670
+ setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
671
+ if ( $user && $user->get_error_code() === 'expired_key' ) {
672
+ wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=expiredkey' ) );
673
+ } else {
674
+ wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=invalidkey' ) );
675
+ }
676
+ exit;
677
+ }
678
+
679
+ $errors = new WP_Error();
680
+
681
+ if ( isset( $_POST['pass1'] ) && $_POST['pass1'] != $_POST['pass2'] ) {
682
+ $errors->add( 'password_reset_mismatch', __( 'The passwords do not match.' ) );
683
+ }
684
+
685
+ /**
686
+ * Fires before the password reset procedure is validated.
687
+ *
688
+ * @since 3.5.0
689
+ *
690
+ * @param object $errors WP Error object.
691
+ * @param WP_User|WP_Error $user WP_User object if the login and reset key match. WP_Error object otherwise.
692
+ */
693
+ do_action( 'validate_password_reset', $errors, $user );
694
+
695
+ if ( ( ! $errors->has_errors() ) && isset( $_POST['pass1'] ) && ! empty( $_POST['pass1'] ) ) {
696
+ reset_password( $user, $_POST['pass1'] );
697
+ setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
698
+ login_header( __( 'Password Reset' ), '<p class="message reset-pass">' . __( 'Your password has been reset.' ) . ' <a href="' . esc_url( wp_login_url() ) . '">' . __( 'Log in' ) . '</a></p>' );
699
+ login_footer();
700
+ exit;
701
+ }
702
+
703
+ wp_enqueue_script( 'utils' );
704
+ wp_enqueue_script( 'user-profile' );
705
+
706
+ login_header( __( 'Reset Password' ), '<p class="message reset-pass">' . __( 'Enter your new password below.' ) . '</p>', $errors );
707
+
708
+ ?>
709
+ <form name="resetpassform" id="resetpassform" action="<?php echo esc_url( network_site_url( 'wp-login.php?action=resetpass', 'login_post' ) ); ?>" method="post" autocomplete="off">
710
+ <input type="hidden" id="user_login" value="<?php echo esc_attr( $rp_login ); ?>" autocomplete="off" />
711
+
712
+ <div class="user-pass1-wrap">
713
+ <p>
714
+ <label for="pass1"><?php _e( 'New password' ); ?></label>
715
+ </p>
716
+
717
+ <div class="wp-pwd">
718
+ <div class="password-input-wrapper">
719
+ <input type="password" data-reveal="1" data-pw="<?php echo esc_attr( wp_generate_password( 16 ) ); ?>" name="pass1" id="pass1" class="input password-input" size="24" value="" autocomplete="off" aria-describedby="pass-strength-result" />
720
+ <button type="button" class="button button-secondary wp-hide-pw hide-if-no-js">
721
+ <span class="dashicons dashicons-hidden" aria-hidden="true"></span>
722
+ </button>
723
  </div>
724
+ <div id="pass-strength-result" class="hide-if-no-js" aria-live="polite"><?php _e( 'Strength indicator' ); ?></div>
725
+ </div>
726
+ <div class="pw-weak">
727
+ <label>
728
+ <input type="checkbox" name="pw_weak" class="pw-checkbox" />
729
+ <?php _e( 'Confirm use of weak password' ); ?>
730
+ </label>
731
+ </div>
732
+ </div>
733
+
734
+ <p class="user-pass2-wrap">
735
+ <label for="pass2"><?php _e( 'Confirm new password' ); ?></label><br />
736
+ <input type="password" name="pass2" id="pass2" class="input" size="20" value="" autocomplete="off" />
737
+ </p>
738
+
739
+ <p class="description indicator-hint"><?php echo wp_get_password_hint(); ?></p>
740
+ <br class="clear" />
741
+
742
+ <?php
743
+ /**
744
+ * Fires following the 'Strength indicator' meter in the user password reset form.
745
+ *
746
+ * @since 3.9.0
747
+ *
748
+ * @param WP_User $user User object of the user whose password is being reset.
749
+ */
750
+ do_action( 'resetpass_form', $user );
751
+ ?>
752
+ <input type="hidden" name="rp_key" value="<?php echo esc_attr( $rp_key ); ?>" />
753
+ <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e( 'Reset Password' ); ?>" /></p>
754
+ </form>
755
+
756
+ <p id="nav">
757
+ <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log in' ); ?></a>
758
+ <?php
759
+ if ( get_option( 'users_can_register' ) ) :
760
+ $registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) );
761
+
762
+ echo esc_html( $login_link_separator );
763
+
764
+ /** This filter is documented in wp-includes/general-template.php */
765
+ echo apply_filters( 'register', $registration_url );
766
+ endif;
767
+ ?>
768
+ </p>
769
+
770
+ <?php
771
+ login_footer( 'user_pass' );
772
+
773
+ break;
774
+
775
+ case 'register':
776
+ if ( is_multisite() ) {
777
+ /**
778
+ * Filters the Multisite sign up URL.
779
+ *
780
+ * @since 3.0.0
781
+ *
782
+ * @param string $sign_up_url The sign up URL.
783
+ */
784
+ wp_redirect( apply_filters( 'wp_signup_location', network_site_url( 'wp-signup.php' ) ) );
785
+ exit;
786
+ }
787
+
788
+ if ( ! get_option( 'users_can_register' ) ) {
789
+ wp_redirect( site_url( 'wp-login.php?registration=disabled' ) );
790
+ exit();
791
+ }
792
+
 
 
 
 
 
 
 
 
 
793
  $user_login = '';
794
+ $user_email = '';
795
+
796
+ if ( $http_post ) {
797
+ if ( isset( $_POST['user_login'] ) && is_string( $_POST['user_login'] ) ) {
798
+ $user_login = $_POST['user_login'];
799
+ }
800
+
801
+ if ( isset( $_POST['user_email'] ) && is_string( $_POST['user_email'] ) ) {
802
+ $user_email = wp_unslash( $_POST['user_email'] );
803
+ }
804
+
805
+ $errors = register_new_user( $user_login, $user_email );
806
+ if ( ! is_wp_error( $errors ) ) {
807
+ $redirect_to = ! empty( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : 'wp-login.php?checkemail=registered';
808
+ wp_safe_redirect( $redirect_to );
809
+ exit();
810
+ }
811
+ }
812
 
813
+ $registration_redirect = ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
814
+ /**
815
+ * Filters the registration redirect URL.
816
+ *
817
+ * @since 3.0.0
818
+ *
819
+ * @param string $registration_redirect The redirect destination URL.
820
+ */
821
+ $redirect_to = apply_filters( 'registration_redirect', $registration_redirect );
822
+ login_header( __( 'Registration Form' ), '<p class="message register">' . __( 'Register For This Site' ) . '</p>', $errors );
823
+ ?>
824
+ <form name="registerform" id="registerform" action="<?php echo esc_url( site_url( 'wp-login.php?action=register', 'login_post' ) ); ?>" method="post" novalidate="novalidate">
825
  <p>
826
+ <label for="user_login"><?php _e( 'Username' ); ?><br />
827
+ <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr( wp_unslash( $user_login ) ); ?>" size="20" autocapitalize="off" /></label>
828
  </p>
829
  <p>
830
+ <label for="user_email"><?php _e( 'Email' ); ?><br />
831
+ <input type="email" name="user_email" id="user_email" class="input" value="<?php echo esc_attr( wp_unslash( $user_email ) ); ?>" size="25" /></label>
832
  </p>
833
+ <?php
834
+ /**
835
+ * Fires following the 'Email' field in the user registration form.
836
+ *
837
+ * @since 2.1.0
838
+ */
839
+ do_action( 'register_form' );
840
+ ?>
841
+ <p id="reg_passmail"><?php _e( 'Registration confirmation will be emailed to you.' ); ?></p>
842
+ <br class="clear" />
843
+ <input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />
844
+ <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e( 'Register' ); ?>" /></p>
845
+ </form>
846
+
847
+ <p id="nav">
848
+ <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log in' ); ?></a>
849
+ <?php echo esc_html( $login_link_separator ); ?>
850
+ <a href="<?php echo esc_url( wp_lostpassword_url() ); ?>"><?php _e( 'Lost your password?' ); ?></a>
 
 
851
  </p>
 
852
 
853
+ <?php
854
+ login_footer( 'user_login' );
 
 
 
855
 
856
+ break;
 
857
 
858
+ case 'confirmaction':
859
+ if ( ! isset( $_GET['request_id'] ) ) {
860
+ wp_die( __( 'Missing request ID.' ) );
861
+ }
 
 
 
862
 
863
+ if ( ! isset( $_GET['confirm_key'] ) ) {
864
+ wp_die( __( 'Missing confirm key.' ) );
865
+ }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
866
 
867
+ $request_id = (int) $_GET['request_id'];
868
+ $key = sanitize_text_field( wp_unslash( $_GET['confirm_key'] ) );
869
+ $result = wp_validate_user_request_key( $request_id, $key );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
870
 
871
+ if ( is_wp_error( $result ) ) {
872
+ wp_die( $result );
873
+ }
874
+
875
+ /**
876
+ * Fires an action hook when the account action has been confirmed by the user.
877
+ *
878
+ * Using this you can assume the user has agreed to perform the action by
879
+ * clicking on the link in the confirmation email.
880
+ *
881
+ * After firing this action hook the page will redirect to wp-login a callback
882
+ * redirects or exits first.
883
+ *
884
+ * @since 4.9.6
885
+ *
886
+ * @param int $request_id Request ID.
887
+ */
888
+ do_action( 'user_request_action_confirmed', $request_id );
889
+
890
+ $message = _wp_privacy_account_request_confirmed_message( $request_id );
891
+
892
+ login_header( __( 'User action confirmed.' ), $message );
893
+ login_footer();
894
+ exit;
895
+
896
+ case 'login':
897
+ default:
898
+ $secure_cookie = '';
899
+ $customize_login = isset( $_REQUEST['customize-login'] );
900
+ if ( $customize_login ) {
901
+ wp_enqueue_script( 'customize-base' );
902
+ }
903
+
904
+ // If the user wants SSL but the session is not SSL, force a secure cookie.
905
+ if ( ! empty( $_POST['log'] ) && ! force_ssl_admin() ) {
906
+ $user_name = sanitize_user( $_POST['log'] );
907
+ $user = get_user_by( 'login', $user_name );
908
+
909
+ if ( ! $user && strpos( $user_name, '@' ) ) {
910
+ $user = get_user_by( 'email', $user_name );
911
+ }
912
+
913
+ if ( $user ) {
914
+ if ( get_user_option( 'use_ssl', $user->ID ) ) {
915
+ $secure_cookie = true;
916
+ force_ssl_admin( true );
917
+ }
918
+ }
919
+ }
920
+
921
+ if ( isset( $_REQUEST['redirect_to'] ) ) {
922
+ $redirect_to = $_REQUEST['redirect_to'];
923
+ // Redirect to HTTPS if user wants SSL.
924
+ if ( $secure_cookie && false !== strpos( $redirect_to, 'wp-admin' ) ) {
925
+ $redirect_to = preg_replace( '|^http://|', 'https://', $redirect_to );
926
+ }
927
+ } else {
928
+ $redirect_to = admin_url();
929
+ }
930
+
931
+ $reauth = empty( $_REQUEST['reauth'] ) ? false : true;
932
+
933
+ $user = wp_signon( array(), $secure_cookie );
934
+
935
+
936
+ if ( empty( $_COOKIE[ LOGGED_IN_COOKIE ] ) ) {
937
+ if ( headers_sent() ) {
938
+ $user = new WP_Error(
939
+ 'test_cookie',
940
+ sprintf(
941
+ /* translators: 1: Browser cookie documentation URL, 2: Support forums URL */
942
+ __( '<strong>ERROR</strong>: Cookies are blocked due to unexpected output. For help, please see <a href="%1$s">this documentation</a> or try the <a href="%2$s">support forums</a>.' ),
943
+ __( 'https://wordpress.org/support/article/cookies/' ),
944
+ __( 'https://wordpress.org/support/' )
945
+ )
946
+ );
947
+ } elseif ( isset( $_POST['testcookie'] ) && empty( $_COOKIE[ TEST_COOKIE ] ) ) {
948
+ // If cookies are disabled we can't log in even with a valid user+pass
949
+ $user = new WP_Error(
950
+ 'test_cookie',
951
+ sprintf(
952
+ /* translators: %s: Browser cookie documentation URL */
953
+ __( '<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href="%s">enable cookies</a> to use WordPress.' ),
954
+ __( 'https://wordpress.org/support/article/cookies/#enable-cookies-in-your-browser' )
955
+ )
956
+ );
957
+ }
958
+ }
959
+
960
+ $requested_redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
961
+ /**
962
+ * Filters the login redirect URL.
963
+ *
964
+ * @since 3.0.0
965
+ *
966
+ * @param string $redirect_to The redirect destination URL.
967
+ * @param string $requested_redirect_to The requested redirect destination URL passed as a parameter.
968
+ * @param WP_User|WP_Error $user WP_User object if login was successful, WP_Error object otherwise.
969
+ */
970
+ $redirect_to = apply_filters( 'login_redirect', $redirect_to, $requested_redirect_to, $user );
971
+
972
+ if ( ! is_wp_error( $user ) && ! $reauth ) {
973
+ if ( $interim_login ) {
974
+ $message = '<p class="message">' . __( 'You have logged in successfully.' ) . '</p>';
975
+ $interim_login = 'success';
976
+ login_header( '', $message );
977
+ ?>
978
+ </div>
979
+ <?php
980
+ /** This action is documented in wp-login.php */
981
+ do_action( 'login_footer' );
982
+ ?>
983
+ <?php if ( $customize_login ) : ?>
984
+ <script type="text/javascript">setTimeout( function(){ new wp.customize.Messenger({ url: '<?php echo wp_customize_url(); ?>', channel: 'login' }).send('login') }, 1000 );</script>
985
+ <?php endif; ?>
986
+ </body></html>
987
+ <?php
988
+ exit;
989
+ }
990
+
991
+ if ( ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url() ) ) {
992
+ // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
993
+ if ( is_multisite() && ! get_active_blog_for_user( $user->ID ) && ! is_super_admin( $user->ID ) ) {
994
+ $redirect_to = user_admin_url();
995
+ } elseif ( is_multisite() && ! $user->has_cap( 'read' ) ) {
996
+ $redirect_to = get_dashboard_url( $user->ID );
997
+ } elseif ( ! $user->has_cap( 'edit_posts' ) ) {
998
+ $redirect_to = $user->has_cap( 'read' ) ? admin_url( 'profile.php' ) : home_url();
999
+ }
1000
+
1001
+ wp_redirect( $redirect_to );
1002
+ exit();
1003
+ }
1004
+ wp_safe_redirect( $redirect_to );
1005
+ exit();
1006
+ }
1007
+
1008
+ $errors = $user;
1009
+ // Clear errors if loggedout is set.
1010
+ if ( ! empty( $_GET['loggedout'] ) || $reauth ) {
1011
+ $errors = new WP_Error();
1012
+ }
1013
+
1014
+ if ( empty( $_POST ) && $errors->get_error_codes() === array( 'empty_username', 'empty_password' ) ) {
1015
+ $errors = new WP_Error( '', '' );
1016
+ }
1017
+
1018
+ if ( $interim_login ) {
1019
+ if ( ! $errors->has_errors() ) {
1020
+ $errors->add( 'expired', __( 'Your session has expired. Please log in to continue where you left off.' ), 'message' );
1021
+ }
1022
+ } else {
1023
+ // Some parts of this script use the main login form to display a message.
1024
+ if ( isset( $_GET['loggedout'] ) && true == $_GET['loggedout'] ) {
1025
+ $errors->add( 'loggedout', __( 'You are now logged out.' ), 'message' );
1026
+ } elseif ( isset( $_GET['registration'] ) && 'disabled' == $_GET['registration'] ) {
1027
+ $errors->add( 'registerdisabled', __( 'User registration is currently not allowed.' ) );
1028
+ } elseif ( isset( $_GET['checkemail'] ) && 'confirm' == $_GET['checkemail'] ) {
1029
+ $errors->add( 'confirm', __( 'Check your email for the confirmation link.' ), 'message' );
1030
+ } elseif ( isset( $_GET['checkemail'] ) && 'newpass' == $_GET['checkemail'] ) {
1031
+ $errors->add( 'newpass', __( 'Check your email for your new password.' ), 'message' );
1032
+ } elseif ( isset( $_GET['checkemail'] ) && 'registered' == $_GET['checkemail'] ) {
1033
+ $errors->add( 'registered', __( 'Registration complete. Please check your email.' ), 'message' );
1034
+ } elseif ( strpos( $redirect_to, 'about.php?updated' ) ) {
1035
+ $errors->add( 'updated', __( '<strong>You have successfully updated WordPress!</strong> Please log back in to see what&#8217;s new.' ), 'message' );
1036
+ } elseif ( WP_Recovery_Mode_Link_Service::LOGIN_ACTION_ENTERED === $action ) {
1037
+ $errors->add( 'enter_recovery_mode', __( 'Recovery Mode Initialized. Please log in to continue.' ), 'message' );
1038
+ }
1039
+ }
1040
+
1041
+ /**
1042
+ * Filters the login page errors.
1043
+ *
1044
+ * @since 3.6.0
1045
+ *
1046
+ * @param object $errors WP Error object.
1047
+ * @param string $redirect_to Redirect destination URL.
1048
+ */
1049
+ $errors = apply_filters( 'wp_login_errors', $errors, $redirect_to );
1050
+
1051
+ // Clear any stale cookies.
1052
+ if ( $reauth ) {
1053
+ wp_clear_auth_cookie();
1054
+ }
1055
+
1056
+ login_header( __( 'Log In' ), '', $errors );
1057
+
1058
+ if ( isset( $_POST['log'] ) ) {
1059
+ $user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? esc_attr( wp_unslash( $_POST['log'] ) ) : '';
1060
+ }
1061
+ $rememberme = ! empty( $_POST['rememberme'] );
1062
+
1063
+ if ( $errors->has_errors() ) {
1064
+ $aria_describedby_error = ' aria-describedby="login_error"';
1065
+ } else {
1066
+ $aria_describedby_error = '';
1067
+ }
1068
+
1069
+ //aiowps - this check is necessary because otherwise if variables are undefined we get a warning!
1070
+ if(empty($user_login)){
1071
+ $user_login = '';
1072
+ }
1073
+ if(empty($error)){
1074
+ $error = '';
1075
+ }
1076
+
1077
+ ?>
1078
+
1079
+ <form name="loginform" id="loginform" action="<?php echo esc_url( site_url( 'wp-login.php', 'login_post' ) ); ?>" method="post">
1080
+ <p>
1081
+ <label for="user_login"><?php _e( 'Username or Email Address' ); ?><br />
1082
+ <input type="text" name="log" id="user_login"<?php echo $aria_describedby_error; ?> class="input" value="<?php echo esc_attr( $user_login ); ?>" size="20" autocapitalize="off" /></label>
1083
+ </p>
1084
+ <p>
1085
+ <label for="user_pass"><?php _e( 'Password' ); ?><br />
1086
+ <input type="password" name="pwd" id="user_pass"<?php echo $aria_describedby_error; ?> class="input" value="" size="20" /></label>
1087
+ </p>
1088
+ <?php
1089
+ /**
1090
+ * Fires following the 'Password' field in the login form.
1091
+ *
1092
+ * @since 2.1.0
1093
+ */
1094
+ do_action( 'login_form' );
1095
+ ?>
1096
+ <p class="forgetmenot"><label for="rememberme"><input name="rememberme" type="checkbox" id="rememberme" value="forever" <?php checked( $rememberme ); ?> /> <?php esc_html_e( 'Remember Me' ); ?></label></p>
1097
+ <p class="submit">
1098
+ <input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e( 'Log In' ); ?>" />
1099
+ <?php if ( $interim_login ) { ?>
1100
+ <input type="hidden" name="interim-login" value="1" />
1101
+ <?php } else { ?>
1102
+ <input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />
1103
+ <?php } ?>
1104
+ <?php if ( $customize_login ) : ?>
1105
+ <input type="hidden" name="customize-login" value="1" />
1106
+ <?php endif; ?>
1107
+ <input type="hidden" name="testcookie" value="1" />
1108
+ </p>
1109
+ </form>
1110
+
1111
+ <?php if ( ! $interim_login ) { ?>
1112
+ <p id="nav">
1113
+ <?php
1114
+ if ( ! isset( $_GET['checkemail'] ) || ! in_array( $_GET['checkemail'], array( 'confirm', 'newpass' ) ) ) :
1115
+ if ( get_option( 'users_can_register' ) ) :
1116
+ $registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) );
1117
+
1118
+ /** This filter is documented in wp-includes/general-template.php */
1119
+ echo apply_filters( 'register', $registration_url );
1120
+
1121
+ echo esc_html( $login_link_separator );
1122
+ endif;
1123
+ ?>
1124
+ <a href="<?php echo esc_url( wp_lostpassword_url() ); ?>"><?php _e( 'Lost your password?' ); ?></a>
1125
+ <?php endif; ?>
1126
+ </p>
1127
+ <?php } ?>
1128
+
1129
+ <script type="text/javascript">
1130
+ function wp_attempt_focus(){
1131
+ setTimeout( function(){ try{
1132
+ <?php if ( $user_login ) { ?>
1133
+ d = document.getElementById('user_pass');
1134
+ d.value = '';
1135
+ <?php } else { ?>
1136
+ d = document.getElementById('user_login');
1137
+ <?php if ( 'invalid_username' == $errors->get_error_code() ) { ?>
1138
+ if( d.value != '' )
1139
+ d.value = '';
1140
+ <?php
1141
+ }
1142
+ }
1143
+ ?>
1144
+ d.focus();
1145
+ d.select();
1146
+ } catch(e){}
1147
+ }, 200);
1148
+ }
1149
+
1150
+ <?php
1151
+ /**
1152
+ * Filters whether to print the call to `wp_attempt_focus()` on the login screen.
1153
+ *
1154
+ * @since 4.8.0
1155
+ *
1156
+ * @param bool $print Whether to print the function call. Default true.
1157
+ */
1158
+ if ( apply_filters( 'enable_login_autofocus', true ) && ! $error ) {
1159
+ ?>
1160
+ wp_attempt_focus();
1161
+ <?php } ?>
1162
+ if(typeof wpOnload=='function')wpOnload();
1163
+ <?php if ( $interim_login ) { ?>
1164
+ (function(){
1165
+ try {
1166
+ var i, links = document.getElementsByTagName('a');
1167
+ for ( i in links ) {
1168
+ if ( links[i].href )
1169
+ links[i].target = '_blank';
1170
+ }
1171
+ } catch(e){}
1172
+ }());
1173
+ <?php } ?>
1174
+ </script>
1175
 
1176
+ <?php
1177
+ login_footer();
 
1178
 
1179
+ break;
1180
+ } // End action switch.
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: Tips and Tricks HQ, wpsolutions, Peter Petreski, Ruhul Amin, mbrso
3
  Donate link: https://www.tipsandtricks-hq.com
4
  Tags: security, secure, Anti Virus, antivirus, ban, ban hacker, virus, firewall, firewall security, login, lockdown, htaccess, hack, malware, vulnerability, protect, protection, phishing, database, backup, plugin, sql injection, ssl, restrict, login captcha, bot, hotlink, 404 detection, admin, rename, all in one, scan, scanner, iframe,
5
  Requires at least: 4.7
6
- Tested up to: 5.0
7
  Stable tag: trunk
8
  License: GPLv3
9
 
@@ -112,7 +112,6 @@ or malicious bots who do not have a special cookie in their browser. You (the si
112
 
113
  = Security Scanner =
114
  * The file change detection scanner can alert you if any files have changed in your WordPress system. You can then investigate and see if that was a legitimate change or some bad code was injected.
115
- * Database scanner feature can be used to scan your database tables. It will look for any common suspicious-looking strings, javascript and html code in some of the WordPress core tables.
116
 
117
  = Comment SPAM Security =
118
  * Monitor the most active IP addresses which persistently produce the most SPAM comments and instantly block them with the click of a button.
@@ -187,6 +186,17 @@ https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
187
  None
188
 
189
  == Changelog ==
 
 
 
 
 
 
 
 
 
 
 
190
  = 4.3.8.3 =
191
  - Trying again - Fixed login captcha authentication bug.
192
 
3
  Donate link: https://www.tipsandtricks-hq.com
4
  Tags: security, secure, Anti Virus, antivirus, ban, ban hacker, virus, firewall, firewall security, login, lockdown, htaccess, hack, malware, vulnerability, protect, protection, phishing, database, backup, plugin, sql injection, ssl, restrict, login captcha, bot, hotlink, 404 detection, admin, rename, all in one, scan, scanner, iframe,
5
  Requires at least: 4.7
6
+ Tested up to: 5.2
7
  Stable tag: trunk
8
  License: GPLv3
9
 
112
 
113
  = Security Scanner =
114
  * The file change detection scanner can alert you if any files have changed in your WordPress system. You can then investigate and see if that was a legitimate change or some bad code was injected.
 
115
 
116
  = Comment SPAM Security =
117
  * Monitor the most active IP addresses which persistently produce the most SPAM comments and instantly block them with the click of a button.
186
  None
187
 
188
  == Changelog ==
189
+ = 4.3.9.1 =
190
+ - Fixed rename login page feature bug introduced after WP core change in version 5.2.
191
+
192
+ = 4.3.9 =
193
+ - Fixed captcha bug.
194
+ - Fixed PHP_EOL issue where some IPv6 and v4 addresses saved in settings were incorrectly deemed invalid.
195
+ - Tightened file permission for wp-config.php to "640"
196
+ - Fixed DB prefix change bug for cases where DB had tables of type "view".
197
+ - Fixed some translation string issues.
198
+ - Minor style fix for wp list table pagination nav buttons.
199
+
200
  = 4.3.8.3 =
201
  - Trying again - Fixed login captcha authentication bug.
202
 
wp-security-core.php CHANGED
@@ -7,7 +7,7 @@ if ( !defined('ABSPATH') ) {
7
  if (!class_exists('AIO_WP_Security')){
8
 
9
  class AIO_WP_Security{
10
- var $version = '4.3.8.3';
11
  var $db_version = '1.9';
12
  var $plugin_url;
13
  var $plugin_path;
7
  if (!class_exists('AIO_WP_Security')){
8
 
9
  class AIO_WP_Security{
10
+ var $version = '4.3.9.1';
11
  var $db_version = '1.9';
12
  var $plugin_url;
13
  var $plugin_path;
wp-security.php CHANGED
@@ -1,7 +1,7 @@
1
  <?php
2
  /*
3
  Plugin Name: All In One WP Security
4
- Version: 4.3.8.3
5
  Plugin URI: https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
6
  Author: Tips and Tricks HQ, Peter Petreski, Ruhul, Ivy
7
  Author URI: https://www.tipsandtricks-hq.com/
1
  <?php
2
  /*
3
  Plugin Name: All In One WP Security
4
+ Version: 4.3.9.1
5
  Plugin URI: https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
6
  Author: Tips and Tricks HQ, Peter Petreski, Ruhul, Ivy
7
  Author URI: https://www.tipsandtricks-hq.com/