Rename wp-login.php - Version 1.7

Version Description

  • Made compatible with WordPress 3.7.
Download this release

Release Info

Developer avryl
Plugin Icon 128x128 Rename wp-login.php
Version 1.7
Comparing to
See all releases

Code changes from version 1.6 to 1.7

Files changed (4) hide show
  1. readme.md +7 -3
  2. readme.txt +7 -3
  3. rename-wp-login.php +5 -3
  4. wp-login.php → rwl-login.php +325 -172
readme.md CHANGED
@@ -3,8 +3,8 @@
3
  **Contributors:** avryl
4
  **Tags:** rename, login, wp-login, wp-login.php, brute force, attacks
5
  **Requires at least:** 3.6
6
- **Tested up to:** 3.6.1
7
- **Stable tag:** 1.6
8
  **License:** GPLv2 or later
9
  **License URI:** http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -66,6 +66,10 @@ Either go to your MySQL database and look for the value of `rwl_page` in the opt
66
 
67
  ### 1.6
68
 
 
 
 
 
69
  * Fixed the login link when `site_url()` ≠ `home_url()`.
70
  * Added a [mirror](https://github.com/avryl/rename-wp-login) on GitHub.
71
 
@@ -97,6 +101,6 @@ Either go to your MySQL database and look for the value of `rwl_page` in the opt
97
 
98
  ## Upgrade Notice
99
 
100
- ### 1.6
101
 
102
  Always immediately update this plugin please!
3
  **Contributors:** avryl
4
  **Tags:** rename, login, wp-login, wp-login.php, brute force, attacks
5
  **Requires at least:** 3.6
6
+ **Tested up to:** 3.7
7
+ **Stable tag:** 1.7
8
  **License:** GPLv2 or later
9
  **License URI:** http://www.gnu.org/licenses/gpl-2.0.html
10
 
66
 
67
  ### 1.6
68
 
69
+ * Made compatible with WordPress 3.7.
70
+
71
+ ### 1.6
72
+
73
  * Fixed the login link when `site_url()` ≠ `home_url()`.
74
  * Added a [mirror](https://github.com/avryl/rename-wp-login) on GitHub.
75
 
101
 
102
  ## Upgrade Notice
103
 
104
+ ### 1.7
105
 
106
  Always immediately update this plugin please!
readme.txt CHANGED
@@ -3,8 +3,8 @@
3
  Contributors: avryl
4
  Tags: rename, login, wp-login, wp-login.php, brute force, attacks
5
  Requires at least: 3.6
6
- Tested up to: 3.6.1
7
- Stable tag: 1.6
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -64,6 +64,10 @@ Either go to your MySQL database and look for the value of `rwl_page` in the opt
64
 
65
  == Changelog ==
66
 
 
 
 
 
67
  = 1.6 =
68
 
69
  * Fixed the login link when `site_url()` ≠ `home_url()`.
@@ -97,6 +101,6 @@ Either go to your MySQL database and look for the value of `rwl_page` in the opt
97
 
98
  == Upgrade Notice ==
99
 
100
- = 1.6 =
101
 
102
  Always immediately update this plugin please!
3
  Contributors: avryl
4
  Tags: rename, login, wp-login, wp-login.php, brute force, attacks
5
  Requires at least: 3.6
6
+ Tested up to: 3.7
7
+ Stable tag: 1.7
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
64
 
65
  == Changelog ==
66
 
67
+ = 1.7 =
68
+
69
+ * Made compatible with WordPress 3.7.
70
+
71
  = 1.6 =
72
 
73
  * Fixed the login link when `site_url()` ≠ `home_url()`.
101
 
102
  == Upgrade Notice ==
103
 
104
+ = 1.7 =
105
 
106
  Always immediately update this plugin please!
rename-wp-login.php CHANGED
@@ -6,7 +6,7 @@ Plugin URI: http://wordpress.org/plugins/rename-wp-login/
6
  Description: Change wp-login.php to whatever you want. It can also prevent a lot of brute force attacks.
7
  Author: avryl
8
  Author URI: http://profiles.wordpress.org/avryl/
9
- Version: 1.6
10
  Text Domain: rename-wp-login
11
  License: GPLv2 or later
12
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -78,11 +78,13 @@ function rwl_admin() {
78
 
79
  function rwl_admin_notices() {
80
 
 
 
81
  if ( ! get_option( 'permalink_structure' ) ) {
82
 
83
  echo '<div class="error"><p><strong>Rename wp-login.php</strong> doesn’t work if you’re using the default permalink structure.<br>You must <a href="' . admin_url( 'options-permalink.php' ) . '">choose</a> another permalink structure for it to work.</p></div>';
84
 
85
- } elseif ( $_GET['settings-updated'] == true ) {
86
 
87
  echo '<div class="updated"><p>Your login page is now here: <a href="' . home_url() . '/' . get_option( 'rwl_page' ) . '/">' . home_url() . '/<strong>' . get_option( 'rwl_page' ) . '</strong>/</a>. Bookmark this page!</p></div>';
88
 
@@ -146,7 +148,7 @@ function rwl_init() {
146
 
147
  status_header( 200 );
148
 
149
- require_once( dirname( __FILE__ ) . '/wp-login.php' );
150
 
151
  exit;
152
 
6
  Description: Change wp-login.php to whatever you want. It can also prevent a lot of brute force attacks.
7
  Author: avryl
8
  Author URI: http://profiles.wordpress.org/avryl/
9
+ Version: 1.7
10
  Text Domain: rename-wp-login
11
  License: GPLv2 or later
12
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
78
 
79
  function rwl_admin_notices() {
80
 
81
+ global $pagenow;
82
+
83
  if ( ! get_option( 'permalink_structure' ) ) {
84
 
85
  echo '<div class="error"><p><strong>Rename wp-login.php</strong> doesn’t work if you’re using the default permalink structure.<br>You must <a href="' . admin_url( 'options-permalink.php' ) . '">choose</a> another permalink structure for it to work.</p></div>';
86
 
87
+ } elseif ( isset( $_GET['settings-updated'] ) && $pagenow == 'options-permalink.php' ) {
88
 
89
  echo '<div class="updated"><p>Your login page is now here: <a href="' . home_url() . '/' . get_option( 'rwl_page' ) . '/">' . home_url() . '/<strong>' . get_option( 'rwl_page' ) . '</strong>/</a>. Bookmark this page!</p></div>';
90
 
148
 
149
  status_header( 200 );
150
 
151
+ require_once( dirname( __FILE__ ) . '/rwl-login.php' );
152
 
153
  exit;
154
 
wp-login.php → rwl-login.php RENAMED
@@ -8,6 +8,9 @@
8
  * @package WordPress
9
  */
10
 
 
 
 
11
  global $error, $interim_login, $current_site, $action;
12
 
13
  // Redirect to https login if forced to use SSL
@@ -22,19 +25,11 @@ if ( force_ssl_admin() && ! is_ssl() ) {
22
  }
23
 
24
  /**
25
- * Outputs the header for the login page.
26
- *
27
- * @uses do_action() Calls the 'login_head' for outputting HTML in the Log In
28
- * header.
29
- * @uses apply_filters() Calls 'login_headerurl' for the top login link.
30
- * @uses apply_filters() Calls 'login_headertitle' for the top login title.
31
- * @uses apply_filters() Calls 'login_message' on the message to display in the
32
- * header.
33
- * @uses $error The error global, which is checked for displaying errors.
34
  *
35
- * @param string $title Optional. WordPress Log In Page title to display in
36
- * <title/> element.
37
- * @param string $message Optional. Message to display in header.
38
  * @param WP_Error $wp_error Optional. WordPress Error Object
39
  */
40
  function login_header($title = 'Log In', $message = '', $wp_error = '') {
@@ -43,11 +38,21 @@ function login_header($title = 'Log In', $message = '', $wp_error = '') {
43
  // Don't index any of these forms
44
  add_action( 'login_head', 'wp_no_robots' );
45
 
 
 
 
46
  if ( empty($wp_error) )
47
  $wp_error = new WP_Error();
48
 
49
  // Shake it!
50
  $shake_error_codes = array( 'empty_password', 'empty_email', 'invalid_email', 'invalidcombo', 'empty_username', 'invalid_username', 'incorrect_password' );
 
 
 
 
 
 
 
51
  $shake_error_codes = apply_filters( 'shake_error_codes', $shake_error_codes );
52
 
53
  if ( $shake_error_codes && $wp_error->get_error_code() && in_array( $wp_error->get_error_code(), $shake_error_codes ) )
@@ -63,10 +68,6 @@ function login_header($title = 'Log In', $message = '', $wp_error = '') {
63
  wp_admin_css( 'wp-admin', true );
64
  wp_admin_css( 'colors-fresh', true );
65
 
66
- if ( wp_is_mobile() ) { ?>
67
- <meta name="viewport" content="width=320, initial-scale=0.9, maximum-scale=1.0, user-scalable=0" /><?php
68
- }
69
-
70
  // Remove all stored post data on logging out.
71
  // This could be added by add_action('login_head'...) like wp_shake_js()
72
  // but maybe better if it's not removable by plugins
@@ -76,7 +77,17 @@ function login_header($title = 'Log In', $message = '', $wp_error = '') {
76
  <?php
77
  }
78
 
 
 
 
 
 
79
  do_action( 'login_enqueue_scripts' );
 
 
 
 
 
80
  do_action( 'login_head' );
81
 
82
  if ( is_multisite() ) {
@@ -87,7 +98,21 @@ function login_header($title = 'Log In', $message = '', $wp_error = '') {
87
  $login_header_title = __( 'Powered by WordPress' );
88
  }
89
 
90
- $login_header_url = apply_filters( 'login_headerurl', $login_header_url );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
91
  $login_header_title = apply_filters( 'login_headertitle', $login_header_title );
92
 
93
  $classes = array( 'login-action-' . $action, 'wp-core-ui' );
@@ -105,6 +130,14 @@ function login_header($title = 'Log In', $message = '', $wp_error = '') {
105
  $classes[] = 'interim-login-success';
106
  }
107
 
 
 
 
 
 
 
 
 
108
  $classes = apply_filters( 'login_body_class', $classes, $action );
109
 
110
  ?>
@@ -116,7 +149,14 @@ function login_header($title = 'Log In', $message = '', $wp_error = '') {
116
 
117
  unset( $login_header_url, $login_header_title );
118
 
119
- $message = apply_filters('login_message', $message);
 
 
 
 
 
 
 
120
  if ( !empty( $message ) )
121
  echo $message . "\n";
122
 
@@ -138,10 +178,26 @@ function login_header($title = 'Log In', $message = '', $wp_error = '') {
138
  $errors .= ' ' . $error . "<br />\n";
139
  }
140
  }
141
- if ( !empty($errors) )
142
- echo '<div id="login_error">' . apply_filters('login_errors', $errors) . "</div>\n";
143
- if ( !empty($messages) )
144
- echo '<p class="message">' . apply_filters('login_messages', $messages) . "</p>\n";
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
145
  }
146
  } // End of login_header()
147
 
@@ -167,7 +223,13 @@ function login_footer($input_id = '') {
167
  </script>
168
  <?php endif; ?>
169
 
170
- <?php do_action('login_footer'); ?>
 
 
 
 
 
 
171
  <div class="clear"></div>
172
  </body>
173
  </html>
@@ -188,6 +250,12 @@ addLoadEvent(function(){ var p=new Array(15,30,15,0,-15,-30,-15,0);p=p.concat(p.
188
  <?php
189
  }
190
 
 
 
 
 
 
 
191
  /**
192
  * Handles sending password retrieval email to user.
193
  *
@@ -196,7 +264,7 @@ addLoadEvent(function(){ var p=new Array(15,30,15,0,-15,-30,-15,0);p=p.concat(p.
196
  * @return bool|WP_Error True: when finish. WP_Error on error
197
  */
198
  function retrieve_password() {
199
- global $wpdb, $current_site;
200
 
201
  $errors = new WP_Error();
202
 
@@ -211,7 +279,12 @@ function retrieve_password() {
211
  $user_data = get_user_by('login', $login);
212
  }
213
 
214
- do_action('lostpassword_post');
 
 
 
 
 
215
 
216
  if ( $errors->get_error_code() )
217
  return $errors;
@@ -225,24 +298,60 @@ function retrieve_password() {
225
  $user_login = $user_data->user_login;
226
  $user_email = $user_data->user_email;
227
 
228
- do_action('retreive_password', $user_login); // Misspelled and deprecated
229
- do_action('retrieve_password', $user_login);
230
-
231
- $allow = apply_filters('allow_password_reset', true, $user_data->ID);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
232
 
233
  if ( ! $allow )
234
  return new WP_Error('no_password_reset', __('Password reset is not allowed for this user'));
235
  else if ( is_wp_error($allow) )
236
  return $allow;
237
 
238
- $key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login));
239
- if ( empty($key) ) {
240
- // Generate something random for a key...
241
- $key = wp_generate_password(20, false);
242
- do_action('retrieve_password_key', $user_login, $key);
243
- // Now insert the new md5 key into the db
244
- $wpdb->update($wpdb->users, array('user_activation_key' => $key), array('user_login' => $user_login));
 
 
 
 
 
 
 
 
 
 
245
  }
 
 
 
246
  $message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n";
247
  $message .= network_home_url( '/' ) . "\r\n\r\n";
248
  $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
@@ -259,8 +368,23 @@ function retrieve_password() {
259
 
260
  $title = sprintf( __('[%s] Password Reset'), $blogname );
261
 
262
- $title = apply_filters('retrieve_password_title', $title);
263
- $message = apply_filters('retrieve_password_message', $message, $key);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
264
 
265
  if ( $message && !wp_mail($user_email, $title, $message) )
266
  wp_die( __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function.') );
@@ -268,102 +392,6 @@ function retrieve_password() {
268
  return true;
269
  }
270
 
271
- /**
272
- * Retrieves a user row based on password reset key and login
273
- *
274
- * @uses $wpdb WordPress Database object
275
- *
276
- * @param string $key Hash to validate sending user's password
277
- * @param string $login The user login
278
- * @return object|WP_Error User's database row on success, error object for invalid keys
279
- */
280
- function check_password_reset_key($key, $login) {
281
- global $wpdb;
282
-
283
- $key = preg_replace('/[^a-z0-9]/i', '', $key);
284
-
285
- if ( empty( $key ) || !is_string( $key ) )
286
- return new WP_Error('invalid_key', __('Invalid key'));
287
-
288
- if ( empty($login) || !is_string($login) )
289
- return new WP_Error('invalid_key', __('Invalid key'));
290
-
291
- $user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_activation_key = %s AND user_login = %s", $key, $login));
292
-
293
- if ( empty( $user ) )
294
- return new WP_Error('invalid_key', __('Invalid key'));
295
-
296
- return $user;
297
- }
298
-
299
- /**
300
- * Handles resetting the user's password.
301
- *
302
- * @param object $user The user
303
- * @param string $new_pass New password for the user in plaintext
304
- */
305
- function reset_password($user, $new_pass) {
306
- do_action('password_reset', $user, $new_pass);
307
-
308
- wp_set_password($new_pass, $user->ID);
309
-
310
- wp_password_change_notification($user);
311
- }
312
-
313
- /**
314
- * Handles registering a new user.
315
- *
316
- * @param string $user_login User's username for logging in
317
- * @param string $user_email User's email address to send password and add
318
- * @return int|WP_Error Either user's ID or error on failure.
319
- */
320
- function register_new_user( $user_login, $user_email ) {
321
- $errors = new WP_Error();
322
-
323
- $sanitized_user_login = sanitize_user( $user_login );
324
- $user_email = apply_filters( 'user_registration_email', $user_email );
325
-
326
- // Check the username
327
- if ( $sanitized_user_login == '' ) {
328
- $errors->add( 'empty_username', __( '<strong>ERROR</strong>: Please enter a username.' ) );
329
- } elseif ( ! validate_username( $user_login ) ) {
330
- $errors->add( 'invalid_username', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ) );
331
- $sanitized_user_login = '';
332
- } elseif ( username_exists( $sanitized_user_login ) ) {
333
- $errors->add( 'username_exists', __( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' ) );
334
- }
335
-
336
- // Check the e-mail address
337
- if ( $user_email == '' ) {
338
- $errors->add( 'empty_email', __( '<strong>ERROR</strong>: Please type your e-mail address.' ) );
339
- } elseif ( ! is_email( $user_email ) ) {
340
- $errors->add( 'invalid_email', __( '<strong>ERROR</strong>: The email address isn&#8217;t correct.' ) );
341
- $user_email = '';
342
- } elseif ( email_exists( $user_email ) ) {
343
- $errors->add( 'email_exists', __( '<strong>ERROR</strong>: This email is already registered, please choose another one.' ) );
344
- }
345
-
346
- do_action( 'register_post', $sanitized_user_login, $user_email, $errors );
347
-
348
- $errors = apply_filters( 'registration_errors', $errors, $sanitized_user_login, $user_email );
349
-
350
- if ( $errors->get_error_code() )
351
- return $errors;
352
-
353
- $user_pass = wp_generate_password( 12, false);
354
- $user_id = wp_create_user( $sanitized_user_login, $user_pass, $user_email );
355
- if ( ! $user_id ) {
356
- $errors->add( 'registerfail', sprintf( __( '<strong>ERROR</strong>: Couldn&#8217;t register you&hellip; please contact the <a href="mailto:%s">webmaster</a> !' ), get_option( 'admin_email' ) ) );
357
- return $errors;
358
- }
359
-
360
- update_user_option( $user_id, 'default_password_nag', true, true ); //Set up the Password change nag.
361
-
362
- wp_new_user_notification( $user_id, $user_pass );
363
-
364
- return $user_id;
365
- }
366
-
367
  //
368
  // Main
369
  //
@@ -396,8 +424,21 @@ setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN);
396
  if ( SITECOOKIEPATH != COOKIEPATH )
397
  setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN);
398
 
399
- // allow plugins to override the default actions, and to add extra actions if they want
 
 
 
 
400
  do_action( 'login_init' );
 
 
 
 
 
 
 
 
 
401
  do_action( 'login_form_' . $action );
402
 
403
  $http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
@@ -409,8 +450,18 @@ case 'postpass' :
409
  require_once ABSPATH . 'wp-includes/class-phpass.php';
410
  $hasher = new PasswordHash( 8, true );
411
 
412
- // 10 days
413
- setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH );
 
 
 
 
 
 
 
 
 
 
414
 
415
  wp_safe_redirect( wp_get_referer() );
416
  exit();
@@ -439,31 +490,67 @@ case 'retrievepassword' :
439
  }
440
  }
441
 
442
- if ( isset($_GET['error']) && 'invalidkey' == $_GET['error'] ) $errors->add('invalidkey', __('Sorry, that key does not appear to be valid.'));
443
- $redirect_to = apply_filters( 'lostpassword_redirect', !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '' );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
444
 
445
- do_action('lost_password');
446
  login_header(__('Lost Password'), '<p class="message">' . __('Please enter your username or email address. You will receive a link to create a new password via email.') . '</p>', $errors);
447
 
448
  $user_login = isset($_POST['user_login']) ? wp_unslash($_POST['user_login']) : '';
449
 
450
  ?>
451
 
452
- <form name="lostpasswordform" id="lostpasswordform" action="<?php echo home_url() . '/' . get_option('rwl_page') . '/' . '?action=lostpassword'; ?>" method="post">
453
  <p>
454
  <label for="user_login" ><?php _e('Username or E-mail:') ?><br />
455
  <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label>
456
  </p>
457
- <?php do_action('lostpassword_form'); ?>
 
 
 
 
 
 
458
  <input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />
459
  <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Get New Password'); ?>" /></p>
460
  </form>
461
 
462
  <p id="nav">
463
  <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e('Log in') ?></a>
464
- <?php if ( get_option( 'users_can_register' ) ) : ?>
465
- | <?php echo apply_filters( 'register', sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) ) ); ?>
466
- <?php endif; ?>
 
 
 
 
 
 
 
 
 
 
467
  </p>
468
 
469
  <?php
@@ -475,7 +562,10 @@ case 'rp' :
475
  $user = check_password_reset_key($_GET['key'], $_GET['login']);
476
 
477
  if ( is_wp_error($user) ) {
478
- wp_redirect( home_url() . '/' . get_option('rwl_page') . '/' . '?action=lostpassword&error=invalidkey' );
 
 
 
479
  exit;
480
  }
481
 
@@ -484,6 +574,14 @@ case 'rp' :
484
  if ( isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2'] )
485
  $errors->add( 'password_reset_mismatch', __( 'The passwords do not match.' ) );
486
 
 
 
 
 
 
 
 
 
487
  do_action( 'validate_password_reset', $errors, $user );
488
 
489
  if ( ( ! $errors->get_error_code() ) && isset( $_POST['pass1'] ) && !empty( $_POST['pass1'] ) ) {
@@ -499,7 +597,8 @@ case 'rp' :
499
  login_header(__('Reset Password'), '<p class="message reset-pass">' . __('Enter your new password below.') . '</p>', $errors );
500
 
501
  ?>
502
- <form name="resetpassform" id="resetpassform" action="<?php echo home_url() . '/' . get_option('rwl_page') . '/' . '?action=resetpass&key=' . urlencode( $_GET['key'] ) . '&login=' . urlencode( $_GET['login'] ); ?>" method="post" autocomplete="off">
 
503
  <input type="hidden" id="user_login" value="<?php echo esc_attr( $_GET['login'] ); ?>" autocomplete="off" />
504
 
505
  <p>
@@ -520,9 +619,13 @@ case 'rp' :
520
 
521
  <p id="nav">
522
  <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log in' ); ?></a>
523
- <?php if ( get_option( 'users_can_register' ) ) : ?>
524
- | <?php echo apply_filters( 'register', sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) ) ); ?>
525
- <?php endif; ?>
 
 
 
 
526
  </p>
527
 
528
  <?php
@@ -531,8 +634,15 @@ break;
531
 
532
  case 'register' :
533
  if ( is_multisite() ) {
534
- // Multisite uses wp-signup.php
535
- wp_redirect( apply_filters( 'wp_signup_location', network_site_url('wp-signup.php') ) );
 
 
 
 
 
 
 
536
  exit;
537
  }
538
 
@@ -554,11 +664,19 @@ case 'register' :
554
  }
555
  }
556
 
557
- $redirect_to = apply_filters( 'registration_redirect', !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '' );
 
 
 
 
 
 
 
 
558
  login_header(__('Registration Form'), '<p class="message register">' . __('Register For This Site') . '</p>', $errors);
559
  ?>
560
 
561
- <form name="registerform" id="registerform" action="<?php echo home_url() . '/' . get_option('rwl_page') . '/' . '?action=register'; ?>" method="post">
562
  <p>
563
  <label for="user_login"><?php _e('Username') ?><br />
564
  <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr(wp_unslash($user_login)); ?>" size="20" /></label>
@@ -567,7 +685,14 @@ case 'register' :
567
  <label for="user_email"><?php _e('E-mail') ?><br />
568
  <input type="text" name="user_email" id="user_email" class="input" value="<?php echo esc_attr(wp_unslash($user_email)); ?>" size="25" /></label>
569
  </p>
570
- <?php do_action('register_form'); ?>
 
 
 
 
 
 
 
571
  <p id="reg_passmail"><?php _e('A password will be e-mailed to you.') ?></p>
572
  <br class="clear" />
573
  <input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />
@@ -618,9 +743,23 @@ default:
618
  if ( !$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
619
  $secure_cookie = false;
620
 
621
- $user = wp_signon('', $secure_cookie);
622
-
623
- $redirect_to = apply_filters('login_redirect', $redirect_to, isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '', $user);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
624
 
625
  if ( !is_wp_error($user) && !$reauth ) {
626
  if ( $interim_login ) {
@@ -628,7 +767,9 @@ default:
628
  $interim_login = 'success';
629
  login_header( '', $message ); ?>
630
  </div>
631
- <?php do_action( 'login_footer' ); ?>
 
 
632
  <?php if ( $customize_login ) : ?>
633
  <script type="text/javascript">setTimeout( function(){ new wp.customize.Messenger({ url: '<?php echo wp_customize_url(); ?>', channel: 'login' }).send('login') }, 1000 );</script>
634
  <?php endif; ?>
@@ -654,10 +795,6 @@ default:
654
  if ( !empty($_GET['loggedout']) || $reauth )
655
  $errors = new WP_Error();
656
 
657
- // If cookies are disabled we can't log in even with a valid user+pass
658
- if ( isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE]) )
659
- $errors->add('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress."));
660
-
661
  if ( $interim_login ) {
662
  if ( ! $errors->get_error_code() )
663
  $errors->add('expired', __('Session expired. Please log in again. You will not move away from this page.'), 'message');
@@ -677,6 +814,14 @@ default:
677
  $errors->add('updated', __( '<strong>You have successfully updated WordPress!</strong> Please log back in to experience the awesomeness.' ), 'message' );
678
  }
679
 
 
 
 
 
 
 
 
 
680
  $errors = apply_filters( 'wp_login_errors', $errors, $redirect_to );
681
 
682
  // Clear any stale cookies.
@@ -684,15 +829,13 @@ default:
684
  wp_clear_auth_cookie();
685
 
686
  login_header(__('Log In'), '', $errors);
687
-
688
- $user_login = '';
689
 
690
  if ( isset($_POST['log']) )
691
  $user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? esc_attr(wp_unslash($_POST['log'])) : '';
692
  $rememberme = ! empty( $_POST['rememberme'] );
693
  ?>
694
 
695
- <form name="loginform" id="loginform" action="<?php echo home_url() . '/' . get_option('rwl_page') . '/'; ?>" method="post">
696
  <p>
697
  <label for="user_login"><?php _e('Username') ?><br />
698
  <input type="text" name="log" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label>
@@ -701,7 +844,14 @@ default:
701
  <label for="user_pass"><?php _e('Password') ?><br />
702
  <input type="password" name="pwd" id="user_pass" class="input" value="" size="20" /></label>
703
  </p>
704
- <?php do_action('login_form'); ?>
 
 
 
 
 
 
 
705
  <p class="forgetmenot"><label for="rememberme"><input name="rememberme" type="checkbox" id="rememberme" value="forever" <?php checked( $rememberme ); ?> /> <?php esc_attr_e('Remember Me'); ?></label></p>
706
  <p class="submit">
707
  <input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Log In'); ?>" />
@@ -719,10 +869,13 @@ default:
719
 
720
  <?php if ( ! $interim_login ) { ?>
721
  <p id="nav">
722
- <?php if ( ! isset( $_GET['checkemail'] ) || ! in_array( $_GET['checkemail'], array( 'confirm', 'newpass' ) ) ) : ?>
723
- <?php if ( get_option( 'users_can_register' ) ) : ?>
724
- <?php echo apply_filters( 'register', sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) ) ); ?> |
725
- <?php endif; ?>
 
 
 
726
  <a href="<?php echo esc_url( wp_lostpassword_url() ); ?>" title="<?php esc_attr_e( 'Password Lost and Found' ); ?>"><?php _e( 'Lost your password?' ); ?></a>
727
  <?php endif; ?>
728
  </p>
@@ -768,4 +921,4 @@ try {
768
  <?php
769
  login_footer();
770
  break;
771
- } // end action switch
8
  * @package WordPress
9
  */
10
 
11
+ /** Make sure that the WordPress bootstrap has run before continuing. */
12
+ //require( dirname(__FILE__) . '/wp-load.php' );
13
+
14
  global $error, $interim_login, $current_site, $action;
15
 
16
  // Redirect to https login if forced to use SSL
25
  }
26
 
27
  /**
28
+ * Output the login page header.
 
 
 
 
 
 
 
 
29
  *
30
+ * @param string $title Optional. WordPress Log In Page title to display in <title/> element. Default 'Log In'.
31
+ * @param string $message Optional. Message to display in header. Default empty.
32
+ * @param string $wp_error Optional. The error to pass. Default empty.
33
  * @param WP_Error $wp_error Optional. WordPress Error Object
34
  */
35
  function login_header($title = 'Log In', $message = '', $wp_error = '') {
38
  // Don't index any of these forms
39
  add_action( 'login_head', 'wp_no_robots' );
40
 
41
+ if ( wp_is_mobile() )
42
+ add_action( 'login_head', 'wp_login_viewport_meta' );
43
+
44
  if ( empty($wp_error) )
45
  $wp_error = new WP_Error();
46
 
47
  // Shake it!
48
  $shake_error_codes = array( 'empty_password', 'empty_email', 'invalid_email', 'invalidcombo', 'empty_username', 'invalid_username', 'incorrect_password' );
49
+ /**
50
+ * Filter the error codes array for shaking the login form.
51
+ *
52
+ * @since 3.0.0
53
+ *
54
+ * @param array $shake_error_codes Error codes that shake the login form.
55
+ */
56
  $shake_error_codes = apply_filters( 'shake_error_codes', $shake_error_codes );
57
 
58
  if ( $shake_error_codes && $wp_error->get_error_code() && in_array( $wp_error->get_error_code(), $shake_error_codes ) )
68
  wp_admin_css( 'wp-admin', true );
69
  wp_admin_css( 'colors-fresh', true );
70
 
 
 
 
 
71
  // Remove all stored post data on logging out.
72
  // This could be added by add_action('login_head'...) like wp_shake_js()
73
  // but maybe better if it's not removable by plugins
77
  <?php
78
  }
79
 
80
+ /**
81
+ * Enqueue scripts and styles for the login page.
82
+ *
83
+ * @since 3.1.0
84
+ */
85
  do_action( 'login_enqueue_scripts' );
86
+ /**
87
+ * Fires in the login page header after scripts are enqueued.
88
+ *
89
+ * @since 2.1.0
90
+ */
91
  do_action( 'login_head' );
92
 
93
  if ( is_multisite() ) {
98
  $login_header_title = __( 'Powered by WordPress' );
99
  }
100
 
101
+ /**
102
+ * Filter link URL of the header logo above login form.
103
+ *
104
+ * @since 2.1.0
105
+ *
106
+ * @param string $login_header_url Login header logo URL.
107
+ */
108
+ $login_header_url = apply_filters( 'login_headerurl', $login_header_url );
109
+ /**
110
+ * Filter the title attribute of the header logo above login form.
111
+ *
112
+ * @since 2.1.0
113
+ *
114
+ * @param string $login_header_title Login header logo title attribute.
115
+ */
116
  $login_header_title = apply_filters( 'login_headertitle', $login_header_title );
117
 
118
  $classes = array( 'login-action-' . $action, 'wp-core-ui' );
130
  $classes[] = 'interim-login-success';
131
  }
132
 
133
+ /**
134
+ * Filter the login page body classes.
135
+ *
136
+ * @since 3.5.0
137
+ *
138
+ * @param array $classes An array of body classes.
139
+ * @param string $action The action that brought the visitor to the login page.
140
+ */
141
  $classes = apply_filters( 'login_body_class', $classes, $action );
142
 
143
  ?>
149
 
150
  unset( $login_header_url, $login_header_title );
151
 
152
+ /**
153
+ * Filter the message to display above the login form.
154
+ *
155
+ * @since 2.1.0
156
+ *
157
+ * @param string $message Login message text.
158
+ */
159
+ $message = apply_filters( 'login_message', $message );
160
  if ( !empty( $message ) )
161
  echo $message . "\n";
162
 
178
  $errors .= ' ' . $error . "<br />\n";
179
  }
180
  }
181
+ if ( ! empty( $errors ) ) {
182
+ /**
183
+ * Filter the error messages displayed above the login form.
184
+ *
185
+ * @since 2.1.0
186
+ *
187
+ * @param string $errors Login error message.
188
+ */
189
+ echo '<div id="login_error">' . apply_filters( 'login_errors', $errors ) . "</div>\n";
190
+ }
191
+ if ( ! empty( $messages ) ) {
192
+ /**
193
+ * Filter instructional messages displayed above the login form.
194
+ *
195
+ * @since 2.5.0
196
+ *
197
+ * @param string $messages Login messages.
198
+ */
199
+ echo '<p class="message">' . apply_filters( 'login_messages', $messages ) . "</p>\n";
200
+ }
201
  }
202
  } // End of login_header()
203
 
223
  </script>
224
  <?php endif; ?>
225
 
226
+ <?php
227
+ /**
228
+ * Fires in the login page footer.
229
+ *
230
+ * @since 3.1.0
231
+ */
232
+ do_action( 'login_footer' ); ?>
233
  <div class="clear"></div>
234
  </body>
235
  </html>
250
  <?php
251
  }
252
 
253
+ function wp_login_viewport_meta() {
254
+ ?>
255
+ <meta name="viewport" content="width=device-width" />
256
+ <?php
257
+ }
258
+
259
  /**
260
  * Handles sending password retrieval email to user.
261
  *
264
  * @return bool|WP_Error True: when finish. WP_Error on error
265
  */
266
  function retrieve_password() {
267
+ global $wpdb, $current_site, $wp_hasher;
268
 
269
  $errors = new WP_Error();
270
 
279
  $user_data = get_user_by('login', $login);
280
  }
281
 
282
+ /**
283
+ * Fires before errors are returned from a password reset request.
284
+ *
285
+ * @since 2.1.0
286
+ */
287
+ do_action( 'lostpassword_post' );
288
 
289
  if ( $errors->get_error_code() )
290
  return $errors;
298
  $user_login = $user_data->user_login;
299
  $user_email = $user_data->user_email;
300
 
301
+ /**
302
+ * Fires before a new password is retrieved.
303
+ *
304
+ * @since 1.5.2
305
+ * @deprecated 1.5.2 Misspelled. Use 'retrieve_password' hook instead.
306
+ *
307
+ * @param string $user_login The user login name.
308
+ */
309
+ do_action( 'retreive_password', $user_login );
310
+ /**
311
+ * Fires before a new password is retrieved.
312
+ *
313
+ * @since 1.5.2
314
+ *
315
+ * @param string $user_login The user login name.
316
+ */
317
+ do_action( 'retrieve_password', $user_login );
318
+
319
+ /**
320
+ * Filter whether to allow a password to be reset.
321
+ *
322
+ * @since 2.7.0
323
+ *
324
+ * @param bool true Whether to allow the password to be reset. Default true.
325
+ * @param int $user_data->ID The ID of the user attempting to reset a password.
326
+ */
327
+ $allow = apply_filters( 'allow_password_reset', true, $user_data->ID );
328
 
329
  if ( ! $allow )
330
  return new WP_Error('no_password_reset', __('Password reset is not allowed for this user'));
331
  else if ( is_wp_error($allow) )
332
  return $allow;
333
 
334
+ // Generate something random for a password reset key.
335
+ $key = wp_generate_password( 20, false );
336
+
337
+ /**
338
+ * Fires when a password reset key is generated.
339
+ *
340
+ * @since 2.5.0
341
+ *
342
+ * @param string $user_login The username for the user.
343
+ * @param string $key The generated password reset key.
344
+ */
345
+ do_action( 'retrieve_password_key', $user_login, $key );
346
+
347
+ // Now insert the key, hashed, into the DB.
348
+ if ( empty( $wp_hasher ) ) {
349
+ require_once ABSPATH . 'wp-includes/class-phpass.php';
350
+ $wp_hasher = new PasswordHash( 8, true );
351
  }
352
+ $hashed = $wp_hasher->HashPassword( $key );
353
+ $wpdb->update( $wpdb->users, array( 'user_activation_key' => $hashed ), array( 'user_login' => $user_login ) );
354
+
355
  $message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n";
356
  $message .= network_home_url( '/' ) . "\r\n\r\n";
357
  $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
368
 
369
  $title = sprintf( __('[%s] Password Reset'), $blogname );
370
 
371
+ /**
372
+ * Filter the subject of the password reset email.
373
+ *
374
+ * @since 2.8.0
375
+ *
376
+ * @param string $title Default email title.
377
+ */
378
+ $title = apply_filters( 'retrieve_password_title', $title );
379
+ /**
380
+ * Filter the message body of the password reset mail.
381
+ *
382
+ * @since 2.8.0
383
+ *
384
+ * @param string $message Default mail message.
385
+ * @param string $key The activation key.
386
+ */
387
+ $message = apply_filters( 'retrieve_password_message', $message, $key );
388
 
389
  if ( $message && !wp_mail($user_email, $title, $message) )
390
  wp_die( __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function.') );
392
  return true;
393
  }
394
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
395
  //
396
  // Main
397
  //
424
  if ( SITECOOKIEPATH != COOKIEPATH )
425
  setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN);
426
 
427
+ /**
428
+ * Fires when the login form is initialized.
429
+ *
430
+ * @since 3.2.0
431
+ */
432
  do_action( 'login_init' );
433
+ /**
434
+ * Fires before a specified login form action.
435
+ *
436
+ * The dynamic portion of the hook name, $action, refers to the action
437
+ * that brought the visitor to the login form. Actions include 'postpass',
438
+ * 'logout', 'lostpassword', etc.
439
+ *
440
+ * @since 2.8.0
441
+ */
442
  do_action( 'login_form_' . $action );
443
 
444
  $http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
450
  require_once ABSPATH . 'wp-includes/class-phpass.php';
451
  $hasher = new PasswordHash( 8, true );
452
 
453
+ /**
454
+ * Filter the life span of the post password cookie.
455
+ *
456
+ * By default, the cookie expires 10 days from creation. To turn this
457
+ * into a session cookie, return 0.
458
+ *
459
+ * @since 3.7.0
460
+ *
461
+ * @param int $expires The expiry time, as passed to setcookie().
462
+ */
463
+ $expire = apply_filters( 'post_password_expires', time() + 10 * DAY_IN_SECONDS );
464
+ setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), $expire, COOKIEPATH );
465
 
466
  wp_safe_redirect( wp_get_referer() );
467
  exit();
490
  }
491
  }
492
 
493
+ if ( isset( $_GET['error'] ) ) {
494
+ if ( 'invalidkey' == $_GET['error'] )
495
+ $errors->add( 'invalidkey', __( 'Sorry, that key does not appear to be valid.' ) );
496
+ elseif ( 'expiredkey' == $_GET['error'] )
497
+ $errors->add( 'expiredkey', __( 'Sorry, that key has expired. Please try again.' ) );
498
+ }
499
+
500
+ $lostpassword_redirect = ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
501
+ /**
502
+ * Filter the URL redirected to after submitting the lostpassword/retrievepassword form.
503
+ *
504
+ * @since 3.0.0
505
+ *
506
+ * @param string $lostpassword_redirect The redirect destination URL.
507
+ */
508
+ $redirect_to = apply_filters( 'lostpassword_redirect', $lostpassword_redirect );
509
+
510
+ /**
511
+ * Fires before the lost password form.
512
+ *
513
+ * @since 1.5.2
514
+ */
515
+ do_action( 'lost_password' );
516
 
 
517
  login_header(__('Lost Password'), '<p class="message">' . __('Please enter your username or email address. You will receive a link to create a new password via email.') . '</p>', $errors);
518
 
519
  $user_login = isset($_POST['user_login']) ? wp_unslash($_POST['user_login']) : '';
520
 
521
  ?>
522
 
523
+ <form name="lostpasswordform" id="lostpasswordform" action="<?php echo esc_url( home_url() . '/' . get_option('rwl_page') . '/' . '?action=lostpassword' ); ?>" method="post">
524
  <p>
525
  <label for="user_login" ><?php _e('Username or E-mail:') ?><br />
526
  <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label>
527
  </p>
528
+ <?php
529
+ /**
530
+ * Fires inside the lostpassword <form> tags, before the hidden fields.
531
+ *
532
+ * @since 2.1.0
533
+ */
534
+ do_action( 'lostpassword_form' ); ?>
535
  <input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />
536
  <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Get New Password'); ?>" /></p>
537
  </form>
538
 
539
  <p id="nav">
540
  <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e('Log in') ?></a>
541
+ <?php
542
+ if ( get_option( 'users_can_register' ) ) :
543
+ $registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) );
544
+ /**
545
+ * Filter the registration URL below the login form.
546
+ *
547
+ * @since 1.5.2
548
+ *
549
+ * @param string $registration_url Registration URL.
550
+ */
551
+ echo ' | ' . apply_filters( 'register', $registration_url );
552
+ endif;
553
+ ?>
554
  </p>
555
 
556
  <?php
562
  $user = check_password_reset_key($_GET['key'], $_GET['login']);
563
 
564
  if ( is_wp_error($user) ) {
565
+ if ( $user->get_error_code() === 'expired_key' )
566
+ wp_redirect( home_url() . '/' . get_option('rwl_page') . '/' . '?action=lostpassword&error=expiredkey' );
567
+ else
568
+ wp_redirect( home_url() . '/' . get_option('rwl_page') . '/' . '?action=lostpassword&error=invalidkey' );
569
  exit;
570
  }
571
 
574
  if ( isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2'] )
575
  $errors->add( 'password_reset_mismatch', __( 'The passwords do not match.' ) );
576
 
577
+ /**
578
+ * Fires before the password reset procedure is validated.
579
+ *
580
+ * @since 3.5.0
581
+ *
582
+ * @param object $errors WP Error object.
583
+ * @param WP_User|WP_Error $user WP_User object if the login and reset key match. WP_Error object otherwise.
584
+ */
585
  do_action( 'validate_password_reset', $errors, $user );
586
 
587
  if ( ( ! $errors->get_error_code() ) && isset( $_POST['pass1'] ) && !empty( $_POST['pass1'] ) ) {
597
  login_header(__('Reset Password'), '<p class="message reset-pass">' . __('Enter your new password below.') . '</p>', $errors );
598
 
599
  ?>
600
+ <form name="resetpassform" id="resetpassform" action="<?php echo esc_url( home_url() . '/' . get_option('rwl_page') . '/' . '?action=resetpass&key=' . urlencode( $_GET['key'] ) . '&login=' . urlencode( $_GET['login'] ) ); ?>" method="post" autocomplete="off">
601
+
602
  <input type="hidden" id="user_login" value="<?php echo esc_attr( $_GET['login'] ); ?>" autocomplete="off" />
603
 
604
  <p>
619
 
620
  <p id="nav">
621
  <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log in' ); ?></a>
622
+ <?php
623
+ if ( get_option( 'users_can_register' ) ) :
624
+ $registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) );
625
+ /** This filter is documented in wp-login.php */
626
+ echo ' | ' . apply_filters( 'register', $registration_url );
627
+ endif;
628
+ ?>
629
  </p>
630
 
631
  <?php
634
 
635
  case 'register' :
636
  if ( is_multisite() ) {
637
+ $sign_up_url = network_site_url( 'wp-signup.php' );
638
+ /**
639
+ * Filter the Multisite sign up URL.
640
+ *
641
+ * @since 3.0.0
642
+ *
643
+ * @param string $sign_up_url The sign up URL.
644
+ */
645
+ wp_redirect( apply_filters( 'wp_signup_location', $sign_up_url ) );
646
  exit;
647
  }
648
 
664
  }
665
  }
666
 
667
+ $registration_redirect = ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
668
+ /**
669
+ * Filter the registration redirect URL.
670
+ *
671
+ * @since 3.0.0
672
+ *
673
+ * @param string $registration_redirect The redirect destination URL.
674
+ */
675
+ $redirect_to = apply_filters( 'registration_redirect', $registration_redirect );
676
  login_header(__('Registration Form'), '<p class="message register">' . __('Register For This Site') . '</p>', $errors);
677
  ?>
678
 
679
+ <form name="registerform" id="registerform" action="<?php echo esc_url( home_url() . '/' . get_option('rwl_page') . '/' . '?action=register' ); ?>" method="post">
680
  <p>
681
  <label for="user_login"><?php _e('Username') ?><br />
682
  <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr(wp_unslash($user_login)); ?>" size="20" /></label>
685
  <label for="user_email"><?php _e('E-mail') ?><br />
686
  <input type="text" name="user_email" id="user_email" class="input" value="<?php echo esc_attr(wp_unslash($user_email)); ?>" size="25" /></label>
687
  </p>
688
+ <?php
689
+ /**
690
+ * Fires following the 'E-mail' field in the user registration form.
691
+ *
692
+ * @since 2.1.0
693
+ */
694
+ do_action( 'register_form' );
695
+ ?>
696
  <p id="reg_passmail"><?php _e('A password will be e-mailed to you.') ?></p>
697
  <br class="clear" />
698
  <input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />
743
  if ( !$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
744
  $secure_cookie = false;
745
 
746
+ // If cookies are disabled we can't log in even with a valid user+pass
747
+ if ( isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE]) )
748
+ $user = new WP_Error('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress."));
749
+ else
750
+ $user = wp_signon('', $secure_cookie);
751
+
752
+ $requested_redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
753
+ /**
754
+ * Filter the login redirect URL.
755
+ *
756
+ * @since 3.0.0
757
+ *
758
+ * @param string $redirect_to The redirect destination URL.
759
+ * @param string $requested_redirect_to The requested redirect destination URL passed as a parameter.
760
+ * @param WP_User|WP_Error $user WP_User object if login was successful, WP_Error object otherwise.
761
+ */
762
+ $redirect_to = apply_filters( 'login_redirect', $redirect_to, $requested_redirect_to, $user );
763
 
764
  if ( !is_wp_error($user) && !$reauth ) {
765
  if ( $interim_login ) {
767
  $interim_login = 'success';
768
  login_header( '', $message ); ?>
769
  </div>
770
+ <?php
771
+ /** This action is documented in wp-login.php */
772
+ do_action( 'login_footer' ); ?>
773
  <?php if ( $customize_login ) : ?>
774
  <script type="text/javascript">setTimeout( function(){ new wp.customize.Messenger({ url: '<?php echo wp_customize_url(); ?>', channel: 'login' }).send('login') }, 1000 );</script>
775
  <?php endif; ?>
795
  if ( !empty($_GET['loggedout']) || $reauth )
796
  $errors = new WP_Error();
797
 
 
 
 
 
798
  if ( $interim_login ) {
799
  if ( ! $errors->get_error_code() )
800
  $errors->add('expired', __('Session expired. Please log in again. You will not move away from this page.'), 'message');
814
  $errors->add('updated', __( '<strong>You have successfully updated WordPress!</strong> Please log back in to experience the awesomeness.' ), 'message' );
815
  }
816
 
817
+ /**
818
+ * Filter the login page errors.
819
+ *
820
+ * @since 3.6.0
821
+ *
822
+ * @param object $errors WP Error object.
823
+ * @param string $redirect_to Redirect destination URL.
824
+ */
825
  $errors = apply_filters( 'wp_login_errors', $errors, $redirect_to );
826
 
827
  // Clear any stale cookies.
829
  wp_clear_auth_cookie();
830
 
831
  login_header(__('Log In'), '', $errors);
 
 
832
 
833
  if ( isset($_POST['log']) )
834
  $user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? esc_attr(wp_unslash($_POST['log'])) : '';
835
  $rememberme = ! empty( $_POST['rememberme'] );
836
  ?>
837
 
838
+ <form name="loginform" id="loginform" action="<?php echo esc_url( home_url() . '/' . get_option('rwl_page') . '/' ); ?>" method="post">
839
  <p>
840
  <label for="user_login"><?php _e('Username') ?><br />
841
  <input type="text" name="log" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label>
844
  <label for="user_pass"><?php _e('Password') ?><br />
845
  <input type="password" name="pwd" id="user_pass" class="input" value="" size="20" /></label>
846
  </p>
847
+ <?php
848
+ /**
849
+ * Fires following the 'Password' field in the login form.
850
+ *
851
+ * @since 2.1.0
852
+ */
853
+ do_action( 'login_form' );
854
+ ?>
855
  <p class="forgetmenot"><label for="rememberme"><input name="rememberme" type="checkbox" id="rememberme" value="forever" <?php checked( $rememberme ); ?> /> <?php esc_attr_e('Remember Me'); ?></label></p>
856
  <p class="submit">
857
  <input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Log In'); ?>" />
869
 
870
  <?php if ( ! $interim_login ) { ?>
871
  <p id="nav">
872
+ <?php if ( ! isset( $_GET['checkemail'] ) || ! in_array( $_GET['checkemail'], array( 'confirm', 'newpass' ) ) ) :
873
+ if ( get_option( 'users_can_register' ) ) :
874
+ $registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) );
875
+ /** This filter is documented in wp-login.php */
876
+ echo apply_filters( 'register', $registration_url ) . ' | ';
877
+ endif;
878
+ ?>
879
  <a href="<?php echo esc_url( wp_lostpassword_url() ); ?>" title="<?php esc_attr_e( 'Password Lost and Found' ); ?>"><?php _e( 'Lost your password?' ); ?></a>
880
  <?php endif; ?>
881
  </p>
921
  <?php
922
  login_footer();
923
  break;
924
+ } // end action switch