Version Description
Download this release
Release Info
Developer | avryl |
Plugin | Rename wp-login.php |
Version | 2.2.2 |
Comparing to | |
See all releases |
Code changes from version 1.0 to 2.2.2
- index.php +3 -1
- readme.md +127 -0
- readme.txt +111 -21
- rename-wp-login.php +516 -103
- wp-login.php → rwl-login.php +350 -182
index.php
CHANGED
@@ -1 +1,3 @@
|
|
1 |
-
<?php
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
// Silence is golden.
|
readme.md
ADDED
@@ -0,0 +1,127 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
# Rename wp-login.php
|
2 |
+
|
3 |
+
**Contributors:** avryl
|
4 |
+
**Tags:** rename, login, wp-login, wp-login.php, brute force attacks, custom login url, security
|
5 |
+
**Requires at least:** 3.8
|
6 |
+
**Tested up to:** 3.8.1
|
7 |
+
**Stable tag:** 2.2.2
|
8 |
+
**License:** GPLv2 or later
|
9 |
+
**License URI:** http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
+
|
11 |
+
Change wp-login.php to anything you want. It can also prevent a lot of brute force attacks.
|
12 |
+
|
13 |
+
## Description
|
14 |
+
|
15 |
+
*Rename wp-login.php* is a very light plugin that lets you easily and safely change wp-login.php to anything you want. It doesn’t literally rename or change files in core, nor does it add rewrite rules. It simply intercepts page requests and works on any WordPress website. The wp-admin directory and wp-login.php page become inaccessible, so you should bookmark or remember the url. Deactivating this plugin brings your site back exactly to the state it was before.
|
16 |
+
|
17 |
+
### Compatibility
|
18 |
+
|
19 |
+
Requires WordPress 3.8 or higher. All login related things such as the registration form, lost password form, login widget and expired sessions just keep working.
|
20 |
+
|
21 |
+
It’s also compatible with any plugin that hooks in the login form, including
|
22 |
+
|
23 |
+
* BuddyPress,
|
24 |
+
* bbPress,
|
25 |
+
* Limit Login Attempts,
|
26 |
+
* and User Switching.
|
27 |
+
|
28 |
+
Obviously it doesn’t work with plugins that *hardcoded* wp-login.php.
|
29 |
+
|
30 |
+
This also works with multisite! Activating it for a network allows you to set a networkwide default. Individual sites can still rename their login page to something else.
|
31 |
+
|
32 |
+
If you’re using a **page caching plugin** you should add the slug of the new login url to the list of pages not to cache. For W3 Total Cache and WP Super Cache this plugin will give you a message with a link to the field you should update.
|
33 |
+
|
34 |
+
### Benefits
|
35 |
+
|
36 |
+
Not only does it allow you to further customise your login page, it also prevents brute force attacks that are targeted specifically to wp-login.php. Both the wp-login.php page and the wp-admin directory (if not logged in) become inaccessible.
|
37 |
+
|
38 |
+
While you could use this plugin to prevent a lot of brute force attacks, it does not mean you don’t need a strong password. Read [this codex article](http://codex.wordpress.org/Brute_Force_Attacks) for more information on how to protect your website.
|
39 |
+
|
40 |
+
Of course, if you want to keep your login page secret, you should make sure there aren’t any links pointing to it on your website.
|
41 |
+
|
42 |
+
## Installation
|
43 |
+
|
44 |
+
1. Go to Plugins › Add New.
|
45 |
+
2. Search for *Rename wp-login.php*.
|
46 |
+
3. Look for this plugin, download and activate it.
|
47 |
+
4. The page will redirect you to the settings. Rename wp-login.php in there.
|
48 |
+
5. You can change this option any time you want, just go back to Settings › Permalinks › Rename wp-login.php.
|
49 |
+
|
50 |
+
## Frequently Asked Questions
|
51 |
+
|
52 |
+
### I forgot my login url!
|
53 |
+
|
54 |
+
Either go to your MySQL database and look for the value of `rwl_page` in the options table, or remove the `rename-wp-login` folder from your `plugins` folder, log in through wp-login.php and reinstall the plugin.
|
55 |
+
|
56 |
+
## Changelog
|
57 |
+
|
58 |
+
### 2.2
|
59 |
+
|
60 |
+
* Fixed issue where requests redirect to the new login page.
|
61 |
+
* Trailing slash based on the permalink structure.
|
62 |
+
|
63 |
+
### 2.1
|
64 |
+
|
65 |
+
* Works now with non-pretty permalinks!
|
66 |
+
* Gives a message when using W3 Total Cache or WP Super Cache to update options.
|
67 |
+
|
68 |
+
### 2.0.1
|
69 |
+
|
70 |
+
* Prevents pretty redirects such as /login and /admin.
|
71 |
+
* Simplifies some code.
|
72 |
+
* Forces login page with trailing slash.
|
73 |
+
* Replaces a wp_redirect with wp_safe_redirect.
|
74 |
+
* Shows error message in the network admin if permalinks are not enabled for the main site.
|
75 |
+
|
76 |
+
### 2.0
|
77 |
+
|
78 |
+
* This plugin can now be activated for a network and a networkwide default can be set.
|
79 |
+
* The plugin now hooks in after init to make sure any customisations to the login form are hooked in before it.
|
80 |
+
* Links should now be fixed when SSL is enabled.
|
81 |
+
|
82 |
+
### 1.9
|
83 |
+
|
84 |
+
* wp-admin will now have a `wp_die()` message instead of a 404 template because this caused problems.
|
85 |
+
* Minimum version is now 3.8.
|
86 |
+
* Added updates from wp-login.php in 3.8.
|
87 |
+
|
88 |
+
### 1.8
|
89 |
+
|
90 |
+
* OOP PHP.
|
91 |
+
* Requires WordPress 3.7 or higher.
|
92 |
+
* MultiViews compatible.
|
93 |
+
|
94 |
+
### 1.7
|
95 |
+
|
96 |
+
* Made compatible with WordPress 3.7.
|
97 |
+
|
98 |
+
### 1.6
|
99 |
+
|
100 |
+
* Fixed the login link when `site_url()` ≠ `home_url()`.
|
101 |
+
* Added a [mirror](https://github.com/avryl/rename-wp-login) on GitHub.
|
102 |
+
|
103 |
+
### 1.5
|
104 |
+
|
105 |
+
* Made [User Switching](http://wordpress.org/plugins/user-switching/) compatible.
|
106 |
+
|
107 |
+
### 1.4
|
108 |
+
|
109 |
+
* Faster page load.
|
110 |
+
* Fixed 404 error for permalink structures with a prefixed path. “Almost pretty” permalinks work now too.
|
111 |
+
* Code clean-up.
|
112 |
+
|
113 |
+
### 1.3
|
114 |
+
|
115 |
+
* Prevents the plugin from working when there is no permalink structure.
|
116 |
+
|
117 |
+
### 1.2
|
118 |
+
|
119 |
+
* Fixed status code custom login page.
|
120 |
+
|
121 |
+
### 1.1
|
122 |
+
|
123 |
+
* Blocked access to wp-admin to prevent a redirect the the new login page.
|
124 |
+
|
125 |
+
### 1.0
|
126 |
+
|
127 |
+
* Initial version.
|
readme.txt
CHANGED
@@ -1,42 +1,132 @@
|
|
1 |
-
===
|
|
|
2 |
Contributors: avryl
|
3 |
-
|
4 |
-
|
5 |
-
|
6 |
-
|
|
|
7 |
License: GPLv2 or later
|
8 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
9 |
|
10 |
-
|
11 |
|
12 |
== Description ==
|
13 |
|
14 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
15 |
|
16 |
-
|
17 |
|
18 |
-
|
19 |
|
20 |
-
|
|
|
|
|
21 |
|
22 |
== Installation ==
|
23 |
|
24 |
-
1. Go to
|
25 |
-
2. Search for
|
26 |
3. Look for this plugin, download and activate it.
|
27 |
-
4. The page will redirect you to the settings. Rename
|
28 |
-
5. You can change this option any time you want, just go back to
|
|
|
|
|
29 |
|
30 |
-
|
31 |
|
32 |
-
|
33 |
-
the /assets directory or the directory that contains the stable readme.txt (tags or trunk). Screenshots in the /assets
|
34 |
-
directory take precedence. For example, `/assets/screenshot-1.png` would win over `/tags/4.3/screenshot-1.png`
|
35 |
-
(or jpg, jpeg, gif).
|
36 |
|
37 |
== Changelog ==
|
38 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
39 |
= 1.0 =
|
40 |
-
* Initial version.
|
41 |
|
42 |
-
|
1 |
+
=== Rename wp-login.php ===
|
2 |
+
|
3 |
Contributors: avryl
|
4 |
+
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=49WXVSPP2HUKG
|
5 |
+
Tags: rename, login, wp-login, wp-login.php, brute force attacks, custom login url, security
|
6 |
+
Requires at least: 3.8
|
7 |
+
Tested up to: 3.8.1
|
8 |
+
Stable tag: 2.2.2
|
9 |
License: GPLv2 or later
|
10 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
11 |
|
12 |
+
Change wp-login.php to anything you want. It can also prevent a lot of brute force attacks.
|
13 |
|
14 |
== Description ==
|
15 |
|
16 |
+
*Rename wp-login.php* is a very light plugin that lets you easily and safely change wp-login.php to anything you want. It doesn’t literally rename or change files in core, nor does it add rewrite rules. It simply intercepts page requests and works on any WordPress website. The wp-admin directory and wp-login.php page become inaccessible, so you should bookmark or remember the url. Deactivating this plugin brings your site back exactly to the state it was before.
|
17 |
+
|
18 |
+
= Compatibility =
|
19 |
+
|
20 |
+
Requires WordPress 3.8 or higher. All login related things such as the registration form, lost password form, login widget and expired sessions just keep working.
|
21 |
+
|
22 |
+
It’s also compatible with any plugin that hooks in the login form, including
|
23 |
+
|
24 |
+
* BuddyPress,
|
25 |
+
* bbPress,
|
26 |
+
* Limit Login Attempts,
|
27 |
+
* and User Switching.
|
28 |
+
|
29 |
+
Obviously it doesn’t work with plugins that *hardcoded* wp-login.php.
|
30 |
+
|
31 |
+
This also works with multisite! Activating it for a network allows you to set a networkwide default. Individual sites can still rename their login page to something else.
|
32 |
+
|
33 |
+
If you’re using a **page caching plugin** you should add the slug of the new login url to the list of pages not to cache. For W3 Total Cache and WP Super Cache this plugin will give you a message with a link to the field you should update.
|
34 |
+
|
35 |
+
= Benefits =
|
36 |
+
|
37 |
+
Not only does it allow you to further customise your login page, it also prevents brute force attacks that are targeted specifically to wp-login.php. Both the wp-login.php page and the wp-admin directory (if not logged in) become inaccessible.
|
38 |
|
39 |
+
While you could use this plugin to prevent a lot of brute force attacks, it does not mean you don’t need a strong password. Read [this codex article](http://codex.wordpress.org/Brute_Force_Attacks) for more information on how to protect your website.
|
40 |
|
41 |
+
Of course, if you want to keep your login page secret, you should make sure there aren’t any links pointing to it on your website.
|
42 |
|
43 |
+
= GitHub =
|
44 |
+
|
45 |
+
This plugin has a [mirror](https://github.com/avryl/rename-wp-login) on GitHub.
|
46 |
|
47 |
== Installation ==
|
48 |
|
49 |
+
1. Go to Plugins › Add New.
|
50 |
+
2. Search for *Rename wp-login.php*.
|
51 |
3. Look for this plugin, download and activate it.
|
52 |
+
4. The page will redirect you to the settings. Rename wp-login.php there.
|
53 |
+
5. You can change this option any time you want, just go back to Settings › Permalinks › Rename wp-login.php.
|
54 |
+
|
55 |
+
== Frequently Asked Questions ==
|
56 |
|
57 |
+
= I forgot my login url! =
|
58 |
|
59 |
+
Either go to your MySQL database and look for the value of `rwl_page` in the options table, or remove the `rename-wp-login` folder from your `plugins` folder, log in through wp-login.php and reinstall the plugin.
|
|
|
|
|
|
|
60 |
|
61 |
== Changelog ==
|
62 |
|
63 |
+
= 2.2 =
|
64 |
+
|
65 |
+
* Fixed issue where requests redirect to the new login page.
|
66 |
+
* Trailing slash based on the permalink structure.
|
67 |
+
|
68 |
+
= 2.1 =
|
69 |
+
|
70 |
+
* Works now with non-pretty permalinks!
|
71 |
+
* Gives a message when using W3 Total Cache or WP Super Cache to update options.
|
72 |
+
|
73 |
+
= 2.0.1 =
|
74 |
+
|
75 |
+
* Prevents pretty redirects such as /login and /admin.
|
76 |
+
* Simplifies some code.
|
77 |
+
* Forces login page with trailing slash.
|
78 |
+
* Replaces a wp_redirect with wp_safe_redirect.
|
79 |
+
* Shows error message in the network admin if permalinks are not enabled for the main site.
|
80 |
+
|
81 |
+
= 2.0 =
|
82 |
+
|
83 |
+
* This plugin can now be activated for a network and a networkwide default can be set.
|
84 |
+
* The plugin now hooks in after init to make sure any customisations to the login form are hooked in before it.
|
85 |
+
* Links should now be fixed when SSL is enabled.
|
86 |
+
|
87 |
+
= 1.9 =
|
88 |
+
|
89 |
+
* wp-admin will now have a `wp_die()` message instead of a 404 template because this caused problems.
|
90 |
+
* Minimum version is now 3.8.
|
91 |
+
* Added updates from wp-login.php in 3.8.
|
92 |
+
|
93 |
+
= 1.8 =
|
94 |
+
|
95 |
+
* OOP PHP.
|
96 |
+
* Requires WordPress 3.7 or higher.
|
97 |
+
* MultiViews compatible.
|
98 |
+
|
99 |
+
= 1.7 =
|
100 |
+
|
101 |
+
* Made compatible with WordPress 3.7.
|
102 |
+
|
103 |
+
= 1.6 =
|
104 |
+
|
105 |
+
* Fixed the login link when `site_url()` ≠ `home_url()`.
|
106 |
+
* Added a [mirror](https://github.com/avryl/rename-wp-login) on GitHub.
|
107 |
+
|
108 |
+
= 1.5 =
|
109 |
+
|
110 |
+
* Made [User Switching](http://wordpress.org/plugins/user-switching/) compatible.
|
111 |
+
|
112 |
+
= 1.4 =
|
113 |
+
|
114 |
+
* Faster page load.
|
115 |
+
* Fixed 404 error for permalink structures with a prefixed path. “Almost pretty” permalinks work now too.
|
116 |
+
* Code clean-up.
|
117 |
+
|
118 |
+
= 1.3 =
|
119 |
+
|
120 |
+
* Prevents the plugin from working when there is no permalink structure.
|
121 |
+
|
122 |
+
= 1.2 =
|
123 |
+
|
124 |
+
* Fixed status code custom login page.
|
125 |
+
|
126 |
+
= 1.1 =
|
127 |
+
|
128 |
+
* Blocked access to wp-admin to prevent a redirect the the new login page.
|
129 |
+
|
130 |
= 1.0 =
|
|
|
131 |
|
132 |
+
* Initial version.
|
rename-wp-login.php
CHANGED
@@ -1,126 +1,539 @@
|
|
1 |
<?php
|
|
|
2 |
/*
|
3 |
-
Plugin Name: Rename wp-login
|
4 |
Plugin URI: http://wordpress.org/plugins/rename-wp-login/
|
5 |
-
Description:
|
6 |
Author: avryl
|
7 |
Author URI: http://profiles.wordpress.org/avryl/
|
8 |
-
Version:
|
9 |
Text Domain: rename-wp-login
|
10 |
License: GPLv2 or later
|
11 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
12 |
*/
|
13 |
|
14 |
-
|
15 |
-
|
16 |
-
delete_option('rwl_page');
|
17 |
-
}
|
18 |
|
19 |
-
|
20 |
-
function rwl_activation() {
|
21 |
-
add_option('rwl_redirect', '1');
|
22 |
-
}
|
23 |
|
24 |
-
|
25 |
-
function rwl_init() {
|
26 |
-
if (!get_option('rwl_page') || get_option('rwl_page') == '') {
|
27 |
-
update_option('rwl_page', wp_unique_post_slug('login', 0, 'publish', 'page', 0));
|
28 |
-
}
|
29 |
-
}
|
30 |
|
31 |
-
|
32 |
-
function rwl_login_init() {
|
33 |
-
global $wp_query, $post;
|
34 |
-
if (!$post) {
|
35 |
-
status_header(404);
|
36 |
-
$wp_query->set_404();
|
37 |
-
if (file_exists(TEMPLATEPATH . '/404.php')) {
|
38 |
-
require_once(TEMPLATEPATH . '/404.php');
|
39 |
-
} else {
|
40 |
-
require_once(TEMPLATEPATH . '/index.php');
|
41 |
-
}
|
42 |
-
exit;
|
43 |
-
}
|
44 |
-
}
|
45 |
|
46 |
-
|
47 |
-
function rwl_wp() {
|
48 |
-
global $wp_query, $post, $wp;
|
49 |
-
if ($wp_query->is_404 && $wp->request == get_option('rwl_page')) {
|
50 |
-
$post = new stdClass();
|
51 |
-
$post->ID = 0;
|
52 |
-
$wp_query->queried_object = $post;
|
53 |
-
$wp_query->queried_object_id = 0;
|
54 |
-
$wp_query->post = $post;
|
55 |
-
$wp_query->found_posts = 1;
|
56 |
-
$wp_query->post_count = 1;
|
57 |
-
$wp_query->is_singular = true;
|
58 |
-
$wp_query->is_404 = false;
|
59 |
-
$wp_query->posts = array($post);
|
60 |
-
$wp_query->is_page = true;
|
61 |
-
require_once(dirname(__FILE__) . '/wp-login.php');
|
62 |
-
exit;
|
63 |
-
}
|
64 |
-
}
|
65 |
|
66 |
-
|
67 |
-
function rwl_admin_init() {
|
68 |
-
add_settings_section('rename-wp-login-section', 'Login', '__return_false', 'permalink');
|
69 |
-
add_settings_field('rwl-page', '<label for="rwl-page-input">Rename wp-login.php</label>', 'rwl_page', 'permalink', 'rename-wp-login-section');
|
70 |
-
if (!empty($_POST['rwl_page'])) {
|
71 |
-
update_option('rwl_page', wp_unique_post_slug($_POST['rwl_page'], 0, 'publish', 'page', 0));
|
72 |
-
}
|
73 |
-
if (get_option('rwl_redirect') == '1') {
|
74 |
-
delete_option('rwl_redirect');
|
75 |
-
wp_redirect(admin_url('options-permalink.php#rwl-page-input'));
|
76 |
-
}
|
77 |
-
}
|
78 |
|
79 |
-
function
|
80 |
-
echo '<code>' . site_url() . '/</code> <input id="rwl-page-input" type="text" name="rwl_page" value="' . get_option('rwl_page') . '" /> <code>/</code>';
|
81 |
-
}
|
82 |
|
83 |
-
|
84 |
-
function rwl_plugin_action_links($links) {
|
85 |
-
array_unshift($links, '<a href="options-permalink.php#rwl-page-input">Settings</a>');
|
86 |
-
return $links;
|
87 |
-
}
|
88 |
|
89 |
-
|
90 |
-
function rwl_filter_site_url($url, $path, $scheme, $blog_id) {
|
91 |
-
return (strpos($path, 'wp-login.php') !== false && $scheme == 'login_post') ? site_url() . '/' . get_option('rwl_page') . '/' . str_replace('wp-login.php', '', $path) : $url;
|
92 |
-
}
|
93 |
|
94 |
-
|
95 |
-
function rwl_filter_login_url($login_url, $redirect = '') {
|
96 |
-
$login_url = site_url() . '/' . get_option('rwl_page') . '/';
|
97 |
-
if (!empty($redirect))
|
98 |
-
$login_url = add_query_arg('redirect_to', urlencode($redirect), $login_url);
|
99 |
-
return $login_url;
|
100 |
-
}
|
101 |
|
102 |
-
|
103 |
-
|
104 |
-
|
105 |
-
|
106 |
-
|
107 |
-
|
108 |
-
|
109 |
-
|
110 |
-
|
111 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
112 |
|
113 |
-
add_filter('lostpassword_url', 'rwl_filter_lostpassword_url', 10, 2);
|
114 |
-
function rwl_filter_lostpassword_url($lostpassword_url, $redirect = '') {
|
115 |
-
$args = array( 'action' => 'lostpassword' );
|
116 |
-
if (!empty($redirect)) {
|
117 |
-
$args['redirect_to'] = $redirect;
|
118 |
}
|
119 |
-
$lostpassword_url = add_query_arg($args, site_url() . '/' . get_option('rwl_page') . '/');
|
120 |
-
return $lostpassword_url;
|
121 |
-
}
|
122 |
|
123 |
-
|
124 |
-
|
125 |
-
|
126 |
-
}
|
1 |
<?php
|
2 |
+
|
3 |
/*
|
4 |
+
Plugin Name: Rename wp-login.php
|
5 |
Plugin URI: http://wordpress.org/plugins/rename-wp-login/
|
6 |
+
Description: Change wp-login.php to whatever you want. It can also prevent a lot of brute force attacks.
|
7 |
Author: avryl
|
8 |
Author URI: http://profiles.wordpress.org/avryl/
|
9 |
+
Version: 2.2.2
|
10 |
Text Domain: rename-wp-login
|
11 |
License: GPLv2 or later
|
12 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
13 |
*/
|
14 |
|
15 |
+
if ( ! class_exists( 'Rename_WP_Login' )
|
16 |
+
&& defined( 'ABSPATH' ) ) {
|
|
|
|
|
17 |
|
18 |
+
class Rename_WP_Login {
|
|
|
|
|
|
|
19 |
|
20 |
+
private $wp_login_php;
|
|
|
|
|
|
|
|
|
|
|
21 |
|
22 |
+
private function basename() {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
23 |
|
24 |
+
return plugin_basename( __FILE__ );
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
25 |
|
26 |
+
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
27 |
|
28 |
+
private function path() {
|
|
|
|
|
29 |
|
30 |
+
return trailingslashit( dirname( __FILE__ ) );
|
|
|
|
|
|
|
|
|
31 |
|
32 |
+
}
|
|
|
|
|
|
|
33 |
|
34 |
+
private function use_trailing_slashes() {
|
|
|
|
|
|
|
|
|
|
|
|
|
35 |
|
36 |
+
return ( '/' === substr( get_option( 'permalink_structure' ), -1, 1 ) );
|
37 |
+
|
38 |
+
}
|
39 |
+
|
40 |
+
private function user_trailingslashit( $string ) {
|
41 |
+
|
42 |
+
return $this->use_trailing_slashes()
|
43 |
+
? trailingslashit( $string )
|
44 |
+
: untrailingslashit( $string );
|
45 |
+
|
46 |
+
}
|
47 |
+
|
48 |
+
private function wp_template_loader() {
|
49 |
+
|
50 |
+
global $pagenow;
|
51 |
+
|
52 |
+
$pagenow = 'index.php';
|
53 |
+
|
54 |
+
if ( ! defined( 'WP_USE_THEMES' ) ) {
|
55 |
+
|
56 |
+
define( 'WP_USE_THEMES', true );
|
57 |
+
|
58 |
+
}
|
59 |
+
|
60 |
+
wp();
|
61 |
+
|
62 |
+
require_once( ABSPATH . WPINC . '/template-loader.php' );
|
63 |
+
|
64 |
+
die;
|
65 |
+
|
66 |
+
}
|
67 |
+
|
68 |
+
private function new_login_slug() {
|
69 |
+
|
70 |
+
if ( ( $slug = get_option( 'rwl_page' ) )
|
71 |
+
|| ( is_multisite()
|
72 |
+
&& is_plugin_active_for_network( $this->basename() )
|
73 |
+
&& ( $slug = get_site_option( 'rwl_page', 'login' ) ) )
|
74 |
+
|| ( $slug = 'login' ) ) {
|
75 |
+
|
76 |
+
return $slug;
|
77 |
+
|
78 |
+
}
|
79 |
+
|
80 |
+
}
|
81 |
+
|
82 |
+
public function new_login_url() {
|
83 |
+
|
84 |
+
if ( get_option( 'permalink_structure' ) ) {
|
85 |
+
|
86 |
+
return $this->user_trailingslashit( trailingslashit( home_url() ) . $this->new_login_slug() );
|
87 |
+
|
88 |
+
}
|
89 |
+
|
90 |
+
else {
|
91 |
+
|
92 |
+
return trailingslashit( home_url() ) . '?' . $this->new_login_slug();
|
93 |
+
|
94 |
+
}
|
95 |
+
|
96 |
+
}
|
97 |
+
|
98 |
+
public function __construct() {
|
99 |
+
|
100 |
+
global $wp_version;
|
101 |
+
|
102 |
+
if ( version_compare( $wp_version, '3.8', '<' ) ) {
|
103 |
+
|
104 |
+
add_action( 'admin_notices', array( $this, 'admin_notices_incompatible' ) );
|
105 |
+
add_action( 'network_admin_notices', array( $this, 'admin_notices_incompatible' ) );
|
106 |
+
|
107 |
+
return;
|
108 |
+
|
109 |
+
}
|
110 |
+
|
111 |
+
register_activation_hook( $this->basename(), array( $this, 'activate' ) );
|
112 |
+
register_uninstall_hook( $this->basename(), array( 'Rename_WP_Login', 'uninstall' ) );
|
113 |
+
|
114 |
+
add_action( 'admin_init', array( $this, 'admin_init' ) );
|
115 |
+
add_action( 'admin_notices', array( $this, 'admin_notices' ) );
|
116 |
+
add_action( 'network_admin_notices', array( $this, 'admin_notices' ) );
|
117 |
+
|
118 |
+
if ( is_multisite()
|
119 |
+
&& ! function_exists( 'is_plugin_active_for_network' ) ) {
|
120 |
+
|
121 |
+
require_once( ABSPATH . '/wp-admin/includes/plugin.php' );
|
122 |
+
|
123 |
+
}
|
124 |
+
|
125 |
+
add_filter( 'plugin_action_links_' . $this->basename(), array( $this, 'plugin_action_links' ) );
|
126 |
+
|
127 |
+
if ( is_multisite()
|
128 |
+
&& is_plugin_active_for_network( $this->basename() ) ) {
|
129 |
+
|
130 |
+
add_filter( 'network_admin_plugin_action_links_' . $this->basename(), array( $this, 'plugin_action_links' ) );
|
131 |
+
|
132 |
+
add_action( 'wpmu_options', array( $this, 'wpmu_options' ) );
|
133 |
+
add_action( 'update_wpmu_options', array( $this, 'update_wpmu_options' ) );
|
134 |
+
|
135 |
+
}
|
136 |
+
|
137 |
+
add_action( 'plugins_loaded', array( $this, 'plugins_loaded' ), 1 );
|
138 |
+
add_action( 'wp_loaded', array( $this, 'wp_loaded' ) );
|
139 |
+
|
140 |
+
add_filter( 'site_url', array( $this, 'filter_wp_login_php' ) );
|
141 |
+
add_filter( 'network_site_url', array( $this, 'filter_wp_login_php' ) );
|
142 |
+
add_filter( 'wp_redirect', array( $this, 'filter_wp_login_php' ) );
|
143 |
+
|
144 |
+
add_filter( 'site_option_welcome_email', array( $this, 'welcome_email' ) );
|
145 |
+
|
146 |
+
remove_action( 'template_redirect', 'wp_redirect_admin_locations', 1000 );
|
147 |
+
|
148 |
+
}
|
149 |
+
|
150 |
+
public function admin_notices_incompatible() {
|
151 |
+
|
152 |
+
echo '<div class="update-nag"><p>Please upgrade to the latest version of WordPress to activate <strong>Rename wp-login.php</strong>.</p></div>';
|
153 |
+
|
154 |
+
}
|
155 |
+
|
156 |
+
public function activate() {
|
157 |
+
|
158 |
+
add_option( 'rwl_redirect', '1' );
|
159 |
+
|
160 |
+
delete_option( 'rwl_admin' );
|
161 |
+
|
162 |
+
}
|
163 |
+
|
164 |
+
public static function uninstall() {
|
165 |
+
|
166 |
+
global $wpdb;
|
167 |
+
|
168 |
+
if ( is_multisite() ) {
|
169 |
+
|
170 |
+
$blogs = $wpdb->get_col( "SELECT blog_id FROM {$wpdb->blogs}" );
|
171 |
+
|
172 |
+
if ( $blogs ) {
|
173 |
+
|
174 |
+
foreach( $blogs as $blog ) {
|
175 |
+
|
176 |
+
switch_to_blog( $blog );
|
177 |
+
|
178 |
+
delete_option( 'rwl_page' );
|
179 |
+
|
180 |
+
}
|
181 |
+
|
182 |
+
restore_current_blog();
|
183 |
+
|
184 |
+
}
|
185 |
+
|
186 |
+
delete_site_option( 'rwl_page' );
|
187 |
+
|
188 |
+
}
|
189 |
+
|
190 |
+
else {
|
191 |
+
|
192 |
+
delete_option( 'rwl_page' );
|
193 |
+
|
194 |
+
}
|
195 |
+
|
196 |
+
}
|
197 |
+
|
198 |
+
public function wpmu_options() {
|
199 |
+
|
200 |
+
$out = '';
|
201 |
+
|
202 |
+
$out .= '<h3>Rename wp-login.php</h3>';
|
203 |
+
$out .= '<p>This option allows you to set a networkwide default, which can be overridden by individual sites. Simply go to to the site’s permalink settings to change the url.</p>';
|
204 |
+
$out .= '<p>Need help? Try the <a href="http://wordpress.org/support/plugin/rename-wp-login#postform" target="_blank">support forum</a>.</p>';
|
205 |
+
$out .= '<table class="form-table">';
|
206 |
+
$out .= '<tr valign="top">';
|
207 |
+
$out .= '<th scope="row">Networkwide default</th>';
|
208 |
+
$out .= '<td><input id="rwl-page-input" type="text" name="rwl_page" value="' . get_site_option( 'rwl_page', 'login' ) . '"></td>';
|
209 |
+
$out .= '</tr>';
|
210 |
+
$out .= '</table>';
|
211 |
+
|
212 |
+
echo $out;
|
213 |
+
|
214 |
+
}
|
215 |
+
|
216 |
+
public function update_wpmu_options() {
|
217 |
+
|
218 |
+
if ( ( $rwl_page = sanitize_title_with_dashes( $_POST['rwl_page'] ) )
|
219 |
+
&& strpos( $rwl_page, 'wp-login' ) === false
|
220 |
+
&& ! in_array( $rwl_page, $this->forbidden_slugs() ) ) {
|
221 |
+
|
222 |
+
update_site_option( 'rwl_page', $rwl_page );
|
223 |
+
|
224 |
+
}
|
225 |
+
|
226 |
+
}
|
227 |
+
|
228 |
+
public function admin_init() {
|
229 |
+
|
230 |
+
global $pagenow;
|
231 |
+
|
232 |
+
add_settings_section(
|
233 |
+
'rename-wp-login-section',
|
234 |
+
'Rename wp-login.php',
|
235 |
+
array( $this, 'rwl_section_desc' ),
|
236 |
+
'permalink'
|
237 |
+
);
|
238 |
+
|
239 |
+
add_settings_field(
|
240 |
+
'rwl-page',
|
241 |
+
'<label for="rwl-page">Login url</label>',
|
242 |
+
array( $this, 'rwl_page_input' ),
|
243 |
+
'permalink',
|
244 |
+
'rename-wp-login-section'
|
245 |
+
);
|
246 |
+
|
247 |
+
if ( isset( $_POST['rwl_page'] )
|
248 |
+
&& $pagenow === 'options-permalink.php' ) {
|
249 |
+
|
250 |
+
if ( ( $rwl_page = sanitize_title_with_dashes( $_POST['rwl_page'] ) )
|
251 |
+
&& strpos( $rwl_page, 'wp-login' ) === false
|
252 |
+
&& ! in_array( $rwl_page, $this->forbidden_slugs() ) ) {
|
253 |
+
|
254 |
+
if ( $rwl_page === get_site_option( 'rwl_page', 'login' ) ) {
|
255 |
+
|
256 |
+
delete_option( 'rwl_page' );
|
257 |
+
|
258 |
+
}
|
259 |
+
|
260 |
+
else {
|
261 |
+
|
262 |
+
update_option( 'rwl_page', $rwl_page );
|
263 |
+
|
264 |
+
}
|
265 |
+
|
266 |
+
}
|
267 |
+
|
268 |
+
}
|
269 |
+
|
270 |
+
if ( get_option( 'rwl_redirect' ) ) {
|
271 |
+
|
272 |
+
delete_option( 'rwl_redirect' );
|
273 |
+
|
274 |
+
if ( is_multisite()
|
275 |
+
&& is_super_admin()
|
276 |
+
&& is_plugin_active_for_network( $this->basename() ) ) {
|
277 |
+
|
278 |
+
$redirect = network_admin_url( 'settings.php#rwl-page-input' );
|
279 |
+
|
280 |
+
}
|
281 |
+
|
282 |
+
else {
|
283 |
+
|
284 |
+
$redirect = admin_url( 'options-permalink.php#rwl-page-input' );
|
285 |
+
|
286 |
+
}
|
287 |
+
|
288 |
+
wp_safe_redirect( $redirect );
|
289 |
+
|
290 |
+
die;
|
291 |
+
|
292 |
+
}
|
293 |
+
|
294 |
+
}
|
295 |
+
|
296 |
+
public function rwl_section_desc() {
|
297 |
+
|
298 |
+
$out = '';
|
299 |
+
|
300 |
+
if ( ! is_multisite()
|
301 |
+
|| is_super_admin() ) {
|
302 |
+
|
303 |
+
$out .= '<p>Need help? Try the <a href="http://wordpress.org/support/plugin/rename-wp-login#postform" target="_blank">support forum</a>.</p>';
|
304 |
+
|
305 |
+
}
|
306 |
+
|
307 |
+
if ( is_multisite()
|
308 |
+
&& is_super_admin()
|
309 |
+
&& is_plugin_active_for_network( $this->basename() ) ) {
|
310 |
+
|
311 |
+
$out .= '<p>To set a networkwide default, go to <a href="' . network_admin_url( 'settings.php#rwl-page-input' ) . '">Network Settings</a>.</p>';
|
312 |
+
|
313 |
+
}
|
314 |
+
|
315 |
+
echo $out;
|
316 |
+
|
317 |
+
}
|
318 |
+
|
319 |
+
public function rwl_page_input() {
|
320 |
+
|
321 |
+
if ( get_option( 'permalink_structure' ) ) {
|
322 |
+
|
323 |
+
echo '<code>' . trailingslashit( home_url() ) . '</code> <input id="rwl-page-input" type="text" name="rwl_page" value="' . $this->new_login_slug() . '">' . ( $this->use_trailing_slashes() ? ' <code>/</code>' : '' );
|
324 |
+
|
325 |
+
}
|
326 |
+
|
327 |
+
else {
|
328 |
+
|
329 |
+
echo '<code>' . trailingslashit( home_url() ) . '?</code> <input id="rwl-page-input" type="text" name="rwl_page" value="' . $this->new_login_slug() . '">';
|
330 |
+
|
331 |
+
}
|
332 |
+
|
333 |
+
}
|
334 |
+
|
335 |
+
public function admin_notices() {
|
336 |
+
|
337 |
+
global $pagenow, $cache_rejected_uri;
|
338 |
+
|
339 |
+
$out = '';
|
340 |
+
|
341 |
+
if ( ! is_network_admin()
|
342 |
+
&& $pagenow === 'options-permalink.php'
|
343 |
+
&& isset( $_GET['settings-updated'] ) ) {
|
344 |
+
|
345 |
+
$out .= '<div class="updated"><p>Your login page is now here: <strong><a href="' . $this->new_login_url() . '">' . $this->new_login_url() . '</a></strong>. Bookmark this page!</p></div>';
|
346 |
+
|
347 |
+
}
|
348 |
+
|
349 |
+
if ( current_user_can( 'manage_options' )
|
350 |
+
&& function_exists( 'w3_instance' )
|
351 |
+
&& ( $w3tc = w3_instance( 'W3_Config' ) )
|
352 |
+
&& ( $w3tc = $w3tc->get_array( 'pgcache.reject.uri' ) )
|
353 |
+
&& ! in_array( $this->new_login_slug(), $w3tc ) ) {
|
354 |
+
|
355 |
+
$admin_url = admin_url( 'admin.php?page=w3tc_pgcache#pgcache_reject_uri' );
|
356 |
+
|
357 |
+
$out .= '<div class="update-nag"><strong>W3 Total Cache</strong> is enabled on your website. To make sure <strong>Rename wp-login.php</strong> works correctly, you should add <strong>' . $this->new_login_slug() . '</strong> to <a href="' . $admin_url . '">Never cache the following pages</a>. This notice will disappear once you’ve done that correctly.</div>';
|
358 |
+
|
359 |
+
}
|
360 |
+
|
361 |
+
if ( current_user_can( 'manage_options' )
|
362 |
+
&& is_array( $cache_rejected_uri )
|
363 |
+
&& ! in_array( $this->new_login_slug(), $cache_rejected_uri ) ) {
|
364 |
+
|
365 |
+
$admin_url = is_network_admin() ? network_admin_url( 'settings.php?page=wpsupercache&tab=settings#rejecturi' ) : admin_url( 'options-general.php?page=wpsupercache&tab=settings#rejecturi' );
|
366 |
+
|
367 |
+
$out .= '<div class="update-nag"><strong>WP Super Cache</strong> is enabled on your website. To make sure <strong>Rename wp-login.php</strong> works correctly, you should add <strong>' . $this->new_login_slug() . '</strong> to <a href="' . $admin_url . '">Rejected URIs</a>. This notice will disappear once you’ve done that correctly.</div>';
|
368 |
+
|
369 |
+
}
|
370 |
+
|
371 |
+
echo $out;
|
372 |
+
|
373 |
+
}
|
374 |
+
|
375 |
+
public function plugin_action_links( $links ) {
|
376 |
+
|
377 |
+
if ( is_network_admin()
|
378 |
+
&& is_plugin_active_for_network( $this->basename() ) ) {
|
379 |
+
|
380 |
+
array_unshift( $links, '<a href="' . network_admin_url( 'settings.php#rwl-page-input' ) . '">Settings</a>' );
|
381 |
+
|
382 |
+
}
|
383 |
+
|
384 |
+
elseif ( ! is_network_admin() ) {
|
385 |
+
|
386 |
+
array_unshift( $links, '<a href="' . admin_url( 'options-permalink.php#rwl-page-input' ) . '">Settings</a>' );
|
387 |
+
|
388 |
+
}
|
389 |
+
|
390 |
+
return $links;
|
391 |
+
|
392 |
+
}
|
393 |
+
|
394 |
+
public function plugins_loaded() {
|
395 |
+
|
396 |
+
global $pagenow;
|
397 |
+
|
398 |
+
if ( ! is_multisite()
|
399 |
+
&& ( strpos( $_SERVER['REQUEST_URI'], 'wp-signup' ) !== false
|
400 |
+
|| strpos( $_SERVER['REQUEST_URI'], 'wp-activate' ) ) !== false ) {
|
401 |
+
|
402 |
+
wp_die( __( 'This feature is not enabled.' ) );
|
403 |
+
|
404 |
+
}
|
405 |
+
|
406 |
+
$request = parse_url( $_SERVER['REQUEST_URI'] );
|
407 |
+
|
408 |
+
if ( ( strpos( $_SERVER['REQUEST_URI'], 'wp-login.php' ) !== false
|
409 |
+
|| untrailingslashit( $request['path'] ) === site_url( 'wp-login', 'relative' ) )
|
410 |
+
&& ! is_admin() ) {
|
411 |
+
|
412 |
+
$this->wp_login_php = true;
|
413 |
+
|
414 |
+
$_SERVER['REQUEST_URI'] = str_repeat( '-/', 10 );
|
415 |
+
|
416 |
+
$pagenow = 'index.php';
|
417 |
+
|
418 |
+
}
|
419 |
+
|
420 |
+
elseif ( untrailingslashit( $request['path'] ) === home_url( $this->new_login_slug(), 'relative' )
|
421 |
+
|| ( ! get_option( 'permalink_structure' )
|
422 |
+
&& isset( $_GET[$this->new_login_slug()] )
|
423 |
+
&& empty( $_GET[$this->new_login_slug()] ) ) ) {
|
424 |
+
|
425 |
+
$pagenow = 'wp-login.php';
|
426 |
+
|
427 |
+
}
|
428 |
+
|
429 |
+
}
|
430 |
+
|
431 |
+
public function wp_loaded() {
|
432 |
+
|
433 |
+
global $pagenow;
|
434 |
+
|
435 |
+
if ( is_admin()
|
436 |
+
&& ! is_user_logged_in()
|
437 |
+
&& ! defined( 'DOING_AJAX' ) ) {
|
438 |
+
|
439 |
+
wp_die( __( 'You must log in to access the admin area.' ) );
|
440 |
+
|
441 |
+
}
|
442 |
+
|
443 |
+
$request = parse_url( $_SERVER['REQUEST_URI'] );
|
444 |
+
|
445 |
+
if ( $pagenow === 'wp-login.php'
|
446 |
+
&& $request['path'] !== $this->user_trailingslashit( $request['path'] )
|
447 |
+
&& get_option( 'permalink_structure' ) ) {
|
448 |
+
|
449 |
+
wp_safe_redirect( $this->user_trailingslashit( $this->new_login_url() )
|
450 |
+
. ( ! empty( $_SERVER['QUERY_STRING'] ) ? '?' . $_SERVER['QUERY_STRING'] : '' ) );
|
451 |
+
|
452 |
+
die;
|
453 |
+
|
454 |
+
}
|
455 |
+
|
456 |
+
elseif ( $this->wp_login_php ) {
|
457 |
+
|
458 |
+
if ( ( $referer = wp_get_referer() )
|
459 |
+
&& strpos( $referer, 'wp-activate.php' ) !== false
|
460 |
+
&& ( $referer = parse_url( $referer ) )
|
461 |
+
&& ! empty( $referer['query'] ) ) {
|
462 |
+
|
463 |
+
parse_str( $referer['query'], $referer );
|
464 |
+
|
465 |
+
if ( ! empty( $referer['key'] )
|
466 |
+
&& ( $result = wpmu_activate_signup( $referer['key'] ) )
|
467 |
+
&& is_wp_error( $result )
|
468 |
+
&& ( $result->get_error_code() === 'already_active'
|
469 |
+
|| $result->get_error_code() === 'blog_taken' ) ) {
|
470 |
+
|
471 |
+
wp_safe_redirect( $this->new_login_url()
|
472 |
+
. ( ! empty( $_SERVER['QUERY_STRING'] ) ? '?' . $_SERVER['QUERY_STRING'] : '' ) );
|
473 |
+
|
474 |
+
die;
|
475 |
+
|
476 |
+
}
|
477 |
+
|
478 |
+
}
|
479 |
+
|
480 |
+
$this->wp_template_loader();
|
481 |
+
|
482 |
+
}
|
483 |
+
|
484 |
+
elseif ( $pagenow === 'wp-login.php' ) {
|
485 |
+
|
486 |
+
require_once( $this->path() . 'rwl-login.php' );
|
487 |
+
|
488 |
+
die;
|
489 |
+
|
490 |
+
|
491 |
+
}
|
492 |
+
|
493 |
+
}
|
494 |
+
|
495 |
+
public function filter_wp_login_php( $url ) {
|
496 |
+
|
497 |
+
if ( strpos( $url, 'wp-login.php' ) !== false ) {
|
498 |
+
|
499 |
+
$args = explode( '?', $url );
|
500 |
+
|
501 |
+
if ( isset( $args[1] ) ) {
|
502 |
+
|
503 |
+
parse_str( $args[1], $args );
|
504 |
+
|
505 |
+
$url = add_query_arg( $args, $this->new_login_url() );
|
506 |
+
|
507 |
+
}
|
508 |
+
|
509 |
+
else {
|
510 |
+
|
511 |
+
$url = $this->new_login_url();
|
512 |
+
|
513 |
+
}
|
514 |
+
|
515 |
+
}
|
516 |
+
|
517 |
+
return $url;
|
518 |
+
|
519 |
+
}
|
520 |
+
|
521 |
+
public function welcome_email( $value ) {
|
522 |
+
|
523 |
+
return $value = str_replace( 'wp-login.php', trailingslashit( get_site_option( 'rwl_page', 'login' ) ), $value );
|
524 |
+
|
525 |
+
}
|
526 |
+
|
527 |
+
public function forbidden_slugs() {
|
528 |
+
|
529 |
+
$wp = new WP;
|
530 |
+
|
531 |
+
return array_merge( $wp->public_query_vars, $wp->private_query_vars );
|
532 |
+
|
533 |
+
}
|
534 |
|
|
|
|
|
|
|
|
|
|
|
535 |
}
|
|
|
|
|
|
|
536 |
|
537 |
+
new Rename_WP_Login;
|
538 |
+
|
539 |
+
}
|
|
wp-login.php → rwl-login.php
RENAMED
@@ -1,4 +1,17 @@
|
|
1 |
<?php
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2 |
|
3 |
// Redirect to https login if forced to use SSL
|
4 |
if ( force_ssl_admin() && ! is_ssl() ) {
|
@@ -12,39 +25,46 @@ if ( force_ssl_admin() && ! is_ssl() ) {
|
|
12 |
}
|
13 |
|
14 |
/**
|
15 |
-
*
|
16 |
*
|
17 |
-
* @
|
18 |
-
*
|
19 |
-
* @
|
20 |
-
* @uses apply_filters() Calls 'login_headertitle' for the top login title.
|
21 |
-
* @uses apply_filters() Calls 'login_message' on the message to display in the
|
22 |
-
* header.
|
23 |
-
* @uses $error The error global, which is checked for displaying errors.
|
24 |
-
*
|
25 |
-
* @param string $title Optional. WordPress Log In Page title to display in
|
26 |
-
* <title/> element.
|
27 |
-
* @param string $message Optional. Message to display in header.
|
28 |
* @param WP_Error $wp_error Optional. WordPress Error Object
|
29 |
*/
|
30 |
-
function login_header($title = 'Log In', $message = '', $wp_error = '') {
|
31 |
-
global $error, $interim_login, $
|
32 |
|
33 |
// Don't index any of these forms
|
34 |
add_action( 'login_head', 'wp_no_robots' );
|
35 |
|
|
|
|
|
|
|
36 |
if ( empty($wp_error) )
|
37 |
$wp_error = new WP_Error();
|
38 |
|
39 |
// Shake it!
|
40 |
$shake_error_codes = array( 'empty_password', 'empty_email', 'invalid_email', 'invalidcombo', 'empty_username', 'invalid_username', 'incorrect_password' );
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
41 |
$shake_error_codes = apply_filters( 'shake_error_codes', $shake_error_codes );
|
42 |
|
43 |
if ( $shake_error_codes && $wp_error->get_error_code() && in_array( $wp_error->get_error_code(), $shake_error_codes ) )
|
44 |
add_action( 'login_head', 'wp_shake_js', 12 );
|
45 |
|
46 |
?><!DOCTYPE html>
|
47 |
-
|
|
|
|
|
|
|
|
|
|
|
48 |
<head>
|
49 |
<meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" />
|
50 |
<title><?php bloginfo('name'); ?> › <?php echo $title; ?></title>
|
@@ -52,10 +72,7 @@ function login_header($title = 'Log In', $message = '', $wp_error = '') {
|
|
52 |
|
53 |
wp_admin_css( 'wp-admin', true );
|
54 |
wp_admin_css( 'colors-fresh', true );
|
55 |
-
|
56 |
-
if ( wp_is_mobile() ) { ?>
|
57 |
-
<meta name="viewport" content="width=320, initial-scale=0.9, maximum-scale=1.0, user-scalable=0" /><?php
|
58 |
-
}
|
59 |
|
60 |
// Remove all stored post data on logging out.
|
61 |
// This could be added by add_action('login_head'...) like wp_shake_js()
|
@@ -66,18 +83,42 @@ function login_header($title = 'Log In', $message = '', $wp_error = '') {
|
|
66 |
<?php
|
67 |
}
|
68 |
|
|
|
|
|
|
|
|
|
|
|
69 |
do_action( 'login_enqueue_scripts' );
|
|
|
|
|
|
|
|
|
|
|
70 |
do_action( 'login_head' );
|
71 |
|
72 |
if ( is_multisite() ) {
|
73 |
$login_header_url = network_home_url();
|
74 |
-
$login_header_title =
|
75 |
} else {
|
76 |
$login_header_url = __( 'http://wordpress.org/' );
|
77 |
$login_header_title = __( 'Powered by WordPress' );
|
78 |
}
|
79 |
|
80 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
81 |
$login_header_title = apply_filters( 'login_headertitle', $login_header_title );
|
82 |
|
83 |
$classes = array( 'login-action-' . $action, 'wp-core-ui' );
|
@@ -95,6 +136,14 @@ function login_header($title = 'Log In', $message = '', $wp_error = '') {
|
|
95 |
$classes[] = 'interim-login-success';
|
96 |
}
|
97 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
98 |
$classes = apply_filters( 'login_body_class', $classes, $action );
|
99 |
|
100 |
?>
|
@@ -106,7 +155,14 @@ function login_header($title = 'Log In', $message = '', $wp_error = '') {
|
|
106 |
|
107 |
unset( $login_header_url, $login_header_title );
|
108 |
|
109 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
110 |
if ( !empty( $message ) )
|
111 |
echo $message . "\n";
|
112 |
|
@@ -128,10 +184,26 @@ function login_header($title = 'Log In', $message = '', $wp_error = '') {
|
|
128 |
$errors .= ' ' . $error . "<br />\n";
|
129 |
}
|
130 |
}
|
131 |
-
if ( !empty($errors) )
|
132 |
-
|
133 |
-
|
134 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
135 |
}
|
136 |
} // End of login_header()
|
137 |
|
@@ -157,7 +229,13 @@ function login_footer($input_id = '') {
|
|
157 |
</script>
|
158 |
<?php endif; ?>
|
159 |
|
160 |
-
<?php
|
|
|
|
|
|
|
|
|
|
|
|
|
161 |
<div class="clear"></div>
|
162 |
</body>
|
163 |
</html>
|
@@ -178,6 +256,12 @@ addLoadEvent(function(){ var p=new Array(15,30,15,0,-15,-30,-15,0);p=p.concat(p.
|
|
178 |
<?php
|
179 |
}
|
180 |
|
|
|
|
|
|
|
|
|
|
|
|
|
181 |
/**
|
182 |
* Handles sending password retrieval email to user.
|
183 |
*
|
@@ -186,7 +270,7 @@ addLoadEvent(function(){ var p=new Array(15,30,15,0,-15,-30,-15,0);p=p.concat(p.
|
|
186 |
* @return bool|WP_Error True: when finish. WP_Error on error
|
187 |
*/
|
188 |
function retrieve_password() {
|
189 |
-
global $wpdb, $
|
190 |
|
191 |
$errors = new WP_Error();
|
192 |
|
@@ -201,7 +285,12 @@ function retrieve_password() {
|
|
201 |
$user_data = get_user_by('login', $login);
|
202 |
}
|
203 |
|
204 |
-
|
|
|
|
|
|
|
|
|
|
|
205 |
|
206 |
if ( $errors->get_error_code() )
|
207 |
return $errors;
|
@@ -215,30 +304,66 @@ function retrieve_password() {
|
|
215 |
$user_login = $user_data->user_login;
|
216 |
$user_email = $user_data->user_email;
|
217 |
|
218 |
-
|
219 |
-
|
220 |
-
|
221 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
222 |
|
223 |
if ( ! $allow )
|
224 |
return new WP_Error('no_password_reset', __('Password reset is not allowed for this user'));
|
225 |
else if ( is_wp_error($allow) )
|
226 |
return $allow;
|
227 |
|
228 |
-
|
229 |
-
|
230 |
-
|
231 |
-
|
232 |
-
|
233 |
-
|
234 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
235 |
}
|
|
|
|
|
|
|
236 |
$message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n";
|
237 |
$message .= network_home_url( '/' ) . "\r\n\r\n";
|
238 |
$message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
|
239 |
$message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n";
|
240 |
$message .= __('To reset your password, visit the following address:') . "\r\n\r\n";
|
241 |
-
$message .= '<' .
|
242 |
|
243 |
if ( is_multisite() )
|
244 |
$blogname = $GLOBALS['current_site']->site_name;
|
@@ -249,8 +374,23 @@ function retrieve_password() {
|
|
249 |
|
250 |
$title = sprintf( __('[%s] Password Reset'), $blogname );
|
251 |
|
252 |
-
|
253 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
254 |
|
255 |
if ( $message && !wp_mail($user_email, $title, $message) )
|
256 |
wp_die( __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function.') );
|
@@ -258,102 +398,6 @@ function retrieve_password() {
|
|
258 |
return true;
|
259 |
}
|
260 |
|
261 |
-
/**
|
262 |
-
* Retrieves a user row based on password reset key and login
|
263 |
-
*
|
264 |
-
* @uses $wpdb WordPress Database object
|
265 |
-
*
|
266 |
-
* @param string $key Hash to validate sending user's password
|
267 |
-
* @param string $login The user login
|
268 |
-
* @return object|WP_Error User's database row on success, error object for invalid keys
|
269 |
-
*/
|
270 |
-
function check_password_reset_key($key, $login) {
|
271 |
-
global $wpdb;
|
272 |
-
|
273 |
-
$key = preg_replace('/[^a-z0-9]/i', '', $key);
|
274 |
-
|
275 |
-
if ( empty( $key ) || !is_string( $key ) )
|
276 |
-
return new WP_Error('invalid_key', __('Invalid key'));
|
277 |
-
|
278 |
-
if ( empty($login) || !is_string($login) )
|
279 |
-
return new WP_Error('invalid_key', __('Invalid key'));
|
280 |
-
|
281 |
-
$user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_activation_key = %s AND user_login = %s", $key, $login));
|
282 |
-
|
283 |
-
if ( empty( $user ) )
|
284 |
-
return new WP_Error('invalid_key', __('Invalid key'));
|
285 |
-
|
286 |
-
return $user;
|
287 |
-
}
|
288 |
-
|
289 |
-
/**
|
290 |
-
* Handles resetting the user's password.
|
291 |
-
*
|
292 |
-
* @param object $user The user
|
293 |
-
* @param string $new_pass New password for the user in plaintext
|
294 |
-
*/
|
295 |
-
function reset_password($user, $new_pass) {
|
296 |
-
do_action('password_reset', $user, $new_pass);
|
297 |
-
|
298 |
-
wp_set_password($new_pass, $user->ID);
|
299 |
-
|
300 |
-
wp_password_change_notification($user);
|
301 |
-
}
|
302 |
-
|
303 |
-
/**
|
304 |
-
* Handles registering a new user.
|
305 |
-
*
|
306 |
-
* @param string $user_login User's username for logging in
|
307 |
-
* @param string $user_email User's email address to send password and add
|
308 |
-
* @return int|WP_Error Either user's ID or error on failure.
|
309 |
-
*/
|
310 |
-
function register_new_user( $user_login, $user_email ) {
|
311 |
-
$errors = new WP_Error();
|
312 |
-
|
313 |
-
$sanitized_user_login = sanitize_user( $user_login );
|
314 |
-
$user_email = apply_filters( 'user_registration_email', $user_email );
|
315 |
-
|
316 |
-
// Check the username
|
317 |
-
if ( $sanitized_user_login == '' ) {
|
318 |
-
$errors->add( 'empty_username', __( '<strong>ERROR</strong>: Please enter a username.' ) );
|
319 |
-
} elseif ( ! validate_username( $user_login ) ) {
|
320 |
-
$errors->add( 'invalid_username', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ) );
|
321 |
-
$sanitized_user_login = '';
|
322 |
-
} elseif ( username_exists( $sanitized_user_login ) ) {
|
323 |
-
$errors->add( 'username_exists', __( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' ) );
|
324 |
-
}
|
325 |
-
|
326 |
-
// Check the e-mail address
|
327 |
-
if ( $user_email == '' ) {
|
328 |
-
$errors->add( 'empty_email', __( '<strong>ERROR</strong>: Please type your e-mail address.' ) );
|
329 |
-
} elseif ( ! is_email( $user_email ) ) {
|
330 |
-
$errors->add( 'invalid_email', __( '<strong>ERROR</strong>: The email address isn’t correct.' ) );
|
331 |
-
$user_email = '';
|
332 |
-
} elseif ( email_exists( $user_email ) ) {
|
333 |
-
$errors->add( 'email_exists', __( '<strong>ERROR</strong>: This email is already registered, please choose another one.' ) );
|
334 |
-
}
|
335 |
-
|
336 |
-
do_action( 'register_post', $sanitized_user_login, $user_email, $errors );
|
337 |
-
|
338 |
-
$errors = apply_filters( 'registration_errors', $errors, $sanitized_user_login, $user_email );
|
339 |
-
|
340 |
-
if ( $errors->get_error_code() )
|
341 |
-
return $errors;
|
342 |
-
|
343 |
-
$user_pass = wp_generate_password( 12, false);
|
344 |
-
$user_id = wp_create_user( $sanitized_user_login, $user_pass, $user_email );
|
345 |
-
if ( ! $user_id ) {
|
346 |
-
$errors->add( 'registerfail', sprintf( __( '<strong>ERROR</strong>: Couldn’t register you… please contact the <a href="mailto:%s">webmaster</a> !' ), get_option( 'admin_email' ) ) );
|
347 |
-
return $errors;
|
348 |
-
}
|
349 |
-
|
350 |
-
update_user_option( $user_id, 'default_password_nag', true, true ); //Set up the Password change nag.
|
351 |
-
|
352 |
-
wp_new_user_notification( $user_id, $user_pass );
|
353 |
-
|
354 |
-
return $user_id;
|
355 |
-
}
|
356 |
-
|
357 |
//
|
358 |
// Main
|
359 |
//
|
@@ -386,8 +430,21 @@ setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN);
|
|
386 |
if ( SITECOOKIEPATH != COOKIEPATH )
|
387 |
setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN);
|
388 |
|
389 |
-
|
|
|
|
|
|
|
|
|
390 |
do_action( 'login_init' );
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
391 |
do_action( 'login_form_' . $action );
|
392 |
|
393 |
$http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
|
@@ -399,8 +456,18 @@ case 'postpass' :
|
|
399 |
require_once ABSPATH . 'wp-includes/class-phpass.php';
|
400 |
$hasher = new PasswordHash( 8, true );
|
401 |
|
402 |
-
|
403 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
404 |
|
405 |
wp_safe_redirect( wp_get_referer() );
|
406 |
exit();
|
@@ -411,7 +478,7 @@ case 'logout' :
|
|
411 |
check_admin_referer('log-out');
|
412 |
wp_logout();
|
413 |
|
414 |
-
$redirect_to = !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] :
|
415 |
wp_safe_redirect( $redirect_to );
|
416 |
exit();
|
417 |
|
@@ -423,37 +490,73 @@ case 'retrievepassword' :
|
|
423 |
if ( $http_post ) {
|
424 |
$errors = retrieve_password();
|
425 |
if ( !is_wp_error($errors) ) {
|
426 |
-
$redirect_to = !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] :
|
427 |
wp_safe_redirect( $redirect_to );
|
428 |
exit();
|
429 |
}
|
430 |
}
|
431 |
|
432 |
-
if ( isset(
|
433 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
434 |
|
435 |
-
do_action('lost_password');
|
436 |
login_header(__('Lost Password'), '<p class="message">' . __('Please enter your username or email address. You will receive a link to create a new password via email.') . '</p>', $errors);
|
437 |
|
438 |
$user_login = isset($_POST['user_login']) ? wp_unslash($_POST['user_login']) : '';
|
439 |
|
440 |
?>
|
441 |
|
442 |
-
<form name="lostpasswordform" id="lostpasswordform" action="<?php echo site_url(
|
443 |
<p>
|
444 |
<label for="user_login" ><?php _e('Username or E-mail:') ?><br />
|
445 |
<input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label>
|
446 |
</p>
|
447 |
-
<?php
|
|
|
|
|
|
|
|
|
|
|
|
|
448 |
<input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />
|
449 |
<p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Get New Password'); ?>" /></p>
|
450 |
</form>
|
451 |
|
452 |
<p id="nav">
|
453 |
<a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e('Log in') ?></a>
|
454 |
-
<?php
|
455 |
-
|
456 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
457 |
</p>
|
458 |
|
459 |
<?php
|
@@ -465,7 +568,10 @@ case 'rp' :
|
|
465 |
$user = check_password_reset_key($_GET['key'], $_GET['login']);
|
466 |
|
467 |
if ( is_wp_error($user) ) {
|
468 |
-
|
|
|
|
|
|
|
469 |
exit;
|
470 |
}
|
471 |
|
@@ -474,6 +580,14 @@ case 'rp' :
|
|
474 |
if ( isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2'] )
|
475 |
$errors->add( 'password_reset_mismatch', __( 'The passwords do not match.' ) );
|
476 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
477 |
do_action( 'validate_password_reset', $errors, $user );
|
478 |
|
479 |
if ( ( ! $errors->get_error_code() ) && isset( $_POST['pass1'] ) && !empty( $_POST['pass1'] ) ) {
|
@@ -489,7 +603,7 @@ case 'rp' :
|
|
489 |
login_header(__('Reset Password'), '<p class="message reset-pass">' . __('Enter your new password below.') . '</p>', $errors );
|
490 |
|
491 |
?>
|
492 |
-
<form name="resetpassform" id="resetpassform" action="<?php echo
|
493 |
<input type="hidden" id="user_login" value="<?php echo esc_attr( $_GET['login'] ); ?>" autocomplete="off" />
|
494 |
|
495 |
<p>
|
@@ -510,9 +624,13 @@ case 'rp' :
|
|
510 |
|
511 |
<p id="nav">
|
512 |
<a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log in' ); ?></a>
|
513 |
-
<?php
|
514 |
-
|
515 |
-
|
|
|
|
|
|
|
|
|
516 |
</p>
|
517 |
|
518 |
<?php
|
@@ -521,13 +639,20 @@ break;
|
|
521 |
|
522 |
case 'register' :
|
523 |
if ( is_multisite() ) {
|
524 |
-
|
525 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
526 |
exit;
|
527 |
}
|
528 |
|
529 |
if ( !get_option('users_can_register') ) {
|
530 |
-
wp_redirect( site_url(
|
531 |
exit();
|
532 |
}
|
533 |
|
@@ -538,17 +663,25 @@ case 'register' :
|
|
538 |
$user_email = $_POST['user_email'];
|
539 |
$errors = register_new_user($user_login, $user_email);
|
540 |
if ( !is_wp_error($errors) ) {
|
541 |
-
$redirect_to = !empty( $_POST['redirect_to'] ) ? $_POST['redirect_to'] :
|
542 |
wp_safe_redirect( $redirect_to );
|
543 |
exit();
|
544 |
}
|
545 |
}
|
546 |
|
547 |
-
$
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
548 |
login_header(__('Registration Form'), '<p class="message register">' . __('Register For This Site') . '</p>', $errors);
|
549 |
?>
|
550 |
|
551 |
-
<form name="registerform" id="registerform" action="<?php echo
|
552 |
<p>
|
553 |
<label for="user_login"><?php _e('Username') ?><br />
|
554 |
<input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr(wp_unslash($user_login)); ?>" size="20" /></label>
|
@@ -557,7 +690,14 @@ case 'register' :
|
|
557 |
<label for="user_email"><?php _e('E-mail') ?><br />
|
558 |
<input type="text" name="user_email" id="user_email" class="input" value="<?php echo esc_attr(wp_unslash($user_email)); ?>" size="25" /></label>
|
559 |
</p>
|
560 |
-
<?php
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
561 |
<p id="reg_passmail"><?php _e('A password will be e-mailed to you.') ?></p>
|
562 |
<br class="clear" />
|
563 |
<input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />
|
@@ -608,9 +748,23 @@ default:
|
|
608 |
if ( !$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
|
609 |
$secure_cookie = false;
|
610 |
|
611 |
-
|
612 |
-
|
613 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
614 |
|
615 |
if ( !is_wp_error($user) && !$reauth ) {
|
616 |
if ( $interim_login ) {
|
@@ -618,7 +772,9 @@ default:
|
|
618 |
$interim_login = 'success';
|
619 |
login_header( '', $message ); ?>
|
620 |
</div>
|
621 |
-
<?php
|
|
|
|
|
622 |
<?php if ( $customize_login ) : ?>
|
623 |
<script type="text/javascript">setTimeout( function(){ new wp.customize.Messenger({ url: '<?php echo wp_customize_url(); ?>', channel: 'login' }).send('login') }, 1000 );</script>
|
624 |
<?php endif; ?>
|
@@ -644,10 +800,6 @@ default:
|
|
644 |
if ( !empty($_GET['loggedout']) || $reauth )
|
645 |
$errors = new WP_Error();
|
646 |
|
647 |
-
// If cookies are disabled we can't log in even with a valid user+pass
|
648 |
-
if ( isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE]) )
|
649 |
-
$errors->add('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress."));
|
650 |
-
|
651 |
if ( $interim_login ) {
|
652 |
if ( ! $errors->get_error_code() )
|
653 |
$errors->add('expired', __('Session expired. Please log in again. You will not move away from this page.'), 'message');
|
@@ -667,6 +819,14 @@ default:
|
|
667 |
$errors->add('updated', __( '<strong>You have successfully updated WordPress!</strong> Please log back in to experience the awesomeness.' ), 'message' );
|
668 |
}
|
669 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
670 |
$errors = apply_filters( 'wp_login_errors', $errors, $redirect_to );
|
671 |
|
672 |
// Clear any stale cookies.
|
@@ -674,15 +834,13 @@ default:
|
|
674 |
wp_clear_auth_cookie();
|
675 |
|
676 |
login_header(__('Log In'), '', $errors);
|
677 |
-
|
678 |
-
$user_login = '';
|
679 |
|
680 |
if ( isset($_POST['log']) )
|
681 |
$user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? esc_attr(wp_unslash($_POST['log'])) : '';
|
682 |
$rememberme = ! empty( $_POST['rememberme'] );
|
683 |
?>
|
684 |
|
685 |
-
<form name="loginform" id="loginform" action="<?php echo site_url(
|
686 |
<p>
|
687 |
<label for="user_login"><?php _e('Username') ?><br />
|
688 |
<input type="text" name="log" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label>
|
@@ -691,7 +849,14 @@ default:
|
|
691 |
<label for="user_pass"><?php _e('Password') ?><br />
|
692 |
<input type="password" name="pwd" id="user_pass" class="input" value="" size="20" /></label>
|
693 |
</p>
|
694 |
-
<?php
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
695 |
<p class="forgetmenot"><label for="rememberme"><input name="rememberme" type="checkbox" id="rememberme" value="forever" <?php checked( $rememberme ); ?> /> <?php esc_attr_e('Remember Me'); ?></label></p>
|
696 |
<p class="submit">
|
697 |
<input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Log In'); ?>" />
|
@@ -709,10 +874,13 @@ default:
|
|
709 |
|
710 |
<?php if ( ! $interim_login ) { ?>
|
711 |
<p id="nav">
|
712 |
-
<?php if ( ! isset( $_GET['checkemail'] ) || ! in_array( $_GET['checkemail'], array( 'confirm', 'newpass' ) ) ) :
|
713 |
-
|
714 |
-
|
715 |
-
|
|
|
|
|
|
|
716 |
<a href="<?php echo esc_url( wp_lostpassword_url() ); ?>" title="<?php esc_attr_e( 'Password Lost and Found' ); ?>"><?php _e( 'Lost your password?' ); ?></a>
|
717 |
<?php endif; ?>
|
718 |
</p>
|
@@ -738,7 +906,7 @@ d.select();
|
|
738 |
}, 200);
|
739 |
}
|
740 |
|
741 |
-
<?php
|
742 |
wp_attempt_focus();
|
743 |
<?php } ?>
|
744 |
if(typeof wpOnload=='function')wpOnload();
|
@@ -758,4 +926,4 @@ try {
|
|
758 |
<?php
|
759 |
login_footer();
|
760 |
break;
|
761 |
-
} // end action switch
|
1 |
<?php
|
2 |
+
/**
|
3 |
+
* WordPress User Page
|
4 |
+
*
|
5 |
+
* Handles authentication, registering, resetting passwords, forgot password,
|
6 |
+
* and other user handling.
|
7 |
+
*
|
8 |
+
* @package WordPress
|
9 |
+
*/
|
10 |
+
|
11 |
+
/** Make sure that the WordPress bootstrap has run before continuing. */
|
12 |
+
//require( dirname(__FILE__) . '/wp-load.php' );
|
13 |
+
|
14 |
+
global $error, $interim_login, $action, $user_login;
|
15 |
|
16 |
// Redirect to https login if forced to use SSL
|
17 |
if ( force_ssl_admin() && ! is_ssl() ) {
|
25 |
}
|
26 |
|
27 |
/**
|
28 |
+
* Output the login page header.
|
29 |
*
|
30 |
+
* @param string $title Optional. WordPress Log In Page title to display in <title/> element. Default 'Log In'.
|
31 |
+
* @param string $message Optional. Message to display in header. Default empty.
|
32 |
+
* @param string $wp_error Optional. The error to pass. Default empty.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
33 |
* @param WP_Error $wp_error Optional. WordPress Error Object
|
34 |
*/
|
35 |
+
function login_header( $title = 'Log In', $message = '', $wp_error = '' ) {
|
36 |
+
global $error, $interim_login, $action;
|
37 |
|
38 |
// Don't index any of these forms
|
39 |
add_action( 'login_head', 'wp_no_robots' );
|
40 |
|
41 |
+
if ( wp_is_mobile() )
|
42 |
+
add_action( 'login_head', 'wp_login_viewport_meta' );
|
43 |
+
|
44 |
if ( empty($wp_error) )
|
45 |
$wp_error = new WP_Error();
|
46 |
|
47 |
// Shake it!
|
48 |
$shake_error_codes = array( 'empty_password', 'empty_email', 'invalid_email', 'invalidcombo', 'empty_username', 'invalid_username', 'incorrect_password' );
|
49 |
+
/**
|
50 |
+
* Filter the error codes array for shaking the login form.
|
51 |
+
*
|
52 |
+
* @since 3.0.0
|
53 |
+
*
|
54 |
+
* @param array $shake_error_codes Error codes that shake the login form.
|
55 |
+
*/
|
56 |
$shake_error_codes = apply_filters( 'shake_error_codes', $shake_error_codes );
|
57 |
|
58 |
if ( $shake_error_codes && $wp_error->get_error_code() && in_array( $wp_error->get_error_code(), $shake_error_codes ) )
|
59 |
add_action( 'login_head', 'wp_shake_js', 12 );
|
60 |
|
61 |
?><!DOCTYPE html>
|
62 |
+
<!--[if IE 8]>
|
63 |
+
<html xmlns="http://www.w3.org/1999/xhtml" class="ie8" <?php language_attributes(); ?>>
|
64 |
+
<![endif]-->
|
65 |
+
<!--[if !(IE 8) ]><!-->
|
66 |
+
<html xmlns="http://www.w3.org/1999/xhtml" <?php language_attributes(); ?>>
|
67 |
+
<!--<![endif]-->
|
68 |
<head>
|
69 |
<meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" />
|
70 |
<title><?php bloginfo('name'); ?> › <?php echo $title; ?></title>
|
72 |
|
73 |
wp_admin_css( 'wp-admin', true );
|
74 |
wp_admin_css( 'colors-fresh', true );
|
75 |
+
wp_admin_css( 'ie', true );
|
|
|
|
|
|
|
76 |
|
77 |
// Remove all stored post data on logging out.
|
78 |
// This could be added by add_action('login_head'...) like wp_shake_js()
|
83 |
<?php
|
84 |
}
|
85 |
|
86 |
+
/**
|
87 |
+
* Enqueue scripts and styles for the login page.
|
88 |
+
*
|
89 |
+
* @since 3.1.0
|
90 |
+
*/
|
91 |
do_action( 'login_enqueue_scripts' );
|
92 |
+
/**
|
93 |
+
* Fires in the login page header after scripts are enqueued.
|
94 |
+
*
|
95 |
+
* @since 2.1.0
|
96 |
+
*/
|
97 |
do_action( 'login_head' );
|
98 |
|
99 |
if ( is_multisite() ) {
|
100 |
$login_header_url = network_home_url();
|
101 |
+
$login_header_title = get_current_site()->site_name;
|
102 |
} else {
|
103 |
$login_header_url = __( 'http://wordpress.org/' );
|
104 |
$login_header_title = __( 'Powered by WordPress' );
|
105 |
}
|
106 |
|
107 |
+
/**
|
108 |
+
* Filter link URL of the header logo above login form.
|
109 |
+
*
|
110 |
+
* @since 2.1.0
|
111 |
+
*
|
112 |
+
* @param string $login_header_url Login header logo URL.
|
113 |
+
*/
|
114 |
+
$login_header_url = apply_filters( 'login_headerurl', $login_header_url );
|
115 |
+
/**
|
116 |
+
* Filter the title attribute of the header logo above login form.
|
117 |
+
*
|
118 |
+
* @since 2.1.0
|
119 |
+
*
|
120 |
+
* @param string $login_header_title Login header logo title attribute.
|
121 |
+
*/
|
122 |
$login_header_title = apply_filters( 'login_headertitle', $login_header_title );
|
123 |
|
124 |
$classes = array( 'login-action-' . $action, 'wp-core-ui' );
|
136 |
$classes[] = 'interim-login-success';
|
137 |
}
|
138 |
|
139 |
+
/**
|
140 |
+
* Filter the login page body classes.
|
141 |
+
*
|
142 |
+
* @since 3.5.0
|
143 |
+
*
|
144 |
+
* @param array $classes An array of body classes.
|
145 |
+
* @param string $action The action that brought the visitor to the login page.
|
146 |
+
*/
|
147 |
$classes = apply_filters( 'login_body_class', $classes, $action );
|
148 |
|
149 |
?>
|
155 |
|
156 |
unset( $login_header_url, $login_header_title );
|
157 |
|
158 |
+
/**
|
159 |
+
* Filter the message to display above the login form.
|
160 |
+
*
|
161 |
+
* @since 2.1.0
|
162 |
+
*
|
163 |
+
* @param string $message Login message text.
|
164 |
+
*/
|
165 |
+
$message = apply_filters( 'login_message', $message );
|
166 |
if ( !empty( $message ) )
|
167 |
echo $message . "\n";
|
168 |
|
184 |
$errors .= ' ' . $error . "<br />\n";
|
185 |
}
|
186 |
}
|
187 |
+
if ( ! empty( $errors ) ) {
|
188 |
+
/**
|
189 |
+
* Filter the error messages displayed above the login form.
|
190 |
+
*
|
191 |
+
* @since 2.1.0
|
192 |
+
*
|
193 |
+
* @param string $errors Login error message.
|
194 |
+
*/
|
195 |
+
echo '<div id="login_error">' . apply_filters( 'login_errors', $errors ) . "</div>\n";
|
196 |
+
}
|
197 |
+
if ( ! empty( $messages ) ) {
|
198 |
+
/**
|
199 |
+
* Filter instructional messages displayed above the login form.
|
200 |
+
*
|
201 |
+
* @since 2.5.0
|
202 |
+
*
|
203 |
+
* @param string $messages Login messages.
|
204 |
+
*/
|
205 |
+
echo '<p class="message">' . apply_filters( 'login_messages', $messages ) . "</p>\n";
|
206 |
+
}
|
207 |
}
|
208 |
} // End of login_header()
|
209 |
|
229 |
</script>
|
230 |
<?php endif; ?>
|
231 |
|
232 |
+
<?php
|
233 |
+
/**
|
234 |
+
* Fires in the login page footer.
|
235 |
+
*
|
236 |
+
* @since 3.1.0
|
237 |
+
*/
|
238 |
+
do_action( 'login_footer' ); ?>
|
239 |
<div class="clear"></div>
|
240 |
</body>
|
241 |
</html>
|
256 |
<?php
|
257 |
}
|
258 |
|
259 |
+
function wp_login_viewport_meta() {
|
260 |
+
?>
|
261 |
+
<meta name="viewport" content="width=device-width" />
|
262 |
+
<?php
|
263 |
+
}
|
264 |
+
|
265 |
/**
|
266 |
* Handles sending password retrieval email to user.
|
267 |
*
|
270 |
* @return bool|WP_Error True: when finish. WP_Error on error
|
271 |
*/
|
272 |
function retrieve_password() {
|
273 |
+
global $wpdb, $wp_hasher;
|
274 |
|
275 |
$errors = new WP_Error();
|
276 |
|
285 |
$user_data = get_user_by('login', $login);
|
286 |
}
|
287 |
|
288 |
+
/**
|
289 |
+
* Fires before errors are returned from a password reset request.
|
290 |
+
*
|
291 |
+
* @since 2.1.0
|
292 |
+
*/
|
293 |
+
do_action( 'lostpassword_post' );
|
294 |
|
295 |
if ( $errors->get_error_code() )
|
296 |
return $errors;
|
304 |
$user_login = $user_data->user_login;
|
305 |
$user_email = $user_data->user_email;
|
306 |
|
307 |
+
/**
|
308 |
+
* Fires before a new password is retrieved.
|
309 |
+
*
|
310 |
+
* @since 1.5.0
|
311 |
+
* @deprecated 1.5.1 Misspelled. Use 'retrieve_password' hook instead.
|
312 |
+
*
|
313 |
+
* @param string $user_login The user login name.
|
314 |
+
*/
|
315 |
+
do_action( 'retreive_password', $user_login );
|
316 |
+
/**
|
317 |
+
* Fires before a new password is retrieved.
|
318 |
+
*
|
319 |
+
* @since 1.5.1
|
320 |
+
*
|
321 |
+
* @param string $user_login The user login name.
|
322 |
+
*/
|
323 |
+
do_action( 'retrieve_password', $user_login );
|
324 |
+
|
325 |
+
/**
|
326 |
+
* Filter whether to allow a password to be reset.
|
327 |
+
*
|
328 |
+
* @since 2.7.0
|
329 |
+
*
|
330 |
+
* @param bool true Whether to allow the password to be reset. Default true.
|
331 |
+
* @param int $user_data->ID The ID of the user attempting to reset a password.
|
332 |
+
*/
|
333 |
+
$allow = apply_filters( 'allow_password_reset', true, $user_data->ID );
|
334 |
|
335 |
if ( ! $allow )
|
336 |
return new WP_Error('no_password_reset', __('Password reset is not allowed for this user'));
|
337 |
else if ( is_wp_error($allow) )
|
338 |
return $allow;
|
339 |
|
340 |
+
// Generate something random for a password reset key.
|
341 |
+
$key = wp_generate_password( 20, false );
|
342 |
+
|
343 |
+
/**
|
344 |
+
* Fires when a password reset key is generated.
|
345 |
+
*
|
346 |
+
* @since 2.5.0
|
347 |
+
*
|
348 |
+
* @param string $user_login The username for the user.
|
349 |
+
* @param string $key The generated password reset key.
|
350 |
+
*/
|
351 |
+
do_action( 'retrieve_password_key', $user_login, $key );
|
352 |
+
|
353 |
+
// Now insert the key, hashed, into the DB.
|
354 |
+
if ( empty( $wp_hasher ) ) {
|
355 |
+
require_once ABSPATH . 'wp-includes/class-phpass.php';
|
356 |
+
$wp_hasher = new PasswordHash( 8, true );
|
357 |
}
|
358 |
+
$hashed = $wp_hasher->HashPassword( $key );
|
359 |
+
$wpdb->update( $wpdb->users, array( 'user_activation_key' => $hashed ), array( 'user_login' => $user_login ) );
|
360 |
+
|
361 |
$message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n";
|
362 |
$message .= network_home_url( '/' ) . "\r\n\r\n";
|
363 |
$message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
|
364 |
$message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n";
|
365 |
$message .= __('To reset your password, visit the following address:') . "\r\n\r\n";
|
366 |
+
$message .= '<' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ">\r\n";
|
367 |
|
368 |
if ( is_multisite() )
|
369 |
$blogname = $GLOBALS['current_site']->site_name;
|
374 |
|
375 |
$title = sprintf( __('[%s] Password Reset'), $blogname );
|
376 |
|
377 |
+
/**
|
378 |
+
* Filter the subject of the password reset email.
|
379 |
+
*
|
380 |
+
* @since 2.8.0
|
381 |
+
*
|
382 |
+
* @param string $title Default email title.
|
383 |
+
*/
|
384 |
+
$title = apply_filters( 'retrieve_password_title', $title );
|
385 |
+
/**
|
386 |
+
* Filter the message body of the password reset mail.
|
387 |
+
*
|
388 |
+
* @since 2.8.0
|
389 |
+
*
|
390 |
+
* @param string $message Default mail message.
|
391 |
+
* @param string $key The activation key.
|
392 |
+
*/
|
393 |
+
$message = apply_filters( 'retrieve_password_message', $message, $key );
|
394 |
|
395 |
if ( $message && !wp_mail($user_email, $title, $message) )
|
396 |
wp_die( __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function.') );
|
398 |
return true;
|
399 |
}
|
400 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
401 |
//
|
402 |
// Main
|
403 |
//
|
430 |
if ( SITECOOKIEPATH != COOKIEPATH )
|
431 |
setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN);
|
432 |
|
433 |
+
/**
|
434 |
+
* Fires when the login form is initialized.
|
435 |
+
*
|
436 |
+
* @since 3.2.0
|
437 |
+
*/
|
438 |
do_action( 'login_init' );
|
439 |
+
/**
|
440 |
+
* Fires before a specified login form action.
|
441 |
+
*
|
442 |
+
* The dynamic portion of the hook name, $action, refers to the action
|
443 |
+
* that brought the visitor to the login form. Actions include 'postpass',
|
444 |
+
* 'logout', 'lostpassword', etc.
|
445 |
+
*
|
446 |
+
* @since 2.8.0
|
447 |
+
*/
|
448 |
do_action( 'login_form_' . $action );
|
449 |
|
450 |
$http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
|
456 |
require_once ABSPATH . 'wp-includes/class-phpass.php';
|
457 |
$hasher = new PasswordHash( 8, true );
|
458 |
|
459 |
+
/**
|
460 |
+
* Filter the life span of the post password cookie.
|
461 |
+
*
|
462 |
+
* By default, the cookie expires 10 days from creation. To turn this
|
463 |
+
* into a session cookie, return 0.
|
464 |
+
*
|
465 |
+
* @since 3.7.0
|
466 |
+
*
|
467 |
+
* @param int $expires The expiry time, as passed to setcookie().
|
468 |
+
*/
|
469 |
+
$expire = apply_filters( 'post_password_expires', time() + 10 * DAY_IN_SECONDS );
|
470 |
+
setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), $expire, COOKIEPATH );
|
471 |
|
472 |
wp_safe_redirect( wp_get_referer() );
|
473 |
exit();
|
478 |
check_admin_referer('log-out');
|
479 |
wp_logout();
|
480 |
|
481 |
+
$redirect_to = !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : 'wp-login.php?loggedout=true';
|
482 |
wp_safe_redirect( $redirect_to );
|
483 |
exit();
|
484 |
|
490 |
if ( $http_post ) {
|
491 |
$errors = retrieve_password();
|
492 |
if ( !is_wp_error($errors) ) {
|
493 |
+
$redirect_to = !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : 'wp-login.php?checkemail=confirm';
|
494 |
wp_safe_redirect( $redirect_to );
|
495 |
exit();
|
496 |
}
|
497 |
}
|
498 |
|
499 |
+
if ( isset( $_GET['error'] ) ) {
|
500 |
+
if ( 'invalidkey' == $_GET['error'] )
|
501 |
+
$errors->add( 'invalidkey', __( 'Sorry, that key does not appear to be valid.' ) );
|
502 |
+
elseif ( 'expiredkey' == $_GET['error'] )
|
503 |
+
$errors->add( 'expiredkey', __( 'Sorry, that key has expired. Please try again.' ) );
|
504 |
+
}
|
505 |
+
|
506 |
+
$lostpassword_redirect = ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
|
507 |
+
/**
|
508 |
+
* Filter the URL redirected to after submitting the lostpassword/retrievepassword form.
|
509 |
+
*
|
510 |
+
* @since 3.0.0
|
511 |
+
*
|
512 |
+
* @param string $lostpassword_redirect The redirect destination URL.
|
513 |
+
*/
|
514 |
+
$redirect_to = apply_filters( 'lostpassword_redirect', $lostpassword_redirect );
|
515 |
+
|
516 |
+
/**
|
517 |
+
* Fires before the lost password form.
|
518 |
+
*
|
519 |
+
* @since 1.5.1
|
520 |
+
*/
|
521 |
+
do_action( 'lost_password' );
|
522 |
|
|
|
523 |
login_header(__('Lost Password'), '<p class="message">' . __('Please enter your username or email address. You will receive a link to create a new password via email.') . '</p>', $errors);
|
524 |
|
525 |
$user_login = isset($_POST['user_login']) ? wp_unslash($_POST['user_login']) : '';
|
526 |
|
527 |
?>
|
528 |
|
529 |
+
<form name="lostpasswordform" id="lostpasswordform" action="<?php echo esc_url( site_url( 'wp-login.php?action=lostpassword', 'login_post' ) ); ?>" method="post">
|
530 |
<p>
|
531 |
<label for="user_login" ><?php _e('Username or E-mail:') ?><br />
|
532 |
<input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label>
|
533 |
</p>
|
534 |
+
<?php
|
535 |
+
/**
|
536 |
+
* Fires inside the lostpassword <form> tags, before the hidden fields.
|
537 |
+
*
|
538 |
+
* @since 2.1.0
|
539 |
+
*/
|
540 |
+
do_action( 'lostpassword_form' ); ?>
|
541 |
<input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />
|
542 |
<p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Get New Password'); ?>" /></p>
|
543 |
</form>
|
544 |
|
545 |
<p id="nav">
|
546 |
<a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e('Log in') ?></a>
|
547 |
+
<?php
|
548 |
+
if ( get_option( 'users_can_register' ) ) :
|
549 |
+
$registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) );
|
550 |
+
/**
|
551 |
+
* Filter the registration URL below the login form.
|
552 |
+
*
|
553 |
+
* @since 1.5.0
|
554 |
+
*
|
555 |
+
* @param string $registration_url Registration URL.
|
556 |
+
*/
|
557 |
+
echo ' | ' . apply_filters( 'register', $registration_url );
|
558 |
+
endif;
|
559 |
+
?>
|
560 |
</p>
|
561 |
|
562 |
<?php
|
568 |
$user = check_password_reset_key($_GET['key'], $_GET['login']);
|
569 |
|
570 |
if ( is_wp_error($user) ) {
|
571 |
+
if ( $user->get_error_code() === 'expired_key' )
|
572 |
+
wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=expiredkey' ) );
|
573 |
+
else
|
574 |
+
wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=invalidkey' ) );
|
575 |
exit;
|
576 |
}
|
577 |
|
580 |
if ( isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2'] )
|
581 |
$errors->add( 'password_reset_mismatch', __( 'The passwords do not match.' ) );
|
582 |
|
583 |
+
/**
|
584 |
+
* Fires before the password reset procedure is validated.
|
585 |
+
*
|
586 |
+
* @since 3.5.0
|
587 |
+
*
|
588 |
+
* @param object $errors WP Error object.
|
589 |
+
* @param WP_User|WP_Error $user WP_User object if the login and reset key match. WP_Error object otherwise.
|
590 |
+
*/
|
591 |
do_action( 'validate_password_reset', $errors, $user );
|
592 |
|
593 |
if ( ( ! $errors->get_error_code() ) && isset( $_POST['pass1'] ) && !empty( $_POST['pass1'] ) ) {
|
603 |
login_header(__('Reset Password'), '<p class="message reset-pass">' . __('Enter your new password below.') . '</p>', $errors );
|
604 |
|
605 |
?>
|
606 |
+
<form name="resetpassform" id="resetpassform" action="<?php echo esc_url( site_url( 'wp-login.php?action=resetpass&key=' . urlencode( $_GET['key'] ) . '&login=' . urlencode( $_GET['login'] ), 'login_post' ) ); ?>" method="post" autocomplete="off">
|
607 |
<input type="hidden" id="user_login" value="<?php echo esc_attr( $_GET['login'] ); ?>" autocomplete="off" />
|
608 |
|
609 |
<p>
|
624 |
|
625 |
<p id="nav">
|
626 |
<a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log in' ); ?></a>
|
627 |
+
<?php
|
628 |
+
if ( get_option( 'users_can_register' ) ) :
|
629 |
+
$registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) );
|
630 |
+
/** This filter is documented in wp-login.php */
|
631 |
+
echo ' | ' . apply_filters( 'register', $registration_url );
|
632 |
+
endif;
|
633 |
+
?>
|
634 |
</p>
|
635 |
|
636 |
<?php
|
639 |
|
640 |
case 'register' :
|
641 |
if ( is_multisite() ) {
|
642 |
+
$sign_up_url = network_site_url( 'wp-signup.php' );
|
643 |
+
/**
|
644 |
+
* Filter the Multisite sign up URL.
|
645 |
+
*
|
646 |
+
* @since 3.0.0
|
647 |
+
*
|
648 |
+
* @param string $sign_up_url The sign up URL.
|
649 |
+
*/
|
650 |
+
wp_redirect( apply_filters( 'wp_signup_location', $sign_up_url ) );
|
651 |
exit;
|
652 |
}
|
653 |
|
654 |
if ( !get_option('users_can_register') ) {
|
655 |
+
wp_redirect( site_url('wp-login.php?registration=disabled') );
|
656 |
exit();
|
657 |
}
|
658 |
|
663 |
$user_email = $_POST['user_email'];
|
664 |
$errors = register_new_user($user_login, $user_email);
|
665 |
if ( !is_wp_error($errors) ) {
|
666 |
+
$redirect_to = !empty( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : 'wp-login.php?checkemail=registered';
|
667 |
wp_safe_redirect( $redirect_to );
|
668 |
exit();
|
669 |
}
|
670 |
}
|
671 |
|
672 |
+
$registration_redirect = ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
|
673 |
+
/**
|
674 |
+
* Filter the registration redirect URL.
|
675 |
+
*
|
676 |
+
* @since 3.0.0
|
677 |
+
*
|
678 |
+
* @param string $registration_redirect The redirect destination URL.
|
679 |
+
*/
|
680 |
+
$redirect_to = apply_filters( 'registration_redirect', $registration_redirect );
|
681 |
login_header(__('Registration Form'), '<p class="message register">' . __('Register For This Site') . '</p>', $errors);
|
682 |
?>
|
683 |
|
684 |
+
<form name="registerform" id="registerform" action="<?php echo esc_url( site_url('wp-login.php?action=register', 'login_post') ); ?>" method="post">
|
685 |
<p>
|
686 |
<label for="user_login"><?php _e('Username') ?><br />
|
687 |
<input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr(wp_unslash($user_login)); ?>" size="20" /></label>
|
690 |
<label for="user_email"><?php _e('E-mail') ?><br />
|
691 |
<input type="text" name="user_email" id="user_email" class="input" value="<?php echo esc_attr(wp_unslash($user_email)); ?>" size="25" /></label>
|
692 |
</p>
|
693 |
+
<?php
|
694 |
+
/**
|
695 |
+
* Fires following the 'E-mail' field in the user registration form.
|
696 |
+
*
|
697 |
+
* @since 2.1.0
|
698 |
+
*/
|
699 |
+
do_action( 'register_form' );
|
700 |
+
?>
|
701 |
<p id="reg_passmail"><?php _e('A password will be e-mailed to you.') ?></p>
|
702 |
<br class="clear" />
|
703 |
<input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />
|
748 |
if ( !$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
|
749 |
$secure_cookie = false;
|
750 |
|
751 |
+
// If cookies are disabled we can't log in even with a valid user+pass
|
752 |
+
if ( isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE]) )
|
753 |
+
$user = new WP_Error('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress."));
|
754 |
+
else
|
755 |
+
$user = wp_signon('', $secure_cookie);
|
756 |
+
|
757 |
+
$requested_redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
|
758 |
+
/**
|
759 |
+
* Filter the login redirect URL.
|
760 |
+
*
|
761 |
+
* @since 3.0.0
|
762 |
+
*
|
763 |
+
* @param string $redirect_to The redirect destination URL.
|
764 |
+
* @param string $requested_redirect_to The requested redirect destination URL passed as a parameter.
|
765 |
+
* @param WP_User|WP_Error $user WP_User object if login was successful, WP_Error object otherwise.
|
766 |
+
*/
|
767 |
+
$redirect_to = apply_filters( 'login_redirect', $redirect_to, $requested_redirect_to, $user );
|
768 |
|
769 |
if ( !is_wp_error($user) && !$reauth ) {
|
770 |
if ( $interim_login ) {
|
772 |
$interim_login = 'success';
|
773 |
login_header( '', $message ); ?>
|
774 |
</div>
|
775 |
+
<?php
|
776 |
+
/** This action is documented in wp-login.php */
|
777 |
+
do_action( 'login_footer' ); ?>
|
778 |
<?php if ( $customize_login ) : ?>
|
779 |
<script type="text/javascript">setTimeout( function(){ new wp.customize.Messenger({ url: '<?php echo wp_customize_url(); ?>', channel: 'login' }).send('login') }, 1000 );</script>
|
780 |
<?php endif; ?>
|
800 |
if ( !empty($_GET['loggedout']) || $reauth )
|
801 |
$errors = new WP_Error();
|
802 |
|
|
|
|
|
|
|
|
|
803 |
if ( $interim_login ) {
|
804 |
if ( ! $errors->get_error_code() )
|
805 |
$errors->add('expired', __('Session expired. Please log in again. You will not move away from this page.'), 'message');
|
819 |
$errors->add('updated', __( '<strong>You have successfully updated WordPress!</strong> Please log back in to experience the awesomeness.' ), 'message' );
|
820 |
}
|
821 |
|
822 |
+
/**
|
823 |
+
* Filter the login page errors.
|
824 |
+
*
|
825 |
+
* @since 3.6.0
|
826 |
+
*
|
827 |
+
* @param object $errors WP Error object.
|
828 |
+
* @param string $redirect_to Redirect destination URL.
|
829 |
+
*/
|
830 |
$errors = apply_filters( 'wp_login_errors', $errors, $redirect_to );
|
831 |
|
832 |
// Clear any stale cookies.
|
834 |
wp_clear_auth_cookie();
|
835 |
|
836 |
login_header(__('Log In'), '', $errors);
|
|
|
|
|
837 |
|
838 |
if ( isset($_POST['log']) )
|
839 |
$user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? esc_attr(wp_unslash($_POST['log'])) : '';
|
840 |
$rememberme = ! empty( $_POST['rememberme'] );
|
841 |
?>
|
842 |
|
843 |
+
<form name="loginform" id="loginform" action="<?php echo esc_url( site_url( 'wp-login.php', 'login_post' ) ); ?>" method="post">
|
844 |
<p>
|
845 |
<label for="user_login"><?php _e('Username') ?><br />
|
846 |
<input type="text" name="log" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label>
|
849 |
<label for="user_pass"><?php _e('Password') ?><br />
|
850 |
<input type="password" name="pwd" id="user_pass" class="input" value="" size="20" /></label>
|
851 |
</p>
|
852 |
+
<?php
|
853 |
+
/**
|
854 |
+
* Fires following the 'Password' field in the login form.
|
855 |
+
*
|
856 |
+
* @since 2.1.0
|
857 |
+
*/
|
858 |
+
do_action( 'login_form' );
|
859 |
+
?>
|
860 |
<p class="forgetmenot"><label for="rememberme"><input name="rememberme" type="checkbox" id="rememberme" value="forever" <?php checked( $rememberme ); ?> /> <?php esc_attr_e('Remember Me'); ?></label></p>
|
861 |
<p class="submit">
|
862 |
<input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Log In'); ?>" />
|
874 |
|
875 |
<?php if ( ! $interim_login ) { ?>
|
876 |
<p id="nav">
|
877 |
+
<?php if ( ! isset( $_GET['checkemail'] ) || ! in_array( $_GET['checkemail'], array( 'confirm', 'newpass' ) ) ) :
|
878 |
+
if ( get_option( 'users_can_register' ) ) :
|
879 |
+
$registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) );
|
880 |
+
/** This filter is documented in wp-login.php */
|
881 |
+
echo apply_filters( 'register', $registration_url ) . ' | ';
|
882 |
+
endif;
|
883 |
+
?>
|
884 |
<a href="<?php echo esc_url( wp_lostpassword_url() ); ?>" title="<?php esc_attr_e( 'Password Lost and Found' ); ?>"><?php _e( 'Lost your password?' ); ?></a>
|
885 |
<?php endif; ?>
|
886 |
</p>
|
906 |
}, 200);
|
907 |
}
|
908 |
|
909 |
+
<?php if ( !$error ) { ?>
|
910 |
wp_attempt_focus();
|
911 |
<?php } ?>
|
912 |
if(typeof wpOnload=='function')wpOnload();
|
926 |
<?php
|
927 |
login_footer();
|
928 |
break;
|
929 |
+
} // end action switch
|