Rename wp-login.php - Version 2.2.2

Version Description

Download this release

Release Info

Developer avryl
Plugin Icon 128x128 Rename wp-login.php
Version 2.2.2
Comparing to
See all releases

Code changes from version 1.0 to 2.2.2

Files changed (5) hide show
  1. index.php +3 -1
  2. readme.md +127 -0
  3. readme.txt +111 -21
  4. rename-wp-login.php +516 -103
  5. wp-login.php → rwl-login.php +350 -182
index.php CHANGED
@@ -1 +1,3 @@
1
- <?php // Silence is golden.
1
+ <?php
2
+
3
+ // Silence is golden.
readme.md ADDED
@@ -0,0 +1,127 @@
1
+ # Rename wp-login.php
2
+
3
+ **Contributors:** avryl
4
+ **Tags:** rename, login, wp-login, wp-login.php, brute force attacks, custom login url, security
5
+ **Requires at least:** 3.8
6
+ **Tested up to:** 3.8.1
7
+ **Stable tag:** 2.2.2
8
+ **License:** GPLv2 or later
9
+ **License URI:** http://www.gnu.org/licenses/gpl-2.0.html
10
+
11
+ Change wp-login.php to anything you want. It can also prevent a lot of brute force attacks.
12
+
13
+ ## Description
14
+
15
+ *Rename wp-login.php* is a very light plugin that lets you easily and safely change wp-login.php to anything you want. It doesn’t literally rename or change files in core, nor does it add rewrite rules. It simply intercepts page requests and works on any WordPress website. The wp-admin directory and wp-login.php page become inaccessible, so you should bookmark or remember the url. Deactivating this plugin brings your site back exactly to the state it was before.
16
+
17
+ ### Compatibility
18
+
19
+ Requires WordPress 3.8 or higher. All login related things such as the registration form, lost password form, login widget and expired sessions just keep working.
20
+
21
+ It’s also compatible with any plugin that hooks in the login form, including
22
+
23
+ * BuddyPress,
24
+ * bbPress,
25
+ * Limit Login Attempts,
26
+ * and User Switching.
27
+
28
+ Obviously it doesn’t work with plugins that *hardcoded* wp-login.php.
29
+
30
+ This also works with multisite! Activating it for a network allows you to set a networkwide default. Individual sites can still rename their login page to something else.
31
+
32
+ If you’re using a **page caching plugin** you should add the slug of the new login url to the list of pages not to cache. For W3 Total Cache and WP Super Cache this plugin will give you a message with a link to the field you should update.
33
+
34
+ ### Benefits
35
+
36
+ Not only does it allow you to further customise your login page, it also prevents brute force attacks that are targeted specifically to wp-login.php. Both the wp-login.php page and the wp-admin directory (if not logged in) become inaccessible.
37
+
38
+ While you could use this plugin to prevent a lot of brute force attacks, it does not mean you don’t need a strong password. Read [this codex article](http://codex.wordpress.org/Brute_Force_Attacks) for more information on how to protect your website.
39
+
40
+ Of course, if you want to keep your login page secret, you should make sure there aren’t any links pointing to it on your website.
41
+
42
+ ## Installation
43
+
44
+ 1. Go to Plugins › Add New.
45
+ 2. Search for *Rename wp-login.php*.
46
+ 3. Look for this plugin, download and activate it.
47
+ 4. The page will redirect you to the settings. Rename wp-login.php in there.
48
+ 5. You can change this option any time you want, just go back to Settings › Permalinks › Rename wp-login.php.
49
+
50
+ ## Frequently Asked Questions
51
+
52
+ ### I forgot my login url!
53
+
54
+ Either go to your MySQL database and look for the value of `rwl_page` in the options table, or remove the `rename-wp-login` folder from your `plugins` folder, log in through wp-login.php and reinstall the plugin.
55
+
56
+ ## Changelog
57
+
58
+ ### 2.2
59
+
60
+ * Fixed issue where requests redirect to the new login page.
61
+ * Trailing slash based on the permalink structure.
62
+
63
+ ### 2.1
64
+
65
+ * Works now with non-pretty permalinks!
66
+ * Gives a message when using W3 Total Cache or WP Super Cache to update options.
67
+
68
+ ### 2.0.1
69
+
70
+ * Prevents pretty redirects such as /login and /admin.
71
+ * Simplifies some code.
72
+ * Forces login page with trailing slash.
73
+ * Replaces a wp_redirect with wp_safe_redirect.
74
+ * Shows error message in the network admin if permalinks are not enabled for the main site.
75
+
76
+ ### 2.0
77
+
78
+ * This plugin can now be activated for a network and a networkwide default can be set.
79
+ * The plugin now hooks in after init to make sure any customisations to the login form are hooked in before it.
80
+ * Links should now be fixed when SSL is enabled.
81
+
82
+ ### 1.9
83
+
84
+ * wp-admin will now have a `wp_die()` message instead of a 404 template because this caused problems.
85
+ * Minimum version is now 3.8.
86
+ * Added updates from wp-login.php in 3.8.
87
+
88
+ ### 1.8
89
+
90
+ * OOP PHP.
91
+ * Requires WordPress 3.7 or higher.
92
+ * MultiViews compatible.
93
+
94
+ ### 1.7
95
+
96
+ * Made compatible with WordPress 3.7.
97
+
98
+ ### 1.6
99
+
100
+ * Fixed the login link when `site_url()` ≠ `home_url()`.
101
+ * Added a [mirror](https://github.com/avryl/rename-wp-login) on GitHub.
102
+
103
+ ### 1.5
104
+
105
+ * Made [User Switching](http://wordpress.org/plugins/user-switching/) compatible.
106
+
107
+ ### 1.4
108
+
109
+ * Faster page load.
110
+ * Fixed 404 error for permalink structures with a prefixed path. “Almost pretty” permalinks work now too.
111
+ * Code clean-up.
112
+
113
+ ### 1.3
114
+
115
+ * Prevents the plugin from working when there is no permalink structure.
116
+
117
+ ### 1.2
118
+
119
+ * Fixed status code custom login page.
120
+
121
+ ### 1.1
122
+
123
+ * Blocked access to wp-admin to prevent a redirect the the new login page.
124
+
125
+ ### 1.0
126
+
127
+ * Initial version.
readme.txt CHANGED
@@ -1,42 +1,132 @@
1
- === Plugin Name ===
2
Contributors: avryl
3
- Tags: rename, login, wp-login, wp-login.php, brute force, attacks
4
- Requires at least: 3.5
5
- Tested up to: 3.6
6
- Stable tag: trunk
7
License: GPLv2 or later
8
License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
10
- Rename wp-login, and block it to prevent brute force attacks.
11
12
== Description ==
13
14
- This plugin renames `wp-login.php` to whatever you want. The default is `login` if no such page already exists. Otherwise it will append a number, e.g. `login-1`. You can change this option under ‘Settings’ ‘Permalinks’ ‘Login’.
15
16
- What are the benefits? Not only does it allow you to further customise your login page, it also prevents brute force attacks that are targeted specifically to the standard `wp-login.php`. `wp-login.php` will be blocked and returns a 404 status.
17
18
- If you’re using a page caching plugin like **W3 Total Cache** or **WP Super Cache**, add the word you rename `wp-login.php` to (e.g. `login`) to the list of pages not to cache. For W3 Total Cache go to ‘Performance’ › ‘Page Cache’ › ‘Advanced’ › ‘Never cache the following pages’, add your new login page on a new line and save all settings. For WP Super Cache go to ‘Settings’ ‘WP Super Cache’ › ‘Advanced’ › ‘Accepted Filenames & Rejected URIs’, add your new login page on a new line and save.
19
20
- This plugin works with plugins that customise or hook into the standard login screen. It’s not yet tested on installs that force SSL or use the multisite feature.
21
22
== Installation ==
23
24
- 1. Go to PluginsAdd New’.
25
- 2. Search for Rename wp-login’.
26
3. Look for this plugin, download and activate it.
27
- 4. The page will redirect you to the settings. Rename `wp-login.php` in the section ‘Login’.
28
- 5. You can change this option any time you want, just go back to SettingsPermalinks‘Login’.
29
30
- == Screenshots ==
31
32
- 1. This screen shot description corresponds to screenshot-1.(png|jpg|jpeg|gif). Note that the screenshot is taken from
33
- the /assets directory or the directory that contains the stable readme.txt (tags or trunk). Screenshots in the /assets
34
- directory take precedence. For example, `/assets/screenshot-1.png` would win over `/tags/4.3/screenshot-1.png`
35
- (or jpg, jpeg, gif).
36
37
== Changelog ==
38
39
= 1.0 =
40
- * Initial version.
41
42
- == Upgrade Notice ==
1
+ === Rename wp-login.php ===
2
+
3
Contributors: avryl
4
+ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=49WXVSPP2HUKG
5
+ Tags: rename, login, wp-login, wp-login.php, brute force attacks, custom login url, security
6
+ Requires at least: 3.8
7
+ Tested up to: 3.8.1
8
+ Stable tag: 2.2.2
9
License: GPLv2 or later
10
License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
12
+ Change wp-login.php to anything you want. It can also prevent a lot of brute force attacks.
13
14
== Description ==
15
16
+ *Rename wp-login.php* is a very light plugin that lets you easily and safely change wp-login.php to anything you want. It doesn’t literally rename or change files in core, nor does it add rewrite rules. It simply intercepts page requests and works on any WordPress website. The wp-admin directory and wp-login.php page become inaccessible, so you should bookmark or remember the url. Deactivating this plugin brings your site back exactly to the state it was before.
17
+
18
+ = Compatibility =
19
+
20
+ Requires WordPress 3.8 or higher. All login related things such as the registration form, lost password form, login widget and expired sessions just keep working.
21
+
22
+ It’s also compatible with any plugin that hooks in the login form, including
23
+
24
+ * BuddyPress,
25
+ * bbPress,
26
+ * Limit Login Attempts,
27
+ * and User Switching.
28
+
29
+ Obviously it doesn’t work with plugins that *hardcoded* wp-login.php.
30
+
31
+ This also works with multisite! Activating it for a network allows you to set a networkwide default. Individual sites can still rename their login page to something else.
32
+
33
+ If you’re using a **page caching plugin** you should add the slug of the new login url to the list of pages not to cache. For W3 Total Cache and WP Super Cache this plugin will give you a message with a link to the field you should update.
34
+
35
+ = Benefits =
36
+
37
+ Not only does it allow you to further customise your login page, it also prevents brute force attacks that are targeted specifically to wp-login.php. Both the wp-login.php page and the wp-admin directory (if not logged in) become inaccessible.
38
39
+ While you could use this plugin to prevent a lot of brute force attacks, it does not mean you don’t need a strong password. Read [this codex article](http://codex.wordpress.org/Brute_Force_Attacks) for more information on how to protect your website.
40
41
+ Of course, if you want to keep your login page secret, you should make sure there aren’t any links pointing to it on your website.
42
43
+ = GitHub =
44
+
45
+ This plugin has a [mirror](https://github.com/avryl/rename-wp-login) on GitHub.
46
47
== Installation ==
48
49
+ 1. Go to Plugins › Add New.
50
+ 2. Search for *Rename wp-login.php*.
51
3. Look for this plugin, download and activate it.
52
+ 4. The page will redirect you to the settings. Rename wp-login.php there.
53
+ 5. You can change this option any time you want, just go back to Settings › Permalinks › Rename wp-login.php.
54
+
55
+ == Frequently Asked Questions ==
56
57
+ = I forgot my login url! =
58
59
+ Either go to your MySQL database and look for the value of `rwl_page` in the options table, or remove the `rename-wp-login` folder from your `plugins` folder, log in through wp-login.php and reinstall the plugin.
60
61
== Changelog ==
62
63
+ = 2.2 =
64
+
65
+ * Fixed issue where requests redirect to the new login page.
66
+ * Trailing slash based on the permalink structure.
67
+
68
+ = 2.1 =
69
+
70
+ * Works now with non-pretty permalinks!
71
+ * Gives a message when using W3 Total Cache or WP Super Cache to update options.
72
+
73
+ = 2.0.1 =
74
+
75
+ * Prevents pretty redirects such as /login and /admin.
76
+ * Simplifies some code.
77
+ * Forces login page with trailing slash.
78
+ * Replaces a wp_redirect with wp_safe_redirect.
79
+ * Shows error message in the network admin if permalinks are not enabled for the main site.
80
+
81
+ = 2.0 =
82
+
83
+ * This plugin can now be activated for a network and a networkwide default can be set.
84
+ * The plugin now hooks in after init to make sure any customisations to the login form are hooked in before it.
85
+ * Links should now be fixed when SSL is enabled.
86
+
87
+ = 1.9 =
88
+
89
+ * wp-admin will now have a `wp_die()` message instead of a 404 template because this caused problems.
90
+ * Minimum version is now 3.8.
91
+ * Added updates from wp-login.php in 3.8.
92
+
93
+ = 1.8 =
94
+
95
+ * OOP PHP.
96
+ * Requires WordPress 3.7 or higher.
97
+ * MultiViews compatible.
98
+
99
+ = 1.7 =
100
+
101
+ * Made compatible with WordPress 3.7.
102
+
103
+ = 1.6 =
104
+
105
+ * Fixed the login link when `site_url()` ≠ `home_url()`.
106
+ * Added a [mirror](https://github.com/avryl/rename-wp-login) on GitHub.
107
+
108
+ = 1.5 =
109
+
110
+ * Made [User Switching](http://wordpress.org/plugins/user-switching/) compatible.
111
+
112
+ = 1.4 =
113
+
114
+ * Faster page load.
115
+ * Fixed 404 error for permalink structures with a prefixed path. “Almost pretty” permalinks work now too.
116
+ * Code clean-up.
117
+
118
+ = 1.3 =
119
+
120
+ * Prevents the plugin from working when there is no permalink structure.
121
+
122
+ = 1.2 =
123
+
124
+ * Fixed status code custom login page.
125
+
126
+ = 1.1 =
127
+
128
+ * Blocked access to wp-admin to prevent a redirect the the new login page.
129
+
130
= 1.0 =
131
132
+ * Initial version.
rename-wp-login.php CHANGED
@@ -1,126 +1,539 @@
1
<?php
2
/*
3
- Plugin Name: Rename wp-login
4
Plugin URI: http://wordpress.org/plugins/rename-wp-login/
5
- Description: Rename wp-login, and block it to prevent brute force attacks.
6
Author: avryl
7
Author URI: http://profiles.wordpress.org/avryl/
8
- Version: 1.0
9
Text Domain: rename-wp-login
10
License: GPLv2 or later
11
License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
*/
13
14
- register_uninstall_hook(__FILE__, 'rwl_uninstall');
15
- function rwl_uninstall() {
16
- delete_option('rwl_page');
17
- }
18
19
- register_activation_hook(__FILE__, 'rwl_activation');
20
- function rwl_activation() {
21
- add_option('rwl_redirect', '1');
22
- }
23
24
- add_action('init', 'rwl_init');
25
- function rwl_init() {
26
- if (!get_option('rwl_page') || get_option('rwl_page') == '') {
27
- update_option('rwl_page', wp_unique_post_slug('login', 0, 'publish', 'page', 0));
28
- }
29
- }
30
31
- add_action('login_init', 'rwl_login_init');
32
- function rwl_login_init() {
33
- global $wp_query, $post;
34
- if (!$post) {
35
- status_header(404);
36
- $wp_query->set_404();
37
- if (file_exists(TEMPLATEPATH . '/404.php')) {
38
- require_once(TEMPLATEPATH . '/404.php');
39
- } else {
40
- require_once(TEMPLATEPATH . '/index.php');
41
- }
42
- exit;
43
- }
44
- }
45
46
- add_action('wp', 'rwl_wp');
47
- function rwl_wp() {
48
- global $wp_query, $post, $wp;
49
- if ($wp_query->is_404 && $wp->request == get_option('rwl_page')) {
50
- $post = new stdClass();
51
- $post->ID = 0;
52
- $wp_query->queried_object = $post;
53
- $wp_query->queried_object_id = 0;
54
- $wp_query->post = $post;
55
- $wp_query->found_posts = 1;
56
- $wp_query->post_count = 1;
57
- $wp_query->is_singular = true;
58
- $wp_query->is_404 = false;
59
- $wp_query->posts = array($post);
60
- $wp_query->is_page = true;
61
- require_once(dirname(__FILE__) . '/wp-login.php');
62
- exit;
63
- }
64
- }
65
66
- add_action('admin_init', 'rwl_admin_init');
67
- function rwl_admin_init() {
68
- add_settings_section('rename-wp-login-section', 'Login', '__return_false', 'permalink');
69
- add_settings_field('rwl-page', '<label for="rwl-page-input">Rename wp-login.php</label>', 'rwl_page', 'permalink', 'rename-wp-login-section');
70
- if (!empty($_POST['rwl_page'])) {
71
- update_option('rwl_page', wp_unique_post_slug($_POST['rwl_page'], 0, 'publish', 'page', 0));
72
- }
73
- if (get_option('rwl_redirect') == '1') {
74
- delete_option('rwl_redirect');
75
- wp_redirect(admin_url('options-permalink.php#rwl-page-input'));
76
- }
77
- }
78
79
- function rwl_page() {
80
- echo '<code>' . site_url() . '/</code> <input id="rwl-page-input" type="text" name="rwl_page" value="' . get_option('rwl_page') . '" /> <code>/</code>';
81
- }
82
83
- add_filter('plugin_action_links_' . plugin_basename(__FILE__), 'rwl_plugin_action_links');
84
- function rwl_plugin_action_links($links) {
85
- array_unshift($links, '<a href="options-permalink.php#rwl-page-input">Settings</a>');
86
- return $links;
87
- }
88
89
- add_filter('site_url', 'rwl_filter_site_url', 10, 4);
90
- function rwl_filter_site_url($url, $path, $scheme, $blog_id) {
91
- return (strpos($path, 'wp-login.php') !== false && $scheme == 'login_post') ? site_url() . '/' . get_option('rwl_page') . '/' . str_replace('wp-login.php', '', $path) : $url;
92
- }
93
94
- add_filter('login_url', 'rwl_filter_login_url', 10, 2);
95
- function rwl_filter_login_url($login_url, $redirect = '') {
96
- $login_url = site_url() . '/' . get_option('rwl_page') . '/';
97
- if (!empty($redirect))
98
- $login_url = add_query_arg('redirect_to', urlencode($redirect), $login_url);
99
- return $login_url;
100
- }
101
102
- add_filter('logout_url', 'rwl_filter_logout_url', 10, 2);
103
- function rwl_filter_logout_url($login_url, $redirect = '') {
104
- $args = array('action' => 'logout');
105
- if (!empty($redirect)) {
106
- $args['redirect_to'] = urlencode($redirect);
107
- }
108
- $logout_url = add_query_arg($args, site_url() . '/' . get_option('rwl_page') . '/');
109
- $logout_url = wp_nonce_url($logout_url, 'log-out');
110
- return $logout_url;
111
- }
112
113
- add_filter('lostpassword_url', 'rwl_filter_lostpassword_url', 10, 2);
114
- function rwl_filter_lostpassword_url($lostpassword_url, $redirect = '') {
115
- $args = array( 'action' => 'lostpassword' );
116
- if (!empty($redirect)) {
117
- $args['redirect_to'] = $redirect;
118
}
119
- $lostpassword_url = add_query_arg($args, site_url() . '/' . get_option('rwl_page') . '/');
120
- return $lostpassword_url;
121
- }
122
123
- add_filter('register_url', 'rwl_filter_register_url');
124
- function rwl_filter_register_url($register_url) {
125
- return site_url() . '/' . get_option('rwl_page') . '/?action=register';
126
- }
1
<?php
2
+
3
/*
4
+ Plugin Name: Rename wp-login.php
5
Plugin URI: http://wordpress.org/plugins/rename-wp-login/
6
+ Description: Change wp-login.php to whatever you want. It can also prevent a lot of brute force attacks.
7
Author: avryl
8
Author URI: http://profiles.wordpress.org/avryl/
9
+ Version: 2.2.2
10
Text Domain: rename-wp-login
11
License: GPLv2 or later
12
License URI: http://www.gnu.org/licenses/gpl-2.0.html
13
*/
14
15
+ if ( ! class_exists( 'Rename_WP_Login' )
16
+ && defined( 'ABSPATH' ) ) {
17
18
+ class Rename_WP_Login {
19
20
+ private $wp_login_php;
21
22
+ private function basename() {
23
24
+ return plugin_basename( __FILE__ );
25
26
+ }
27
28
+ private function path() {
29
30
+ return trailingslashit( dirname( __FILE__ ) );
31
32
+ }
33
34
+ private function use_trailing_slashes() {
35
36
+ return ( '/' === substr( get_option( 'permalink_structure' ), -1, 1 ) );
37
+
38
+ }
39
+
40
+ private function user_trailingslashit( $string ) {
41
+
42
+ return $this->use_trailing_slashes()
43
+ ? trailingslashit( $string )
44
+ : untrailingslashit( $string );
45
+
46
+ }
47
+
48
+ private function wp_template_loader() {
49
+
50
+ global $pagenow;
51
+
52
+ $pagenow = 'index.php';
53
+
54
+ if ( ! defined( 'WP_USE_THEMES' ) ) {
55
+
56
+ define( 'WP_USE_THEMES', true );
57
+
58
+ }
59
+
60
+ wp();
61
+
62
+ require_once( ABSPATH . WPINC . '/template-loader.php' );
63
+
64
+ die;
65
+
66
+ }
67
+
68
+ private function new_login_slug() {
69
+
70
+ if ( ( $slug = get_option( 'rwl_page' ) )
71
+ || ( is_multisite()
72
+ && is_plugin_active_for_network( $this->basename() )
73
+ && ( $slug = get_site_option( 'rwl_page', 'login' ) ) )
74
+ || ( $slug = 'login' ) ) {
75
+
76
+ return $slug;
77
+
78
+ }
79
+
80
+ }
81
+
82
+ public function new_login_url() {
83
+
84
+ if ( get_option( 'permalink_structure' ) ) {
85
+
86
+ return $this->user_trailingslashit( trailingslashit( home_url() ) . $this->new_login_slug() );
87
+
88
+ }
89
+
90
+ else {
91
+
92
+ return trailingslashit( home_url() ) . '?' . $this->new_login_slug();
93
+
94
+ }
95
+
96
+ }
97
+
98
+ public function __construct() {
99
+
100
+ global $wp_version;
101
+
102
+ if ( version_compare( $wp_version, '3.8', '<' ) ) {
103
+
104
+ add_action( 'admin_notices', array( $this, 'admin_notices_incompatible' ) );
105
+ add_action( 'network_admin_notices', array( $this, 'admin_notices_incompatible' ) );
106
+
107
+ return;
108
+
109
+ }
110
+
111
+ register_activation_hook( $this->basename(), array( $this, 'activate' ) );
112
+ register_uninstall_hook( $this->basename(), array( 'Rename_WP_Login', 'uninstall' ) );
113
+
114
+ add_action( 'admin_init', array( $this, 'admin_init' ) );
115
+ add_action( 'admin_notices', array( $this, 'admin_notices' ) );
116
+ add_action( 'network_admin_notices', array( $this, 'admin_notices' ) );
117
+
118
+ if ( is_multisite()
119
+ && ! function_exists( 'is_plugin_active_for_network' ) ) {
120
+
121
+ require_once( ABSPATH . '/wp-admin/includes/plugin.php' );
122
+
123
+ }
124
+
125
+ add_filter( 'plugin_action_links_' . $this->basename(), array( $this, 'plugin_action_links' ) );
126
+
127
+ if ( is_multisite()
128
+ && is_plugin_active_for_network( $this->basename() ) ) {
129
+
130
+ add_filter( 'network_admin_plugin_action_links_' . $this->basename(), array( $this, 'plugin_action_links' ) );
131
+
132
+ add_action( 'wpmu_options', array( $this, 'wpmu_options' ) );
133
+ add_action( 'update_wpmu_options', array( $this, 'update_wpmu_options' ) );
134
+
135
+ }
136
+
137
+ add_action( 'plugins_loaded', array( $this, 'plugins_loaded' ), 1 );
138
+ add_action( 'wp_loaded', array( $this, 'wp_loaded' ) );
139
+
140
+ add_filter( 'site_url', array( $this, 'filter_wp_login_php' ) );
141
+ add_filter( 'network_site_url', array( $this, 'filter_wp_login_php' ) );
142
+ add_filter( 'wp_redirect', array( $this, 'filter_wp_login_php' ) );
143
+
144
+ add_filter( 'site_option_welcome_email', array( $this, 'welcome_email' ) );
145
+
146
+ remove_action( 'template_redirect', 'wp_redirect_admin_locations', 1000 );
147
+
148
+ }
149
+
150
+ public function admin_notices_incompatible() {
151
+
152
+ echo '<div class="update-nag"><p>Please upgrade to the latest version of WordPress to activate <strong>Rename wp-login.php</strong>.</p></div>';
153
+
154
+ }
155
+
156
+ public function activate() {
157
+
158
+ add_option( 'rwl_redirect', '1' );
159
+
160
+ delete_option( 'rwl_admin' );
161
+
162
+ }
163
+
164
+ public static function uninstall() {
165
+
166
+ global $wpdb;
167
+
168
+ if ( is_multisite() ) {
169
+
170
+ $blogs = $wpdb->get_col( "SELECT blog_id FROM {$wpdb->blogs}" );
171
+
172
+ if ( $blogs ) {
173
+
174
+ foreach( $blogs as $blog ) {
175
+
176
+ switch_to_blog( $blog );
177
+
178
+ delete_option( 'rwl_page' );
179
+
180
+ }
181
+
182
+ restore_current_blog();
183
+
184
+ }
185
+
186
+ delete_site_option( 'rwl_page' );
187
+
188
+ }
189
+
190
+ else {
191
+
192
+ delete_option( 'rwl_page' );
193
+
194
+ }
195
+
196
+ }
197
+
198
+ public function wpmu_options() {
199
+
200
+ $out = '';
201
+
202
+ $out .= '<h3>Rename wp-login.php</h3>';
203
+ $out .= '<p>This option allows you to set a networkwide default, which can be overridden by individual sites. Simply go to to the site’s permalink settings to change the url.</p>';
204
+ $out .= '<p>Need help? Try the <a href="http://wordpress.org/support/plugin/rename-wp-login#postform" target="_blank">support forum</a>.</p>';
205
+ $out .= '<table class="form-table">';
206
+ $out .= '<tr valign="top">';
207
+ $out .= '<th scope="row">Networkwide default</th>';
208
+ $out .= '<td><input id="rwl-page-input" type="text" name="rwl_page" value="' . get_site_option( 'rwl_page', 'login' ) . '"></td>';
209
+ $out .= '</tr>';
210
+ $out .= '</table>';
211
+
212
+ echo $out;
213
+
214
+ }
215
+
216
+ public function update_wpmu_options() {
217
+
218
+ if ( ( $rwl_page = sanitize_title_with_dashes( $_POST['rwl_page'] ) )
219
+ && strpos( $rwl_page, 'wp-login' ) === false
220
+ && ! in_array( $rwl_page, $this->forbidden_slugs() ) ) {
221
+
222
+ update_site_option( 'rwl_page', $rwl_page );
223
+
224
+ }
225
+
226
+ }
227
+
228
+ public function admin_init() {
229
+
230
+ global $pagenow;
231
+
232
+ add_settings_section(
233
+ 'rename-wp-login-section',
234
+ 'Rename wp-login.php',
235
+ array( $this, 'rwl_section_desc' ),
236
+ 'permalink'
237
+ );
238
+
239
+ add_settings_field(
240
+ 'rwl-page',
241
+ '<label for="rwl-page">Login url</label>',
242
+ array( $this, 'rwl_page_input' ),
243
+ 'permalink',
244
+ 'rename-wp-login-section'
245
+ );
246
+
247
+ if ( isset( $_POST['rwl_page'] )
248
+ && $pagenow === 'options-permalink.php' ) {
249
+
250
+ if ( ( $rwl_page = sanitize_title_with_dashes( $_POST['rwl_page'] ) )
251
+ && strpos( $rwl_page, 'wp-login' ) === false
252
+ && ! in_array( $rwl_page, $this->forbidden_slugs() ) ) {
253
+
254
+ if ( $rwl_page === get_site_option( 'rwl_page', 'login' ) ) {
255
+
256
+ delete_option( 'rwl_page' );
257
+
258
+ }
259
+
260
+ else {
261
+
262
+ update_option( 'rwl_page', $rwl_page );
263
+
264
+ }
265
+
266
+ }
267
+
268
+ }
269
+
270
+ if ( get_option( 'rwl_redirect' ) ) {
271
+
272
+ delete_option( 'rwl_redirect' );
273
+
274
+ if ( is_multisite()
275
+ && is_super_admin()
276
+ && is_plugin_active_for_network( $this->basename() ) ) {
277
+
278
+ $redirect = network_admin_url( 'settings.php#rwl-page-input' );
279
+
280
+ }
281
+
282
+ else {
283
+
284
+ $redirect = admin_url( 'options-permalink.php#rwl-page-input' );
285
+
286
+ }
287
+
288
+ wp_safe_redirect( $redirect );
289
+
290
+ die;
291
+
292
+ }
293
+
294
+ }
295
+
296
+ public function rwl_section_desc() {
297
+
298
+ $out = '';
299
+
300
+ if ( ! is_multisite()
301
+ || is_super_admin() ) {
302
+
303
+ $out .= '<p>Need help? Try the <a href="http://wordpress.org/support/plugin/rename-wp-login#postform" target="_blank">support forum</a>.</p>';
304
+
305
+ }
306
+
307
+ if ( is_multisite()
308
+ && is_super_admin()
309
+ && is_plugin_active_for_network( $this->basename() ) ) {
310
+
311
+ $out .= '<p>To set a networkwide default, go to <a href="' . network_admin_url( 'settings.php#rwl-page-input' ) . '">Network Settings</a>.</p>';
312
+
313
+ }
314
+
315
+ echo $out;
316
+
317
+ }
318
+
319
+ public function rwl_page_input() {
320
+
321
+ if ( get_option( 'permalink_structure' ) ) {
322
+
323
+ echo '<code>' . trailingslashit( home_url() ) . '</code> <input id="rwl-page-input" type="text" name="rwl_page" value="' . $this->new_login_slug() . '">' . ( $this->use_trailing_slashes() ? ' <code>/</code>' : '' );
324
+
325
+ }
326
+
327
+ else {
328
+
329
+ echo '<code>' . trailingslashit( home_url() ) . '?</code> <input id="rwl-page-input" type="text" name="rwl_page" value="' . $this->new_login_slug() . '">';
330
+
331
+ }
332
+
333
+ }
334
+
335
+ public function admin_notices() {
336
+
337
+ global $pagenow, $cache_rejected_uri;
338
+
339
+ $out = '';
340
+
341
+ if ( ! is_network_admin()
342
+ && $pagenow === 'options-permalink.php'
343
+ && isset( $_GET['settings-updated'] ) ) {
344
+
345
+ $out .= '<div class="updated"><p>Your login page is now here: <strong><a href="' . $this->new_login_url() . '">' . $this->new_login_url() . '</a></strong>. Bookmark this page!</p></div>';
346
+
347
+ }
348
+
349
+ if ( current_user_can( 'manage_options' )
350
+ && function_exists( 'w3_instance' )
351
+ && ( $w3tc = w3_instance( 'W3_Config' ) )
352
+ && ( $w3tc = $w3tc->get_array( 'pgcache.reject.uri' ) )
353
+ && ! in_array( $this->new_login_slug(), $w3tc ) ) {
354
+
355
+ $admin_url = admin_url( 'admin.php?page=w3tc_pgcache#pgcache_reject_uri' );
356
+
357
+ $out .= '<div class="update-nag"><strong>W3 Total Cache</strong> is enabled on your website. To make sure <strong>Rename wp-login.php</strong> works correctly, you should add <strong>' . $this->new_login_slug() . '</strong> to <a href="' . $admin_url . '">Never cache the following pages</a>. This notice will disappear once you’ve done that correctly.</div>';
358
+
359
+ }
360
+
361
+ if ( current_user_can( 'manage_options' )
362
+ && is_array( $cache_rejected_uri )
363
+ && ! in_array( $this->new_login_slug(), $cache_rejected_uri ) ) {
364
+
365
+ $admin_url = is_network_admin() ? network_admin_url( 'settings.php?page=wpsupercache&tab=settings#rejecturi' ) : admin_url( 'options-general.php?page=wpsupercache&tab=settings#rejecturi' );
366
+
367
+ $out .= '<div class="update-nag"><strong>WP Super Cache</strong> is enabled on your website. To make sure <strong>Rename wp-login.php</strong> works correctly, you should add <strong>' . $this->new_login_slug() . '</strong> to <a href="' . $admin_url . '">Rejected URIs</a>. This notice will disappear once you’ve done that correctly.</div>';
368
+
369
+ }
370
+
371
+ echo $out;
372
+
373
+ }
374
+
375
+ public function plugin_action_links( $links ) {
376
+
377
+ if ( is_network_admin()
378
+ && is_plugin_active_for_network( $this->basename() ) ) {
379
+
380
+ array_unshift( $links, '<a href="' . network_admin_url( 'settings.php#rwl-page-input' ) . '">Settings</a>' );
381
+
382
+ }
383
+
384
+ elseif ( ! is_network_admin() ) {
385
+
386
+ array_unshift( $links, '<a href="' . admin_url( 'options-permalink.php#rwl-page-input' ) . '">Settings</a>' );
387
+
388
+ }
389
+
390
+ return $links;
391
+
392
+ }
393
+
394
+ public function plugins_loaded() {
395
+
396
+ global $pagenow;
397
+
398
+ if ( ! is_multisite()
399
+ && ( strpos( $_SERVER['REQUEST_URI'], 'wp-signup' ) !== false
400
+ || strpos( $_SERVER['REQUEST_URI'], 'wp-activate' ) ) !== false ) {
401
+
402
+ wp_die( __( 'This feature is not enabled.' ) );
403
+
404
+ }
405
+
406
+ $request = parse_url( $_SERVER['REQUEST_URI'] );
407
+
408
+ if ( ( strpos( $_SERVER['REQUEST_URI'], 'wp-login.php' ) !== false
409
+ || untrailingslashit( $request['path'] ) === site_url( 'wp-login', 'relative' ) )
410
+ && ! is_admin() ) {
411
+
412
+ $this->wp_login_php = true;
413
+
414
+ $_SERVER['REQUEST_URI'] = str_repeat( '-/', 10 );
415
+
416
+ $pagenow = 'index.php';
417
+
418
+ }
419
+
420
+ elseif ( untrailingslashit( $request['path'] ) === home_url( $this->new_login_slug(), 'relative' )
421
+ || ( ! get_option( 'permalink_structure' )
422
+ && isset( $_GET[$this->new_login_slug()] )
423
+ && empty( $_GET[$this->new_login_slug()] ) ) ) {
424
+
425
+ $pagenow = 'wp-login.php';
426
+
427
+ }
428
+
429
+ }
430
+
431
+ public function wp_loaded() {
432
+
433
+ global $pagenow;
434
+
435
+ if ( is_admin()
436
+ && ! is_user_logged_in()
437
+ && ! defined( 'DOING_AJAX' ) ) {
438
+
439
+ wp_die( __( 'You must log in to access the admin area.' ) );
440
+
441
+ }
442
+
443
+ $request = parse_url( $_SERVER['REQUEST_URI'] );
444
+
445
+ if ( $pagenow === 'wp-login.php'
446
+ && $request['path'] !== $this->user_trailingslashit( $request['path'] )
447
+ && get_option( 'permalink_structure' ) ) {
448
+
449
+ wp_safe_redirect( $this->user_trailingslashit( $this->new_login_url() )
450
+ . ( ! empty( $_SERVER['QUERY_STRING'] ) ? '?' . $_SERVER['QUERY_STRING'] : '' ) );
451
+
452
+ die;
453
+
454
+ }
455
+
456
+ elseif ( $this->wp_login_php ) {
457
+
458
+ if ( ( $referer = wp_get_referer() )
459
+ && strpos( $referer, 'wp-activate.php' ) !== false
460
+ && ( $referer = parse_url( $referer ) )
461
+ && ! empty( $referer['query'] ) ) {
462
+
463
+ parse_str( $referer['query'], $referer );
464
+
465
+ if ( ! empty( $referer['key'] )
466
+ && ( $result = wpmu_activate_signup( $referer['key'] ) )
467
+ && is_wp_error( $result )
468
+ && ( $result->get_error_code() === 'already_active'
469
+ || $result->get_error_code() === 'blog_taken' ) ) {
470
+
471
+ wp_safe_redirect( $this->new_login_url()
472
+ . ( ! empty( $_SERVER['QUERY_STRING'] ) ? '?' . $_SERVER['QUERY_STRING'] : '' ) );
473
+
474
+ die;
475
+
476
+ }
477
+
478
+ }
479
+
480
+ $this->wp_template_loader();
481
+
482
+ }
483
+
484
+ elseif ( $pagenow === 'wp-login.php' ) {
485
+
486
+ require_once( $this->path() . 'rwl-login.php' );
487
+
488
+ die;
489
+
490
+
491
+ }
492
+
493
+ }
494
+
495
+ public function filter_wp_login_php( $url ) {
496
+
497
+ if ( strpos( $url, 'wp-login.php' ) !== false ) {
498
+
499
+ $args = explode( '?', $url );
500
+
501
+ if ( isset( $args[1] ) ) {
502
+
503
+ parse_str( $args[1], $args );
504
+
505
+ $url = add_query_arg( $args, $this->new_login_url() );
506
+
507
+ }
508
+
509
+ else {
510
+
511
+ $url = $this->new_login_url();
512
+
513
+ }
514
+
515
+ }
516
+
517
+ return $url;
518
+
519
+ }
520
+
521
+ public function welcome_email( $value ) {
522
+
523
+ return $value = str_replace( 'wp-login.php', trailingslashit( get_site_option( 'rwl_page', 'login' ) ), $value );
524
+
525
+ }
526
+
527
+ public function forbidden_slugs() {
528
+
529
+ $wp = new WP;
530
+
531
+ return array_merge( $wp->public_query_vars, $wp->private_query_vars );
532
+
533
+ }
534
535
}
536
537
+ new Rename_WP_Login;
538
+
539
+ }
wp-login.php → rwl-login.php RENAMED
@@ -1,4 +1,17 @@
1
<?php
2
3
// Redirect to https login if forced to use SSL
4
if ( force_ssl_admin() && ! is_ssl() ) {
@@ -12,39 +25,46 @@ if ( force_ssl_admin() && ! is_ssl() ) {
12
}
13
14
/**
15
- * Outputs the header for the login page.
16
*
17
- * @uses do_action() Calls the 'login_head' for outputting HTML in the Log In
18
- * header.
19
- * @uses apply_filters() Calls 'login_headerurl' for the top login link.
20
- * @uses apply_filters() Calls 'login_headertitle' for the top login title.
21
- * @uses apply_filters() Calls 'login_message' on the message to display in the
22
- * header.
23
- * @uses $error The error global, which is checked for displaying errors.
24
- *
25
- * @param string $title Optional. WordPress Log In Page title to display in
26
- * <title/> element.
27
- * @param string $message Optional. Message to display in header.
28
* @param WP_Error $wp_error Optional. WordPress Error Object
29
*/
30
- function login_header($title = 'Log In', $message = '', $wp_error = '') {
31
- global $error, $interim_login, $current_site, $action;
32
33
// Don't index any of these forms
34
add_action( 'login_head', 'wp_no_robots' );
35
36
if ( empty($wp_error) )
37
$wp_error = new WP_Error();
38
39
// Shake it!
40
$shake_error_codes = array( 'empty_password', 'empty_email', 'invalid_email', 'invalidcombo', 'empty_username', 'invalid_username', 'incorrect_password' );
41
$shake_error_codes = apply_filters( 'shake_error_codes', $shake_error_codes );
42
43
if ( $shake_error_codes && $wp_error->get_error_code() && in_array( $wp_error->get_error_code(), $shake_error_codes ) )
44
add_action( 'login_head', 'wp_shake_js', 12 );
45
46
?><!DOCTYPE html>
47
- <html xmlns="http://www.w3.org/1999/xhtml" <?php language_attributes(); ?>>
48
<head>
49
<meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" />
50
<title><?php bloginfo('name'); ?> &rsaquo; <?php echo $title; ?></title>
@@ -52,10 +72,7 @@ function login_header($title = 'Log In', $message = '', $wp_error = '') {
52
53
wp_admin_css( 'wp-admin', true );
54
wp_admin_css( 'colors-fresh', true );
55
-
56
- if ( wp_is_mobile() ) { ?>
57
- <meta name="viewport" content="width=320, initial-scale=0.9, maximum-scale=1.0, user-scalable=0" /><?php
58
- }
59
60
// Remove all stored post data on logging out.
61
// This could be added by add_action('login_head'...) like wp_shake_js()
@@ -66,18 +83,42 @@ function login_header($title = 'Log In', $message = '', $wp_error = '') {
66
<?php
67
}
68
69
do_action( 'login_enqueue_scripts' );
70
do_action( 'login_head' );
71
72
if ( is_multisite() ) {
73
$login_header_url = network_home_url();
74
- $login_header_title = $current_site->site_name;
75
} else {
76
$login_header_url = __( 'http://wordpress.org/' );
77
$login_header_title = __( 'Powered by WordPress' );
78
}
79
80
- $login_header_url = apply_filters( 'login_headerurl', $login_header_url );
81
$login_header_title = apply_filters( 'login_headertitle', $login_header_title );
82
83
$classes = array( 'login-action-' . $action, 'wp-core-ui' );
@@ -95,6 +136,14 @@ function login_header($title = 'Log In', $message = '', $wp_error = '') {
95
$classes[] = 'interim-login-success';
96
}
97
98
$classes = apply_filters( 'login_body_class', $classes, $action );
99
100
?>
@@ -106,7 +155,14 @@ function login_header($title = 'Log In', $message = '', $wp_error = '') {
106
107
unset( $login_header_url, $login_header_title );
108
109
- $message = apply_filters('login_message', $message);
110
if ( !empty( $message ) )
111
echo $message . "\n";
112
@@ -128,10 +184,26 @@ function login_header($title = 'Log In', $message = '', $wp_error = '') {
128
$errors .= ' ' . $error . "<br />\n";
129
}
130
}
131
- if ( !empty($errors) )
132
- echo '<div id="login_error">' . apply_filters('login_errors', $errors) . "</div>\n";
133
- if ( !empty($messages) )
134
- echo '<p class="message">' . apply_filters('login_messages', $messages) . "</p>\n";
135
}
136
} // End of login_header()
137
@@ -157,7 +229,13 @@ function login_footer($input_id = '') {
157
</script>
158
<?php endif; ?>
159
160
- <?php do_action('login_footer'); ?>
161
<div class="clear"></div>
162
</body>
163
</html>
@@ -178,6 +256,12 @@ addLoadEvent(function(){ var p=new Array(15,30,15,0,-15,-30,-15,0);p=p.concat(p.
178
<?php
179
}
180
181
/**
182
* Handles sending password retrieval email to user.
183
*
@@ -186,7 +270,7 @@ addLoadEvent(function(){ var p=new Array(15,30,15,0,-15,-30,-15,0);p=p.concat(p.
186
* @return bool|WP_Error True: when finish. WP_Error on error
187
*/
188
function retrieve_password() {
189
- global $wpdb, $current_site;
190
191
$errors = new WP_Error();
192
@@ -201,7 +285,12 @@ function retrieve_password() {
201
$user_data = get_user_by('login', $login);
202
}
203
204
- do_action('lostpassword_post');
205
206
if ( $errors->get_error_code() )
207
return $errors;
@@ -215,30 +304,66 @@ function retrieve_password() {
215
$user_login = $user_data->user_login;
216
$user_email = $user_data->user_email;
217
218
- do_action('retreive_password', $user_login); // Misspelled and deprecated
219
- do_action('retrieve_password', $user_login);
220
-
221
- $allow = apply_filters('allow_password_reset', true, $user_data->ID);
222
223
if ( ! $allow )
224
return new WP_Error('no_password_reset', __('Password reset is not allowed for this user'));
225
else if ( is_wp_error($allow) )
226
return $allow;
227
228
- $key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login));
229
- if ( empty($key) ) {
230
- // Generate something random for a key...
231
- $key = wp_generate_password(20, false);
232
- do_action('retrieve_password_key', $user_login, $key);
233
- // Now insert the new md5 key into the db
234
- $wpdb->update($wpdb->users, array('user_activation_key' => $key), array('user_login' => $user_login));
235
}
236
$message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n";
237
$message .= network_home_url( '/' ) . "\r\n\r\n";
238
$message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
239
$message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n";
240
$message .= __('To reset your password, visit the following address:') . "\r\n\r\n";
241
- $message .= '<' . site_url() . '/' . get_option('rwl_page') . '/' . "?action=rp&key=$key&login=" . rawurlencode($user_login) . ">\r\n";
242
243
if ( is_multisite() )
244
$blogname = $GLOBALS['current_site']->site_name;
@@ -249,8 +374,23 @@ function retrieve_password() {
249
250
$title = sprintf( __('[%s] Password Reset'), $blogname );
251
252
- $title = apply_filters('retrieve_password_title', $title);
253
- $message = apply_filters('retrieve_password_message', $message, $key);
254
255
if ( $message && !wp_mail($user_email, $title, $message) )
256
wp_die( __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function.') );
@@ -258,102 +398,6 @@ function retrieve_password() {
258
return true;
259
}
260
261
- /**
262
- * Retrieves a user row based on password reset key and login
263
- *
264
- * @uses $wpdb WordPress Database object
265
- *
266
- * @param string $key Hash to validate sending user's password
267
- * @param string $login The user login
268
- * @return object|WP_Error User's database row on success, error object for invalid keys
269
- */
270
- function check_password_reset_key($key, $login) {
271
- global $wpdb;
272
-
273
- $key = preg_replace('/[^a-z0-9]/i', '', $key);
274
-
275
- if ( empty( $key ) || !is_string( $key ) )
276
- return new WP_Error('invalid_key', __('Invalid key'));
277
-
278
- if ( empty($login) || !is_string($login) )
279
- return new WP_Error('invalid_key', __('Invalid key'));
280
-
281
- $user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_activation_key = %s AND user_login = %s", $key, $login));
282
-
283
- if ( empty( $user ) )
284
- return new WP_Error('invalid_key', __('Invalid key'));
285
-
286
- return $user;
287
- }
288
-
289
- /**
290
- * Handles resetting the user's password.
291
- *
292
- * @param object $user The user
293
- * @param string $new_pass New password for the user in plaintext
294
- */
295
- function reset_password($user, $new_pass) {
296
- do_action('password_reset', $user, $new_pass);
297
-
298
- wp_set_password($new_pass, $user->ID);
299
-
300
- wp_password_change_notification($user);
301
- }
302
-
303
- /**
304
- * Handles registering a new user.
305
- *
306
- * @param string $user_login User's username for logging in
307
- * @param string $user_email User's email address to send password and add
308
- * @return int|WP_Error Either user's ID or error on failure.
309
- */
310
- function register_new_user( $user_login, $user_email ) {
311
- $errors = new WP_Error();
312
-
313
- $sanitized_user_login = sanitize_user( $user_login );
314
- $user_email = apply_filters( 'user_registration_email', $user_email );
315
-
316
- // Check the username
317
- if ( $sanitized_user_login == '' ) {
318
- $errors->add( 'empty_username', __( '<strong>ERROR</strong>: Please enter a username.' ) );
319
- } elseif ( ! validate_username( $user_login ) ) {
320
- $errors->add( 'invalid_username', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ) );
321
- $sanitized_user_login = '';
322
- } elseif ( username_exists( $sanitized_user_login ) ) {
323
- $errors->add( 'username_exists', __( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' ) );
324
- }
325
-
326
- // Check the e-mail address
327
- if ( $user_email == '' ) {
328
- $errors->add( 'empty_email', __( '<strong>ERROR</strong>: Please type your e-mail address.' ) );
329
- } elseif ( ! is_email( $user_email ) ) {
330
- $errors->add( 'invalid_email', __( '<strong>ERROR</strong>: The email address isn&#8217;t correct.' ) );
331
- $user_email = '';
332
- } elseif ( email_exists( $user_email ) ) {
333
- $errors->add( 'email_exists', __( '<strong>ERROR</strong>: This email is already registered, please choose another one.' ) );
334
- }
335
-
336
- do_action( 'register_post', $sanitized_user_login, $user_email, $errors );
337
-
338
- $errors = apply_filters( 'registration_errors', $errors, $sanitized_user_login, $user_email );
339
-
340
- if ( $errors->get_error_code() )
341
- return $errors;
342
-
343
- $user_pass = wp_generate_password( 12, false);
344
- $user_id = wp_create_user( $sanitized_user_login, $user_pass, $user_email );
345
- if ( ! $user_id ) {
346
- $errors->add( 'registerfail', sprintf( __( '<strong>ERROR</strong>: Couldn&#8217;t register you&hellip; please contact the <a href="mailto:%s">webmaster</a> !' ), get_option( 'admin_email' ) ) );
347
- return $errors;
348
- }
349
-
350
- update_user_option( $user_id, 'default_password_nag', true, true ); //Set up the Password change nag.
351
-
352
- wp_new_user_notification( $user_id, $user_pass );
353
-
354
- return $user_id;
355
- }
356
-
357
//
358
// Main
359
//
@@ -386,8 +430,21 @@ setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN);
386
if ( SITECOOKIEPATH != COOKIEPATH )
387
setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN);
388
389
- // allow plugins to override the default actions, and to add extra actions if they want
390
do_action( 'login_init' );
391
do_action( 'login_form_' . $action );
392
393
$http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
@@ -399,8 +456,18 @@ case 'postpass' :
399
require_once ABSPATH . 'wp-includes/class-phpass.php';
400
$hasher = new PasswordHash( 8, true );
401
402
- // 10 days
403
- setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH );
404
405
wp_safe_redirect( wp_get_referer() );
406
exit();
@@ -411,7 +478,7 @@ case 'logout' :
411
check_admin_referer('log-out');
412
wp_logout();
413
414
- $redirect_to = !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : site_url() . '/' . get_option('rwl_page') . '/' . '?loggedout=true';
415
wp_safe_redirect( $redirect_to );
416
exit();
417
@@ -423,37 +490,73 @@ case 'retrievepassword' :
423
if ( $http_post ) {
424
$errors = retrieve_password();
425
if ( !is_wp_error($errors) ) {
426
- $redirect_to = !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : site_url() . '/' . get_option('rwl_page') . '/' . '?checkemail=confirm';
427
wp_safe_redirect( $redirect_to );
428
exit();
429
}
430
}
431
432
- if ( isset($_GET['error']) && 'invalidkey' == $_GET['error'] ) $errors->add('invalidkey', __('Sorry, that key does not appear to be valid.'));
433
- $redirect_to = apply_filters( 'lostpassword_redirect', !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '' );
434
435
- do_action('lost_password');
436
login_header(__('Lost Password'), '<p class="message">' . __('Please enter your username or email address. You will receive a link to create a new password via email.') . '</p>', $errors);
437
438
$user_login = isset($_POST['user_login']) ? wp_unslash($_POST['user_login']) : '';
439
440
?>
441
442
- <form name="lostpasswordform" id="lostpasswordform" action="<?php echo site_url() . '/' . get_option('rwl_page') . '/' . '?action=lostpassword'; ?>" method="post">
443
<p>
444
<label for="user_login" ><?php _e('Username or E-mail:') ?><br />
445
<input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label>
446
</p>
447
- <?php do_action('lostpassword_form'); ?>
448
<input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />
449
<p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Get New Password'); ?>" /></p>
450
</form>
451
452
<p id="nav">
453
<a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e('Log in') ?></a>
454
- <?php if ( get_option( 'users_can_register' ) ) : ?>
455
- | <?php echo apply_filters( 'register', sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) ) ); ?>
456
- <?php endif; ?>
457
</p>
458
459
<?php
@@ -465,7 +568,10 @@ case 'rp' :
465
$user = check_password_reset_key($_GET['key'], $_GET['login']);
466
467
if ( is_wp_error($user) ) {
468
- wp_redirect( site_url() . '/' . get_option('rwl_page') . '/' . '?action=lostpassword&error=invalidkey' );
469
exit;
470
}
471
@@ -474,6 +580,14 @@ case 'rp' :
474
if ( isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2'] )
475
$errors->add( 'password_reset_mismatch', __( 'The passwords do not match.' ) );
476
477
do_action( 'validate_password_reset', $errors, $user );
478
479
if ( ( ! $errors->get_error_code() ) && isset( $_POST['pass1'] ) && !empty( $_POST['pass1'] ) ) {
@@ -489,7 +603,7 @@ case 'rp' :
489
login_header(__('Reset Password'), '<p class="message reset-pass">' . __('Enter your new password below.') . '</p>', $errors );
490
491
?>
492
- <form name="resetpassform" id="resetpassform" action="<?php echo site_url() . '/' . get_option('rwl_page') . '/' . '?action=resetpass&key=' . urlencode( $_GET['key'] ) . '&login=' . urlencode( $_GET['login'] ); ?>" method="post" autocomplete="off">
493
<input type="hidden" id="user_login" value="<?php echo esc_attr( $_GET['login'] ); ?>" autocomplete="off" />
494
495
<p>
@@ -510,9 +624,13 @@ case 'rp' :
510
511
<p id="nav">
512
<a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log in' ); ?></a>
513
- <?php if ( get_option( 'users_can_register' ) ) : ?>
514
- | <?php echo apply_filters( 'register', sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) ) ); ?>
515
- <?php endif; ?>
516
</p>
517
518
<?php
@@ -521,13 +639,20 @@ break;
521
522
case 'register' :
523
if ( is_multisite() ) {
524
- // Multisite uses wp-signup.php
525
- wp_redirect( apply_filters( 'wp_signup_location', network_site_url('wp-signup.php') ) );
526
exit;
527
}
528
529
if ( !get_option('users_can_register') ) {
530
- wp_redirect( site_url() . '/' . get_option('rwl_page') . '/' . '?registration=disabled' );
531
exit();
532
}
533
@@ -538,17 +663,25 @@ case 'register' :
538
$user_email = $_POST['user_email'];
539
$errors = register_new_user($user_login, $user_email);
540
if ( !is_wp_error($errors) ) {
541
- $redirect_to = !empty( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : site_url() . '/' . get_option('rwl_page') . '/' . '?checkemail=registered';
542
wp_safe_redirect( $redirect_to );
543
exit();
544
}
545
}
546
547
- $redirect_to = apply_filters( 'registration_redirect', !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '' );
548
login_header(__('Registration Form'), '<p class="message register">' . __('Register For This Site') . '</p>', $errors);
549
?>
550
551
- <form name="registerform" id="registerform" action="<?php echo site_url() . '/' . get_option('rwl_page') . '/' . '?action=register'; ?>" method="post">
552
<p>
553
<label for="user_login"><?php _e('Username') ?><br />
554
<input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr(wp_unslash($user_login)); ?>" size="20" /></label>
@@ -557,7 +690,14 @@ case 'register' :
557
<label for="user_email"><?php _e('E-mail') ?><br />
558
<input type="text" name="user_email" id="user_email" class="input" value="<?php echo esc_attr(wp_unslash($user_email)); ?>" size="25" /></label>
559
</p>
560
- <?php do_action('register_form'); ?>
561
<p id="reg_passmail"><?php _e('A password will be e-mailed to you.') ?></p>
562
<br class="clear" />
563
<input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />
@@ -608,9 +748,23 @@ default:
608
if ( !$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
609
$secure_cookie = false;
610
611
- $user = wp_signon('', $secure_cookie);
612
-
613
- $redirect_to = apply_filters('login_redirect', $redirect_to, isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '', $user);
614
615
if ( !is_wp_error($user) && !$reauth ) {
616
if ( $interim_login ) {
@@ -618,7 +772,9 @@ default:
618
$interim_login = 'success';
619
login_header( '', $message ); ?>
620
</div>
621
- <?php do_action( 'login_footer' ); ?>
622
<?php if ( $customize_login ) : ?>
623
<script type="text/javascript">setTimeout( function(){ new wp.customize.Messenger({ url: '<?php echo wp_customize_url(); ?>', channel: 'login' }).send('login') }, 1000 );</script>
624
<?php endif; ?>
@@ -644,10 +800,6 @@ default:
644
if ( !empty($_GET['loggedout']) || $reauth )
645
$errors = new WP_Error();
646
647
- // If cookies are disabled we can't log in even with a valid user+pass
648
- if ( isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE]) )
649
- $errors->add('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress."));
650
-
651
if ( $interim_login ) {
652
if ( ! $errors->get_error_code() )
653
$errors->add('expired', __('Session expired. Please log in again. You will not move away from this page.'), 'message');
@@ -667,6 +819,14 @@ default:
667
$errors->add('updated', __( '<strong>You have successfully updated WordPress!</strong> Please log back in to experience the awesomeness.' ), 'message' );
668
}
669
670
$errors = apply_filters( 'wp_login_errors', $errors, $redirect_to );
671
672
// Clear any stale cookies.
@@ -674,15 +834,13 @@ default:
674
wp_clear_auth_cookie();
675
676
login_header(__('Log In'), '', $errors);
677
-
678
- $user_login = '';
679
680
if ( isset($_POST['log']) )
681
$user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? esc_attr(wp_unslash($_POST['log'])) : '';
682
$rememberme = ! empty( $_POST['rememberme'] );
683
?>
684
685
- <form name="loginform" id="loginform" action="<?php echo site_url() . '/' . get_option('rwl_page') . '/'; ?>" method="post">
686
<p>
687
<label for="user_login"><?php _e('Username') ?><br />
688
<input type="text" name="log" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label>
@@ -691,7 +849,14 @@ default:
691
<label for="user_pass"><?php _e('Password') ?><br />
692
<input type="password" name="pwd" id="user_pass" class="input" value="" size="20" /></label>
693
</p>
694
- <?php do_action('login_form'); ?>
695
<p class="forgetmenot"><label for="rememberme"><input name="rememberme" type="checkbox" id="rememberme" value="forever" <?php checked( $rememberme ); ?> /> <?php esc_attr_e('Remember Me'); ?></label></p>
696
<p class="submit">
697
<input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Log In'); ?>" />
@@ -709,10 +874,13 @@ default:
709
710
<?php if ( ! $interim_login ) { ?>
711
<p id="nav">
712
- <?php if ( ! isset( $_GET['checkemail'] ) || ! in_array( $_GET['checkemail'], array( 'confirm', 'newpass' ) ) ) : ?>
713
- <?php if ( get_option( 'users_can_register' ) ) : ?>
714
- <?php echo apply_filters( 'register', sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) ) ); ?> |
715
- <?php endif; ?>
716
<a href="<?php echo esc_url( wp_lostpassword_url() ); ?>" title="<?php esc_attr_e( 'Password Lost and Found' ); ?>"><?php _e( 'Lost your password?' ); ?></a>
717
<?php endif; ?>
718
</p>
@@ -738,7 +906,7 @@ d.select();
738
}, 200);
739
}
740
741
- <?php $error = ''; if ( !$error ) { ?>
742
wp_attempt_focus();
743
<?php } ?>
744
if(typeof wpOnload=='function')wpOnload();
@@ -758,4 +926,4 @@ try {
758
<?php
759
login_footer();
760
break;
761
- } // end action switch
1
<?php
2
+ /**
3
+ * WordPress User Page
4
+ *
5
+ * Handles authentication, registering, resetting passwords, forgot password,
6
+ * and other user handling.
7
+ *
8
+ * @package WordPress
9
+ */
10
+
11
+ /** Make sure that the WordPress bootstrap has run before continuing. */
12
+ //require( dirname(__FILE__) . '/wp-load.php' );
13
+
14
+ global $error, $interim_login, $action, $user_login;
15
16
// Redirect to https login if forced to use SSL
17
if ( force_ssl_admin() && ! is_ssl() ) {
25
}
26
27
/**
28
+ * Output the login page header.
29
*
30
+ * @param string $title Optional. WordPress Log In Page title to display in <title/> element. Default 'Log In'.
31
+ * @param string $message Optional. Message to display in header. Default empty.
32
+ * @param string $wp_error Optional. The error to pass. Default empty.
33
* @param WP_Error $wp_error Optional. WordPress Error Object
34
*/
35
+ function login_header( $title = 'Log In', $message = '', $wp_error = '' ) {
36
+ global $error, $interim_login, $action;
37
38
// Don't index any of these forms
39
add_action( 'login_head', 'wp_no_robots' );
40
41
+ if ( wp_is_mobile() )
42
+ add_action( 'login_head', 'wp_login_viewport_meta' );
43
+
44
if ( empty($wp_error) )
45
$wp_error = new WP_Error();
46
47
// Shake it!
48
$shake_error_codes = array( 'empty_password', 'empty_email', 'invalid_email', 'invalidcombo', 'empty_username', 'invalid_username', 'incorrect_password' );
49
+ /**
50
+ * Filter the error codes array for shaking the login form.
51
+ *
52
+ * @since 3.0.0
53
+ *
54
+ * @param array $shake_error_codes Error codes that shake the login form.
55
+ */
56
$shake_error_codes = apply_filters( 'shake_error_codes', $shake_error_codes );
57
58
if ( $shake_error_codes && $wp_error->get_error_code() && in_array( $wp_error->get_error_code(), $shake_error_codes ) )
59
add_action( 'login_head', 'wp_shake_js', 12 );
60
61
?><!DOCTYPE html>
62
+ <!--[if IE 8]>
63
+ <html xmlns="http://www.w3.org/1999/xhtml" class="ie8" <?php language_attributes(); ?>>
64
+ <![endif]-->
65
+ <!--[if !(IE 8) ]><!-->
66
+ <html xmlns="http://www.w3.org/1999/xhtml" <?php language_attributes(); ?>>
67
+ <!--<![endif]-->
68
<head>
69
<meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" />
70
<title><?php bloginfo('name'); ?> &rsaquo; <?php echo $title; ?></title>
72
73
wp_admin_css( 'wp-admin', true );
74
wp_admin_css( 'colors-fresh', true );
75
+ wp_admin_css( 'ie', true );
76
77
// Remove all stored post data on logging out.
78
// This could be added by add_action('login_head'...) like wp_shake_js()
83
<?php
84
}
85
86
+ /**
87
+ * Enqueue scripts and styles for the login page.
88
+ *
89
+ * @since 3.1.0
90
+ */
91
do_action( 'login_enqueue_scripts' );
92
+ /**
93
+ * Fires in the login page header after scripts are enqueued.
94
+ *
95
+ * @since 2.1.0
96
+ */
97
do_action( 'login_head' );
98
99
if ( is_multisite() ) {
100
$login_header_url = network_home_url();
101
+ $login_header_title = get_current_site()->site_name;
102
} else {
103
$login_header_url = __( 'http://wordpress.org/' );
104
$login_header_title = __( 'Powered by WordPress' );
105
}
106
107
+ /**
108
+ * Filter link URL of the header logo above login form.
109
+ *
110
+ * @since 2.1.0
111
+ *
112
+ * @param string $login_header_url Login header logo URL.
113
+ */
114
+ $login_header_url = apply_filters( 'login_headerurl', $login_header_url );
115
+ /**
116
+ * Filter the title attribute of the header logo above login form.
117
+ *
118
+ * @since 2.1.0
119
+ *
120
+ * @param string $login_header_title Login header logo title attribute.
121
+ */
122
$login_header_title = apply_filters( 'login_headertitle', $login_header_title );
123
124
$classes = array( 'login-action-' . $action, 'wp-core-ui' );
136
$classes[] = 'interim-login-success';
137
}
138
139
+ /**
140
+ * Filter the login page body classes.
141
+ *
142
+ * @since 3.5.0
143
+ *
144
+ * @param array $classes An array of body classes.
145
+ * @param string $action The action that brought the visitor to the login page.
146
+ */
147
$classes = apply_filters( 'login_body_class', $classes, $action );
148
149
?>
155
156
unset( $login_header_url, $login_header_title );
157
158
+ /**
159
+ * Filter the message to display above the login form.
160
+ *
161
+ * @since 2.1.0
162
+ *
163
+ * @param string $message Login message text.
164
+ */
165
+ $message = apply_filters( 'login_message', $message );
166
if ( !empty( $message ) )
167
echo $message . "\n";
168
184
$errors .= ' ' . $error . "<br />\n";
185
}
186
}
187
+ if ( ! empty( $errors ) ) {
188
+ /**
189
+ * Filter the error messages displayed above the login form.
190
+ *
191
+ * @since 2.1.0
192
+ *
193
+ * @param string $errors Login error message.
194
+ */
195
+ echo '<div id="login_error">' . apply_filters( 'login_errors', $errors ) . "</div>\n";
196
+ }
197
+ if ( ! empty( $messages ) ) {
198
+ /**
199
+ * Filter instructional messages displayed above the login form.
200
+ *
201
+ * @since 2.5.0
202
+ *
203
+ * @param string $messages Login messages.
204
+ */
205
+ echo '<p class="message">' . apply_filters( 'login_messages', $messages ) . "</p>\n";
206
+ }
207
}
208
} // End of login_header()
209
229
</script>
230
<?php endif; ?>
231
232
+ <?php
233
+ /**
234
+ * Fires in the login page footer.
235
+ *
236
+ * @since 3.1.0
237
+ */
238
+ do_action( 'login_footer' ); ?>
239
<div class="clear"></div>
240
</body>
241
</html>
256
<?php
257
}
258
259
+ function wp_login_viewport_meta() {
260
+ ?>
261
+ <meta name="viewport" content="width=device-width" />
262
+ <?php
263
+ }
264
+
265
/**
266
* Handles sending password retrieval email to user.
267
*
270
* @return bool|WP_Error True: when finish. WP_Error on error
271
*/
272
function retrieve_password() {
273
+ global $wpdb, $wp_hasher;
274
275
$errors = new WP_Error();
276
285
$user_data = get_user_by('login', $login);
286
}
287
288
+ /**
289
+ * Fires before errors are returned from a password reset request.
290
+ *
291
+ * @since 2.1.0
292
+ */
293
+ do_action( 'lostpassword_post' );
294
295
if ( $errors->get_error_code() )
296
return $errors;
304
$user_login = $user_data->user_login;
305
$user_email = $user_data->user_email;
306
307
+ /**
308
+ * Fires before a new password is retrieved.
309
+ *
310
+ * @since 1.5.0
311
+ * @deprecated 1.5.1 Misspelled. Use 'retrieve_password' hook instead.
312
+ *
313
+ * @param string $user_login The user login name.
314
+ */
315
+ do_action( 'retreive_password', $user_login );
316
+ /**
317
+ * Fires before a new password is retrieved.
318
+ *
319
+ * @since 1.5.1
320
+ *
321
+ * @param string $user_login The user login name.
322
+ */
323
+ do_action( 'retrieve_password', $user_login );
324
+
325
+ /**
326
+ * Filter whether to allow a password to be reset.
327
+ *
328
+ * @since 2.7.0
329
+ *
330
+ * @param bool true Whether to allow the password to be reset. Default true.
331
+ * @param int $user_data->ID The ID of the user attempting to reset a password.
332
+ */
333
+ $allow = apply_filters( 'allow_password_reset', true, $user_data->ID );
334
335
if ( ! $allow )
336
return new WP_Error('no_password_reset', __('Password reset is not allowed for this user'));
337
else if ( is_wp_error($allow) )
338
return $allow;
339
340
+ // Generate something random for a password reset key.
341
+ $key = wp_generate_password( 20, false );
342
+
343
+ /**
344
+ * Fires when a password reset key is generated.
345
+ *
346
+ * @since 2.5.0
347
+ *
348
+ * @param string $user_login The username for the user.
349
+ * @param string $key The generated password reset key.
350
+ */
351
+ do_action( 'retrieve_password_key', $user_login, $key );
352
+
353
+ // Now insert the key, hashed, into the DB.
354
+ if ( empty( $wp_hasher ) ) {
355
+ require_once ABSPATH . 'wp-includes/class-phpass.php';
356
+ $wp_hasher = new PasswordHash( 8, true );
357
}
358
+ $hashed = $wp_hasher->HashPassword( $key );
359
+ $wpdb->update( $wpdb->users, array( 'user_activation_key' => $hashed ), array( 'user_login' => $user_login ) );
360
+
361
$message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n";
362
$message .= network_home_url( '/' ) . "\r\n\r\n";
363
$message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
364
$message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n";
365
$message .= __('To reset your password, visit the following address:') . "\r\n\r\n";
366
+ $message .= '<' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ">\r\n";
367
368
if ( is_multisite() )
369
$blogname = $GLOBALS['current_site']->site_name;
374
375
$title = sprintf( __('[%s] Password Reset'), $blogname );
376
377
+ /**
378
+ * Filter the subject of the password reset email.
379
+ *
380
+ * @since 2.8.0
381
+ *
382
+ * @param string $title Default email title.
383
+ */
384
+ $title = apply_filters( 'retrieve_password_title', $title );
385
+ /**
386
+ * Filter the message body of the password reset mail.
387
+ *
388
+ * @since 2.8.0
389
+ *
390
+ * @param string $message Default mail message.
391
+ * @param string $key The activation key.
392
+ */
393
+ $message = apply_filters( 'retrieve_password_message', $message, $key );
394
395
if ( $message && !wp_mail($user_email, $title, $message) )
396
wp_die( __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function.') );
398
return true;
399
}
400
401
//
402
// Main
403
//
430
if ( SITECOOKIEPATH != COOKIEPATH )
431
setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN);
432
433
+ /**
434
+ * Fires when the login form is initialized.
435
+ *
436
+ * @since 3.2.0
437
+ */
438
do_action( 'login_init' );
439
+ /**
440
+ * Fires before a specified login form action.
441
+ *
442
+ * The dynamic portion of the hook name, $action, refers to the action
443
+ * that brought the visitor to the login form. Actions include 'postpass',
444
+ * 'logout', 'lostpassword', etc.
445
+ *
446
+ * @since 2.8.0
447
+ */
448
do_action( 'login_form_' . $action );
449
450
$http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
456
require_once ABSPATH . 'wp-includes/class-phpass.php';
457
$hasher = new PasswordHash( 8, true );
458
459
+ /**
460
+ * Filter the life span of the post password cookie.
461
+ *
462
+ * By default, the cookie expires 10 days from creation. To turn this
463
+ * into a session cookie, return 0.
464
+ *
465
+ * @since 3.7.0
466
+ *
467
+ * @param int $expires The expiry time, as passed to setcookie().
468
+ */
469
+ $expire = apply_filters( 'post_password_expires', time() + 10 * DAY_IN_SECONDS );
470
+ setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), $expire, COOKIEPATH );
471
472
wp_safe_redirect( wp_get_referer() );
473
exit();
478
check_admin_referer('log-out');
479
wp_logout();
480
481
+ $redirect_to = !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : 'wp-login.php?loggedout=true';
482
wp_safe_redirect( $redirect_to );
483
exit();
484
490
if ( $http_post ) {
491
$errors = retrieve_password();
492
if ( !is_wp_error($errors) ) {
493
+ $redirect_to = !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : 'wp-login.php?checkemail=confirm';
494
wp_safe_redirect( $redirect_to );
495
exit();
496
}
497
}
498
499
+ if ( isset( $_GET['error'] ) ) {
500
+ if ( 'invalidkey' == $_GET['error'] )
501
+ $errors->add( 'invalidkey', __( 'Sorry, that key does not appear to be valid.' ) );
502
+ elseif ( 'expiredkey' == $_GET['error'] )
503
+ $errors->add( 'expiredkey', __( 'Sorry, that key has expired. Please try again.' ) );
504
+ }
505
+
506
+ $lostpassword_redirect = ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
507
+ /**
508
+ * Filter the URL redirected to after submitting the lostpassword/retrievepassword form.
509
+ *
510
+ * @since 3.0.0
511
+ *
512
+ * @param string $lostpassword_redirect The redirect destination URL.
513
+ */
514
+ $redirect_to = apply_filters( 'lostpassword_redirect', $lostpassword_redirect );
515
+
516
+ /**
517
+ * Fires before the lost password form.
518
+ *
519
+ * @since 1.5.1
520
+ */
521
+ do_action( 'lost_password' );
522
523
login_header(__('Lost Password'), '<p class="message">' . __('Please enter your username or email address. You will receive a link to create a new password via email.') . '</p>', $errors);
524
525
$user_login = isset($_POST['user_login']) ? wp_unslash($_POST['user_login']) : '';
526
527
?>
528
529
+ <form name="lostpasswordform" id="lostpasswordform" action="<?php echo esc_url( site_url( 'wp-login.php?action=lostpassword', 'login_post' ) ); ?>" method="post">
530
<p>
531
<label for="user_login" ><?php _e('Username or E-mail:') ?><br />
532
<input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label>
533
</p>
534
+ <?php
535
+ /**
536
+ * Fires inside the lostpassword <form> tags, before the hidden fields.
537
+ *
538
+ * @since 2.1.0
539
+ */
540
+ do_action( 'lostpassword_form' ); ?>
541
<input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />
542
<p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Get New Password'); ?>" /></p>
543
</form>
544
545
<p id="nav">
546
<a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e('Log in') ?></a>
547
+ <?php
548
+ if ( get_option( 'users_can_register' ) ) :
549
+ $registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) );
550
+ /**
551
+ * Filter the registration URL below the login form.
552
+ *
553
+ * @since 1.5.0
554
+ *
555
+ * @param string $registration_url Registration URL.
556
+ */
557
+ echo ' | ' . apply_filters( 'register', $registration_url );
558
+ endif;
559
+ ?>
560
</p>
561
562
<?php
568
$user = check_password_reset_key($_GET['key'], $_GET['login']);
569
570
if ( is_wp_error($user) ) {
571
+ if ( $user->get_error_code() === 'expired_key' )
572
+ wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=expiredkey' ) );
573
+ else
574
+ wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=invalidkey' ) );
575
exit;
576
}
577
580
if ( isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2'] )
581
$errors->add( 'password_reset_mismatch', __( 'The passwords do not match.' ) );
582
583
+ /**
584
+ * Fires before the password reset procedure is validated.
585
+ *
586
+ * @since 3.5.0
587
+ *
588
+ * @param object $errors WP Error object.
589
+ * @param WP_User|WP_Error $user WP_User object if the login and reset key match. WP_Error object otherwise.
590
+ */
591
do_action( 'validate_password_reset', $errors, $user );
592
593
if ( ( ! $errors->get_error_code() ) && isset( $_POST['pass1'] ) && !empty( $_POST['pass1'] ) ) {
603
login_header(__('Reset Password'), '<p class="message reset-pass">' . __('Enter your new password below.') . '</p>', $errors );
604
605
?>
606
+ <form name="resetpassform" id="resetpassform" action="<?php echo esc_url( site_url( 'wp-login.php?action=resetpass&key=' . urlencode( $_GET['key'] ) . '&login=' . urlencode( $_GET['login'] ), 'login_post' ) ); ?>" method="post" autocomplete="off">
607
<input type="hidden" id="user_login" value="<?php echo esc_attr( $_GET['login'] ); ?>" autocomplete="off" />
608
609
<p>
624
625
<p id="nav">
626
<a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log in' ); ?></a>
627
+ <?php
628
+ if ( get_option( 'users_can_register' ) ) :
629
+ $registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) );
630
+ /** This filter is documented in wp-login.php */
631
+ echo ' | ' . apply_filters( 'register', $registration_url );
632
+ endif;
633
+ ?>
634
</p>
635
636
<?php
639
640
case 'register' :
641
if ( is_multisite() ) {
642
+ $sign_up_url = network_site_url( 'wp-signup.php' );
643
+ /**
644
+ * Filter the Multisite sign up URL.
645
+ *
646
+ * @since 3.0.0
647
+ *
648
+ * @param string $sign_up_url The sign up URL.
649
+ */
650
+ wp_redirect( apply_filters( 'wp_signup_location', $sign_up_url ) );
651
exit;
652
}
653
654
if ( !get_option('users_can_register') ) {
655
+ wp_redirect( site_url('wp-login.php?registration=disabled') );
656
exit();
657
}
658
663
$user_email = $_POST['user_email'];
664
$errors = register_new_user($user_login, $user_email);
665
if ( !is_wp_error($errors) ) {
666
+ $redirect_to = !empty( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : 'wp-login.php?checkemail=registered';
667
wp_safe_redirect( $redirect_to );
668
exit();
669
}
670
}
671
672
+ $registration_redirect = ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
673
+ /**
674
+ * Filter the registration redirect URL.
675
+ *
676
+ * @since 3.0.0
677
+ *
678
+ * @param string $registration_redirect The redirect destination URL.
679
+ */
680
+ $redirect_to = apply_filters( 'registration_redirect', $registration_redirect );
681
login_header(__('Registration Form'), '<p class="message register">' . __('Register For This Site') . '</p>', $errors);
682
?>
683
684
+ <form name="registerform" id="registerform" action="<?php echo esc_url( site_url('wp-login.php?action=register', 'login_post') ); ?>" method="post">
685
<p>
686
<label for="user_login"><?php _e('Username') ?><br />
687
<input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr(wp_unslash($user_login)); ?>" size="20" /></label>
690
<label for="user_email"><?php _e('E-mail') ?><br />
691
<input type="text" name="user_email" id="user_email" class="input" value="<?php echo esc_attr(wp_unslash($user_email)); ?>" size="25" /></label>
692
</p>
693
+ <?php
694
+ /**
695
+ * Fires following the 'E-mail' field in the user registration form.
696
+ *
697
+ * @since 2.1.0
698
+ */
699
+ do_action( 'register_form' );
700
+ ?>
701
<p id="reg_passmail"><?php _e('A password will be e-mailed to you.') ?></p>
702
<br class="clear" />
703
<input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />
748
if ( !$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
749
$secure_cookie = false;
750
751
+ // If cookies are disabled we can't log in even with a valid user+pass
752
+ if ( isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE]) )
753
+ $user = new WP_Error('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress."));
754
+ else
755
+ $user = wp_signon('', $secure_cookie);
756
+
757
+ $requested_redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
758
+ /**
759
+ * Filter the login redirect URL.
760
+ *
761
+ * @since 3.0.0
762
+ *
763
+ * @param string $redirect_to The redirect destination URL.
764
+ * @param string $requested_redirect_to The requested redirect destination URL passed as a parameter.
765
+ * @param WP_User|WP_Error $user WP_User object if login was successful, WP_Error object otherwise.
766
+ */
767
+ $redirect_to = apply_filters( 'login_redirect', $redirect_to, $requested_redirect_to, $user );
768
769
if ( !is_wp_error($user) && !$reauth ) {
770
if ( $interim_login ) {
772
$interim_login = 'success';
773
login_header( '', $message ); ?>
774
</div>
775
+ <?php
776
+ /** This action is documented in wp-login.php */
777
+ do_action( 'login_footer' ); ?>
778
<?php if ( $customize_login ) : ?>
779
<script type="text/javascript">setTimeout( function(){ new wp.customize.Messenger({ url: '<?php echo wp_customize_url(); ?>', channel: 'login' }).send('login') }, 1000 );</script>
780
<?php endif; ?>
800
if ( !empty($_GET['loggedout']) || $reauth )
801
$errors = new WP_Error();
802
803
if ( $interim_login ) {
804
if ( ! $errors->get_error_code() )
805
$errors->add('expired', __('Session expired. Please log in again. You will not move away from this page.'), 'message');
819
$errors->add('updated', __( '<strong>You have successfully updated WordPress!</strong> Please log back in to experience the awesomeness.' ), 'message' );
820
}
821
822
+ /**
823
+ * Filter the login page errors.
824
+ *
825
+ * @since 3.6.0
826
+ *
827
+ * @param object $errors WP Error object.
828
+ * @param string $redirect_to Redirect destination URL.
829
+ */
830
$errors = apply_filters( 'wp_login_errors', $errors, $redirect_to );
831
832
// Clear any stale cookies.
834
wp_clear_auth_cookie();
835
836
login_header(__('Log In'), '', $errors);
837
838
if ( isset($_POST['log']) )
839
$user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? esc_attr(wp_unslash($_POST['log'])) : '';
840
$rememberme = ! empty( $_POST['rememberme'] );
841
?>
842
843
+ <form name="loginform" id="loginform" action="<?php echo esc_url( site_url( 'wp-login.php', 'login_post' ) ); ?>" method="post">
844
<p>
845
<label for="user_login"><?php _e('Username') ?><br />
846
<input type="text" name="log" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label>
849
<label for="user_pass"><?php _e('Password') ?><br />
850
<input type="password" name="pwd" id="user_pass" class="input" value="" size="20" /></label>
851
</p>
852
+ <?php
853
+ /**
854
+ * Fires following the 'Password' field in the login form.
855
+ *
856
+ * @since 2.1.0
857
+ */
858
+ do_action( 'login_form' );
859
+ ?>
860
<p class="forgetmenot"><label for="rememberme"><input name="rememberme" type="checkbox" id="rememberme" value="forever" <?php checked( $rememberme ); ?> /> <?php esc_attr_e('Remember Me'); ?></label></p>
861
<p class="submit">
862
<input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Log In'); ?>" />
874
875
<?php if ( ! $interim_login ) { ?>
876
<p id="nav">
877
+ <?php if ( ! isset( $_GET['checkemail'] ) || ! in_array( $_GET['checkemail'], array( 'confirm', 'newpass' ) ) ) :
878
+ if ( get_option( 'users_can_register' ) ) :
879
+ $registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) );
880
+ /** This filter is documented in wp-login.php */
881
+ echo apply_filters( 'register', $registration_url ) . ' | ';
882
+ endif;
883
+ ?>
884
<a href="<?php echo esc_url( wp_lostpassword_url() ); ?>" title="<?php esc_attr_e( 'Password Lost and Found' ); ?>"><?php _e( 'Lost your password?' ); ?></a>
885
<?php endif; ?>
886
</p>
906
}, 200);
907
}
908
909
+ <?php if ( !$error ) { ?>
910
wp_attempt_focus();
911
<?php } ?>
912
if(typeof wpOnload=='function')wpOnload();
926
<?php
927
login_footer();
928
break;
929
+ } // end action switch