Rename wp-login.php - Version 2.4

Version Description

  • WordPress 4.0 compatible.
Download this release

Release Info

Developer avryl
Plugin Icon 128x128 Rename wp-login.php
Version 2.4
Comparing to
See all releases

Code changes from version 2.3 to 2.4

Files changed (4) hide show
  1. readme.txt +7 -3
  2. rename-wp-login.php +4 -18
  3. rwl-login-3.8.php +0 -929
  4. rwl-login-3.9.php → rwl-login.php +74 -58
readme.txt CHANGED
@@ -3,9 +3,9 @@
3
  Contributors: avryl
4
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=49WXVSPP2HUKG
5
  Tags: rename, login, wp-login, wp-login.php, brute force attacks, custom login url, security
6
- Requires at least: 3.8
7
- Tested up to: 3.9
8
- Stable tag: 2.3
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
 
@@ -62,6 +62,10 @@ On a multisite install the `rwl_page` option will be in the sitemeta table, if t
62
 
63
  == Changelog ==
64
 
 
 
 
 
65
  = 2.3 =
66
 
67
  * WordPress 3.9 compatible.
3
  Contributors: avryl
4
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=49WXVSPP2HUKG
5
  Tags: rename, login, wp-login, wp-login.php, brute force attacks, custom login url, security
6
+ Requires at least: 4.0
7
+ Tested up to: 4.0
8
+ Stable tag: 2.4
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
 
62
 
63
  == Changelog ==
64
 
65
+ = 2.4 =
66
+
67
+ * WordPress 4.0 compatible.
68
+
69
  = 2.3 =
70
 
71
  * WordPress 3.9 compatible.
rename-wp-login.php CHANGED
@@ -6,7 +6,7 @@ Plugin URI: http://wordpress.org/plugins/rename-wp-login/
6
  Description: Change wp-login.php to whatever you want. It can also prevent a lot of brute force attacks.
7
  Author: avryl
8
  Author URI: http://profiles.wordpress.org/avryl/
9
- Version: 2.3
10
  Text Domain: rename-wp-login
11
  License: GPLv2 or later
12
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -105,7 +105,7 @@ if ( defined( 'ABSPATH' )
105
 
106
  global $wp_version;
107
 
108
- if ( version_compare( $wp_version, '3.8', '<' ) ) {
109
 
110
  add_action( 'admin_notices', array( $this, 'admin_notices_incompatible' ) );
111
  add_action( 'network_admin_notices', array( $this, 'admin_notices_incompatible' ) );
@@ -155,7 +155,7 @@ if ( defined( 'ABSPATH' )
155
 
156
  public function admin_notices_incompatible() {
157
 
158
- echo '<div class="update-nag"><p>Please upgrade to the latest version of WordPress to activate <strong>Rename wp-login.php</strong>.</p></div>';
159
 
160
  }
161
 
@@ -489,21 +489,7 @@ if ( defined( 'ABSPATH' )
489
 
490
  elseif ( $pagenow === 'wp-login.php' ) {
491
 
492
- global $wp_version;
493
-
494
- $version = explode( '.', $wp_version );
495
- $major = $version[0];
496
- $minor = $version[1];
497
-
498
- if ( file_exists( $this->path() . 'rwl-login-' . $major . '.' . $minor . '.php' ) ) {
499
-
500
- require_once( $this->path() . 'rwl-login-' . $major . '.' . $minor . '.php' );
501
-
502
- } else {
503
-
504
- require_once( $this->path() . 'rwl-login-3.9.php' );
505
-
506
- }
507
 
508
  die;
509
 
6
  Description: Change wp-login.php to whatever you want. It can also prevent a lot of brute force attacks.
7
  Author: avryl
8
  Author URI: http://profiles.wordpress.org/avryl/
9
+ Version: 2.4
10
  Text Domain: rename-wp-login
11
  License: GPLv2 or later
12
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
105
 
106
  global $wp_version;
107
 
108
+ if ( version_compare( $wp_version, '4.0-RC1-src', '<' ) ) {
109
 
110
  add_action( 'admin_notices', array( $this, 'admin_notices_incompatible' ) );
111
  add_action( 'network_admin_notices', array( $this, 'admin_notices_incompatible' ) );
155
 
156
  public function admin_notices_incompatible() {
157
 
158
+ echo '<div class="error"><p>Please upgrade to the latest version of WordPress to activate <strong>Rename wp-login.php</strong>.</p></div>';
159
 
160
  }
161
 
489
 
490
  elseif ( $pagenow === 'wp-login.php' ) {
491
 
492
+ require_once $this->path() . 'rwl-login.php';
 
 
 
 
 
 
 
 
 
 
 
 
 
 
493
 
494
  die;
495
 
rwl-login-3.8.php DELETED
@@ -1,929 +0,0 @@
1
- <?php
2
- /**
3
- * WordPress User Page
4
- *
5
- * Handles authentication, registering, resetting passwords, forgot password,
6
- * and other user handling.
7
- *
8
- * @package WordPress
9
- */
10
-
11
- /** Make sure that the WordPress bootstrap has run before continuing. */
12
- //require( dirname(__FILE__) . '/wp-load.php' );
13
-
14
- global $error, $interim_login, $action, $user_login;
15
-
16
- // Redirect to https login if forced to use SSL
17
- if ( force_ssl_admin() && ! is_ssl() ) {
18
- if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
19
- wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
20
- exit();
21
- } else {
22
- wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
23
- exit();
24
- }
25
- }
26
-
27
- /**
28
- * Output the login page header.
29
- *
30
- * @param string $title Optional. WordPress Log In Page title to display in <title/> element. Default 'Log In'.
31
- * @param string $message Optional. Message to display in header. Default empty.
32
- * @param string $wp_error Optional. The error to pass. Default empty.
33
- * @param WP_Error $wp_error Optional. WordPress Error Object
34
- */
35
- function login_header( $title = 'Log In', $message = '', $wp_error = '' ) {
36
- global $error, $interim_login, $action;
37
-
38
- // Don't index any of these forms
39
- add_action( 'login_head', 'wp_no_robots' );
40
-
41
- if ( wp_is_mobile() )
42
- add_action( 'login_head', 'wp_login_viewport_meta' );
43
-
44
- if ( empty($wp_error) )
45
- $wp_error = new WP_Error();
46
-
47
- // Shake it!
48
- $shake_error_codes = array( 'empty_password', 'empty_email', 'invalid_email', 'invalidcombo', 'empty_username', 'invalid_username', 'incorrect_password' );
49
- /**
50
- * Filter the error codes array for shaking the login form.
51
- *
52
- * @since 3.0.0
53
- *
54
- * @param array $shake_error_codes Error codes that shake the login form.
55
- */
56
- $shake_error_codes = apply_filters( 'shake_error_codes', $shake_error_codes );
57
-
58
- if ( $shake_error_codes && $wp_error->get_error_code() && in_array( $wp_error->get_error_code(), $shake_error_codes ) )
59
- add_action( 'login_head', 'wp_shake_js', 12 );
60
-
61
- ?><!DOCTYPE html>
62
- <!--[if IE 8]>
63
- <html xmlns="http://www.w3.org/1999/xhtml" class="ie8" <?php language_attributes(); ?>>
64
- <![endif]-->
65
- <!--[if !(IE 8) ]><!-->
66
- <html xmlns="http://www.w3.org/1999/xhtml" <?php language_attributes(); ?>>
67
- <!--<![endif]-->
68
- <head>
69
- <meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" />
70
- <title><?php bloginfo('name'); ?> &rsaquo; <?php echo $title; ?></title>
71
- <?php
72
-
73
- wp_admin_css( 'wp-admin', true );
74
- wp_admin_css( 'colors-fresh', true );
75
- wp_admin_css( 'ie', true );
76
-
77
- // Remove all stored post data on logging out.
78
- // This could be added by add_action('login_head'...) like wp_shake_js()
79
- // but maybe better if it's not removable by plugins
80
- if ( 'loggedout' == $wp_error->get_error_code() ) {
81
- ?>
82
- <script>if("sessionStorage" in window){try{for(var key in sessionStorage){if(key.indexOf("wp-autosave-")!=-1){sessionStorage.removeItem(key)}}}catch(e){}};</script>
83
- <?php
84
- }
85
-
86
- /**
87
- * Enqueue scripts and styles for the login page.
88
- *
89
- * @since 3.1.0
90
- */
91
- do_action( 'login_enqueue_scripts' );
92
- /**
93
- * Fires in the login page header after scripts are enqueued.
94
- *
95
- * @since 2.1.0
96
- */
97
- do_action( 'login_head' );
98
-
99
- if ( is_multisite() ) {
100
- $login_header_url = network_home_url();
101
- $login_header_title = get_current_site()->site_name;
102
- } else {
103
- $login_header_url = __( 'http://wordpress.org/' );
104
- $login_header_title = __( 'Powered by WordPress' );
105
- }
106
-
107
- /**
108
- * Filter link URL of the header logo above login form.
109
- *
110
- * @since 2.1.0
111
- *
112
- * @param string $login_header_url Login header logo URL.
113
- */
114
- $login_header_url = apply_filters( 'login_headerurl', $login_header_url );
115
- /**
116
- * Filter the title attribute of the header logo above login form.
117
- *
118
- * @since 2.1.0
119
- *
120
- * @param string $login_header_title Login header logo title attribute.
121
- */
122
- $login_header_title = apply_filters( 'login_headertitle', $login_header_title );
123
-
124
- $classes = array( 'login-action-' . $action, 'wp-core-ui' );
125
- if ( wp_is_mobile() )
126
- $classes[] = 'mobile';
127
- if ( is_rtl() )
128
- $classes[] = 'rtl';
129
- if ( $interim_login ) {
130
- $classes[] = 'interim-login';
131
- ?>
132
- <style type="text/css">html{background-color: transparent;}</style>
133
- <?php
134
-
135
- if ( 'success' === $interim_login )
136
- $classes[] = 'interim-login-success';
137
- }
138
-
139
- /**
140
- * Filter the login page body classes.
141
- *
142
- * @since 3.5.0
143
- *
144
- * @param array $classes An array of body classes.
145
- * @param string $action The action that brought the visitor to the login page.
146
- */
147
- $classes = apply_filters( 'login_body_class', $classes, $action );
148
-
149
- ?>
150
- </head>
151
- <body class="login <?php echo esc_attr( implode( ' ', $classes ) ); ?>">
152
- <div id="login">
153
- <h1><a href="<?php echo esc_url( $login_header_url ); ?>" title="<?php echo esc_attr( $login_header_title ); ?>"><?php bloginfo( 'name' ); ?></a></h1>
154
- <?php
155
-
156
- unset( $login_header_url, $login_header_title );
157
-
158
- /**
159
- * Filter the message to display above the login form.
160
- *
161
- * @since 2.1.0
162
- *
163
- * @param string $message Login message text.
164
- */
165
- $message = apply_filters( 'login_message', $message );
166
- if ( !empty( $message ) )
167
- echo $message . "\n";
168
-
169
- // In case a plugin uses $error rather than the $wp_errors object
170
- if ( !empty( $error ) ) {
171
- $wp_error->add('error', $error);
172
- unset($error);
173
- }
174
-
175
- if ( $wp_error->get_error_code() ) {
176
- $errors = '';
177
- $messages = '';
178
- foreach ( $wp_error->get_error_codes() as $code ) {
179
- $severity = $wp_error->get_error_data($code);
180
- foreach ( $wp_error->get_error_messages($code) as $error ) {
181
- if ( 'message' == $severity )
182
- $messages .= ' ' . $error . "<br />\n";
183
- else
184
- $errors .= ' ' . $error . "<br />\n";
185
- }
186
- }
187
- if ( ! empty( $errors ) ) {
188
- /**
189
- * Filter the error messages displayed above the login form.
190
- *
191
- * @since 2.1.0
192
- *
193
- * @param string $errors Login error message.
194
- */
195
- echo '<div id="login_error">' . apply_filters( 'login_errors', $errors ) . "</div>\n";
196
- }
197
- if ( ! empty( $messages ) ) {
198
- /**
199
- * Filter instructional messages displayed above the login form.
200
- *
201
- * @since 2.5.0
202
- *
203
- * @param string $messages Login messages.
204
- */
205
- echo '<p class="message">' . apply_filters( 'login_messages', $messages ) . "</p>\n";
206
- }
207
- }
208
- } // End of login_header()
209
-
210
- /**
211
- * Outputs the footer for the login page.
212
- *
213
- * @param string $input_id Which input to auto-focus
214
- */
215
- function login_footer($input_id = '') {
216
- global $interim_login;
217
-
218
- // Don't allow interim logins to navigate away from the page.
219
- if ( ! $interim_login ): ?>
220
- <p id="backtoblog"><a href="<?php echo esc_url( home_url( '/' ) ); ?>" title="<?php esc_attr_e( 'Are you lost?' ); ?>"><?php printf( __( '&larr; Back to %s' ), get_bloginfo( 'title', 'display' ) ); ?></a></p>
221
- <?php endif; ?>
222
-
223
- </div>
224
-
225
- <?php if ( !empty($input_id) ) : ?>
226
- <script type="text/javascript">
227
- try{document.getElementById('<?php echo $input_id; ?>').focus();}catch(e){}
228
- if(typeof wpOnload=='function')wpOnload();
229
- </script>
230
- <?php endif; ?>
231
-
232
- <?php
233
- /**
234
- * Fires in the login page footer.
235
- *
236
- * @since 3.1.0
237
- */
238
- do_action( 'login_footer' ); ?>
239
- <div class="clear"></div>
240
- </body>
241
- </html>
242
- <?php
243
- }
244
-
245
- function wp_shake_js() {
246
- if ( wp_is_mobile() )
247
- return;
248
- ?>
249
- <script type="text/javascript">
250
- addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
251
- function s(id,pos){g(id).left=pos+'px';}
252
- function g(id){return document.getElementById(id).style;}
253
- function shake(id,a,d){c=a.shift();s(id,c);if(a.length>0){setTimeout(function(){shake(id,a,d);},d);}else{try{g(id).position='static';wp_attempt_focus();}catch(e){}}}
254
- addLoadEvent(function(){ var p=new Array(15,30,15,0,-15,-30,-15,0);p=p.concat(p.concat(p));var i=document.forms[0].id;g(i).position='relative';shake(i,p,20);});
255
- </script>
256
- <?php
257
- }
258
-
259
- function wp_login_viewport_meta() {
260
- ?>
261
- <meta name="viewport" content="width=device-width" />
262
- <?php
263
- }
264
-
265
- /**
266
- * Handles sending password retrieval email to user.
267
- *
268
- * @uses $wpdb WordPress Database object
269
- *
270
- * @return bool|WP_Error True: when finish. WP_Error on error
271
- */
272
- function retrieve_password() {
273
- global $wpdb, $wp_hasher;
274
-
275
- $errors = new WP_Error();
276
-
277
- if ( empty( $_POST['user_login'] ) ) {
278
- $errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or e-mail address.'));
279
- } else if ( strpos( $_POST['user_login'], '@' ) ) {
280
- $user_data = get_user_by( 'email', trim( $_POST['user_login'] ) );
281
- if ( empty( $user_data ) )
282
- $errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.'));
283
- } else {
284
- $login = trim($_POST['user_login']);
285
- $user_data = get_user_by('login', $login);
286
- }
287
-
288
- /**
289
- * Fires before errors are returned from a password reset request.
290
- *
291
- * @since 2.1.0
292
- */
293
- do_action( 'lostpassword_post' );
294
-
295
- if ( $errors->get_error_code() )
296
- return $errors;
297
-
298
- if ( !$user_data ) {
299
- $errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or e-mail.'));
300
- return $errors;
301
- }
302
-
303
- // redefining user_login ensures we return the right case in the email
304
- $user_login = $user_data->user_login;
305
- $user_email = $user_data->user_email;
306
-
307
- /**
308
- * Fires before a new password is retrieved.
309
- *
310
- * @since 1.5.0
311
- * @deprecated 1.5.1 Misspelled. Use 'retrieve_password' hook instead.
312
- *
313
- * @param string $user_login The user login name.
314
- */
315
- do_action( 'retreive_password', $user_login );
316
- /**
317
- * Fires before a new password is retrieved.
318
- *
319
- * @since 1.5.1
320
- *
321
- * @param string $user_login The user login name.
322
- */
323
- do_action( 'retrieve_password', $user_login );
324
-
325
- /**
326
- * Filter whether to allow a password to be reset.
327
- *
328
- * @since 2.7.0
329
- *
330
- * @param bool true Whether to allow the password to be reset. Default true.
331
- * @param int $user_data->ID The ID of the user attempting to reset a password.
332
- */
333
- $allow = apply_filters( 'allow_password_reset', true, $user_data->ID );
334
-
335
- if ( ! $allow )
336
- return new WP_Error('no_password_reset', __('Password reset is not allowed for this user'));
337
- else if ( is_wp_error($allow) )
338
- return $allow;
339
-
340
- // Generate something random for a password reset key.
341
- $key = wp_generate_password( 20, false );
342
-
343
- /**
344
- * Fires when a password reset key is generated.
345
- *
346
- * @since 2.5.0
347
- *
348
- * @param string $user_login The username for the user.
349
- * @param string $key The generated password reset key.
350
- */
351
- do_action( 'retrieve_password_key', $user_login, $key );
352
-
353
- // Now insert the key, hashed, into the DB.
354
- if ( empty( $wp_hasher ) ) {
355
- require_once ABSPATH . 'wp-includes/class-phpass.php';
356
- $wp_hasher = new PasswordHash( 8, true );
357
- }
358
- $hashed = $wp_hasher->HashPassword( $key );
359
- $wpdb->update( $wpdb->users, array( 'user_activation_key' => $hashed ), array( 'user_login' => $user_login ) );
360
-
361
- $message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n";
362
- $message .= network_home_url( '/' ) . "\r\n\r\n";
363
- $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
364
- $message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n";
365
- $message .= __('To reset your password, visit the following address:') . "\r\n\r\n";
366
- $message .= '<' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ">\r\n";
367
-
368
- if ( is_multisite() )
369
- $blogname = $GLOBALS['current_site']->site_name;
370
- else
371
- // The blogname option is escaped with esc_html on the way into the database in sanitize_option
372
- // we want to reverse this for the plain text arena of emails.
373
- $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
374
-
375
- $title = sprintf( __('[%s] Password Reset'), $blogname );
376
-
377
- /**
378
- * Filter the subject of the password reset email.
379
- *
380
- * @since 2.8.0
381
- *
382
- * @param string $title Default email title.
383
- */
384
- $title = apply_filters( 'retrieve_password_title', $title );
385
- /**
386
- * Filter the message body of the password reset mail.
387
- *
388
- * @since 2.8.0
389
- *
390
- * @param string $message Default mail message.
391
- * @param string $key The activation key.
392
- */
393
- $message = apply_filters( 'retrieve_password_message', $message, $key );
394
-
395
- if ( $message && !wp_mail($user_email, $title, $message) )
396
- wp_die( __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function.') );
397
-
398
- return true;
399
- }
400
-
401
- //
402
- // Main
403
- //
404
-
405
- $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'login';
406
- $errors = new WP_Error();
407
-
408
- if ( isset($_GET['key']) )
409
- $action = 'resetpass';
410
-
411
- // validate action so as to default to the login screen
412
- if ( !in_array( $action, array( 'postpass', 'logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login' ), true ) && false === has_filter( 'login_form_' . $action ) )
413
- $action = 'login';
414
-
415
- nocache_headers();
416
-
417
- header('Content-Type: '.get_bloginfo('html_type').'; charset='.get_bloginfo('charset'));
418
-
419
- if ( defined( 'RELOCATE' ) && RELOCATE ) { // Move flag is set
420
- if ( isset( $_SERVER['PATH_INFO'] ) && ($_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) )
421
- $_SERVER['PHP_SELF'] = str_replace( $_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF'] );
422
-
423
- $url = dirname( set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] ) );
424
- if ( $url != get_option( 'siteurl' ) )
425
- update_option( 'siteurl', $url );
426
- }
427
-
428
- //Set a cookie now to see if they are supported by the browser.
429
- setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN);
430
- if ( SITECOOKIEPATH != COOKIEPATH )
431
- setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN);
432
-
433
- /**
434
- * Fires when the login form is initialized.
435
- *
436
- * @since 3.2.0
437
- */
438
- do_action( 'login_init' );
439
- /**
440
- * Fires before a specified login form action.
441
- *
442
- * The dynamic portion of the hook name, $action, refers to the action
443
- * that brought the visitor to the login form. Actions include 'postpass',
444
- * 'logout', 'lostpassword', etc.
445
- *
446
- * @since 2.8.0
447
- */
448
- do_action( 'login_form_' . $action );
449
-
450
- $http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
451
- $interim_login = isset($_REQUEST['interim-login']);
452
-
453
- switch ($action) {
454
-
455
- case 'postpass' :
456
- require_once ABSPATH . 'wp-includes/class-phpass.php';
457
- $hasher = new PasswordHash( 8, true );
458
-
459
- /**
460
- * Filter the life span of the post password cookie.
461
- *
462
- * By default, the cookie expires 10 days from creation. To turn this
463
- * into a session cookie, return 0.
464
- *
465
- * @since 3.7.0
466
- *
467
- * @param int $expires The expiry time, as passed to setcookie().
468
- */
469
- $expire = apply_filters( 'post_password_expires', time() + 10 * DAY_IN_SECONDS );
470
- setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), $expire, COOKIEPATH );
471
-
472
- wp_safe_redirect( wp_get_referer() );
473
- exit();
474
-
475
- break;
476
-
477
- case 'logout' :
478
- check_admin_referer('log-out');
479
- wp_logout();
480
-
481
- $redirect_to = !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : 'wp-login.php?loggedout=true';
482
- wp_safe_redirect( $redirect_to );
483
- exit();
484
-
485
- break;
486
-
487
- case 'lostpassword' :
488
- case 'retrievepassword' :
489
-
490
- if ( $http_post ) {
491
- $errors = retrieve_password();
492
- if ( !is_wp_error($errors) ) {
493
- $redirect_to = !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : 'wp-login.php?checkemail=confirm';
494
- wp_safe_redirect( $redirect_to );
495
- exit();
496
- }
497
- }
498
-
499
- if ( isset( $_GET['error'] ) ) {
500
- if ( 'invalidkey' == $_GET['error'] )
501
- $errors->add( 'invalidkey', __( 'Sorry, that key does not appear to be valid.' ) );
502
- elseif ( 'expiredkey' == $_GET['error'] )
503
- $errors->add( 'expiredkey', __( 'Sorry, that key has expired. Please try again.' ) );
504
- }
505
-
506
- $lostpassword_redirect = ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
507
- /**
508
- * Filter the URL redirected to after submitting the lostpassword/retrievepassword form.
509
- *
510
- * @since 3.0.0
511
- *
512
- * @param string $lostpassword_redirect The redirect destination URL.
513
- */
514
- $redirect_to = apply_filters( 'lostpassword_redirect', $lostpassword_redirect );
515
-
516
- /**
517
- * Fires before the lost password form.
518
- *
519
- * @since 1.5.1
520
- */
521
- do_action( 'lost_password' );
522
-
523
- login_header(__('Lost Password'), '<p class="message">' . __('Please enter your username or email address. You will receive a link to create a new password via email.') . '</p>', $errors);
524
-
525
- $user_login = isset($_POST['user_login']) ? wp_unslash($_POST['user_login']) : '';
526
-
527
- ?>
528
-
529
- <form name="lostpasswordform" id="lostpasswordform" action="<?php echo esc_url( site_url( 'wp-login.php?action=lostpassword', 'login_post' ) ); ?>" method="post">
530
- <p>
531
- <label for="user_login" ><?php _e('Username or E-mail:') ?><br />
532
- <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label>
533
- </p>
534
- <?php
535
- /**
536
- * Fires inside the lostpassword <form> tags, before the hidden fields.
537
- *
538
- * @since 2.1.0
539
- */
540
- do_action( 'lostpassword_form' ); ?>
541
- <input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />
542
- <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Get New Password'); ?>" /></p>
543
- </form>
544
-
545
- <p id="nav">
546
- <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e('Log in') ?></a>
547
- <?php
548
- if ( get_option( 'users_can_register' ) ) :
549
- $registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) );
550
- /**
551
- * Filter the registration URL below the login form.
552
- *
553
- * @since 1.5.0
554
- *
555
- * @param string $registration_url Registration URL.
556
- */
557
- echo ' | ' . apply_filters( 'register', $registration_url );
558
- endif;
559
- ?>
560
- </p>
561
-
562
- <?php
563
- login_footer('user_login');
564
- break;
565
-
566
- case 'resetpass' :
567
- case 'rp' :
568
- $user = check_password_reset_key($_GET['key'], $_GET['login']);
569
-
570
- if ( is_wp_error($user) ) {
571
- if ( $user->get_error_code() === 'expired_key' )
572
- wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=expiredkey' ) );
573
- else
574
- wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=invalidkey' ) );
575
- exit;
576
- }
577
-
578
- $errors = new WP_Error();
579
-
580
- if ( isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2'] )
581
- $errors->add( 'password_reset_mismatch', __( 'The passwords do not match.' ) );
582
-
583
- /**
584
- * Fires before the password reset procedure is validated.
585
- *
586
- * @since 3.5.0
587
- *
588
- * @param object $errors WP Error object.
589
- * @param WP_User|WP_Error $user WP_User object if the login and reset key match. WP_Error object otherwise.
590
- */
591
- do_action( 'validate_password_reset', $errors, $user );
592
-
593
- if ( ( ! $errors->get_error_code() ) && isset( $_POST['pass1'] ) && !empty( $_POST['pass1'] ) ) {
594
- reset_password($user, $_POST['pass1']);
595
- login_header( __( 'Password Reset' ), '<p class="message reset-pass">' . __( 'Your password has been reset.' ) . ' <a href="' . esc_url( wp_login_url() ) . '">' . __( 'Log in' ) . '</a></p>' );
596
- login_footer();
597
- exit;
598
- }
599
-
600
- wp_enqueue_script('utils');
601
- wp_enqueue_script('user-profile');
602
-
603
- login_header(__('Reset Password'), '<p class="message reset-pass">' . __('Enter your new password below.') . '</p>', $errors );
604
-
605
- ?>
606
- <form name="resetpassform" id="resetpassform" action="<?php echo esc_url( site_url( 'wp-login.php?action=resetpass&key=' . urlencode( $_GET['key'] ) . '&login=' . urlencode( $_GET['login'] ), 'login_post' ) ); ?>" method="post" autocomplete="off">
607
- <input type="hidden" id="user_login" value="<?php echo esc_attr( $_GET['login'] ); ?>" autocomplete="off" />
608
-
609
- <p>
610
- <label for="pass1"><?php _e('New password') ?><br />
611
- <input type="password" name="pass1" id="pass1" class="input" size="20" value="" autocomplete="off" /></label>
612
- </p>
613
- <p>
614
- <label for="pass2"><?php _e('Confirm new password') ?><br />
615
- <input type="password" name="pass2" id="pass2" class="input" size="20" value="" autocomplete="off" /></label>
616
- </p>
617
-
618
- <div id="pass-strength-result" class="hide-if-no-js"><?php _e('Strength indicator'); ?></div>
619
- <p class="description indicator-hint"><?php _e('Hint: The password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers and symbols like ! " ? $ % ^ &amp; ).'); ?></p>
620
-
621
- <br class="clear" />
622
- <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Reset Password'); ?>" /></p>
623
- </form>
624
-
625
- <p id="nav">
626
- <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log in' ); ?></a>
627
- <?php
628
- if ( get_option( 'users_can_register' ) ) :
629
- $registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) );
630
- /** This filter is documented in wp-login.php */
631
- echo ' | ' . apply_filters( 'register', $registration_url );
632
- endif;
633
- ?>
634
- </p>
635
-
636
- <?php
637
- login_footer('user_pass');
638
- break;
639
-
640
- case 'register' :
641
- if ( is_multisite() ) {
642
- $sign_up_url = network_site_url( 'wp-signup.php' );
643
- /**
644
- * Filter the Multisite sign up URL.
645
- *
646
- * @since 3.0.0
647
- *
648
- * @param string $sign_up_url The sign up URL.
649
- */
650
- wp_redirect( apply_filters( 'wp_signup_location', $sign_up_url ) );
651
- exit;
652
- }
653
-
654
- if ( !get_option('users_can_register') ) {
655
- wp_redirect( site_url('wp-login.php?registration=disabled') );
656
- exit();
657
- }
658
-
659
- $user_login = '';
660
- $user_email = '';
661
- if ( $http_post ) {
662
- $user_login = $_POST['user_login'];
663
- $user_email = $_POST['user_email'];
664
- $errors = register_new_user($user_login, $user_email);
665
- if ( !is_wp_error($errors) ) {
666
- $redirect_to = !empty( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : 'wp-login.php?checkemail=registered';
667
- wp_safe_redirect( $redirect_to );
668
- exit();
669
- }
670
- }
671
-
672
- $registration_redirect = ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
673
- /**
674
- * Filter the registration redirect URL.
675
- *
676
- * @since 3.0.0
677
- *
678
- * @param string $registration_redirect The redirect destination URL.
679
- */
680
- $redirect_to = apply_filters( 'registration_redirect', $registration_redirect );
681
- login_header(__('Registration Form'), '<p class="message register">' . __('Register For This Site') . '</p>', $errors);
682
- ?>
683
-
684
- <form name="registerform" id="registerform" action="<?php echo esc_url( site_url('wp-login.php?action=register', 'login_post') ); ?>" method="post">
685
- <p>
686
- <label for="user_login"><?php _e('Username') ?><br />
687
- <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr(wp_unslash($user_login)); ?>" size="20" /></label>
688
- </p>
689
- <p>
690
- <label for="user_email"><?php _e('E-mail') ?><br />
691
- <input type="text" name="user_email" id="user_email" class="input" value="<?php echo esc_attr(wp_unslash($user_email)); ?>" size="25" /></label>
692
- </p>
693
- <?php
694
- /**
695
- * Fires following the 'E-mail' field in the user registration form.
696
- *
697
- * @since 2.1.0
698
- */
699
- do_action( 'register_form' );
700
- ?>
701
- <p id="reg_passmail"><?php _e('A password will be e-mailed to you.') ?></p>
702
- <br class="clear" />
703
- <input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />
704
- <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Register'); ?>" /></p>
705
- </form>
706
-
707
- <p id="nav">
708
- <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log in' ); ?></a> |
709
- <a href="<?php echo esc_url( wp_lostpassword_url() ); ?>" title="<?php esc_attr_e( 'Password Lost and Found' ) ?>"><?php _e( 'Lost your password?' ); ?></a>
710
- </p>
711
-
712
- <?php
713
- login_footer('user_login');
714
- break;
715
-
716
- case 'login' :
717
- default:
718
- $secure_cookie = '';
719
- $customize_login = isset( $_REQUEST['customize-login'] );
720
- if ( $customize_login )
721
- wp_enqueue_script( 'customize-base' );
722
-
723
- // If the user wants ssl but the session is not ssl, force a secure cookie.
724
- if ( !empty($_POST['log']) && !force_ssl_admin() ) {
725
- $user_name = sanitize_user($_POST['log']);
726
- if ( $user = get_user_by('login', $user_name) ) {
727
- if ( get_user_option('use_ssl', $user->ID) ) {
728
- $secure_cookie = true;
729
- force_ssl_admin(true);
730
- }
731
- }
732
- }
733
-
734
- if ( isset( $_REQUEST['redirect_to'] ) ) {
735
- $redirect_to = $_REQUEST['redirect_to'];
736
- // Redirect to https if user wants ssl
737
- if ( $secure_cookie && false !== strpos($redirect_to, 'wp-admin') )
738
- $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
739
- } else {
740
- $redirect_to = admin_url();
741
- }
742
-
743
- $reauth = empty($_REQUEST['reauth']) ? false : true;
744
-
745
- // If the user was redirected to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure
746
- // cookie and redirect back to the referring non-secure admin page. This allows logins to always be POSTed over SSL while allowing the user to choose visiting
747
- // the admin via http or https.
748
- if ( !$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
749
- $secure_cookie = false;
750
-
751
- // If cookies are disabled we can't log in even with a valid user+pass
752
- if ( isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE]) )
753
- $user = new WP_Error('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress."));
754
- else
755
- $user = wp_signon('', $secure_cookie);
756
-
757
- $requested_redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
758
- /**
759
- * Filter the login redirect URL.
760
- *
761
- * @since 3.0.0
762
- *
763
- * @param string $redirect_to The redirect destination URL.
764
- * @param string $requested_redirect_to The requested redirect destination URL passed as a parameter.
765
- * @param WP_User|WP_Error $user WP_User object if login was successful, WP_Error object otherwise.
766
- */
767
- $redirect_to = apply_filters( 'login_redirect', $redirect_to, $requested_redirect_to, $user );
768
-
769
- if ( !is_wp_error($user) && !$reauth ) {
770
- if ( $interim_login ) {
771
- $message = '<p class="message">' . __('You have logged in successfully.') . '</p>';
772
- $interim_login = 'success';
773
- login_header( '', $message ); ?>
774
- </div>
775
- <?php
776
- /** This action is documented in wp-login.php */
777
- do_action( 'login_footer' ); ?>
778
- <?php if ( $customize_login ) : ?>
779
- <script type="text/javascript">setTimeout( function(){ new wp.customize.Messenger({ url: '<?php echo wp_customize_url(); ?>', channel: 'login' }).send('login') }, 1000 );</script>
780
- <?php endif; ?>
781
- </body></html>
782
- <?php exit;
783
- }
784
-
785
- if ( ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url() ) ) {
786
- // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
787
- if ( is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin( $user->ID ) )
788
- $redirect_to = user_admin_url();
789
- elseif ( is_multisite() && !$user->has_cap('read') )
790
- $redirect_to = get_dashboard_url( $user->ID );
791
- elseif ( !$user->has_cap('edit_posts') )
792
- $redirect_to = admin_url('profile.php');
793
- }
794
- wp_safe_redirect($redirect_to);
795
- exit();
796
- }
797
-
798
- $errors = $user;
799
- // Clear errors if loggedout is set.
800
- if ( !empty($_GET['loggedout']) || $reauth )
801
- $errors = new WP_Error();
802
-
803
- if ( $interim_login ) {
804
- if ( ! $errors->get_error_code() )
805
- $errors->add('expired', __('Session expired. Please log in again. You will not move away from this page.'), 'message');
806
- } else {
807
- // Some parts of this script use the main login form to display a message
808
- if ( isset($_GET['loggedout']) && true == $_GET['loggedout'] )
809
- $errors->add('loggedout', __('You are now logged out.'), 'message');
810
- elseif ( isset($_GET['registration']) && 'disabled' == $_GET['registration'] )
811
- $errors->add('registerdisabled', __('User registration is currently not allowed.'));
812
- elseif ( isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail'] )
813
- $errors->add('confirm', __('Check your e-mail for the confirmation link.'), 'message');
814
- elseif ( isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail'] )
815
- $errors->add('newpass', __('Check your e-mail for your new password.'), 'message');
816
- elseif ( isset($_GET['checkemail']) && 'registered' == $_GET['checkemail'] )
817
- $errors->add('registered', __('Registration complete. Please check your e-mail.'), 'message');
818
- elseif ( strpos( $redirect_to, 'about.php?updated' ) )
819
- $errors->add('updated', __( '<strong>You have successfully updated WordPress!</strong> Please log back in to experience the awesomeness.' ), 'message' );
820
- }
821
-
822
- /**
823
- * Filter the login page errors.
824
- *
825
- * @since 3.6.0
826
- *
827
- * @param object $errors WP Error object.
828
- * @param string $redirect_to Redirect destination URL.
829
- */
830
- $errors = apply_filters( 'wp_login_errors', $errors, $redirect_to );
831
-
832
- // Clear any stale cookies.
833
- if ( $reauth )
834
- wp_clear_auth_cookie();
835
-
836
- login_header(__('Log In'), '', $errors);
837
-
838
- if ( isset($_POST['log']) )
839
- $user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? esc_attr(wp_unslash($_POST['log'])) : '';
840
- $rememberme = ! empty( $_POST['rememberme'] );
841
- ?>
842
-
843
- <form name="loginform" id="loginform" action="<?php echo esc_url( site_url( 'wp-login.php', 'login_post' ) ); ?>" method="post">
844
- <p>
845
- <label for="user_login"><?php _e('Username') ?><br />
846
- <input type="text" name="log" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label>
847
- </p>
848
- <p>
849
- <label for="user_pass"><?php _e('Password') ?><br />
850
- <input type="password" name="pwd" id="user_pass" class="input" value="" size="20" /></label>
851
- </p>
852
- <?php
853
- /**
854
- * Fires following the 'Password' field in the login form.
855
- *
856
- * @since 2.1.0
857
- */
858
- do_action( 'login_form' );
859
- ?>
860
- <p class="forgetmenot"><label for="rememberme"><input name="rememberme" type="checkbox" id="rememberme" value="forever" <?php checked( $rememberme ); ?> /> <?php esc_attr_e('Remember Me'); ?></label></p>
861
- <p class="submit">
862
- <input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Log In'); ?>" />
863
- <?php if ( $interim_login ) { ?>
864
- <input type="hidden" name="interim-login" value="1" />
865
- <?php } else { ?>
866
- <input type="hidden" name="redirect_to" value="<?php echo esc_attr($redirect_to); ?>" />
867
- <?php } ?>
868
- <?php if ( $customize_login ) : ?>
869
- <input type="hidden" name="customize-login" value="1" />
870
- <?php endif; ?>
871
- <input type="hidden" name="testcookie" value="1" />
872
- </p>
873
- </form>
874
-
875
- <?php if ( ! $interim_login ) { ?>
876
- <p id="nav">
877
- <?php if ( ! isset( $_GET['checkemail'] ) || ! in_array( $_GET['checkemail'], array( 'confirm', 'newpass' ) ) ) :
878
- if ( get_option( 'users_can_register' ) ) :
879
- $registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) );
880
- /** This filter is documented in wp-login.php */
881
- echo apply_filters( 'register', $registration_url ) . ' | ';
882
- endif;
883
- ?>
884
- <a href="<?php echo esc_url( wp_lostpassword_url() ); ?>" title="<?php esc_attr_e( 'Password Lost and Found' ); ?>"><?php _e( 'Lost your password?' ); ?></a>
885
- <?php endif; ?>
886
- </p>
887
- <?php } ?>
888
-
889
- <script type="text/javascript">
890
- function wp_attempt_focus(){
891
- setTimeout( function(){ try{
892
- <?php if ( $user_login || $interim_login ) { ?>
893
- d = document.getElementById('user_pass');
894
- d.value = '';
895
- <?php } else { ?>
896
- d = document.getElementById('user_login');
897
- <?php if ( 'invalid_username' == $errors->get_error_code() ) { ?>
898
- if( d.value != '' )
899
- d.value = '';
900
- <?php
901
- }
902
- }?>
903
- d.focus();
904
- d.select();
905
- } catch(e){}
906
- }, 200);
907
- }
908
-
909
- <?php if ( !$error ) { ?>
910
- wp_attempt_focus();
911
- <?php } ?>
912
- if(typeof wpOnload=='function')wpOnload();
913
- <?php if ( $interim_login ) { ?>
914
- (function(){
915
- try {
916
- var i, links = document.getElementsByTagName('a');
917
- for ( i in links ) {
918
- if ( links[i].href )
919
- links[i].target = '_blank';
920
- }
921
- } catch(e){}
922
- }());
923
- <?php } ?>
924
- </script>
925
-
926
- <?php
927
- login_footer();
928
- break;
929
- } // end action switch
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
rwl-login-3.9.php → rwl-login.php RENAMED
@@ -9,7 +9,7 @@
9
  */
10
 
11
  /** Make sure that the WordPress bootstrap has run before continuing. */
12
- //require( dirname(__FILE__) . '/wp-load.php' );
13
 
14
  global $error, $interim_login, $action, $user_login;
15
 
@@ -27,10 +27,9 @@ if ( force_ssl_admin() && ! is_ssl() ) {
27
  /**
28
  * Output the login page header.
29
  *
30
- * @param string $title Optional. WordPress Log In Page title to display in <title/> element. Default 'Log In'.
31
- * @param string $message Optional. Message to display in header. Default empty.
32
- * @param string $wp_error Optional. The error to pass. Default empty.
33
- * @param WP_Error $wp_error Optional. WordPress Error Object
34
  */
35
  function login_header( $title = 'Log In', $message = '', $wp_error = '' ) {
36
  global $error, $interim_login, $action;
@@ -72,9 +71,11 @@ function login_header( $title = 'Log In', $message = '', $wp_error = '' ) {
72
 
73
  wp_admin_css( 'login', true );
74
 
75
- // Remove all stored post data on logging out.
76
- // This could be added by add_action('login_head'...) like wp_shake_js()
77
- // but maybe better if it's not removable by plugins
 
 
78
  if ( 'loggedout' == $wp_error->get_error_code() ) {
79
  ?>
80
  <script>if("sessionStorage" in window){try{for(var key in sessionStorage){if(key.indexOf("wp-autosave-")!=-1){sessionStorage.removeItem(key)}}}catch(e){}};</script>
@@ -133,6 +134,7 @@ function login_header( $title = 'Log In', $message = '', $wp_error = '' ) {
133
  if ( 'success' === $interim_login )
134
  $classes[] = 'interim-login-success';
135
  }
 
136
 
137
  /**
138
  * Filter the login page body classes.
@@ -148,7 +150,7 @@ function login_header( $title = 'Log In', $message = '', $wp_error = '' ) {
148
  </head>
149
  <body class="login <?php echo esc_attr( implode( ' ', $classes ) ); ?>">
150
  <div id="login">
151
- <h1><a href="<?php echo esc_url( $login_header_url ); ?>" title="<?php echo esc_attr( $login_header_title ); ?>"><?php bloginfo( 'name' ); ?></a></h1>
152
  <?php
153
 
154
  unset( $login_header_url, $login_header_title );
@@ -174,12 +176,12 @@ function login_header( $title = 'Log In', $message = '', $wp_error = '' ) {
174
  $errors = '';
175
  $messages = '';
176
  foreach ( $wp_error->get_error_codes() as $code ) {
177
- $severity = $wp_error->get_error_data($code);
178
- foreach ( $wp_error->get_error_messages($code) as $error ) {
179
  if ( 'message' == $severity )
180
- $messages .= ' ' . $error . "<br />\n";
181
  else
182
- $errors .= ' ' . $error . "<br />\n";
183
  }
184
  }
185
  if ( ! empty( $errors ) ) {
@@ -298,7 +300,7 @@ function retrieve_password() {
298
  return $errors;
299
  }
300
 
301
- // redefining user_login ensures we return the right case in the email
302
  $user_login = $user_data->user_login;
303
  $user_email = $user_data->user_email;
304
 
@@ -311,6 +313,7 @@ function retrieve_password() {
311
  * @param string $user_login The user login name.
312
  */
313
  do_action( 'retreive_password', $user_login );
 
314
  /**
315
  * Fires before a new password is retrieved.
316
  *
@@ -350,7 +353,7 @@ function retrieve_password() {
350
 
351
  // Now insert the key, hashed, into the DB.
352
  if ( empty( $wp_hasher ) ) {
353
- require_once ABSPATH . 'wp-includes/class-phpass.php';
354
  $wp_hasher = new PasswordHash( 8, true );
355
  }
356
  $hashed = $wp_hasher->HashPassword( $key );
@@ -366,8 +369,10 @@ function retrieve_password() {
366
  if ( is_multisite() )
367
  $blogname = $GLOBALS['current_site']->site_name;
368
  else
369
- // The blogname option is escaped with esc_html on the way into the database in sanitize_option
370
- // we want to reverse this for the plain text arena of emails.
 
 
371
  $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
372
 
373
  $title = sprintf( __('[%s] Password Reset'), $blogname );
@@ -390,7 +395,7 @@ function retrieve_password() {
390
  */
391
  $message = apply_filters( 'retrieve_password_message', $message, $key );
392
 
393
- if ( $message && !wp_mail($user_email, $title, $message) )
394
  wp_die( __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function.') );
395
 
396
  return true;
@@ -424,9 +429,10 @@ if ( defined( 'RELOCATE' ) && RELOCATE ) { // Move flag is set
424
  }
425
 
426
  //Set a cookie now to see if they are supported by the browser.
427
- setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN);
 
428
  if ( SITECOOKIEPATH != COOKIEPATH )
429
- setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN);
430
 
431
  /**
432
  * Fires when the login form is initialized.
@@ -451,7 +457,7 @@ $interim_login = isset($_REQUEST['interim-login']);
451
  switch ($action) {
452
 
453
  case 'postpass' :
454
- require_once ABSPATH . 'wp-includes/class-phpass.php';
455
  $hasher = new PasswordHash( 8, true );
456
 
457
  /**
@@ -465,13 +471,12 @@ case 'postpass' :
465
  * @param int $expires The expiry time, as passed to setcookie().
466
  */
467
  $expire = apply_filters( 'post_password_expires', time() + 10 * DAY_IN_SECONDS );
468
- setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), $expire, COOKIEPATH );
 
469
 
470
  wp_safe_redirect( wp_get_referer() );
471
  exit();
472
 
473
- break;
474
-
475
  case 'logout' :
476
  check_admin_referer('log-out');
477
  wp_logout();
@@ -480,8 +485,6 @@ case 'logout' :
480
  wp_safe_redirect( $redirect_to );
481
  exit();
482
 
483
- break;
484
-
485
  case 'lostpassword' :
486
  case 'retrievepassword' :
487
 
@@ -524,7 +527,7 @@ case 'retrievepassword' :
524
 
525
  ?>
526
 
527
- <form name="lostpasswordform" id="lostpasswordform" action="<?php echo esc_url( site_url( 'wp-login.php?action=lostpassword', 'login_post' ) ); ?>" method="post">
528
  <p>
529
  <label for="user_login" ><?php _e('Username or E-mail:') ?><br />
530
  <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label>
@@ -545,13 +548,8 @@ case 'retrievepassword' :
545
  <?php
546
  if ( get_option( 'users_can_register' ) ) :
547
  $registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) );
548
- /**
549
- * Filter the registration URL below the login form.
550
- *
551
- * @since 1.5.0
552
- *
553
- * @param string $registration_url Registration URL.
554
- */
555
  echo ' | ' . apply_filters( 'register', $registration_url );
556
  endif;
557
  ?>
@@ -563,10 +561,25 @@ break;
563
 
564
  case 'resetpass' :
565
  case 'rp' :
566
- $user = check_password_reset_key($_GET['key'], $_GET['login']);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
567
 
568
- if ( is_wp_error($user) ) {
569
- if ( $user->get_error_code() === 'expired_key' )
 
570
  wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=expiredkey' ) );
571
  else
572
  wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=invalidkey' ) );
@@ -590,6 +603,7 @@ case 'rp' :
590
 
591
  if ( ( ! $errors->get_error_code() ) && isset( $_POST['pass1'] ) && !empty( $_POST['pass1'] ) ) {
592
  reset_password($user, $_POST['pass1']);
 
593
  login_header( __( 'Password Reset' ), '<p class="message reset-pass">' . __( 'Your password has been reset.' ) . ' <a href="' . esc_url( wp_login_url() ) . '">' . __( 'Log in' ) . '</a></p>' );
594
  login_footer();
595
  exit;
@@ -601,8 +615,8 @@ case 'rp' :
601
  login_header(__('Reset Password'), '<p class="message reset-pass">' . __('Enter your new password below.') . '</p>', $errors );
602
 
603
  ?>
604
- <form name="resetpassform" id="resetpassform" action="<?php echo esc_url( site_url( 'wp-login.php?action=resetpass&key=' . urlencode( $_GET['key'] ) . '&login=' . urlencode( $_GET['login'] ), 'login_post' ) ); ?>" method="post" autocomplete="off">
605
- <input type="hidden" id="user_login" value="<?php echo esc_attr( $_GET['login'] ); ?>" autocomplete="off" />
606
 
607
  <p>
608
  <label for="pass1"><?php _e('New password') ?><br />
@@ -624,7 +638,7 @@ case 'rp' :
624
  *
625
  * @since 3.9.0
626
  *
627
- * @param WP_User $user User undergoing the password reset.
628
  */
629
  do_action( 'resetpass_form', $user );
630
  ?>
@@ -636,7 +650,8 @@ case 'rp' :
636
  <?php
637
  if ( get_option( 'users_can_register' ) ) :
638
  $registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) );
639
- /** This filter is documented in wp-login.php */
 
640
  echo ' | ' . apply_filters( 'register', $registration_url );
641
  endif;
642
  ?>
@@ -648,7 +663,6 @@ break;
648
 
649
  case 'register' :
650
  if ( is_multisite() ) {
651
- $sign_up_url = network_site_url( 'wp-signup.php' );
652
  /**
653
  * Filter the Multisite sign up URL.
654
  *
@@ -656,7 +670,7 @@ case 'register' :
656
  *
657
  * @param string $sign_up_url The sign up URL.
658
  */
659
- wp_redirect( apply_filters( 'wp_signup_location', $sign_up_url ) );
660
  exit;
661
  }
662
 
@@ -690,14 +704,14 @@ case 'register' :
690
  login_header(__('Registration Form'), '<p class="message register">' . __('Register For This Site') . '</p>', $errors);
691
  ?>
692
 
693
- <form name="registerform" id="registerform" action="<?php echo esc_url( site_url('wp-login.php?action=register', 'login_post') ); ?>" method="post">
694
  <p>
695
  <label for="user_login"><?php _e('Username') ?><br />
696
  <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr(wp_unslash($user_login)); ?>" size="20" /></label>
697
  </p>
698
  <p>
699
  <label for="user_email"><?php _e('E-mail') ?><br />
700
- <input type="text" name="user_email" id="user_email" class="input" value="<?php echo esc_attr(wp_unslash($user_email)); ?>" size="25" /></label>
701
  </p>
702
  <?php
703
  /**
@@ -751,17 +765,18 @@ default:
751
 
752
  $reauth = empty($_REQUEST['reauth']) ? false : true;
753
 
754
- // If the user was redirected to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure
755
- // cookie and redirect back to the referring non-secure admin page. This allows logins to always be POSTed over SSL while allowing the user to choose visiting
756
- // the admin via http or https.
757
- if ( !$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
758
- $secure_cookie = false;
759
 
760
- // If cookies are disabled we can't log in even with a valid user+pass
761
- if ( isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE]) )
762
- $user = new WP_Error('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress."));
763
- else
764
- $user = wp_signon('', $secure_cookie);
 
 
 
 
 
765
 
766
  $requested_redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
767
  /**
@@ -825,7 +840,7 @@ default:
825
  elseif ( isset($_GET['checkemail']) && 'registered' == $_GET['checkemail'] )
826
  $errors->add('registered', __('Registration complete. Please check your e-mail.'), 'message');
827
  elseif ( strpos( $redirect_to, 'about.php?updated' ) )
828
- $errors->add('updated', __( '<strong>You have successfully updated WordPress!</strong> Please log back in to experience the awesomeness.' ), 'message' );
829
  }
830
 
831
  /**
@@ -886,7 +901,8 @@ default:
886
  <?php if ( ! isset( $_GET['checkemail'] ) || ! in_array( $_GET['checkemail'], array( 'confirm', 'newpass' ) ) ) :
887
  if ( get_option( 'users_can_register' ) ) :
888
  $registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) );
889
- /** This filter is documented in wp-login.php */
 
890
  echo apply_filters( 'register', $registration_url ) . ' | ';
891
  endif;
892
  ?>
@@ -898,7 +914,7 @@ default:
898
  <script type="text/javascript">
899
  function wp_attempt_focus(){
900
  setTimeout( function(){ try{
901
- <?php if ( $user_login || $interim_login ) { ?>
902
  d = document.getElementById('user_pass');
903
  d.value = '';
904
  <?php } else { ?>
9
  */
10
 
11
  /** Make sure that the WordPress bootstrap has run before continuing. */
12
+ // require( dirname(__FILE__) . '/wp-load.php' );
13
 
14
  global $error, $interim_login, $action, $user_login;
15
 
27
  /**
28
  * Output the login page header.
29
  *
30
+ * @param string $title Optional. WordPress Log In Page title to display in <title> element. Default 'Log In'.
31
+ * @param string $message Optional. Message to display in header. Default empty.
32
+ * @param WP_Error $wp_error Optional. The error to pass. Default empty.
 
33
  */
34
  function login_header( $title = 'Log In', $message = '', $wp_error = '' ) {
35
  global $error, $interim_login, $action;
71
 
72
  wp_admin_css( 'login', true );
73
 
74
+ /*
75
+ * Remove all stored post data on logging out.
76
+ * This could be added by add_action('login_head'...) like wp_shake_js(),
77
+ * but maybe better if it's not removable by plugins
78
+ */
79
  if ( 'loggedout' == $wp_error->get_error_code() ) {
80
  ?>
81
  <script>if("sessionStorage" in window){try{for(var key in sessionStorage){if(key.indexOf("wp-autosave-")!=-1){sessionStorage.removeItem(key)}}}catch(e){}};</script>
134
  if ( 'success' === $interim_login )
135
  $classes[] = 'interim-login-success';
136
  }
137
+ $classes[] =' locale-' . sanitize_html_class( strtolower( str_replace( '_', '-', get_locale() ) ) );
138
 
139
  /**
140
  * Filter the login page body classes.
150
  </head>
151
  <body class="login <?php echo esc_attr( implode( ' ', $classes ) ); ?>">
152
  <div id="login">
153
+ <h1><a href="<?php echo esc_url( $login_header_url ); ?>" title="<?php echo esc_attr( $login_header_title ); ?>" tabindex="-1"><?php bloginfo( 'name' ); ?></a></h1>
154
  <?php
155
 
156
  unset( $login_header_url, $login_header_title );
176
  $errors = '';
177
  $messages = '';
178
  foreach ( $wp_error->get_error_codes() as $code ) {
179
+ $severity = $wp_error->get_error_data( $code );
180
+ foreach ( $wp_error->get_error_messages( $code ) as $error_message ) {
181
  if ( 'message' == $severity )
182
+ $messages .= ' ' . $error_message . "<br />\n";
183
  else
184
+ $errors .= ' ' . $error_message . "<br />\n";
185
  }
186
  }
187
  if ( ! empty( $errors ) ) {
300
  return $errors;
301
  }
302
 
303
+ // Redefining user_login ensures we return the right case in the email.
304
  $user_login = $user_data->user_login;
305
  $user_email = $user_data->user_email;
306
 
313
  * @param string $user_login The user login name.
314
  */
315
  do_action( 'retreive_password', $user_login );
316
+
317
  /**
318
  * Fires before a new password is retrieved.
319
  *
353
 
354
  // Now insert the key, hashed, into the DB.
355
  if ( empty( $wp_hasher ) ) {
356
+ require_once ABSPATH . WPINC . '/class-phpass.php';
357
  $wp_hasher = new PasswordHash( 8, true );
358
  }
359
  $hashed = $wp_hasher->HashPassword( $key );
369
  if ( is_multisite() )
370
  $blogname = $GLOBALS['current_site']->site_name;
371
  else
372
+ /*
373
+ * The blogname option is escaped with esc_html on the way into the database
374
+ * in sanitize_option we want to reverse this for the plain text arena of emails.
375
+ */
376
  $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
377
 
378
  $title = sprintf( __('[%s] Password Reset'), $blogname );
395
  */
396
  $message = apply_filters( 'retrieve_password_message', $message, $key );
397
 
398
+ if ( $message && !wp_mail( $user_email, wp_specialchars_decode( $title ), $message ) )
399
  wp_die( __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function.') );
400
 
401
  return true;
429
  }
430
 
431
  //Set a cookie now to see if they are supported by the browser.
432
+ $secure = ( 'https' === parse_url( site_url(), PHP_URL_SCHEME ) && 'https' === parse_url( home_url(), PHP_URL_SCHEME ) );
433
+ setcookie( TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN, $secure );
434
  if ( SITECOOKIEPATH != COOKIEPATH )
435
+ setcookie( TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN, $secure );
436
 
437
  /**
438
  * Fires when the login form is initialized.
457
  switch ($action) {
458
 
459
  case 'postpass' :
460
+ require_once ABSPATH . WPINC . '/class-phpass.php';
461
  $hasher = new PasswordHash( 8, true );
462
 
463
  /**
471
  * @param int $expires The expiry time, as passed to setcookie().
472
  */
473
  $expire = apply_filters( 'post_password_expires', time() + 10 * DAY_IN_SECONDS );
474
+ $secure = ( 'https' === parse_url( home_url(), PHP_URL_SCHEME ) );
475
+ setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure );
476
 
477
  wp_safe_redirect( wp_get_referer() );
478
  exit();
479
 
 
 
480
  case 'logout' :
481
  check_admin_referer('log-out');
482
  wp_logout();
485
  wp_safe_redirect( $redirect_to );
486
  exit();
487
 
 
 
488
  case 'lostpassword' :
489
  case 'retrievepassword' :
490
 
527
 
528
  ?>
529
 
530
+ <form name="lostpasswordform" id="lostpasswordform" action="<?php echo esc_url( network_site_url( 'wp-login.php?action=lostpassword', 'login_post' ) ); ?>" method="post">
531
  <p>
532
  <label for="user_login" ><?php _e('Username or E-mail:') ?><br />
533
  <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label>
548
  <?php
549
  if ( get_option( 'users_can_register' ) ) :
550
  $registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) );
551
+
552
+ /** This filter is documented in wp-includes/general-template.php */
 
 
 
 
 
553
  echo ' | ' . apply_filters( 'register', $registration_url );
554
  endif;
555
  ?>
561
 
562
  case 'resetpass' :
563
  case 'rp' :
564
+ list( $rp_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) );
565
+ $rp_cookie = 'wp-resetpass-' . COOKIEHASH;
566
+ if ( isset( $_GET['key'] ) ) {
567
+ $value = sprintf( '%s:%s', wp_unslash( $_GET['login'] ), wp_unslash( $_GET['key'] ) );
568
+ setcookie( $rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
569
+ wp_safe_redirect( remove_query_arg( array( 'key', 'login' ) ) );
570
+ exit;
571
+ }
572
+
573
+ if ( isset( $_COOKIE[ $rp_cookie ] ) && 0 < strpos( $_COOKIE[ $rp_cookie ], ':' ) ) {
574
+ list( $rp_login, $rp_key ) = explode( ':', wp_unslash( $_COOKIE[ $rp_cookie ] ), 2 );
575
+ $user = check_password_reset_key( $rp_key, $rp_login );
576
+ } else {
577
+ $user = false;
578
+ }
579
 
580
+ if ( ! $user || is_wp_error( $user ) ) {
581
+ setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
582
+ if ( $user && $user->get_error_code() === 'expired_key' )
583
  wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=expiredkey' ) );
584
  else
585
  wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=invalidkey' ) );
603
 
604
  if ( ( ! $errors->get_error_code() ) && isset( $_POST['pass1'] ) && !empty( $_POST['pass1'] ) ) {
605
  reset_password($user, $_POST['pass1']);
606
+ setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
607
  login_header( __( 'Password Reset' ), '<p class="message reset-pass">' . __( 'Your password has been reset.' ) . ' <a href="' . esc_url( wp_login_url() ) . '">' . __( 'Log in' ) . '</a></p>' );
608
  login_footer();
609
  exit;
615
  login_header(__('Reset Password'), '<p class="message reset-pass">' . __('Enter your new password below.') . '</p>', $errors );
616
 
617
  ?>
618
+ <form name="resetpassform" id="resetpassform" action="<?php echo esc_url( network_site_url( 'wp-login.php?action=resetpass', 'login_post' ) ); ?>" method="post" autocomplete="off">
619
+ <input type="hidden" id="user_login" value="<?php echo esc_attr( $rp_login ); ?>" autocomplete="off" />
620
 
621
  <p>
622
  <label for="pass1"><?php _e('New password') ?><br />
638
  *
639
  * @since 3.9.0
640
  *
641
+ * @param WP_User $user User object of the user whose password is being reset.
642
  */
643
  do_action( 'resetpass_form', $user );
644
  ?>
650
  <?php
651
  if ( get_option( 'users_can_register' ) ) :
652
  $registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) );
653
+
654
+ /** This filter is documented in wp-includes/general-template.php */
655
  echo ' | ' . apply_filters( 'register', $registration_url );
656
  endif;
657
  ?>
663
 
664
  case 'register' :
665
  if ( is_multisite() ) {
 
666
  /**
667
  * Filter the Multisite sign up URL.
668
  *
670
  *
671
  * @param string $sign_up_url The sign up URL.
672
  */
673
+ wp_redirect( apply_filters( 'wp_signup_location', network_site_url( 'wp-signup.php' ) ) );
674
  exit;
675
  }
676
 
704
  login_header(__('Registration Form'), '<p class="message register">' . __('Register For This Site') . '</p>', $errors);
705
  ?>
706
 
707
+ <form name="registerform" id="registerform" action="<?php echo esc_url( site_url('wp-login.php?action=register', 'login_post') ); ?>" method="post" novalidate="novalidate">
708
  <p>
709
  <label for="user_login"><?php _e('Username') ?><br />
710
  <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr(wp_unslash($user_login)); ?>" size="20" /></label>
711
  </p>
712
  <p>
713
  <label for="user_email"><?php _e('E-mail') ?><br />
714
+ <input type="email" name="user_email" id="user_email" class="input" value="<?php echo esc_attr( wp_unslash( $user_email ) ); ?>" size="25" /></label>
715
  </p>
716
  <?php
717
  /**
765
 
766
  $reauth = empty($_REQUEST['reauth']) ? false : true;
767
 
768
+ $user = wp_signon( '', $secure_cookie );
 
 
 
 
769
 
770
+ if ( empty( $_COOKIE[ LOGGED_IN_COOKIE ] ) ) {
771
+ if ( headers_sent() ) {
772
+ $user = new WP_Error( 'test_cookie', sprintf( __( '<strong>ERROR</strong>: Cookies are blocked due to unexpected output. For help, please see <a href="%1$s">this documentation</a> or try the <a href="%2$s">support forums</a>.' ),
773
+ __( 'http://codex.wordpress.org/Cookies' ), __( 'https://wordpress.org/support/' ) ) );
774
+ } elseif ( isset( $_POST['testcookie'] ) && empty( $_COOKIE[ TEST_COOKIE ] ) ) {
775
+ // If cookies are disabled we can't log in even with a valid user+pass
776
+ $user = new WP_Error( 'test_cookie', sprintf( __( '<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href="%s">enable cookies</a> to use WordPress.' ),
777
+ __( 'http://codex.wordpress.org/Cookies' ) ) );
778
+ }
779
+ }
780
 
781
  $requested_redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
782
  /**
840
  elseif ( isset($_GET['checkemail']) && 'registered' == $_GET['checkemail'] )
841
  $errors->add('registered', __('Registration complete. Please check your e-mail.'), 'message');
842
  elseif ( strpos( $redirect_to, 'about.php?updated' ) )
843
+ $errors->add('updated', __( '<strong>You have successfully updated WordPress!</strong> Please log back in to see what&#8217;s new.' ), 'message' );
844
  }
845
 
846
  /**
901
  <?php if ( ! isset( $_GET['checkemail'] ) || ! in_array( $_GET['checkemail'], array( 'confirm', 'newpass' ) ) ) :
902
  if ( get_option( 'users_can_register' ) ) :
903
  $registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register' ) );
904
+
905
+ /** This filter is documented in wp-includes/general-template.php */
906
  echo apply_filters( 'register', $registration_url ) . ' | ';
907
  endif;
908
  ?>
914
  <script type="text/javascript">
915
  function wp_attempt_focus(){
916
  setTimeout( function(){ try{
917
+ <?php if ( $user_login ) { ?>
918
  d = document.getElementById('user_pass');
919
  d.value = '';
920
  <?php } else { ?>