Version Description
- XSS Fix
- Added classes to tags in widget
- Improved/filtered register and lost password links
- Removed the outdated openid/fb code. Hook it in if you want it.
- Removed markup in favour of wp_login_form()
Download this release
Release Info
| Developer | jolley_small |
| Plugin |  Sidebar Login |
| Version | 2.4 |
| Comparing to | |
| See all releases | |
Code changes from version 2.3.5 to 2.4
- js/sidebar-login.js +1 -1
- readme.txt +15 -3
- sidebar-login.php +35 -115
- style.css +3 -12
js/sidebar-login.js
CHANGED
|
@@ -22,7 +22,7 @@ jQuery(function(){
|
|
| 22 |
user_login: jQuery('input[name="log"]', thisform).val(),
|
| 23 |
user_password: jQuery('input[name="pwd"]', thisform).val(),
|
| 24 |
remember: remember,
|
| 25 |
-
redirect_to: jQuery('
|
| 26 |
};
|
| 27 |
|
| 28 |
// Ajax action
|
| 22 |
user_login: jQuery('input[name="log"]', thisform).val(),
|
| 23 |
user_password: jQuery('input[name="pwd"]', thisform).val(),
|
| 24 |
remember: remember,
|
| 25 |
+
redirect_to: jQuery('input[name="redirect_to"]', thisform).val()
|
| 26 |
};
|
| 27 |
|
| 28 |
// Ajax action
|
readme.txt
CHANGED
|
@@ -2,9 +2,11 @@
|
|
| 2 |
Contributors: mikejolley
|
| 3 |
Donate link: http://mikejolley.com/projects/sidebar-login-for-wordpress/
|
| 4 |
Tags: login, sidebar, widget, sidebar login, meta, form, register
|
| 5 |
-
Requires at least:
|
| 6 |
-
Tested up to: 3.
|
| 7 |
-
Stable tag: 2.
|
|
|
|
|
|
|
| 8 |
|
| 9 |
Easily add an ajax-enhanced login widget to your site's sidebar.
|
| 10 |
|
|
@@ -77,6 +79,16 @@ You will find a config page in tools/settings > Sidebar Login. Here you can set
|
|
| 77 |
|
| 78 |
== Changelog ==
|
| 79 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 80 |
= 2.3.5 =
|
| 81 |
* Use jsonp to enable login from http to https
|
| 82 |
* Fixed remember me logic (in js)
|
| 2 |
Contributors: mikejolley
|
| 3 |
Donate link: http://mikejolley.com/projects/sidebar-login-for-wordpress/
|
| 4 |
Tags: login, sidebar, widget, sidebar login, meta, form, register
|
| 5 |
+
Requires at least: 3.0
|
| 6 |
+
Tested up to: 3.4
|
| 7 |
+
Stable tag: 2.4
|
| 8 |
+
License: GPLv3
|
| 9 |
+
License URI: http://www.gnu.org/licenses/gpl-3.0.html
|
| 10 |
|
| 11 |
Easily add an ajax-enhanced login widget to your site's sidebar.
|
| 12 |
|
| 79 |
|
| 80 |
== Changelog ==
|
| 81 |
|
| 82 |
+
= 2.4 =
|
| 83 |
+
* XSS Fix
|
| 84 |
+
* Added classes to tags in widget
|
| 85 |
+
* Improved/filtered register and lost password links
|
| 86 |
+
* Removed the outdated openid/fb code. Hook it in if you want it.
|
| 87 |
+
* Removed markup in favour of wp_login_form()
|
| 88 |
+
|
| 89 |
+
= 2.3.6 =
|
| 90 |
+
* Sanitize REQUEST_URI/$pageURL
|
| 91 |
+
|
| 92 |
= 2.3.5 =
|
| 93 |
* Use jsonp to enable login from http to https
|
| 94 |
* Fixed remember me logic (in js)
|
sidebar-login.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
Plugin Name: Sidebar Login
|
| 4 |
Plugin URI: http://wordpress.org/extend/plugins/sidebar-login/
|
| 5 |
Description: Easily add an ajax-enhanced login widget to your site's sidebar.
|
| 6 |
-
Version: 2.
|
| 7 |
Author: Mike Jolley
|
| 8 |
Author URI: http://mikejolley.com
|
| 9 |
*/
|
|
@@ -95,7 +95,7 @@ function widget_wp_sidebarlogin($args) {
|
|
| 95 |
$redir = trim(stripslashes(get_option('sidebarlogin_logout_redirect')));
|
| 96 |
if (!$redir || empty($redir)) $redir = sidebar_login_current_url('nologout');
|
| 97 |
|
| 98 |
-
echo '<li class="page_item"><a href="'.wp_logout_url($redir).'">'
|
| 99 |
|
| 100 |
} else {
|
| 101 |
|
|
@@ -120,69 +120,51 @@ function widget_wp_sidebarlogin($args) {
|
|
| 120 |
// Get redirect URL
|
| 121 |
$redirect_to = trim(stripslashes(get_option('sidebarlogin_login_redirect')));
|
| 122 |
|
| 123 |
-
if (empty($redirect_to))
|
| 124 |
-
if (isset($_REQUEST['redirect_to']))
|
| 125 |
$redirect_to = esc_url( $_REQUEST['redirect_to'] );
|
| 126 |
else
|
| 127 |
$redirect_to = sidebar_login_current_url('nologout');
|
| 128 |
-
|
| 129 |
|
| 130 |
-
if ( force_ssl_admin() )
|
|
|
|
| 131 |
|
| 132 |
// login form
|
| 133 |
-
|
| 134 |
-
?>
|
| 135 |
-
<form method="post" action="<?php echo $sidebarlogin_post_url; ?>">
|
| 136 |
|
| 137 |
-
|
| 138 |
-
|
| 139 |
-
|
| 140 |
-
|
| 141 |
-
|
| 142 |
-
|
| 143 |
-
|
| 144 |
-
|
| 145 |
-
|
| 146 |
-
|
| 147 |
-
<input type="text" name="openid_identifier" id="openid_field" class="input mid" value="" /></label>
|
| 148 |
-
</p>
|
| 149 |
-
';
|
| 150 |
-
endif;
|
| 151 |
-
?>
|
| 152 |
-
|
| 153 |
-
<p class="rememberme"><input name="rememberme" class="checkbox" id="rememberme" value="forever" type="checkbox" /> <label for="rememberme"><?php echo $theremember; ?></label></p>
|
| 154 |
-
|
| 155 |
-
<p class="submit">
|
| 156 |
-
<input type="submit" name="wp-submit" id="wp-submit" value="<?php _e('Login »', 'sblogin'); ?>" />
|
| 157 |
-
<input type="hidden" name="redirect_to" class="redirect_to" value="<?php echo $redirect_to; ?>" />
|
| 158 |
-
<input type="hidden" name="sidebarlogin_posted" value="1" />
|
| 159 |
-
<input type="hidden" name="testcookie" value="1" />
|
| 160 |
-
</p>
|
| 161 |
-
|
| 162 |
-
<?php if (function_exists('fbc_init_auth')) do_action('fbc_display_login_button'); // Facebook Plugin ?>
|
| 163 |
|
| 164 |
-
|
| 165 |
-
|
| 166 |
// Output other links
|
| 167 |
$links = '';
|
| 168 |
-
if (get_option('users_can_register') && get_option('sidebarlogin_register_link')=='1') {
|
| 169 |
|
| 170 |
-
if (!is_multisite()) {
|
| 171 |
-
|
| 172 |
-
$links .= '<li><a href="'.
|
| 173 |
|
| 174 |
} else {
|
| 175 |
|
| 176 |
-
$links .= '<li><a href="'.
|
| 177 |
|
| 178 |
}
|
| 179 |
}
|
| 180 |
-
if (get_option('sidebarlogin_forgotton_link')=='1')
|
| 181 |
-
|
| 182 |
-
$links .= '<li><a href="'.wp_lostpassword_url().'" rel="nofollow">'. $thelostpass .'</a></li>';
|
| 183 |
|
| 184 |
-
|
| 185 |
-
|
| 186 |
}
|
| 187 |
|
| 188 |
// echo widget closing tag
|
|
@@ -231,69 +213,8 @@ function widget_wp_sidebarlogin_init() {
|
|
| 231 |
register_widget('SidebarLoginMultiWidget');
|
| 232 |
|
| 233 |
}
|
| 234 |
-
add_action('init', 'widget_wp_sidebarlogin_init', 1);
|
| 235 |
-
|
| 236 |
-
/* Login Action */
|
| 237 |
-
function widget_wp_sidebarlogin_check() {
|
| 238 |
-
|
| 239 |
-
if (isset($_POST['sidebarlogin_posted'])) {
|
| 240 |
-
|
| 241 |
-
global $login_errors;
|
| 242 |
-
|
| 243 |
-
// Get redirect URL
|
| 244 |
-
$redirect_to = trim(stripslashes(get_option('sidebarlogin_login_redirect')));
|
| 245 |
-
|
| 246 |
-
if (empty($redirect_to)) :
|
| 247 |
-
if (isset($_REQUEST['redirect_to']))
|
| 248 |
-
$redirect_to = esc_attr( $_REQUEST['redirect_to'] );
|
| 249 |
-
else
|
| 250 |
-
$redirect_to = sidebar_login_current_url('nologout');
|
| 251 |
-
endif;
|
| 252 |
-
|
| 253 |
-
// Check for Secure Cookie
|
| 254 |
-
$secure_cookie = '';
|
| 255 |
-
|
| 256 |
-
// If the user wants ssl but the session is not ssl, force a secure cookie.
|
| 257 |
-
if ( !empty($_POST['log']) && !force_ssl_admin() ) {
|
| 258 |
-
$user_name = sanitize_user($_POST['log']);
|
| 259 |
-
if ( $user = get_user_by('login', $user_name) ) {
|
| 260 |
-
if ( get_user_option('use_ssl', $user->ID) ) {
|
| 261 |
-
$secure_cookie = true;
|
| 262 |
-
force_ssl_admin(true);
|
| 263 |
-
}
|
| 264 |
-
}
|
| 265 |
-
}
|
| 266 |
-
|
| 267 |
-
if ( force_ssl_admin() ) $secure_cookie = true;
|
| 268 |
-
if ( $secure_cookie=='' && force_ssl_login() ) $secure_cookie = false;
|
| 269 |
-
|
| 270 |
-
// Login
|
| 271 |
-
$user = wp_signon('', $secure_cookie);
|
| 272 |
-
|
| 273 |
-
// Redirect filter
|
| 274 |
-
if ( $secure_cookie && strstr($redirect_to, 'wp-admin') ) $redirect_to = str_replace('http:', 'https:', $redirect_to);
|
| 275 |
-
|
| 276 |
-
// Check the username
|
| 277 |
-
if ( !$_POST['log'] ) :
|
| 278 |
-
$user = new WP_Error();
|
| 279 |
-
$user->add('empty_username', __('<strong>ERROR</strong>: Please enter a username.', 'sblogin'));
|
| 280 |
-
elseif ( !$_POST['pwd'] ) :
|
| 281 |
-
$user = new WP_Error();
|
| 282 |
-
$user->add('empty_username', __('<strong>ERROR</strong>: Please enter your password.', 'sblogin'));
|
| 283 |
-
endif;
|
| 284 |
-
|
| 285 |
-
// Redirect if successful
|
| 286 |
-
if ( !is_wp_error($user) ) :
|
| 287 |
-
wp_safe_redirect( apply_filters('login_redirect', $redirect_to, isset( $redirect_to ) ? $redirect_to : '', $user) );
|
| 288 |
-
exit;
|
| 289 |
-
endif;
|
| 290 |
-
|
| 291 |
-
$login_errors = $user;
|
| 292 |
-
|
| 293 |
-
}
|
| 294 |
-
}
|
| 295 |
-
add_action('init', 'widget_wp_sidebarlogin_check', 0);
|
| 296 |
|
|
|
|
| 297 |
|
| 298 |
/**
|
| 299 |
* Process ajax login
|
|
@@ -338,7 +259,7 @@ function sidebar_login_ajax_process() {
|
|
| 338 |
// Result
|
| 339 |
$result = array();
|
| 340 |
|
| 341 |
-
if ( !is_wp_error($user) ) :
|
| 342 |
$result['success'] = 1;
|
| 343 |
$result['redirect'] = $redirect_to;
|
| 344 |
else :
|
|
@@ -365,10 +286,9 @@ function sidebar_login_ajax_process() {
|
|
| 365 |
if ( !function_exists('sidebar_login_current_url') ) {
|
| 366 |
function sidebar_login_current_url( $url = '' ) {
|
| 367 |
|
| 368 |
-
$pageURL = 'http://';
|
| 369 |
-
$pageURL .= $_SERVER['HTTP_HOST'];
|
| 370 |
-
$pageURL .= $_SERVER['REQUEST_URI'];
|
| 371 |
-
if ( force_ssl_admin() ) $pageURL = str_replace( 'http:', 'https:', $pageURL );
|
| 372 |
|
| 373 |
if ($url != "nologout") {
|
| 374 |
if (!strpos($pageURL,'_login=')) {
|
|
@@ -378,6 +298,6 @@ if ( !function_exists('sidebar_login_current_url') ) {
|
|
| 378 |
}
|
| 379 |
}
|
| 380 |
|
| 381 |
-
return $pageURL;
|
| 382 |
}
|
| 383 |
}
|
| 3 |
Plugin Name: Sidebar Login
|
| 4 |
Plugin URI: http://wordpress.org/extend/plugins/sidebar-login/
|
| 5 |
Description: Easily add an ajax-enhanced login widget to your site's sidebar.
|
| 6 |
+
Version: 2.4
|
| 7 |
Author: Mike Jolley
|
| 8 |
Author URI: http://mikejolley.com
|
| 9 |
*/
|
| 95 |
$redir = trim(stripslashes(get_option('sidebarlogin_logout_redirect')));
|
| 96 |
if (!$redir || empty($redir)) $redir = sidebar_login_current_url('nologout');
|
| 97 |
|
| 98 |
+
echo '<li class="page_item"><a href=" ' . wp_logout_url( $redir ) . '">' . $thelogout . '</a></li></ul>';
|
| 99 |
|
| 100 |
} else {
|
| 101 |
|
| 120 |
// Get redirect URL
|
| 121 |
$redirect_to = trim(stripslashes(get_option('sidebarlogin_login_redirect')));
|
| 122 |
|
| 123 |
+
if ( empty( $redirect_to ) ) {
|
| 124 |
+
if ( isset( $_REQUEST['redirect_to'] ) )
|
| 125 |
$redirect_to = esc_url( $_REQUEST['redirect_to'] );
|
| 126 |
else
|
| 127 |
$redirect_to = sidebar_login_current_url('nologout');
|
| 128 |
+
}
|
| 129 |
|
| 130 |
+
if ( force_ssl_admin() )
|
| 131 |
+
$redirect_to = str_replace( 'http:', 'https:', $redirect_to );
|
| 132 |
|
| 133 |
// login form
|
| 134 |
+
$sidebarlogin_post_url = ( force_ssl_login() || force_ssl_admin() ) ? str_replace('http://', 'https://', sidebar_login_current_url() ) : sidebar_login_current_url();
|
|
|
|
|
|
|
| 135 |
|
| 136 |
+
$login_form_args = apply_filters( 'sidebar_login_form_args', array(
|
| 137 |
+
'echo' => true,
|
| 138 |
+
'redirect' => esc_attr( $redirect_to ),
|
| 139 |
+
'label_username' => $theusername,
|
| 140 |
+
'label_password' => $thepassword,
|
| 141 |
+
'label_remember' => $theremember,
|
| 142 |
+
'label_log_in' => __('Login »', 'sblogin'),
|
| 143 |
+
'remember' => true,
|
| 144 |
+
'value_remember' => true
|
| 145 |
+
) );
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 146 |
|
| 147 |
+
wp_login_form( $login_form_args );
|
| 148 |
+
|
| 149 |
// Output other links
|
| 150 |
$links = '';
|
| 151 |
+
if ( get_option('users_can_register') && get_option('sidebarlogin_register_link') == '1' ) {
|
| 152 |
|
| 153 |
+
if ( ! is_multisite() ) {
|
| 154 |
+
|
| 155 |
+
$links .= '<li><a href="' . apply_filters( 'sidebar_login_register_url', site_url('wp-login.php?action=register', 'login') ) . '" rel="nofollow">' . $theregister . '</a></li>';
|
| 156 |
|
| 157 |
} else {
|
| 158 |
|
| 159 |
+
$links .= '<li><a href="' . apply_filters( 'sidebar_login_register_url', site_url('wp-signup.php', 'login') ) . '" rel="nofollow">' . $theregister . '</a></li>';
|
| 160 |
|
| 161 |
}
|
| 162 |
}
|
| 163 |
+
if ( get_option( 'sidebarlogin_forgotton_link' ) == '1' )
|
| 164 |
+
$links .= '<li><a href="' . apply_filters( 'sidebar_login_lostpassword_url', wp_lostpassword_url() ) . '" rel="nofollow">' . $thelostpass . '</a></li>';
|
|
|
|
| 165 |
|
| 166 |
+
if ($links)
|
| 167 |
+
echo '<ul class="sidebarlogin_otherlinks">' . $links . '</ul>';
|
| 168 |
}
|
| 169 |
|
| 170 |
// echo widget closing tag
|
| 213 |
register_widget('SidebarLoginMultiWidget');
|
| 214 |
|
| 215 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 216 |
|
| 217 |
+
add_action('init', 'widget_wp_sidebarlogin_init', 1);
|
| 218 |
|
| 219 |
/**
|
| 220 |
* Process ajax login
|
| 259 |
// Result
|
| 260 |
$result = array();
|
| 261 |
|
| 262 |
+
if ( ! is_wp_error($user) ) :
|
| 263 |
$result['success'] = 1;
|
| 264 |
$result['redirect'] = $redirect_to;
|
| 265 |
else :
|
| 286 |
if ( !function_exists('sidebar_login_current_url') ) {
|
| 287 |
function sidebar_login_current_url( $url = '' ) {
|
| 288 |
|
| 289 |
+
$pageURL = force_ssl_admin() ? 'https://' : 'http://';
|
| 290 |
+
$pageURL .= esc_attr( $_SERVER['HTTP_HOST'] );
|
| 291 |
+
$pageURL .= esc_attr( $_SERVER['REQUEST_URI'] );
|
|
|
|
| 292 |
|
| 293 |
if ($url != "nologout") {
|
| 294 |
if (!strpos($pageURL,'_login=')) {
|
| 298 |
}
|
| 299 |
}
|
| 300 |
|
| 301 |
+
return strip_tags( $pageURL );
|
| 302 |
}
|
| 303 |
}
|
style.css
CHANGED
|
@@ -1,7 +1,7 @@
|
|
| 1 |
/* Basic styling for login widget
|
| 2 |
This styling aligns the gravtar left, the links right.*/
|
| 3 |
.widget_wp_sidebarlogin, #sidebar-login {
|
| 4 |
-
|
| 5 |
}
|
| 6 |
.widget_wp_sidebarlogin .avatar_container, #sidebar-login .avatar_container {
|
| 7 |
float:left;
|
|
@@ -50,19 +50,10 @@
|
|
| 50 |
.widget_wp_sidebarlogin form p {
|
| 51 |
margin: .5em 0;
|
| 52 |
}
|
| 53 |
-
.widget_wp_sidebarlogin form input
|
| 54 |
width: 100%;
|
|
|
|
| 55 |
-webkit-box-sizing: border-box; /* Safari/Chrome, other WebKit */
|
| 56 |
-moz-box-sizing: border-box; /* Firefox, other Gecko */
|
| 57 |
box-sizing: border-box; /* Opera/IE 8+ */
|
| 58 |
-
}
|
| 59 |
-
/* ie7 */
|
| 60 |
-
*:first-child+html .widget_wp_sidebarlogin form input.text {
|
| 61 |
-
width: 90%;
|
| 62 |
-
}
|
| 63 |
-
.widget_wp_sidebarlogin label {
|
| 64 |
-
display: block;
|
| 65 |
-
}
|
| 66 |
-
.widget_wp_sidebarlogin .rememberme label {
|
| 67 |
-
display: inline;
|
| 68 |
}
|
| 1 |
/* Basic styling for login widget
|
| 2 |
This styling aligns the gravtar left, the links right.*/
|
| 3 |
.widget_wp_sidebarlogin, #sidebar-login {
|
| 4 |
+
|
| 5 |
}
|
| 6 |
.widget_wp_sidebarlogin .avatar_container, #sidebar-login .avatar_container {
|
| 7 |
float:left;
|
| 50 |
.widget_wp_sidebarlogin form p {
|
| 51 |
margin: .5em 0;
|
| 52 |
}
|
| 53 |
+
.widget_wp_sidebarlogin form .input {
|
| 54 |
width: 100%;
|
| 55 |
+
margin: 2px;
|
| 56 |
-webkit-box-sizing: border-box; /* Safari/Chrome, other WebKit */
|
| 57 |
-moz-box-sizing: border-box; /* Firefox, other Gecko */
|
| 58 |
box-sizing: border-box; /* Opera/IE 8+ */
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 59 |
}
|
