function pmpro_login_redirect($redirect_to, $request, $user) { global $wpdb; //is a user logging in? if (!empty($user->ID)) { //logging in, let's figure out where to send them if (pmpro_isAdmin($user->ID)) { //admins go to dashboard $redirect_to = get_bloginfo("url") . "/wp-admin/"; } elseif (strpos($redirect_to, "checkout") !== false) { //if the redirect url includes the word checkout, leave it alone } elseif ($wpdb->get_var("SELECT membership_id FROM {$wpdb->pmpro_memberships_users} WHERE status = 'active' AND user_id = '" . $user->ID . "' LIMIT 1")) { //if logged in and a member, send to wherever they were going } else { //not a member, send to subscription page $redirect_to = pmpro_url("levels"); } } else { //not logging in (login form) so return what was given } //let's strip the https if force_ssl_login is set, but force_ssl_admin is not if (force_ssl_login() && !force_ssl_admin()) { $redirect_to = str_replace("https:", "http:", $redirect_to); } return apply_filters("pmpro_login_redirect_url", $redirect_to, $request, $user); }
/** * Check if SSL enabled * @since 0.1.0 */ function fx_ssl_active() { if (force_ssl_admin() && get_option('fx-ssl', false) && fx_ssl_is_https(get_option('home')) && fx_ssl_is_https(get_option('siteurl'))) { return true; } return false; }
function init() { load_theme_textdomain('p2', get_template_directory() . '/languages'); add_filter('the_content', 'make_clickable'); if (isset($_REQUEST['p2ajax'])) { require_once P2_INC_PATH . '/ajax.php'; P2Ajax::dispatch(); die; } if (function_exists('is_site_admin') && !is_site_admin()) { return; } $is_media_upload = isset($_REQUEST['p2-upload']); // don't redirect to https version when uploading files, since the domain may be different // and we don't have SSL certificates for blog domain, only for admin if ($is_media_upload && isset($GLOBALS['pagenow']) && 'media-upload.php' == $GLOBALS['pagenow']) { force_ssl_admin(is_ssl()); add_filter('get_user_option_use_ssl', returner(false)); } if ($is_media_upload) { add_filter('flash_uploader', returner(false)); add_filter('auth_redirect_scheme', returner('logged_in')); add_filter('admin_url', array('P2', 'url_filter')); add_filter('includes_url', array('P2', 'url_filter')); add_filter('script_loader_src', array('P2', 'url_filter')); add_filter('wp_get_attachment_url', lambda('$url', 'str_replace(get_bloginfo("url")."/", site_url("/"), $url);'), 11); add_filter('media_upload_form_url', lambda('$url', 'add_query_arg( array( "p2-upload" => "true" ), $url );')); } }
function test_bp_core_ajax_url() { $forced = force_ssl_admin(); // (1) HTTPS off force_ssl_admin(false); $_SERVER['HTTPS'] = 'off'; // (1a) Front-end $this->go_to('/'); $this->assertEquals(bp_core_ajax_url(), get_site_url(bp_get_root_blog_id(), '/wp-admin/admin-ajax.php', 'http')); // (1b) Dashboard $this->go_to('/wp-admin'); $this->assertEquals(bp_core_ajax_url(), get_site_url(bp_get_root_blog_id(), '/wp-admin/admin-ajax.php', 'http')); // (2) FORCE_SSL_ADMIN force_ssl_admin(true); // (2a) Front-end $this->go_to('/'); $this->assertEquals(bp_core_ajax_url(), get_site_url(bp_get_root_blog_id(), '/wp-admin/admin-ajax.php', 'http')); // (2b) Dashboard $this->go_to('/wp-admin'); $this->assertEquals(bp_core_ajax_url(), get_site_url(bp_get_root_blog_id(), '/wp-admin/admin-ajax.php', 'https')); force_ssl_admin($forced); // (3) Multisite, root blog other than 1 if (is_multisite()) { $original_root_blog = bp_get_root_blog_id(); $blog_id = $this->factory->blog->create(array('path' => '/path' . rand() . time() . '/')); buddypress()->root_blog_id = $blog_id; $blog_url = get_blog_option($blog_id, 'siteurl'); $this->go_to(trailingslashit($blog_url)); buddypress()->root_blog_id = $original_root_blog; $ajax_url = bp_core_ajax_url(); $this->go_to('/'); $this->assertEquals($blog_url . '/wp-admin/admin-ajax.php', $ajax_url); } }
/** * Enable Private Site * @since 0.1.0 */ public function settings_field_ssl() { /* Check if feature is supported. */ if (is_ssl() && force_ssl_admin() && fx_ssl_is_https(get_option('home')) && fx_ssl_is_https(get_option('siteurl'))) { $disabled = ''; $option = get_option($this->option_name, false); } else { $disabled = ' disabled=disabled'; $option = false; // always false if requirement not met. } ?> <label for="fx_ssl_enable"> <input type="checkbox" value="1" id="fx_ssl_enable" name="<?php echo esc_attr($this->option_name); ?> " <?php checked($option); echo $disabled; ?> > <?php _ex('Redirect all pages to HTTPS', 'settings page', 'fx-ssl'); ?> </label> <?php }
function jr_process_login_form() { global $posted; if (isset($_REQUEST['redirect_to'])) { $redirect_to = $_REQUEST['redirect_to']; } else { $redirect_to = admin_url(); } if (is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) { $secure_cookie = false; } else { $secure_cookie = ''; } $user = wp_signon('', $secure_cookie); $redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user); if (!is_wp_error($user)) { if (user_can($user, 'manage_options')) { $redirect_to = admin_url(); } wp_safe_redirect($redirect_to); exit; } $errors = $user; return $errors; }
function app_process_login_form() { global $posted; if (isset($_REQUEST['redirect_to'])) { $redirect_to = $_REQUEST['redirect_to']; } else { $redirect_to = admin_url(); } if (is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) { $secure_cookie = false; } else { $secure_cookie = ''; } $user = wp_signon('', $secure_cookie); $redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user); if (!is_wp_error($user)) { // automatically redirect admins to the WP back-end if (user_can($user, 'manage_options')) { $redirect_to = admin_url('admin.php?page=admin-options.php'); } // otherwise redirect them to the hidden post url wp_safe_redirect($redirect_to); exit; } $errors = $user; return $errors; }
/** * Sets the URL to https or http, depending on availability and related WP config settings/APIs. * * @since 4.2 * * @param $url string * * @return string */ public function set_url_scheme($url) { $current_user = get_current_user(); if (function_exists('force_ssl_admin') && force_ssl_admin() || function_exists('force_ssl_login') && force_ssl_login() || function_exists('force_ssl_content') && force_ssl_content() || function_exists('is_ssl') && is_ssl() || !empty($current_user->use_ssl)) { return set_url_scheme($url, 'https'); } return set_url_scheme($url, 'http'); }
function wc_yotpo_redirect() { if (get_option('wc_yotpo_just_installed', false)) { delete_option('wc_yotpo_just_installed'); wp_redirect(is_ssl() || force_ssl_admin() || force_ssl_login() ? str_replace('http:', 'https:', admin_url('admin.php?page=woocommerce-yotpo-settings-page')) : str_replace('https:', 'http:', admin_url('admin.php?page=woocommerce-yotpo-settings-page'))); exit; } }
function always_https_redirect() { //if FORCE_SSL_ADMIN is true and we're not over HTTPS if (force_ssl_admin() && !is_ssl()) { //redirect to https version of the page wp_redirect("https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); exit; } }
/** * Runs only when the plugin is activated. * @since 0.1.0 */ function fx_ssl_activation() { /* Add notice. */ if (is_ssl() && force_ssl_admin() && fx_ssl_is_https(get_bloginfo('url')) && fx_ssl_is_https(get_bloginfo('wpurl'))) { set_transient('fx_ssl_notice', 'success', 5); if (get_option('fx-ssl', false)) { set_transient('fx_ssl_notice', 'active', 5); } } else { set_transient('fx_ssl_notice', 'fail', 5); } }
/** * Checks wether protocol is HTTPS and redirects user to secure connection if not */ protected function force_ssl() { if (force_ssl_admin() && !is_ssl()) { if (0 === strpos($_SERVER['REQUEST_URI'], 'http')) { wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI'])); die; } else { wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); die; } } }
/** * Process ajax login * * @access public * @return void */ function woocommerce_sidebar_login_ajax_process() { check_ajax_referer('woocommerce-sidebar-login-action', 'security'); // Get post data $creds = array(); $creds['user_login'] = esc_attr($_REQUEST['user_login']); $creds['user_password'] = esc_attr($_REQUEST['user_password']); $creds['remember'] = 'forever'; $redirect_to = esc_attr($_REQUEST['redirect_to']); // Check for Secure Cookie $secure_cookie = ''; // If the user wants ssl but the session is not ssl, force a secure cookie. if (!force_ssl_admin()) { $user_name = sanitize_user($creds['user_login']); if ($user = get_user_by('login', $user_name)) { if (get_user_option('use_ssl', $user->ID)) { $secure_cookie = true; force_ssl_admin(true); } } } if (force_ssl_admin()) { $secure_cookie = true; } if ($secure_cookie == '' && force_ssl_login()) { $secure_cookie = false; } // Login $user = wp_signon($creds, $secure_cookie); // Redirect filter if ($secure_cookie && strstr($redirect_to, 'wp-admin')) { $redirect_to = str_replace('http:', 'https:', $redirect_to); } // Result $result = array(); if (!is_wp_error($user)) { $result['success'] = 1; $result['redirect'] = $redirect_to; } else { $result['success'] = 0; if ($user->errors) { foreach ($user->errors as $error) { $result['error'] = $error[0]; break; } } else { $result['error'] = __('Please enter your username and password to login.', 'woocommerce'); } } header('content-type: application/json; charset=utf-8'); echo $_GET['callback'] . '(' . json_encode($result) . ')'; die; }
/** * current_url function. * * @access public * @param string $url (default: '') * @return void */ function ft_current_url($url = '') { $pageURL = force_ssl_admin() ? 'https://' : 'http://'; $pageURL .= esc_attr($_SERVER['HTTP_HOST']); $pageURL .= esc_attr($_SERVER['REQUEST_URI']); if ($url != "nologout") { if (!strpos($pageURL, '_login='******'_login', $rand_string, $pageURL); } } return esc_url_raw($pageURL); }
function auth_redirect() { // Checks if a user is logged in, if not redirects them to the login page if (is_ssl() || force_ssl_admin()) { $secure = true; } else { $secure = false; } // If https is required and request is http, redirect if ($secure && !is_ssl() && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin')) { if (0 === strpos($_SERVER['REQUEST_URI'], 'http')) { wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI'])); exit; } else { wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); exit; } } if ($user_id = wp_validate_auth_cookie()) { do_action('auth_redirect', $user_id); // If the user wants ssl but the session is not ssl, redirect. if (!$secure && get_user_option('use_ssl', $user_id) && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin')) { if (0 === strpos($_SERVER['REQUEST_URI'], 'http')) { wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI'])); exit; } else { wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); exit; } } return; // The cookie is good so we're done } // The cookie is no good so force login nocache_headers(); if (OPENSSO_ENABLED) { // Redirect to OpenSSO login page then return here $login_url = OPENSSO_BASE_URL . '?goto=' . urlencode(opensso_full_url()); } else { if (is_ssl()) { $proto = 'https://'; } else { $proto = 'http://'; } $redirect = strpos($_SERVER['REQUEST_URI'], '/options.php') && wp_get_referer() ? wp_get_referer() : $proto . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; $login_url = wp_login_url($redirect); } wp_redirect($login_url); exit; }
function woocommerce_sidebar_login_ajax_process() { check_ajax_referer('woocommerce-sidebar-login-action', 'security'); // Get post data $creds = array(); $creds['user_login'] = esc_attr($_POST['user_login']); $creds['user_password'] = esc_attr($_POST['user_password']); $creds['remember'] = 'forever'; $redirect_to = esc_attr($_POST['redirect_to']); // Check for Secure Cookie $secure_cookie = ''; // If the user wants ssl but the session is not ssl, force a secure cookie. if (!empty($_POST['log']) && !force_ssl_admin()) { $user_name = sanitize_user($_POST['log']); if ($user = get_user_by('login', $user_name)) { if (get_user_option('use_ssl', $user->ID)) { $secure_cookie = true; force_ssl_admin(true); } } } if (!$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) { $secure_cookie = false; } // Login $user = wp_signon($creds, $secure_cookie); // Redirect filter if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) { $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to); } // Result $result = array(); if (!is_wp_error($user)) { $result['success'] = 1; $result['redirect'] = $redirect_to; } else { $result['success'] = 0; foreach ($user->errors as $error) { $result['error'] = $error[0]; break; } } echo json_encode($result); die; }
function make_link($_action, $_dir, $_item = NULL, $_order = NULL, $_srt = NULL, $_lang = NULL) { // make link to next page if ($_action == "" || $_action == NULL) { $_action = "list"; } if ($_dir == "") { $_dir = NULL; } if ($_item == "") { $_item = NULL; } if ($_order == NULL) { $_order = $GLOBALS["order"]; } if ($_srt == NULL) { $_srt = $GLOBALS["srt"]; } if ($_lang == NULL) { $_lang = isset($GLOBALS["lang"]) ? $GLOBALS["lang"] : NULL; } $link = $GLOBALS["script_name"] . "?page=miwoftp&option=com_miwoftp&action=" . $_action; /*Detect if the site has SSL enabled and switch all links to https --- Added by Shane Gadsby <*****@*****.**> || https://github.com/schme16*/ if (force_ssl_admin()) { $link = str_replace("http://", "https://", $link, $temp = 1); } if ($_dir != NULL) { $link .= "&dir=" . urlencode($_dir); } if ($_item != NULL) { $link .= "&item=" . urlencode($_item); } if ($_order != NULL) { $link .= "&order=" . $_order; } if ($_srt != NULL) { $link .= "&srt=" . $_srt; } if ($_lang != NULL) { $link .= "&lang=" . $_lang; } return $link; }
static function logon($username) { $secure_cookie = ''; if (!empty($username) && !force_ssl_admin()) { $usn = sanitize_user($username); if ($user = get_user_by('login', $usn)) { if (get_user_option('use_ssl', $user->ID)) { $secure_cookie = true; force_ssl_admin(true); } } } $reauth = empty($_REQUEST['reauth']) ? false : true; $user = wp_signon('', $secure_cookie); if (!is_wp_error($user) && !$reauth) { return $user->ID; } return false; }
public function go_to($url) { $GLOBALS['_SERVER']['REQUEST_URI'] = $url = str_replace(network_home_url(), '', $url); $_GET = $_POST = array(); foreach (array('query_string', 'id', 'postdata', 'authordata', 'day', 'currentmonth', 'page', 'pages', 'multipage', 'more', 'numpages', 'pagenow') as $v) { if (isset($GLOBALS[$v])) { unset($GLOBALS[$v]); } } $parts = parse_url($url); if (isset($parts['scheme'])) { $req = $parts['path']; if (isset($parts['query'])) { $req .= '?' . $parts['query']; parse_str($parts['query'], $_GET); } } else { $req = $url; } if (!isset($parts['query'])) { $parts['query'] = ''; } // Scheme if (0 === strpos($req, '/wp-admin') && force_ssl_admin()) { $_SERVER['HTTPS'] = 'on'; } else { unset($_SERVER['HTTPS']); } $_SERVER['REQUEST_URI'] = $req; unset($_SERVER['PATH_INFO']); $this->flush_cache(); unset($GLOBALS['wp_query'], $GLOBALS['wp_the_query']); $GLOBALS['wp_the_query'] = new WP_Query(); $GLOBALS['wp_query'] =& $GLOBALS['wp_the_query']; $GLOBALS['wp'] = new WP(); foreach ($GLOBALS['wp']->public_query_vars as $v) { unset($GLOBALS[$v]); } foreach ($GLOBALS['wp']->private_query_vars as $v) { unset($GLOBALS[$v]); } $GLOBALS['wp']->main($parts['query']); }
function auth_redirect() { // Checks if a user is logged in, if not redirects them to the login page $secure = is_ssl() || force_ssl_admin(); $secure = apply_filters('secure_auth_redirect', $secure); // If https is required and request is http, redirect if ($secure && !is_ssl() && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin')) { if (0 === strpos($_SERVER['REQUEST_URI'], 'http')) { wp_redirect(set_url_scheme($_SERVER['REQUEST_URI'], 'https')); exit; } else { wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); exit; } } if (is_user_admin()) { $scheme = 'logged_in'; } else { $scheme = apply_filters('auth_redirect_scheme', ''); } if ($user_id = wp_validate_auth_cookie('', $scheme)) { do_action('auth_redirect', $user_id); // If the user wants ssl but the session is not ssl, redirect. if (!$secure && get_user_option('use_ssl', $user_id) && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin')) { if (0 === strpos($_SERVER['REQUEST_URI'], 'http')) { wp_redirect(set_url_scheme($_SERVER['REQUEST_URI'], 'https')); exit; } else { wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); exit; } } return; // The cookie is good so we're done } // The cookie is no good so force login nocache_headers(); $redirect = strpos($_SERVER['REQUEST_URI'], '/options.php') && wp_get_referer() ? wp_get_referer() : set_url_scheme('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); // Change login url $login_url = Maestrano::sso()->getInitPath(); wp_redirect($login_url); exit; }
/** */ public function run() { if ($this->getIsOption('disable_file_editing', 'Y')) { if (!defined('DISALLOW_FILE_EDIT')) { define('DISALLOW_FILE_EDIT', true); } add_filter('user_has_cap', array($this, 'disableFileEditing'), 0, 3); } $sWpVersionMask = $this->getOption('mask_wordpress_version'); if (!empty($sWpVersionMask)) { global $wp_version; $wp_version = $sWpVersionMask; // add_filter( 'bloginfo', array( $this, 'maskWordpressVersion' ), 1, 2 ); // add_filter( 'bloginfo_url', array( $this, 'maskWordpressVersion' ), 1, 2 ); } if (false && $this->getOption('action_reset_auth_salts') == 'Y') { add_action('init', array($this, 'resetAuthKeysSalts'), 1); } if ($this->getIsOption('force_ssl_login', 'Y') && function_exists('force_ssl_login')) { if (!defined('FORCE_SSL_LOGIN')) { define('FORCE_SSL_LOGIN', true); } force_ssl_login(true); } if ($this->getIsOption('force_ssl_admin', 'Y') && function_exists('force_ssl_admin')) { if (!defined('FORCE_SSL_ADMIN')) { define('FORCE_SSL_ADMIN', true); } force_ssl_admin(true); } if ($this->getIsOption('hide_wordpress_generator_tag', 'Y')) { remove_action('wp_head', 'wp_generator'); } if ($this->getIsOption('block_author_discovery', 'Y')) { // jump in right before add_action( 'template_redirect', 'redirect_canonical' ); add_action('wp', array($this, 'interceptCanonicalRedirects'), 9); } if ($this->getIsOption('disable_xmlrpc', 'Y')) { add_filter('xmlrpc_enabled', '__return_false', 1000); } }
/** * Set required settings and register our actions */ public static function bootstrap() { global $PHP_SELF; $_SERVER['PHP_SELF'] = $PHP_SELF = preg_replace('/(\\?.*)?$/', '', $_SERVER['REQUEST_URI']); add_filter('got_rewrite', '__return_true', self::LOW_PRIORITY); if (is_production()) { add_filter('secure_auth_redirect', '__return_true'); force_ssl_admin(true); defined('DISALLOW_FILE_EDIT') or define('DISALLOW_FILE_EDIT', true); defined('DISALLOW_FILE_MODS') or define('DISALLOW_FILE_MODS', true); } defined('DISABLE_WP_CRON') or define('DISABLE_WP_CRON', true); // We don't want to use fsockopen as on App Engine it's not efficient add_filter('use_fsockopen_transport', '__return_false'); // ::settings_link() takes 2 parameters add_filter('plugin_action_links', __CLASS__ . '::settings_link', self::NORMAL_PRIORITY, 2); add_action('admin_enqueue_scripts', __CLASS__ . '::register_styles'); add_action('admin_menu', __CLASS__ . '::register_settings_page'); add_action('admin_init', __CLASS__ . '::register_settings'); add_action('init', __CLASS__ . '::load_textdomain'); }
function site_url($path = '', $scheme = null) { // should the list of allowed schemes be maintained elsewhere? $orig_scheme = $scheme; if (!in_array($scheme, array('http', 'https'))) { if ('login_post' == $scheme && (force_ssl_login() || force_ssl_admin())) { $scheme = 'https'; } elseif ('login' == $scheme && force_ssl_admin()) { $scheme = 'https'; } elseif ('admin' == $scheme && force_ssl_admin()) { $scheme = 'https'; } else { $scheme = is_ssl() ? 'https' : 'http'; } } $url = str_replace('http://', "{$scheme}://", get_option('siteurl')); if (!empty($path) && is_string($path) && strpos($path, '..') === false) { $url .= '/' . ltrim($path, '/'); } return apply_filters('site_url', $url, $path, $orig_scheme); }
public function process_login() { do_action('popmake_alm_ajax_override_login'); $secure_cookie = false; if (!empty($_POST['log']) && !force_ssl_admin()) { $user_name = sanitize_user($_POST['log']); if ($user = get_user_by('login', $user_name)) { if (get_user_option('use_ssl', $user->ID)) { $secure_cookie = true; force_ssl_admin(true); } } } $user = wp_signon('', $secure_cookie); // Check the results of our login and provide the needed feedback if (is_wp_error($user)) { $response = array('success' => false, 'message' => __('Wrong Username or Password!', 'popup-maker-ajax-login-modals')); } else { $response = array('success' => true, 'message' => __('Login Successful!', 'popup-maker-ajax-login-modals')); } echo json_encode($response); die; }
function set_url_scheme($url, $scheme = null) { $orig_scheme = $scheme; if (!$scheme) { $scheme = is_ssl() ? 'https' : 'http'; } elseif ($scheme === 'admin' || $scheme === 'login' || $scheme === 'login_post' || $scheme === 'rpc') { $scheme = is_ssl() || force_ssl_admin() ? 'https' : 'http'; } elseif ($scheme !== 'http' && $scheme !== 'https' && $scheme !== 'relative') { $scheme = is_ssl() ? 'https' : 'http'; } $url = trim($url); if (substr($url, 0, 2) === '//') { $url = 'http:' . $url; } if ('relative' == $scheme) { $url = ltrim(preg_replace('#^\\w+://[^/]*#', '', $url)); if ($url !== '' && $url[0] === '/') { $url = '/' . ltrim($url, "/ \t\n\r\v"); } } else { $url = preg_replace('#^\\w+://#', $scheme . '://', $url); } return apply_filters('set_url_scheme', $url, $scheme, $orig_scheme); }
/** * Set the scheme for a URL * * @since 3.4.0 * * @param string $url Absolute url that includes a scheme * @param string $scheme Optional. Scheme to give $url. Currently 'http', 'https', 'login', 'login_post', 'admin', or 'relative'. * @return string $url URL with chosen scheme. */ function set_url_scheme($url, $scheme = null) { $orig_scheme = $scheme; if (!$scheme) { $scheme = is_ssl() ? 'https' : 'http'; } elseif ($scheme === 'admin' || $scheme === 'login' || $scheme === 'login_post' || $scheme === 'rpc') { $scheme = is_ssl() || force_ssl_admin() ? 'https' : 'http'; } elseif ($scheme !== 'http' && $scheme !== 'https' && $scheme !== 'relative') { $scheme = is_ssl() ? 'https' : 'http'; } $url = trim($url); if (substr($url, 0, 2) === '//') { $url = 'http:' . $url; } if ('relative' == $scheme) { $url = ltrim(preg_replace('#^\\w+://[^/]*#', '', $url)); if ($url !== '' && $url[0] === '/') { $url = '/' . ltrim($url, "/ \t\n\r\v"); } } else { $url = preg_replace('#^\\w+://#', $scheme . '://', $url); } /** * Filter the resulting URL after setting the scheme. * * @since 3.4.0 * * @param string $url The complete URL including scheme and path. * @param string $scheme Scheme applied to the URL. One of 'http', 'https', or 'relative'. * @param string $orig_scheme Scheme requested for the URL. One of 'http', 'https', 'login', * 'login_post', 'admin', 'rpc', or 'relative'. */ return apply_filters('set_url_scheme', $url, $scheme, $orig_scheme); }
login_footer('user_login'); break; case 'login': default: $secure_cookie = ''; $customize_login = isset($_REQUEST['customize-login']); if ($customize_login) { wp_enqueue_script('customize-base'); } // If the user wants ssl but the session is not ssl, force a secure cookie. if (!empty($_POST['log']) && !force_ssl_admin()) { $user_name = sanitize_user($_POST['log']); if ($user = get_user_by('login', $user_name)) { if (get_user_option('use_ssl', $user->ID)) { $secure_cookie = true; force_ssl_admin(true); } } } if (isset($_REQUEST['redirect_to'])) { $redirect_to = $_REQUEST['redirect_to']; // Redirect to https if user wants ssl if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) { $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to); } } else { $redirect_to = admin_url(); } $reauth = empty($_REQUEST['reauth']) ? false : true; $user = wp_signon('', $secure_cookie); if (empty($_COOKIE[LOGGED_IN_COOKIE])) {
/** * Proccesses the request * * Callback for "template_redirect" hook in template-loader.php * * @since 6.3 * @access public */ public function template_redirect() { $this->request_action = isset($_REQUEST['action']) ? sanitize_key($_REQUEST['action']) : ''; if (!$this->request_action && self::is_tml_page()) { $this->request_action = self::get_page_action(get_the_id()); } $this->request_instance = isset($_REQUEST['instance']) ? sanitize_key($_REQUEST['instance']) : 0; do_action_ref_array('tml_request', array(&$this)); // allow plugins to override the default actions, and to add extra actions if they want do_action('login_form_' . $this->request_action); if (has_action('tml_request_' . $this->request_action)) { do_action_ref_array('tml_request_' . $this->request_action, array(&$this)); } else { $http_post = 'POST' == $_SERVER['REQUEST_METHOD']; switch ($this->request_action) { case 'postpass': if (!array_key_exists('post_password', $_POST)) { wp_safe_redirect(wp_get_referer()); exit; } require_once ABSPATH . 'wp-includes/class-phpass.php'; $hasher = new PasswordHash(8, true); $expire = apply_filters('post_password_expires', time() + 10 * DAY_IN_SECONDS); if ($referer) { $secure = 'https' === parse_url($referer, PHP_URL_SCHEME); } else { $secure = false; } setcookie('wp-postpass_' . COOKIEHASH, $hasher->HashPassword(wp_unslash($_POST['post_password'])), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure); wp_safe_redirect(wp_get_referer()); exit; break; case 'logout': check_admin_referer('log-out'); $user = wp_get_current_user(); wp_logout(); if (!empty($_REQUEST['redirect_to'])) { $redirect_to = $requested_redirect_to = $_REQUEST['redirect_to']; } else { $redirect_to = site_url('wp-login.php?loggedout=true'); $requested_redirect_to = ''; } $redirect_to = apply_filters('logout_redirect', $redirect_to, $requested_redirect_to, $user); wp_safe_redirect($redirect_to); exit; break; case 'lostpassword': case 'retrievepassword': if ($http_post) { $this->errors = self::retrieve_password(); if (!is_wp_error($this->errors)) { $redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : site_url('wp-login.php?checkemail=confirm'); wp_safe_redirect($redirect_to); exit; } } if (isset($_REQUEST['error'])) { if ('invalidkey' == $_REQUEST['error']) { $this->errors->add('invalidkey', __('Your password reset link appears to be invalid. Please request a new link below.', 'theme-my-login')); } elseif ('expiredkey' == $_REQUEST['error']) { $this->errors->add('expiredkey', __('Your password reset link has expired. Please request a new link below.', 'theme-my-login')); } } do_action('lost_password'); break; case 'resetpass': case 'rp': // Dirty hack for now global $rp_login, $rp_key; list($rp_path) = explode('?', wp_unslash($_SERVER['REQUEST_URI'])); $rp_cookie = 'wp-resetpass-' . COOKIEHASH; if (isset($_GET['key'])) { $value = sprintf('%s:%s', wp_unslash($_GET['login']), wp_unslash($_GET['key'])); setcookie($rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true); wp_safe_redirect(remove_query_arg(array('key', 'login'))); exit; } if (isset($_COOKIE[$rp_cookie]) && 0 < strpos($_COOKIE[$rp_cookie], ':')) { list($rp_login, $rp_key) = explode(':', wp_unslash($_COOKIE[$rp_cookie]), 2); $user = check_password_reset_key($rp_key, $rp_login); if (isset($_POST['pass1']) && !hash_equals($rp_key, $_POST['rp_key'])) { $user = false; } } else { $user = false; } if (!$user || is_wp_error($user)) { setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true); if ($user && $user->get_error_code() === 'expired_key') { wp_redirect(site_url('wp-login.php?action=lostpassword&error=expiredkey')); } else { wp_redirect(site_url('wp-login.php?action=lostpassword&error=invalidkey')); } exit; } if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) { $this->errors->add('password_reset_mismatch', __('The passwords do not match.', 'theme-my-login')); } do_action('validate_password_reset', $this->errors, $user); if (!$this->errors->get_error_code() && isset($_POST['pass1']) && !empty($_POST['pass1'])) { reset_password($user, $_POST['pass1']); setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true); $redirect_to = site_url('wp-login.php?resetpass=complete'); wp_safe_redirect($redirect_to); exit; } wp_enqueue_script('utils'); wp_enqueue_script('user-profile'); break; case 'register': if (!get_option('users_can_register')) { $redirect_to = site_url('wp-login.php?registration=disabled'); wp_redirect($redirect_to); exit; } $user_login = ''; $user_email = ''; if ($http_post) { if ('email' == $this->get_option('login_type')) { $user_login = isset($_POST['user_email']) ? $_POST['user_email'] : ''; } else { $user_login = isset($_POST['user_login']) ? $_POST['user_login'] : ''; } $user_email = isset($_POST['user_email']) ? $_POST['user_email'] : ''; $this->errors = register_new_user($user_login, $user_email); if (!is_wp_error($this->errors)) { $redirect_to = !empty($_POST['redirect_to']) ? $_POST['redirect_to'] : site_url('wp-login.php?checkemail=registered'); wp_safe_redirect($redirect_to); exit; } } break; case 'login': default: $secure_cookie = ''; $interim_login = isset($_REQUEST['interim-login']); // If the user wants ssl but the session is not ssl, force a secure cookie. if (!empty($_POST['log']) && !force_ssl_admin()) { $user_name = sanitize_user($_POST['log']); if ($user = get_user_by('login', $user_name)) { if (get_user_option('use_ssl', $user->ID)) { $secure_cookie = true; force_ssl_admin(true); } } } if (!empty($_REQUEST['redirect_to'])) { $redirect_to = $_REQUEST['redirect_to']; // Redirect to https if user wants ssl if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) { $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to); } } else { $redirect_to = admin_url(); } $reauth = empty($_REQUEST['reauth']) ? false : true; if ($http_post && isset($_POST['log'])) { $user = wp_signon('', $secure_cookie); $redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user); if (!is_wp_error($user) && !$reauth) { if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) { // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile. if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID)) { $redirect_to = user_admin_url(); } elseif (is_multisite() && !$user->has_cap('read')) { $redirect_to = get_dashboard_url($user->ID); } elseif (!$user->has_cap('edit_posts')) { $redirect_to = $user->has_cap('read') ? admin_url('profile.php') : home_url(); } } wp_safe_redirect($redirect_to); exit; } $this->errors = $user; } // Clear errors if loggedout is set. if (!empty($_GET['loggedout']) || $reauth) { $this->errors = new WP_Error(); } // Some parts of this script use the main login form to display a message if (isset($_GET['loggedout']) && true == $_GET['loggedout']) { $this->errors->add('loggedout', __('You are now logged out.', 'theme-my-login'), 'message'); } elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) { $this->errors->add('registerdisabled', __('User registration is currently not allowed.', 'theme-my-login')); } elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) { $this->errors->add('confirm', __('Check your e-mail for the confirmation link.', 'theme-my-login'), 'message'); } elseif (isset($_GET['resetpass']) && 'complete' == $_GET['resetpass']) { $this->errors->add('password_reset', __('Your password has been reset.', 'theme-my-login'), 'message'); } elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) { $this->errors->add('registered', __('Registration complete. Please check your e-mail.', 'theme-my-login'), 'message'); } elseif ($interim_login) { $this->errors->add('expired', __('Your session has expired. Please log-in again.', 'theme-my-login'), 'message'); } elseif (strpos($redirect_to, 'about.php?updated')) { $this->errors->add('updated', __('<strong>You have successfully updated WordPress!</strong> Please log back in to experience the awesomeness.', 'theme-my-login'), 'message'); } elseif ($reauth) { $this->errors->add('reauth', __('Please log in to continue.', 'theme-my-login'), 'message'); } // Clear any stale cookies. if ($reauth) { wp_clear_auth_cookie(); } break; } // end switch } // endif has_filter() }
/** * Whether SSL login should be forced. * * @since 2.6.0 * * @see force_ssl_admin() * * @param string|bool $force Optional Whether to force SSL login. Default null. * @return bool True if forced, false if not forced. */ function force_ssl_login($force = null) { return force_ssl_admin($force); }
/** * Checks if a user is logged in, if not it redirects them to the login page. * * @since 1.5.0 */ function auth_redirect() { // Checks if a user is logged in, if not redirects them to the login page $secure = is_ssl() || force_ssl_admin(); /** * Filter whether to use a secure authentication redirect. * * @since 3.1.0 * * @param bool $secure Whether to use a secure authentication redirect. Default false. */ $secure = apply_filters('secure_auth_redirect', $secure); // If https is required and request is http, redirect if ($secure && !is_ssl() && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin')) { if (0 === strpos($_SERVER['REQUEST_URI'], 'http')) { wp_redirect(set_url_scheme($_SERVER['REQUEST_URI'], 'https')); exit; } else { wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); exit; } } if (is_user_admin()) { $scheme = 'logged_in'; } else { /** * Filter the authentication redirect scheme. * * @since 2.9.0 * * @param string $scheme Authentication redirect scheme. Default empty. */ $scheme = apply_filters('auth_redirect_scheme', ''); } if ($user_id = wp_validate_auth_cookie('', $scheme)) { /** * Fires before the authentication redirect. * * @since 2.8.0 * * @param int $user_id User ID. */ do_action('auth_redirect', $user_id); // If the user wants ssl but the session is not ssl, redirect. if (!$secure && get_user_option('use_ssl', $user_id) && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin')) { if (0 === strpos($_SERVER['REQUEST_URI'], 'http')) { wp_redirect(set_url_scheme($_SERVER['REQUEST_URI'], 'https')); exit; } else { wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); exit; } } return; // The cookie is good so we're done } // The cookie is no good so force login nocache_headers(); $redirect = strpos($_SERVER['REQUEST_URI'], '/options.php') && wp_get_referer() ? wp_get_referer() : set_url_scheme('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); $login_url = wp_login_url($redirect, true); wp_redirect($login_url); exit; }