function jr_process_login_form() { global $posted; if (isset($_REQUEST['redirect_to'])) { $redirect_to = $_REQUEST['redirect_to']; } else { $redirect_to = admin_url(); } if (is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) { $secure_cookie = false; } else { $secure_cookie = ''; } $user = wp_signon('', $secure_cookie); $redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user); if (!is_wp_error($user)) { if (user_can($user, 'manage_options')) { $redirect_to = admin_url(); } wp_safe_redirect($redirect_to); exit; } $errors = $user; return $errors; }
function pmpro_besecure() { global $besecure, $post; //check the post option if (!is_admin() && !empty($post->ID) && !$besecure) { $besecure = get_post_meta($post->ID, "besecure", true); } //if forcing ssl on admin, be secure in admin and login page if (!$besecure && force_ssl_admin() && (is_admin() || pmpro_is_login_page())) { $besecure = true; } //if forcing ssl on login, be secure on the login page if (!$besecure && force_ssl_login() && pmpro_is_login_page()) { $besecure = true; } $besecure = apply_filters("pmpro_besecure", $besecure); $use_ssl = pmpro_getOption("use_ssl"); if ($use_ssl == 1) { if ($besecure && (empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == "off" || $_SERVER['HTTPS'] == "false")) { //need to be secure wp_redirect("https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); exit; } elseif (!$besecure && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != "off" && $_SERVER['HTTPS'] != "false") { //don't need to be secure wp_redirect("http://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); exit; } } }
function pmpro_login_redirect($redirect_to, $request, $user) { global $wpdb; //is a user logging in? if (!empty($user->ID)) { //logging in, let's figure out where to send them if (pmpro_isAdmin($user->ID)) { //admins go to dashboard $redirect_to = get_bloginfo("url") . "/wp-admin/"; } elseif (strpos($redirect_to, "checkout") !== false) { //if the redirect url includes the word checkout, leave it alone } elseif ($wpdb->get_var("SELECT membership_id FROM {$wpdb->pmpro_memberships_users} WHERE status = 'active' AND user_id = '" . $user->ID . "' LIMIT 1")) { //if logged in and a member, send to wherever they were going } else { //not a member, send to subscription page $redirect_to = pmpro_url("levels"); } } else { //not logging in (login form) so return what was given } //let's strip the https if force_ssl_login is set, but force_ssl_admin is not if (force_ssl_login() && !force_ssl_admin()) { $redirect_to = str_replace("https:", "http:", $redirect_to); } return apply_filters("pmpro_login_redirect_url", $redirect_to, $request, $user); }
function app_process_login_form() { global $posted; if (isset($_REQUEST['redirect_to'])) { $redirect_to = $_REQUEST['redirect_to']; } else { $redirect_to = admin_url(); } if (is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) { $secure_cookie = false; } else { $secure_cookie = ''; } $user = wp_signon('', $secure_cookie); $redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user); if (!is_wp_error($user)) { // automatically redirect admins to the WP back-end if (user_can($user, 'manage_options')) { $redirect_to = admin_url('admin.php?page=admin-options.php'); } // otherwise redirect them to the hidden post url wp_safe_redirect($redirect_to); exit; } $errors = $user; return $errors; }
/** * Sets the URL to https or http, depending on availability and related WP config settings/APIs. * * @since 4.2 * * @param $url string * * @return string */ public function set_url_scheme($url) { $current_user = get_current_user(); if (function_exists('force_ssl_admin') && force_ssl_admin() || function_exists('force_ssl_login') && force_ssl_login() || function_exists('force_ssl_content') && force_ssl_content() || function_exists('is_ssl') && is_ssl() || !empty($current_user->use_ssl)) { return set_url_scheme($url, 'https'); } return set_url_scheme($url, 'http'); }
function wc_yotpo_redirect() { if (get_option('wc_yotpo_just_installed', false)) { delete_option('wc_yotpo_just_installed'); wp_redirect(is_ssl() || force_ssl_admin() || force_ssl_login() ? str_replace('http:', 'https:', admin_url('admin.php?page=woocommerce-yotpo-settings-page')) : str_replace('https:', 'http:', admin_url('admin.php?page=woocommerce-yotpo-settings-page'))); exit; } }
/** * Process ajax login * * @access public * @return void */ function woocommerce_sidebar_login_ajax_process() { check_ajax_referer('woocommerce-sidebar-login-action', 'security'); // Get post data $creds = array(); $creds['user_login'] = esc_attr($_REQUEST['user_login']); $creds['user_password'] = esc_attr($_REQUEST['user_password']); $creds['remember'] = 'forever'; $redirect_to = esc_attr($_REQUEST['redirect_to']); // Check for Secure Cookie $secure_cookie = ''; // If the user wants ssl but the session is not ssl, force a secure cookie. if (!force_ssl_admin()) { $user_name = sanitize_user($creds['user_login']); if ($user = get_user_by('login', $user_name)) { if (get_user_option('use_ssl', $user->ID)) { $secure_cookie = true; force_ssl_admin(true); } } } if (force_ssl_admin()) { $secure_cookie = true; } if ($secure_cookie == '' && force_ssl_login()) { $secure_cookie = false; } // Login $user = wp_signon($creds, $secure_cookie); // Redirect filter if ($secure_cookie && strstr($redirect_to, 'wp-admin')) { $redirect_to = str_replace('http:', 'https:', $redirect_to); } // Result $result = array(); if (!is_wp_error($user)) { $result['success'] = 1; $result['redirect'] = $redirect_to; } else { $result['success'] = 0; if ($user->errors) { foreach ($user->errors as $error) { $result['error'] = $error[0]; break; } } else { $result['error'] = __('Please enter your username and password to login.', 'woocommerce'); } } header('content-type: application/json; charset=utf-8'); echo $_GET['callback'] . '(' . json_encode($result) . ')'; die; }
function woocommerce_sidebar_login_ajax_process() { check_ajax_referer('woocommerce-sidebar-login-action', 'security'); // Get post data $creds = array(); $creds['user_login'] = esc_attr($_POST['user_login']); $creds['user_password'] = esc_attr($_POST['user_password']); $creds['remember'] = 'forever'; $redirect_to = esc_attr($_POST['redirect_to']); // Check for Secure Cookie $secure_cookie = ''; // If the user wants ssl but the session is not ssl, force a secure cookie. if (!empty($_POST['log']) && !force_ssl_admin()) { $user_name = sanitize_user($_POST['log']); if ($user = get_user_by('login', $user_name)) { if (get_user_option('use_ssl', $user->ID)) { $secure_cookie = true; force_ssl_admin(true); } } } if (!$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) { $secure_cookie = false; } // Login $user = wp_signon($creds, $secure_cookie); // Redirect filter if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) { $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to); } // Result $result = array(); if (!is_wp_error($user)) { $result['success'] = 1; $result['redirect'] = $redirect_to; } else { $result['success'] = 0; foreach ($user->errors as $error) { $result['error'] = $error[0]; break; } } echo json_encode($result); die; }
/** */ public function run() { if ($this->getIsOption('disable_file_editing', 'Y')) { if (!defined('DISALLOW_FILE_EDIT')) { define('DISALLOW_FILE_EDIT', true); } add_filter('user_has_cap', array($this, 'disableFileEditing'), 0, 3); } $sWpVersionMask = $this->getOption('mask_wordpress_version'); if (!empty($sWpVersionMask)) { global $wp_version; $wp_version = $sWpVersionMask; // add_filter( 'bloginfo', array( $this, 'maskWordpressVersion' ), 1, 2 ); // add_filter( 'bloginfo_url', array( $this, 'maskWordpressVersion' ), 1, 2 ); } if (false && $this->getOption('action_reset_auth_salts') == 'Y') { add_action('init', array($this, 'resetAuthKeysSalts'), 1); } if ($this->getIsOption('force_ssl_login', 'Y') && function_exists('force_ssl_login')) { if (!defined('FORCE_SSL_LOGIN')) { define('FORCE_SSL_LOGIN', true); } force_ssl_login(true); } if ($this->getIsOption('force_ssl_admin', 'Y') && function_exists('force_ssl_admin')) { if (!defined('FORCE_SSL_ADMIN')) { define('FORCE_SSL_ADMIN', true); } force_ssl_admin(true); } if ($this->getIsOption('hide_wordpress_generator_tag', 'Y')) { remove_action('wp_head', 'wp_generator'); } if ($this->getIsOption('block_author_discovery', 'Y')) { // jump in right before add_action( 'template_redirect', 'redirect_canonical' ); add_action('wp', array($this, 'interceptCanonicalRedirects'), 9); } if ($this->getIsOption('disable_xmlrpc', 'Y')) { add_filter('xmlrpc_enabled', '__return_false', 1000); } }
function site_url($path = '', $scheme = null) { // should the list of allowed schemes be maintained elsewhere? $orig_scheme = $scheme; if (!in_array($scheme, array('http', 'https'))) { if ('login_post' == $scheme && (force_ssl_login() || force_ssl_admin())) { $scheme = 'https'; } elseif ('login' == $scheme && force_ssl_admin()) { $scheme = 'https'; } elseif ('admin' == $scheme && force_ssl_admin()) { $scheme = 'https'; } else { $scheme = is_ssl() ? 'https' : 'http'; } } $url = str_replace('http://', "{$scheme}://", get_option('siteurl')); if (!empty($path) && is_string($path) && strpos($path, '..') === false) { $url .= '/' . ltrim($path, '/'); } return apply_filters('site_url', $url, $path, $orig_scheme); }
function process_form() { $this->error = new WP_Error(); if (is_user_logged_in()) { do_action('app_login'); } if (!isset($_POST['login'])) { return; } if (empty($_POST['log'])) { $this->error->add('empty_username', __('<strong>ERROR</strong>: The username field is empty.', APP_TD)); } if (empty($_POST['pwd'])) { $this->error->add('empty_password', __('<strong>ERROR</strong>: The password field is empty.', APP_TD)); } if ($this->error->get_error_code()) { return; } if (isset($_REQUEST['redirect_to'])) { $redirect_to = $_REQUEST['redirect_to']; } else { $redirect_to = admin_url('index.php'); } if (is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) { $secure_cookie = false; } else { $secure_cookie = ''; } $user = wp_signon('', $secure_cookie); $redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user); if (!is_wp_error($user)) { wp_safe_redirect($redirect_to); exit; } $this->error = $user; }
protected function calculate_instructions_url($refresh = 'n') { return add_query_arg(array('garedirect' => urlencode($this->get_login_url()), 'gaorigin' => urlencode((is_ssl() || force_ssl_login() || force_ssl_admin() ? 'https://' : 'http://') . $_SERVER['HTTP_HOST'] . '/'), 'ganotms' => is_multisite() ? 'false' : 'true', 'gar' => urlencode($refresh), 'utm_source' => 'Admin%20Instructions', 'utm_medium' => 'freemium', 'utm_campaign' => 'Freemium'), $this->get_wpglogincom_baseurl()); }
/** * Retrieve the site url for the current network. * * Returns the site url with the appropriate protocol, 'https' if * is_ssl() and 'http' otherwise. If $scheme is 'http' or 'https', is_ssl() is * overridden. * * @package WordPress * @since 3.0.0 * * @param string $path Optional. Path relative to the site url. * @param string $scheme Optional. Scheme to give the site url context. Currently 'http','https', 'login', 'login_post', or 'admin'. * @return string Site url link with optional path appended. */ function network_site_url($path = '', $scheme = null) { global $current_site; if (!is_multisite()) { return site_url($path, $scheme); } $orig_scheme = $scheme; if (!in_array($scheme, array('http', 'https'))) { if (('login_post' == $scheme || 'rpc' == $scheme) && (force_ssl_login() || force_ssl_admin())) { $scheme = 'https'; } elseif ('login' == $scheme && force_ssl_admin()) { $scheme = 'https'; } elseif ('admin' == $scheme && force_ssl_admin()) { $scheme = 'https'; } else { $scheme = is_ssl() ? 'https' : 'http'; } } $url = $scheme . '://' . $current_site->domain . $current_site->path; if (!empty($path) && is_string($path) && strpos($path, '..') === false) { $url .= ltrim($path, '/'); } return apply_filters('network_site_url', $url, $path, $orig_scheme); }
/** * Set the scheme for a URL * * @since 3.4.0 * * @param string $url Absolute url that includes a scheme * @param string $scheme Optional. Scheme to give $url. Currently 'http', 'https', 'login', 'login_post', 'admin', or 'relative'. * @return string $url URL with chosen scheme. */ function set_url_scheme($url, $scheme = null) { $orig_scheme = $scheme; if (!in_array($scheme, array('http', 'https', 'relative'))) { if (('login_post' == $scheme || 'rpc' == $scheme) && (force_ssl_login() || force_ssl_admin())) { $scheme = 'https'; } elseif ('login' == $scheme && force_ssl_admin()) { $scheme = 'https'; } elseif ('admin' == $scheme && force_ssl_admin()) { $scheme = 'https'; } else { $scheme = is_ssl() ? 'https' : 'http'; } } if ('relative' == $scheme) { $url = preg_replace('#^.+://[^/]*#', '', $url); } else { $url = preg_replace('#^.+://#', $scheme . '://', $url); } return apply_filters('set_url_scheme', $url, $scheme, $orig_scheme); }
function bb_set_auth_cookie($user_id, $remember = false, $schemes = false) { global $wp_auth_object; if ($remember) { $expiration = $expire = time() + 1209600; } else { $expiration = time() + 172800; $expire = 0; } if (true === $schemes) { $schemes = array('secure_auth', 'logged_in'); } elseif (!is_array($schemes)) { $schemes = array(); if (force_ssl_login() || force_ssl_admin()) { $schemes[] = 'secure_auth'; } if (!(force_ssl_login() && force_ssl_admin())) { $schemes[] = 'auth'; } $schemes[] = 'logged_in'; } $schemes = array_unique($schemes); foreach ($schemes as $scheme) { $wp_auth_object->set_auth_cookie($user_id, $expiration, $expire, $scheme); } }
/** * This method checks to see if SSL is required by the site in * order to visit it in some way other than only setting the * https value in the home or siteurl values. * * @since 3.2 * @return boolean **/ private function is_ssl_required_to_visit_site() { $ssl = is_ssl(); if (force_ssl_login()) { $ssl = true; } else { if (force_ssl_admin()) { $ssl = true; } } return $ssl; }
/** * This method checks to see if SSL is required by the site in * order to visit it in some way other than only setting the * https value in the home or siteurl values. * * @since 3.2 * @return boolean **/ private function is_ssl_required_to_visit_site() { global $wp_version; $ssl = is_ssl(); if (version_compare($wp_version, '4.4-alpha', '<=') && force_ssl_login()) { // force_ssl_login deprecated WP 4.4. $ssl = true; } else { if (force_ssl_admin()) { $ssl = true; } } return $ssl; }
function bb_force_ssl_user_forms($force = '') { bb_log_deprecated('function', __FUNCTION__, 'force_ssl_login'); return force_ssl_login($force); }
/** * Handles user Authentication actions Ex. login, register, logout etc. * * @since 1.0.0 * @since 1.5.7 It allows login by email also if site is using SSL. * @package GeoDirectory * @global object $errors WordPress Error object. */ function geodir_user_signup() { global $errors; $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'login'; $errors = new WP_Error(); if (isset($_GET['key'])) { $action = 'resetpass'; } // validate action so as to default to the login screen if (!in_array($action, array('logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login')) && false === has_filter('login_form_' . $action)) { $action = 'login'; } nocache_headers(); if (defined('RELOCATE')) { // Move flag is set if (isset($_SERVER['PATH_INFO']) && $_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) { $_SERVER['PHP_SELF'] = str_replace($_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF']); } $schema = isset($_SERVER['HTTPS']) && geodir_strtolower($_SERVER['HTTPS']) == 'on' ? 'https://' : 'http://'; if (dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != home_url()) { update_option('siteurl', dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'])); } } //Set a cookie now to see if they are supported by the browser. //setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN); if (SITECOOKIEPATH != COOKIEPATH) { setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN); } /** * Allow plugins to override the default actions, and to add extra actions if they want on the register/signin page. * * Used dynamic hook login_form_$action * * @since 1.0.0 */ do_action('login_form_' . $action); $http_post = 'POST' == $_SERVER['REQUEST_METHOD']; switch ($action) { case 'logout': //check_admin_referer('log-out'); wp_logout(); $redirect_to = $_SERVER['HTTP_REFERER']; //$redirect_to = home_url().'/?ptype=login&loggedout=true'; if (isset($_REQUEST['redirect_to'])) { $redirect_to = $_REQUEST['redirect_to']; } $redirect_to = home_url(); wp_safe_redirect($redirect_to); exit; break; case 'lostpassword': case 'retrievepassword': if ($http_post) { $errors = geodir_retrieve_password(); $error_message = isset($errors->errors['invalid_email'][0]) ? $errors->errors['invalid_email'][0] : ''; if (!is_wp_error($errors)) { wp_redirect(geodir_login_url(array('checkemail' => 'confirm'))); exit; } else { wp_redirect(geodir_login_url(array('emsg' => 'fw'))); exit; } } if (isset($_GET['error']) && 'invalidkey' == $_GET['error']) { $errors->add('invalidkey', __('Sorry, that key does not appear to be valid.', 'geodirectory')); } /** * Called in the geodir_user_signup() function during the lostpassword case. * * @since 1.0.0 */ do_action('lost_password'); $message = '<div class="sucess_msg">' . ENTER_USER_EMAIL_NEW_PW_MSG . '</div>'; $user_login = isset($_POST['user_login']) ? stripslashes($_POST['user_login']) : ''; break; case 'resetpass': case 'rp': $errors = reset_password($_GET['key'], $_GET['login']); if (!is_wp_error($errors)) { wp_redirect(geodir_login_url(array('checkemail' => 'newpass'))); exit; } wp_redirect(geodir_login_url(array('error' => 'invalidkey', 'action' => 'lostpassword'))); exit; break; case 'register': ############################### fix by Stiofan - HebTech.co.uk ### SECURITY FIX ############################## if (!get_option('users_can_register')) { wp_redirect(geodir_login_url(array('emsg' => 'regnewusr'))); exit; } ############################### fix by Stiofan - HebTech.co.uk ### SECURITY FIX ############################## global $user_email, $user_fname; $user_login = ''; $user_email = ''; if ($http_post) { $user_login = $_POST['user_email']; $user_email = $_POST['user_email']; $user_fname = $_POST['user_fname']; $errors = geodir_register_new_user($user_login, $user_email); /* display error in registration form */ if (is_wp_error($errors)) { $error_code = $errors->get_error_code(); $error_message = $errors->get_error_message($error_code); if (!isset($_POST['user_login']) && ($error_code == 'empty_username' || $error_code == 'invalid_username' || $error_code == 'username_exists')) { if ($error_code == 'empty_username') { $error_code = 'empty_email'; } else { if ($error_code == 'invalid_username') { $error_code = 'invalid_email'; } else { if ($error_code == 'username_exists') { $error_code = 'email_exists'; } } } $error_message = $errors->get_error_message($error_code); } global $geodir_signup_error; $geodir_signup_error = $error_message; } if (!is_wp_error($errors)) { $_POST['log'] = $user_login; $_POST['pwd'] = $errors[1]; $_POST['testcookie'] = 1; $secure_cookie = ''; // If the user wants ssl but the session is not ssl, force a secure cookie. if (!empty($_POST['log'])) { $user_name = sanitize_user($_POST['log']); if ($user = get_user_by('email', $user_name)) { if (get_user_option('use_ssl', $user->ID)) { $secure_cookie = true; force_ssl_admin(true); } } } $redirect_to = $_REQUEST['redirect_to']; if (!isset($_REQUEST['redirect_to']) || $_REQUEST['redirect_to'] == '') { if (isset($_SERVER['HTTP_REFERER']) && strstr($_SERVER['HTTP_REFERER'], home_url())) { $redirect_to = $_SERVER['HTTP_REFERER']; } else { $redirect_to = home_url(); } } if (isset($_REQUEST['redirect_add_listing']) && $_REQUEST['redirect_add_listing'] != '') { $redirect_to = $_REQUEST['redirect_add_listing']; } if (!$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) { $secure_cookie = false; } $user = wp_signon('', $secure_cookie); $requested_redirect_to = isset($_REQUEST['redirect_add_listing']) && $_REQUEST['redirect_add_listing'] != '' ? $_REQUEST['redirect_add_listing'] : (isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : ''); /** * Filter the login redirect URL. * * @since 1.4.9 * @param string $redirect_to The redirect destination URL. * @param string $requested_redirect_to The requested redirect destination URL passed as a parameter. * @param WP_User|WP_Error $user WP_User object if login was successful, WP_Error object otherwise. */ $redirect_to = apply_filters('login_redirect', $redirect_to, $requested_redirect_to, $user); if (!is_wp_error($user)) { wp_safe_redirect($redirect_to); exit; } exit; } } break; case 'login': default: $secure_cookie = ''; if (!empty($_POST['log'])) { $user_name = sanitize_user($_POST['log']); if ($user = get_user_by('login', $user_name)) { if (get_user_option('use_ssl', $user->ID)) { $secure_cookie = true; force_ssl_admin(true); } } elseif ($user = get_user_by('email', $user_name)) { $_POST['log'] = $user->user_login; // If signing in by email, set the username for normal WP login if (get_user_option('use_ssl', $user->ID)) { $secure_cookie = true; force_ssl_admin(true); } } } /////////////////////////// if (isset($_REQUEST['redirect_add_listing'])) { $_REQUEST['redirect_to'] = $_REQUEST['redirect_add_listing']; } if (!isset($_REQUEST['redirect_to']) || $_REQUEST['redirect_to'] == '') { if (is_user_logged_in()) { $user_ID = isset($user->ID) ? $user->ID : ''; $author_link = get_author_posts_url($user_ID); $default_author_link = geodir_getlink($author_link, array('geodir_dashbord' => 'true', 'stype' => 'gd_place'), false); /** * Filter the author link. * * @since 1.0.0 * * @param string $default_author_link Default author link. * @param int $user_ID The user ID. */ $default_author_link = apply_filters('geodir_dashboard_author_link', $default_author_link, $user_ID); $_REQUEST['redirect_to'] = $default_author_link; } else { $_REQUEST['redirect_to'] = home_url(); } } if (isset($_REQUEST['redirect_to'])) { $redirect_to = $_REQUEST['redirect_to']; // Redirect to https if user wants ssl if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) { $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to); } } else { $redirect_to = admin_url(); } if (!$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) { $secure_cookie = false; } $user = wp_signon('', $secure_cookie); /** * Filter the login redirect URL. * * @since 1.4.9 * @param string $redirect_to The redirect destination URL. * @param WP_User|WP_Error $user WP_User object if login was successful, WP_Error object otherwise. */ $redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user); if (is_wp_error($user)) { if (isset($_SERVER['HTTP_REFERER']) && strstr($_SERVER['HTTP_REFERER'], 'ptype=property_submit') && $_POST['log'] != '' && $_POST['pwd'] != '') { wp_redirect($_SERVER['HTTP_REFERER'] . '&emsg=1'); } } if (!is_wp_error($user)) { // Some servers are not logging the user in properly after wp_signon, se we set the user here. //wp_set_current_user($user->ID); //echo '###';exit; if ($redirect_to) { wp_redirect($redirect_to); } else { wp_redirect(home_url()); } exit; } $errors = $user; // Clear errors if loggedout is set. if (!empty($_GET['loggedout'])) { $errors = new WP_Error(); } // If cookies are disabled we can't log in even with a valid user+pass if (isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE])) { $errors->add('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress.", 'geodirectory')); } // Some parts of this script use the main login form to display a message if (isset($_GET['loggedout']) && TRUE == $_GET['loggedout']) { $successmsg = '<div class="sucess_msg">' . YOU_ARE_LOGED_OUT_MSG . '</div>'; } elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) { $successmsg = USER_REG_NOT_ALLOW_MSG; } elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) { $successmsg = EMAIL_CONFIRM_LINK_MSG; } elseif (isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail']) { $successmsg = NEW_PW_EMAIL_MSG; } elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) { $successmsg = REG_COMPLETE_MSG; } if (isset($_POST['log']) && $_POST['log'] != '' && $errors || (!isset($_POST['log']) || $_POST['log'] == '') && isset($_REQUEST['testcookie']) && $_REQUEST['testcookie']) { if (isset($_REQUEST['pagetype']) && $_REQUEST['pagetype'] != '') { wp_redirect($_REQUEST['pagetype'] . '&emsg=1'); } else { wp_redirect(geodir_login_url(array('logemsg' => '1', 'redirect_to' => urlencode($_REQUEST['redirect_to'])))); } exit; } break; } // end action switch }
/** * Settings page in admin panel * * @param none * @return void */ function settings() { if (!current_user_can('manage_options')) { wp_die(__('You do not have sufficient permissions to access this page.')); } if ($_SERVER['REQUEST_METHOD'] === 'POST') { $errors = array(); foreach ($this->options_default as $key => $default) { if (!array_key_exists($key, $_POST) && $default == 0) { $_POST[$key] = 0; update_option($key, $_POST[$key]); } else { if ($key == 'espresso-https_sharedssl_host') { if (isset($_POST[$key])) { $url = parse_url($_POST[$key]); } if (sizeof($url) > 1) { $_POST[$key] = 'https://' . $url['host'] . @$url['path']; if (substr($_POST[$key], -1, 1) == '/') { $_POST[$key] = substr($_POST[$key], 0, strlen($_POST[$key]) - 1); } } else { if ($_POST['espresso-https_sharedssl'] == 1) { $errors[] = '<strong>Shared SSL Host</strong> - Invalid host.'; update_option('espresso-https_sharedssl', 0); } } } else { if ($key == 'espresso-https_sharedssl_admin') { if (force_ssl_admin() || force_ssl_login()) { $errors[] = '<strong>Shared SSL Admin</strong> - FORCE_SSL_ADMIN and FORCE_SSL_LOGIN can not be set to true in your wp-config.php.'; $_POST[$key] = 0; } } else { if ($key == 'espresso-https_externalurls' && @ini_get('allow_url_fopen') != 1) { $errors[] = '<strong>External HTTPS Elements</strong> - PHP configuration error: allow_url_fopen must be enabled.'; $_POST[$key] = 0; } else { if ($key == 'espresso-https_disable_autohttps' && version_compare(get_bloginfo('version'), '3.0', '<')) { $_POST[$key] = 0; } } } } update_option($key, $_POST[$key]); } } if (array_key_exists('ajax', $_POST)) { while (@ob_end_clean()) { } ob_start(); if (sizeof($errors) > 0) { echo "<div class=\"error below-h2 fade\" id=\"message\">\n\t<ul>\n"; foreach ($errors as $error) { echo "\t\t<li><p>" . $error . "</p></li>\n"; } echo "\t</ul>\n</div>\n"; } else { echo "<div class=\"updated below-h2 fade\" id=\"message\"><p>" . __('Settings saved.', 'event_espresso') . "</p></div>\n"; } exit; } } ?> <div class="wrap"> <div id="icon-options-event" class="icon32"> </div> <h2><?php _e('Event Espresso HTTPS Settings', 'event_espresso'); ?> </h2> <?php if ($_SERVER['REQUEST_METHOD'] === 'POST') { if (sizeof($errors) > 0) { echo "<div class=\"error below-h2 fade\" id=\"message\">\n\t<ul>\n"; foreach ($errors as $error) { echo "\t\t<li><p>" . $error . "</p></li>\n"; } echo "\t</ul>\n</div>\n"; } else { echo "\t\t<div class=\"updated below-h2 fade\" id=\"message\"><p>" . __('Settings saved.', 'event_espresso') . "</p></div>\n"; } } else { echo "\t<div id=\"message-wrap\"><div id=\"message-body\"></div></div>\n"; } //do_action('espresso_right_column'); ?> <div id="eehttps-main"> <div id="post-body"> <form name="form" id="espresso-https" action="admin.php?page=espresso_https" method="post"> <?php settings_fields('espresso-https'); ?> <fieldset> <label for="espresso-https_internalurls"><input name="espresso-https_internalurls" type="checkbox" id="espresso-https_internalurls" value="1"<?php echo get_option('espresso-https_internalurls') ? ' checked="checked"' : ''; ?> /> <strong>Internal HTTPS Elements</strong></label> <p><?php _e('Force internal elements to HTTPS when viewing a secure page.', 'event_espresso'); ?> </p> <p class="description"><?php _e('Fixes most partially encrypted errors.', 'event_espresso'); ?> </p> </fieldset> <fieldset> <label for="espresso-https_externalurls"><input name="espresso-https_externalurls" type="checkbox" id="espresso-https_externalurls" value="1"<?php echo get_option('espresso-https_externalurls') ? ' checked="checked"' : ''; ?> /> <strong><?php _e('External HTTPS Elements', 'event_espresso'); ?> </strong></label> <p><?php _e('Attempt to automatically force external elements to HTTPS when viewing a secure page. External elements are any element not hosted on your domain.', 'event_espresso'); ?> </p> <p class="description"><?php _e('Warning: This option checks that the external element can be loaded via HTTPS while the page is loading. Depending on the amount of external elements, this could affect the load times of your pages.', 'event_espresso'); ?> </p> </fieldset> <fieldset> <label for="espresso-https_bypass"><input name="espresso-https_bypass" type="checkbox" id="espresso-https_bypass" value="1"<?php echo get_option('espresso-https_bypass') ? ' checked="checked"' : ''; ?> /> <strong>Bypass External Check</strong></label> <p><?php _e('Disable the option to check if an external element can be loaded over HTTPS.', 'event_espresso'); ?> </p> <p class="description"><?php _e('Warning: Bypassing the HTTPS check for external elements may cause elements to not load at all. Only enable this option if you know that all external elements can be loaded over HTTPS.', 'event_espresso'); ?> </p> </fieldset> <?php if (version_compare(get_bloginfo('version'), '3.0', '>=')) { ?> <fieldset> <label for="espresso-https_disable_autohttps"><input name="espresso-https_disable_autohttps" type="checkbox" id="espresso-https_disable_autohttps" value="1"<?php echo get_option('espresso-https_disable_autohttps') ? ' checked="checked"' : ''; ?> /> <strong>Disable Automatic HTTPS</strong></label> <p><?php _e('Prevents WordPress 3.0+ from making all links HTTPS when viewing a secure page.', 'event_espresso'); ?> </p> <p class="description"><?php _e('When a page is viewed via HTTPS in WordPress 3.0+, all internal page, category and post links are forced to HTTPS. This option will disable that.', 'event_espresso'); ?> </p> </fieldset> <?php } ?> <fieldset> <label for="espresso-https_exclusive_https"><input name="espresso-https_exclusive_https" type="checkbox" id="espresso-https_exclusive_https" value="1"<?php echo get_option('espresso-https_exclusive_https') ? ' checked="checked"' : ''; ?> /> <strong><?php _e('Force SSL Exclusively', 'event_espresso'); ?> </strong></label> <p><?php _e('Exclusively force SSL on posts and pages with the \'Force SSL\' option checked. All others are redirected to HTTP.', 'event_espresso'); ?> </p> <p class="description"><?php _e('Espresso HTTPS adds a \'Force SSL\' checkbox to each post and page right above the publish button', 'event_espresso'); ?> (<a href="<?php echo $this->plugin_url; ?> /screenshot-2.png" class="thickbox"><?php _e('screenshot', 'event_espresso'); ?> </a>). <?php _e('When selected, the post or page will be forced to HTTPS. With this option enabled, all posts and pages without \'Force SSL\' checked will be redirected to HTTP.', 'event_espresso'); ?> </p> </fieldset> <fieldset> <label for="espresso-https_sharedssl"><input name="espresso-https_sharedssl" type="checkbox" id="espresso-https_sharedssl" value="1"<?php echo get_option('espresso-https_sharedssl') ? ' checked="checked"' : ''; ?> /> <strong>Shared SSL</strong></label> <p><?php _e('Enable this option if you are using a Shared SSL certificate and your Shared SSL Host is something other than', 'event_espresso'); ?> '<?php echo $this->replace_http($this->http_url); ?> /'.</p> <label><strong><?php _e('Shared SSL Host', 'event_espresso'); ?> </strong> <input name="espresso-https_sharedssl_host" type="text" id="espresso-https_sharedssl_host" value="<?php echo get_option('espresso-https_sharedssl_host'); ?> " /></label> </fieldset> <fieldset> <label for="espresso-https_sharedssl_admin"><input name="espresso-https_sharedssl_admin" type="checkbox" id="espresso-https_sharedssl_admin" value="1"<?php echo get_option('espresso-https_sharedssl_admin') ? ' checked="checked"' : ''; ?> /> <strong>Force Shared SSL Admin</strong></label> <p><?php _e('Enable this option if you are using a Shared SSL certificate and you only want to access your admin panel over HTTPS.', 'event_espresso'); ?> </p> <p class="description"><?php _e('Notice: FORCE_SSL_ADMIN and FORCE_SSL_LOGIN can not be set to true in your wp-config.php.', 'event_espresso'); ?> </p> </fieldset> <?php if (get_option('show_on_front') == 'posts') { ?> <fieldset> <label for="espresso-https_frontpage"><input name="espresso-https_frontpage" type="checkbox" id="espresso-https_frontpage" value="1"<?php echo get_option('espresso-https_frontpage') ? ' checked="checked"' : ''; ?> /> <strong>HTTPS Front Page</strong></label> <p><?php _e('It appears you are using your latest posts for your home page. If you would like that page to have SSL enforced, enable this option.', 'event_espresso'); ?> </p> </fieldset> <?php } ?> <p class="button-controls"> <input type="submit" name="Submit" value="Save Changes" class="button-primary" /> </p> </form> </div> </div> </div> <?php }
/** * Output the HTML that shows the wp-login dialog when the user is no longer logged in. * * @since 3.6.0 */ function wp_auth_check_html() { $login_url = wp_login_url(); $current_domain = (is_ssl() ? 'https://' : 'http://') . $_SERVER['HTTP_HOST']; $same_domain = strpos($login_url, $current_domain) === 0; if ($same_domain && force_ssl_login() && !force_ssl_admin()) { $same_domain = false; } /** * Filter whether the authentication check originated at the same domain. * * @since 3.6.0 * * @param bool $same_domain Whether the authentication check originated at the same domain. */ $same_domain = apply_filters('wp_auth_check_same_domain', $same_domain); $wrap_class = $same_domain ? 'hidden' : 'hidden fallback'; ?> <div id="wp-auth-check-wrap" class="<?php echo $wrap_class; ?> "> <div id="wp-auth-check-bg"></div> <div id="wp-auth-check"> <div class="wp-auth-check-close" tabindex="0" title="<?php esc_attr_e('Close'); ?> "></div> <?php if ($same_domain) { ?> <div id="wp-auth-check-form" data-src="<?php echo esc_url(add_query_arg(array('interim-login' => 1), $login_url)); ?> "></div> <?php } ?> <div class="wp-auth-fallback"> <p><b class="wp-auth-fallback-expired" tabindex="0"><?php _e('Session expired'); ?> </b></p> <p><a href="<?php echo esc_url($login_url); ?> " target="_blank"><?php _e('Please log in again.'); ?> </a> <?php _e('The login page will open in a new window. After logging in you can close it and return to this page.'); ?> </p> </div> </div> </div> <?php }
/** * Defines cookie related WordPress constants * * @since 3.0.0 */ function wp_ssl_constants() { /** * @since 2.6.0 */ if (!defined('FORCE_SSL_ADMIN')) { define('FORCE_SSL_ADMIN', false); } force_ssl_admin(FORCE_SSL_ADMIN); /** * @since 2.6.0 */ if (!defined('FORCE_SSL_LOGIN')) { define('FORCE_SSL_LOGIN', false); } force_ssl_login(FORCE_SSL_LOGIN); }
/** * It is possible to define this in wp-config.php * @since 2.6.0 */ if ( !defined('FORCE_SSL_ADMIN') ) define('FORCE_SSL_ADMIN', false); force_ssl_admin(FORCE_SSL_ADMIN); /** * It is possible to define this in wp-config.php * @since 2.6.0 */ if ( !defined('FORCE_SSL_LOGIN') ) define('FORCE_SSL_LOGIN', false); force_ssl_login(FORCE_SSL_LOGIN); /** * It is possible to define this in wp-config.php * @since 2.5.0 */ if ( !defined( 'AUTOSAVE_INTERVAL' ) ) define( 'AUTOSAVE_INTERVAL', 60 ); require (ABSPATH . WPINC . '/vars.php'); // Check for hacks file if the option is enabled if ( get_option('hack_file') ) { if ( file_exists(ABSPATH . 'my-hacks.php') ) require(ABSPATH . 'my-hacks.php');
function loginUser($user_id) { $current_url_an = get_permalink(); $reauth = empty($_REQUEST['reauth']) ? false : true; if ($reauth) { wp_clear_auth_cookie(); } if (isset($_REQUEST['redirect_to'])) { $redirect_to = $_REQUEST['redirect_to']; // Redirect to https if user wants ssl if (isset($secure_cookie) && false !== strpos($redirect_to, 'wp-admin')) { $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to); } } else { $redirect_to = admin_url(); } if (!isset($secure_cookie) && is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) { $secure_cookie = false; } // If cookies are disabled we can't log in even with a valid user+pass if (isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE])) { $user = new WP_Error('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress.")); } else { $user = wp_signon('', isset($secure_cookie)); } if (!$this->set_cookies($user_id)) { return false; } $requested_redirect_to = isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : site_url(); $user_login_url = apply_filters('login_redirect', $redirect_to, $requested_redirect_to, $user); $options = get_option(APSL_SETTINGS); if (isset($options['apsl_custom_login_redirect_options']) && $options['apsl_custom_login_redirect_options'] != '') { if ($options['apsl_custom_login_redirect_options'] == 'home') { $user_login_url = home_url(); } else { if ($options['apsl_custom_login_redirect_options'] == 'current_page') { if (isset($_REQUEST['redirect_to'])) { $redirect_to = $_REQUEST['redirect_to']; // Redirect to https if user wants ssl if (isset($secure_cookie) && false !== strpos($redirect_to, 'wp-admin')) { $user_login_url = preg_replace('|^http://|', 'https://', $redirect_to); } } else { $user_login_url = home_url(); } } else { if ($options['apsl_custom_login_redirect_options'] == 'custom_page') { if ($options['apsl_custom_login_redirect_link'] != '') { $login_page = $options['apsl_custom_login_redirect_link']; $user_login_url = $login_page; } else { $user_login_url = home_url(); } } } } } else { $user_login_url = home_url(); } $redirect_to = $user_login_url; wp_safe_redirect($redirect_to); exit; }
/** * Set the scheme for a URL * * @since 3.4.0 * * @param string $url Absolute url that includes a scheme * @param string $scheme Optional. Scheme to give $url. Currently 'http', 'https', 'login', 'login_post', 'admin', or 'relative'. * @return string $url URL with chosen scheme. */ function set_url_scheme($url, $scheme = null) { $orig_scheme = $scheme; if (!in_array($scheme, array('http', 'https', 'relative'))) { if (('login_post' == $scheme || 'rpc' == $scheme) && (force_ssl_login() || force_ssl_admin())) { $scheme = 'https'; } elseif ('login' == $scheme && force_ssl_admin()) { $scheme = 'https'; } elseif ('admin' == $scheme && force_ssl_admin()) { $scheme = 'https'; } else { $scheme = is_ssl() ? 'https' : 'http'; } } $url = trim($url); if (substr($url, 0, 2) === '//') { $url = 'http:' . $url; } if ('relative' == $scheme) { $url = ltrim(preg_replace('#^\\w+://[^/]*#', '', $url)); if ($url !== '' && $url[0] === '/') { $url = '/' . ltrim($url, "/ \t\n\r\v"); } } else { $url = preg_replace('#^\\w+://#', $scheme . '://', $url); } /** * Filter the resulting URL after setting the scheme. * * @since 3.4.0 * * @param string $url The complete URL including scheme and path. * @param string $scheme Scheme applied to the URL. One of 'http', 'https', or 'relative'. * @param string $orig_scheme Scheme requested for the URL. One of 'http', 'https', 'login', * 'login_post', 'admin', 'rpc', or 'relative'. */ return apply_filters('set_url_scheme', $url, $scheme, $orig_scheme); }
/** * settings in plugin-admin-page * * @package Secure WordPress */ public function admin_menu() { global $wp_version; if (function_exists('add_management_page') && current_user_can('manage_options')) { if (!isset($_GET['update'])) { $_GET['update'] = 'false'; } if (!isset($_GET['uninstall'])) { $_GET['uninstall'] = 'false'; } // update, uninstall message if (strpos($_SERVER['REQUEST_URI'], 'secure-wordpress.php') && $_GET['update'] == 'true') { $return_message = __('Options updated.', FB_SWP_TEXTDOMAIN); } elseif ($_GET['uninstall'] == 'true') { $return_message = __('All entries from the database have been deleted. You can now deactivate this plugin.', FB_SWP_TEXTDOMAIN); } else { $return_message = ''; } $message = '<div class="updated fade"><p>' . $return_message . '</p></div>'; $menutitle = ''; if (version_compare($wp_version, '2.7alpha', '>')) { if ($return_message !== '') { add_action('admin_notices', create_function('', "echo '{$message}';")); } $menutitle = '<img src="' . $this->get_resource_url('secure_wp.gif') . '" alt="" />' . ' '; } $menutitle .= __('Secure WP', FB_SWP_TEXTDOMAIN); // added check for SSL login and to adjust url for logo accordingly if (force_ssl_login() || force_ssl_admin()) { $menutitle = str_replace('http://', 'https://', $menutitle); } if (version_compare($wp_version, '2.7alpha', '>') && function_exists('add_contextual_help')) { $hook = add_submenu_page('options-general.php', __('Secure WordPress', FB_SWP_TEXTDOMAIN), $menutitle, 'manage_options', basename(__FILE__), array(&$this, 'display_page')); add_contextual_help($hook, __('<a href="http://wordpress.org/extend/plugins/secure-wordpress/" target="_blank">Documentation</a>', FB_SWP_TEXTDOMAIN)); //add_filter( 'contextual_help', array(&$this, 'contextual_help') ); } else { add_submenu_page('options-general.php', __('Secure WP', FB_SWP_TEXTDOMAIN), $menutitle, 9, basename(__FILE__), array(&$this, 'display_page')); } $plugin = plugin_basename(__FILE__); add_filter('plugin_action_links_' . $plugin, array(&$this, 'filter_plugin_meta'), 10, 2); if (version_compare($wp_version, '2.8alpha', '>')) { add_filter('plugin_row_meta', array(&$this, 'filter_plugin_meta'), 10, 2); } } }
} } if (isset($_REQUEST['redirect_to'])) { $redirect_to = $_REQUEST['redirect_to']; // Redirect to https if user wants ssl if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) { $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to); } } else { $redirect_to = admin_url(); } $reauth = empty($_REQUEST['reauth']) ? false : true; // If the user was redirected to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure // cookie and redirect back to the referring non-secure admin page. This allows logins to always be POSTed over SSL while allowing the user to choose visiting // the admin via http or https. if (!$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) { $secure_cookie = false; } $user = wp_signon('', $secure_cookie); $redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user); if (!is_wp_error($user) && !$reauth) { if ($interim_login) { $message = '<p class="message">' . __('You have logged in successfully.') . '</p>'; login_header('', $message); ?> <?php if (!$customize_login) { ?> <script type="text/javascript">setTimeout( function(){window.close()}, 8000);</script> <p class="alignright">
/** * Forces redirection to an SSL page when required * * @since 1.0 * * @return void */ function bb_ssl_redirect() { $page = bb_get_location(); do_action('bb_ssl_redirect'); if (BB_IS_ADMIN) { if (!force_ssl_admin()) { return; } } else { switch ($page) { case 'login-page': case 'register-page': if (!force_ssl_login()) { return; } break; case 'profile-page': global $self; if ($self == 'profile-edit.php') { if (!force_ssl_login()) { return; } } else { return; } break; default: return; break; } } if (is_ssl()) { return; } $uri_ssl = parse_url(bb_get_option('uri_ssl')); $uri = $uri_ssl['scheme'] . '://' . $uri_ssl['host'] . $_SERVER['REQUEST_URI']; bb_safe_redirect($uri); exit; }
/** * Returns requested action URL * * @since 6.0 * @access public * * @param string $action Action to retrieve * @param int|string $instance Optionally add an instance to the URL * @return string The requested action URL */ function get_action_url($action = 'login', $instance = '') { if (empty($instance)) { $instance = $this->instance; } if (isset($this->options[$action . '_widget']) && !$this->options[$action . '_widget']) { $url = $GLOBALS['theme_my_login']->get_login_page_link('action=' . $action); } else { if (empty($instance)) { $url = Theme_My_Login::get_current_url(array('action' => $action)); } else { $url = Theme_My_Login::get_current_url(array('action' => $action, 'instance' => $instance)); } } // Respect FORCE_SSL_LOGIN if ('login' == $action && force_ssl_login()) { $url = preg_replace('|^http://|', 'https://', $url); } return apply_filters('tml_action_url', $url, $action, $instance); }
/** * Secure Login * WordPress HTTPS Filter - force_ssl * * @param boolean $force_ssl * @param int $post_id * @param string $url * @return boolean $force_ssl */ public function secure_login($force_ssl, $post_id = 0, $url = '') { if ($url != '' && $this->getPlugin()->isUrlLocal($url)) { if (force_ssl_login() && preg_match('/wp-login\\.php$/', $url) === 1) { $force_ssl = true; } } return $force_ssl; }