function jr_process_login_form()
{
global $posted;
if (isset($_REQUEST['redirect_to'])) {
$redirect_to = $_REQUEST['redirect_to'];
} else {
$redirect_to = admin_url();
}
if (is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) {
$secure_cookie = false;
} else {
$secure_cookie = '';
}
$user = wp_signon('', $secure_cookie);
$redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user);
if (!is_wp_error($user)) {
if (user_can($user, 'manage_options')) {
$redirect_to = admin_url();
}
wp_safe_redirect($redirect_to);
exit;
}
$errors = $user;
return $errors;
}
function pmpro_besecure()
{
global $besecure, $post;
//check the post option
if (!is_admin() && !empty($post->ID) && !$besecure) {
$besecure = get_post_meta($post->ID, "besecure", true);
}
//if forcing ssl on admin, be secure in admin and login page
if (!$besecure && force_ssl_admin() && (is_admin() || pmpro_is_login_page())) {
$besecure = true;
}
//if forcing ssl on login, be secure on the login page
if (!$besecure && force_ssl_login() && pmpro_is_login_page()) {
$besecure = true;
}
$besecure = apply_filters("pmpro_besecure", $besecure);
$use_ssl = pmpro_getOption("use_ssl");
if ($use_ssl == 1) {
if ($besecure && (empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == "off" || $_SERVER['HTTPS'] == "false")) {
//need to be secure
wp_redirect("https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
exit;
} elseif (!$besecure && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != "off" && $_SERVER['HTTPS'] != "false") {
//don't need to be secure
wp_redirect("http://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
exit;
}
}
}
function pmpro_login_redirect($redirect_to, $request, $user)
{
global $wpdb;
//is a user logging in?
if (!empty($user->ID)) {
//logging in, let's figure out where to send them
if (pmpro_isAdmin($user->ID)) {
//admins go to dashboard
$redirect_to = get_bloginfo("url") . "/wp-admin/";
} elseif (strpos($redirect_to, "checkout") !== false) {
//if the redirect url includes the word checkout, leave it alone
} elseif ($wpdb->get_var("SELECT membership_id FROM {$wpdb->pmpro_memberships_users} WHERE status = 'active' AND user_id = '" . $user->ID . "' LIMIT 1")) {
//if logged in and a member, send to wherever they were going
} else {
//not a member, send to subscription page
$redirect_to = pmpro_url("levels");
}
} else {
//not logging in (login form) so return what was given
}
//let's strip the https if force_ssl_login is set, but force_ssl_admin is not
if (force_ssl_login() && !force_ssl_admin()) {
$redirect_to = str_replace("https:", "http:", $redirect_to);
}
return apply_filters("pmpro_login_redirect_url", $redirect_to, $request, $user);
}
function app_process_login_form()
{
global $posted;
if (isset($_REQUEST['redirect_to'])) {
$redirect_to = $_REQUEST['redirect_to'];
} else {
$redirect_to = admin_url();
}
if (is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) {
$secure_cookie = false;
} else {
$secure_cookie = '';
}
$user = wp_signon('', $secure_cookie);
$redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user);
if (!is_wp_error($user)) {
// automatically redirect admins to the WP back-end
if (user_can($user, 'manage_options')) {
$redirect_to = admin_url('admin.php?page=admin-options.php');
}
// otherwise redirect them to the hidden post url
wp_safe_redirect($redirect_to);
exit;
}
$errors = $user;
return $errors;
}
/**
* Sets the URL to https or http, depending on availability and related WP config settings/APIs.
*
* @since 4.2
*
* @param $url string
*
* @return string
*/
public function set_url_scheme($url)
{
$current_user = get_current_user();
if (function_exists('force_ssl_admin') && force_ssl_admin() || function_exists('force_ssl_login') && force_ssl_login() || function_exists('force_ssl_content') && force_ssl_content() || function_exists('is_ssl') && is_ssl() || !empty($current_user->use_ssl)) {
return set_url_scheme($url, 'https');
}
return set_url_scheme($url, 'http');
}
function wc_yotpo_redirect()
{
if (get_option('wc_yotpo_just_installed', false)) {
delete_option('wc_yotpo_just_installed');
wp_redirect(is_ssl() || force_ssl_admin() || force_ssl_login() ? str_replace('http:', 'https:', admin_url('admin.php?page=woocommerce-yotpo-settings-page')) : str_replace('https:', 'http:', admin_url('admin.php?page=woocommerce-yotpo-settings-page')));
exit;
}
}
/**
* Process ajax login
*
* @access public
* @return void
*/
function woocommerce_sidebar_login_ajax_process()
{
check_ajax_referer('woocommerce-sidebar-login-action', 'security');
// Get post data
$creds = array();
$creds['user_login'] = esc_attr($_REQUEST['user_login']);
$creds['user_password'] = esc_attr($_REQUEST['user_password']);
$creds['remember'] = 'forever';
$redirect_to = esc_attr($_REQUEST['redirect_to']);
// Check for Secure Cookie
$secure_cookie = '';
// If the user wants ssl but the session is not ssl, force a secure cookie.
if (!force_ssl_admin()) {
$user_name = sanitize_user($creds['user_login']);
if ($user = get_user_by('login', $user_name)) {
if (get_user_option('use_ssl', $user->ID)) {
$secure_cookie = true;
force_ssl_admin(true);
}
}
}
if (force_ssl_admin()) {
$secure_cookie = true;
}
if ($secure_cookie == '' && force_ssl_login()) {
$secure_cookie = false;
}
// Login
$user = wp_signon($creds, $secure_cookie);
// Redirect filter
if ($secure_cookie && strstr($redirect_to, 'wp-admin')) {
$redirect_to = str_replace('http:', 'https:', $redirect_to);
}
// Result
$result = array();
if (!is_wp_error($user)) {
$result['success'] = 1;
$result['redirect'] = $redirect_to;
} else {
$result['success'] = 0;
if ($user->errors) {
foreach ($user->errors as $error) {
$result['error'] = $error[0];
break;
}
} else {
$result['error'] = __('Please enter your username and password to login.', 'woocommerce');
}
}
header('content-type: application/json; charset=utf-8');
echo $_GET['callback'] . '(' . json_encode($result) . ')';
die;
}
function woocommerce_sidebar_login_ajax_process()
{
check_ajax_referer('woocommerce-sidebar-login-action', 'security');
// Get post data
$creds = array();
$creds['user_login'] = esc_attr($_POST['user_login']);
$creds['user_password'] = esc_attr($_POST['user_password']);
$creds['remember'] = 'forever';
$redirect_to = esc_attr($_POST['redirect_to']);
// Check for Secure Cookie
$secure_cookie = '';
// If the user wants ssl but the session is not ssl, force a secure cookie.
if (!empty($_POST['log']) && !force_ssl_admin()) {
$user_name = sanitize_user($_POST['log']);
if ($user = get_user_by('login', $user_name)) {
if (get_user_option('use_ssl', $user->ID)) {
$secure_cookie = true;
force_ssl_admin(true);
}
}
}
if (!$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) {
$secure_cookie = false;
}
// Login
$user = wp_signon($creds, $secure_cookie);
// Redirect filter
if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) {
$redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
}
// Result
$result = array();
if (!is_wp_error($user)) {
$result['success'] = 1;
$result['redirect'] = $redirect_to;
} else {
$result['success'] = 0;
foreach ($user->errors as $error) {
$result['error'] = $error[0];
break;
}
}
echo json_encode($result);
die;
}
/**
*/
public function run()
{
if ($this->getIsOption('disable_file_editing', 'Y')) {
if (!defined('DISALLOW_FILE_EDIT')) {
define('DISALLOW_FILE_EDIT', true);
}
add_filter('user_has_cap', array($this, 'disableFileEditing'), 0, 3);
}
$sWpVersionMask = $this->getOption('mask_wordpress_version');
if (!empty($sWpVersionMask)) {
global $wp_version;
$wp_version = $sWpVersionMask;
// add_filter( 'bloginfo', array( $this, 'maskWordpressVersion' ), 1, 2 );
// add_filter( 'bloginfo_url', array( $this, 'maskWordpressVersion' ), 1, 2 );
}
if (false && $this->getOption('action_reset_auth_salts') == 'Y') {
add_action('init', array($this, 'resetAuthKeysSalts'), 1);
}
if ($this->getIsOption('force_ssl_login', 'Y') && function_exists('force_ssl_login')) {
if (!defined('FORCE_SSL_LOGIN')) {
define('FORCE_SSL_LOGIN', true);
}
force_ssl_login(true);
}
if ($this->getIsOption('force_ssl_admin', 'Y') && function_exists('force_ssl_admin')) {
if (!defined('FORCE_SSL_ADMIN')) {
define('FORCE_SSL_ADMIN', true);
}
force_ssl_admin(true);
}
if ($this->getIsOption('hide_wordpress_generator_tag', 'Y')) {
remove_action('wp_head', 'wp_generator');
}
if ($this->getIsOption('block_author_discovery', 'Y')) {
// jump in right before add_action( 'template_redirect', 'redirect_canonical' );
add_action('wp', array($this, 'interceptCanonicalRedirects'), 9);
}
if ($this->getIsOption('disable_xmlrpc', 'Y')) {
add_filter('xmlrpc_enabled', '__return_false', 1000);
}
}
function site_url($path = '', $scheme = null)
{
// should the list of allowed schemes be maintained elsewhere?
$orig_scheme = $scheme;
if (!in_array($scheme, array('http', 'https'))) {
if ('login_post' == $scheme && (force_ssl_login() || force_ssl_admin())) {
$scheme = 'https';
} elseif ('login' == $scheme && force_ssl_admin()) {
$scheme = 'https';
} elseif ('admin' == $scheme && force_ssl_admin()) {
$scheme = 'https';
} else {
$scheme = is_ssl() ? 'https' : 'http';
}
}
$url = str_replace('http://', "{$scheme}://", get_option('siteurl'));
if (!empty($path) && is_string($path) && strpos($path, '..') === false) {
$url .= '/' . ltrim($path, '/');
}
return apply_filters('site_url', $url, $path, $orig_scheme);
}
function process_form()
{
$this->error = new WP_Error();
if (is_user_logged_in()) {
do_action('app_login');
}
if (!isset($_POST['login'])) {
return;
}
if (empty($_POST['log'])) {
$this->error->add('empty_username', __('<strong>ERROR</strong>: The username field is empty.', APP_TD));
}
if (empty($_POST['pwd'])) {
$this->error->add('empty_password', __('<strong>ERROR</strong>: The password field is empty.', APP_TD));
}
if ($this->error->get_error_code()) {
return;
}
if (isset($_REQUEST['redirect_to'])) {
$redirect_to = $_REQUEST['redirect_to'];
} else {
$redirect_to = admin_url('index.php');
}
if (is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) {
$secure_cookie = false;
} else {
$secure_cookie = '';
}
$user = wp_signon('', $secure_cookie);
$redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user);
if (!is_wp_error($user)) {
wp_safe_redirect($redirect_to);
exit;
}
$this->error = $user;
}
protected function calculate_instructions_url($refresh = 'n')
{
return add_query_arg(array('garedirect' => urlencode($this->get_login_url()), 'gaorigin' => urlencode((is_ssl() || force_ssl_login() || force_ssl_admin() ? 'https://' : 'http://') . $_SERVER['HTTP_HOST'] . '/'), 'ganotms' => is_multisite() ? 'false' : 'true', 'gar' => urlencode($refresh), 'utm_source' => 'Admin%20Instructions', 'utm_medium' => 'freemium', 'utm_campaign' => 'Freemium'), $this->get_wpglogincom_baseurl());
}
/**
* Retrieve the site url for the current network.
*
* Returns the site url with the appropriate protocol, 'https' if
* is_ssl() and 'http' otherwise. If $scheme is 'http' or 'https', is_ssl() is
* overridden.
*
* @package WordPress
* @since 3.0.0
*
* @param string $path Optional. Path relative to the site url.
* @param string $scheme Optional. Scheme to give the site url context. Currently 'http','https', 'login', 'login_post', or 'admin'.
* @return string Site url link with optional path appended.
*/
function network_site_url($path = '', $scheme = null)
{
global $current_site;
if (!is_multisite()) {
return site_url($path, $scheme);
}
$orig_scheme = $scheme;
if (!in_array($scheme, array('http', 'https'))) {
if (('login_post' == $scheme || 'rpc' == $scheme) && (force_ssl_login() || force_ssl_admin())) {
$scheme = 'https';
} elseif ('login' == $scheme && force_ssl_admin()) {
$scheme = 'https';
} elseif ('admin' == $scheme && force_ssl_admin()) {
$scheme = 'https';
} else {
$scheme = is_ssl() ? 'https' : 'http';
}
}
$url = $scheme . '://' . $current_site->domain . $current_site->path;
if (!empty($path) && is_string($path) && strpos($path, '..') === false) {
$url .= ltrim($path, '/');
}
return apply_filters('network_site_url', $url, $path, $orig_scheme);
}
/**
* Set the scheme for a URL
*
* @since 3.4.0
*
* @param string $url Absolute url that includes a scheme
* @param string $scheme Optional. Scheme to give $url. Currently 'http', 'https', 'login', 'login_post', 'admin', or 'relative'.
* @return string $url URL with chosen scheme.
*/
function set_url_scheme($url, $scheme = null)
{
$orig_scheme = $scheme;
if (!in_array($scheme, array('http', 'https', 'relative'))) {
if (('login_post' == $scheme || 'rpc' == $scheme) && (force_ssl_login() || force_ssl_admin())) {
$scheme = 'https';
} elseif ('login' == $scheme && force_ssl_admin()) {
$scheme = 'https';
} elseif ('admin' == $scheme && force_ssl_admin()) {
$scheme = 'https';
} else {
$scheme = is_ssl() ? 'https' : 'http';
}
}
if ('relative' == $scheme) {
$url = preg_replace('#^.+://[^/]*#', '', $url);
} else {
$url = preg_replace('#^.+://#', $scheme . '://', $url);
}
return apply_filters('set_url_scheme', $url, $scheme, $orig_scheme);
}
function bb_set_auth_cookie($user_id, $remember = false, $schemes = false)
{
global $wp_auth_object;
if ($remember) {
$expiration = $expire = time() + 1209600;
} else {
$expiration = time() + 172800;
$expire = 0;
}
if (true === $schemes) {
$schemes = array('secure_auth', 'logged_in');
} elseif (!is_array($schemes)) {
$schemes = array();
if (force_ssl_login() || force_ssl_admin()) {
$schemes[] = 'secure_auth';
}
if (!(force_ssl_login() && force_ssl_admin())) {
$schemes[] = 'auth';
}
$schemes[] = 'logged_in';
}
$schemes = array_unique($schemes);
foreach ($schemes as $scheme) {
$wp_auth_object->set_auth_cookie($user_id, $expiration, $expire, $scheme);
}
}
/**
* This method checks to see if SSL is required by the site in
* order to visit it in some way other than only setting the
* https value in the home or siteurl values.
*
* @since 3.2
* @return boolean
**/
private function is_ssl_required_to_visit_site()
{
$ssl = is_ssl();
if (force_ssl_login()) {
$ssl = true;
} else {
if (force_ssl_admin()) {
$ssl = true;
}
}
return $ssl;
}
/**
* This method checks to see if SSL is required by the site in
* order to visit it in some way other than only setting the
* https value in the home or siteurl values.
*
* @since 3.2
* @return boolean
**/
private function is_ssl_required_to_visit_site()
{
global $wp_version;
$ssl = is_ssl();
if (version_compare($wp_version, '4.4-alpha', '<=') && force_ssl_login()) {
// force_ssl_login deprecated WP 4.4.
$ssl = true;
} else {
if (force_ssl_admin()) {
$ssl = true;
}
}
return $ssl;
}
function bb_force_ssl_user_forms($force = '')
{
bb_log_deprecated('function', __FUNCTION__, 'force_ssl_login');
return force_ssl_login($force);
}
/**
* Handles user Authentication actions Ex. login, register, logout etc.
*
* @since 1.0.0
* @since 1.5.7 It allows login by email also if site is using SSL.
* @package GeoDirectory
* @global object $errors WordPress Error object.
*/
function geodir_user_signup()
{
global $errors;
$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'login';
$errors = new WP_Error();
if (isset($_GET['key'])) {
$action = 'resetpass';
}
// validate action so as to default to the login screen
if (!in_array($action, array('logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login')) && false === has_filter('login_form_' . $action)) {
$action = 'login';
}
nocache_headers();
if (defined('RELOCATE')) {
// Move flag is set
if (isset($_SERVER['PATH_INFO']) && $_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) {
$_SERVER['PHP_SELF'] = str_replace($_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF']);
}
$schema = isset($_SERVER['HTTPS']) && geodir_strtolower($_SERVER['HTTPS']) == 'on' ? 'https://' : 'http://';
if (dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != home_url()) {
update_option('siteurl', dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']));
}
}
//Set a cookie now to see if they are supported by the browser.
//setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN);
if (SITECOOKIEPATH != COOKIEPATH) {
setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN);
}
/**
* Allow plugins to override the default actions, and to add extra actions if they want on the register/signin page.
*
* Used dynamic hook login_form_$action
*
* @since 1.0.0
*/
do_action('login_form_' . $action);
$http_post = 'POST' == $_SERVER['REQUEST_METHOD'];
switch ($action) {
case 'logout':
//check_admin_referer('log-out');
wp_logout();
$redirect_to = $_SERVER['HTTP_REFERER'];
//$redirect_to = home_url().'/?ptype=login&loggedout=true';
if (isset($_REQUEST['redirect_to'])) {
$redirect_to = $_REQUEST['redirect_to'];
}
$redirect_to = home_url();
wp_safe_redirect($redirect_to);
exit;
break;
case 'lostpassword':
case 'retrievepassword':
if ($http_post) {
$errors = geodir_retrieve_password();
$error_message = isset($errors->errors['invalid_email'][0]) ? $errors->errors['invalid_email'][0] : '';
if (!is_wp_error($errors)) {
wp_redirect(geodir_login_url(array('checkemail' => 'confirm')));
exit;
} else {
wp_redirect(geodir_login_url(array('emsg' => 'fw')));
exit;
}
}
if (isset($_GET['error']) && 'invalidkey' == $_GET['error']) {
$errors->add('invalidkey', __('Sorry, that key does not appear to be valid.', 'geodirectory'));
}
/**
* Called in the geodir_user_signup() function during the lostpassword case.
*
* @since 1.0.0
*/
do_action('lost_password');
$message = '<div class="sucess_msg">' . ENTER_USER_EMAIL_NEW_PW_MSG . '</div>';
$user_login = isset($_POST['user_login']) ? stripslashes($_POST['user_login']) : '';
break;
case 'resetpass':
case 'rp':
$errors = reset_password($_GET['key'], $_GET['login']);
if (!is_wp_error($errors)) {
wp_redirect(geodir_login_url(array('checkemail' => 'newpass')));
exit;
}
wp_redirect(geodir_login_url(array('error' => 'invalidkey', 'action' => 'lostpassword')));
exit;
break;
case 'register':
############################### fix by Stiofan - HebTech.co.uk ### SECURITY FIX ##############################
if (!get_option('users_can_register')) {
wp_redirect(geodir_login_url(array('emsg' => 'regnewusr')));
exit;
}
############################### fix by Stiofan - HebTech.co.uk ### SECURITY FIX ##############################
global $user_email, $user_fname;
$user_login = '';
$user_email = '';
if ($http_post) {
$user_login = $_POST['user_email'];
$user_email = $_POST['user_email'];
$user_fname = $_POST['user_fname'];
$errors = geodir_register_new_user($user_login, $user_email);
/* display error in registration form */
if (is_wp_error($errors)) {
$error_code = $errors->get_error_code();
$error_message = $errors->get_error_message($error_code);
if (!isset($_POST['user_login']) && ($error_code == 'empty_username' || $error_code == 'invalid_username' || $error_code == 'username_exists')) {
if ($error_code == 'empty_username') {
$error_code = 'empty_email';
} else {
if ($error_code == 'invalid_username') {
$error_code = 'invalid_email';
} else {
if ($error_code == 'username_exists') {
$error_code = 'email_exists';
}
}
}
$error_message = $errors->get_error_message($error_code);
}
global $geodir_signup_error;
$geodir_signup_error = $error_message;
}
if (!is_wp_error($errors)) {
$_POST['log'] = $user_login;
$_POST['pwd'] = $errors[1];
$_POST['testcookie'] = 1;
$secure_cookie = '';
// If the user wants ssl but the session is not ssl, force a secure cookie.
if (!empty($_POST['log'])) {
$user_name = sanitize_user($_POST['log']);
if ($user = get_user_by('email', $user_name)) {
if (get_user_option('use_ssl', $user->ID)) {
$secure_cookie = true;
force_ssl_admin(true);
}
}
}
$redirect_to = $_REQUEST['redirect_to'];
if (!isset($_REQUEST['redirect_to']) || $_REQUEST['redirect_to'] == '') {
if (isset($_SERVER['HTTP_REFERER']) && strstr($_SERVER['HTTP_REFERER'], home_url())) {
$redirect_to = $_SERVER['HTTP_REFERER'];
} else {
$redirect_to = home_url();
}
}
if (isset($_REQUEST['redirect_add_listing']) && $_REQUEST['redirect_add_listing'] != '') {
$redirect_to = $_REQUEST['redirect_add_listing'];
}
if (!$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) {
$secure_cookie = false;
}
$user = wp_signon('', $secure_cookie);
$requested_redirect_to = isset($_REQUEST['redirect_add_listing']) && $_REQUEST['redirect_add_listing'] != '' ? $_REQUEST['redirect_add_listing'] : (isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '');
/**
* Filter the login redirect URL.
*
* @since 1.4.9
* @param string $redirect_to The redirect destination URL.
* @param string $requested_redirect_to The requested redirect destination URL passed as a parameter.
* @param WP_User|WP_Error $user WP_User object if login was successful, WP_Error object otherwise.
*/
$redirect_to = apply_filters('login_redirect', $redirect_to, $requested_redirect_to, $user);
if (!is_wp_error($user)) {
wp_safe_redirect($redirect_to);
exit;
}
exit;
}
}
break;
case 'login':
default:
$secure_cookie = '';
if (!empty($_POST['log'])) {
$user_name = sanitize_user($_POST['log']);
if ($user = get_user_by('login', $user_name)) {
if (get_user_option('use_ssl', $user->ID)) {
$secure_cookie = true;
force_ssl_admin(true);
}
} elseif ($user = get_user_by('email', $user_name)) {
$_POST['log'] = $user->user_login;
// If signing in by email, set the username for normal WP login
if (get_user_option('use_ssl', $user->ID)) {
$secure_cookie = true;
force_ssl_admin(true);
}
}
}
///////////////////////////
if (isset($_REQUEST['redirect_add_listing'])) {
$_REQUEST['redirect_to'] = $_REQUEST['redirect_add_listing'];
}
if (!isset($_REQUEST['redirect_to']) || $_REQUEST['redirect_to'] == '') {
if (is_user_logged_in()) {
$user_ID = isset($user->ID) ? $user->ID : '';
$author_link = get_author_posts_url($user_ID);
$default_author_link = geodir_getlink($author_link, array('geodir_dashbord' => 'true', 'stype' => 'gd_place'), false);
/**
* Filter the author link.
*
* @since 1.0.0
*
* @param string $default_author_link Default author link.
* @param int $user_ID The user ID.
*/
$default_author_link = apply_filters('geodir_dashboard_author_link', $default_author_link, $user_ID);
$_REQUEST['redirect_to'] = $default_author_link;
} else {
$_REQUEST['redirect_to'] = home_url();
}
}
if (isset($_REQUEST['redirect_to'])) {
$redirect_to = $_REQUEST['redirect_to'];
// Redirect to https if user wants ssl
if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) {
$redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
}
} else {
$redirect_to = admin_url();
}
if (!$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) {
$secure_cookie = false;
}
$user = wp_signon('', $secure_cookie);
/**
* Filter the login redirect URL.
*
* @since 1.4.9
* @param string $redirect_to The redirect destination URL.
* @param WP_User|WP_Error $user WP_User object if login was successful, WP_Error object otherwise.
*/
$redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user);
if (is_wp_error($user)) {
if (isset($_SERVER['HTTP_REFERER']) && strstr($_SERVER['HTTP_REFERER'], 'ptype=property_submit') && $_POST['log'] != '' && $_POST['pwd'] != '') {
wp_redirect($_SERVER['HTTP_REFERER'] . '&emsg=1');
}
}
if (!is_wp_error($user)) {
// Some servers are not logging the user in properly after wp_signon, se we set the user here.
//wp_set_current_user($user->ID);
//echo '###';exit;
if ($redirect_to) {
wp_redirect($redirect_to);
} else {
wp_redirect(home_url());
}
exit;
}
$errors = $user;
// Clear errors if loggedout is set.
if (!empty($_GET['loggedout'])) {
$errors = new WP_Error();
}
// If cookies are disabled we can't log in even with a valid user+pass
if (isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE])) {
$errors->add('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress.", 'geodirectory'));
}
// Some parts of this script use the main login form to display a message
if (isset($_GET['loggedout']) && TRUE == $_GET['loggedout']) {
$successmsg = '<div class="sucess_msg">' . YOU_ARE_LOGED_OUT_MSG . '</div>';
} elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) {
$successmsg = USER_REG_NOT_ALLOW_MSG;
} elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) {
$successmsg = EMAIL_CONFIRM_LINK_MSG;
} elseif (isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail']) {
$successmsg = NEW_PW_EMAIL_MSG;
} elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) {
$successmsg = REG_COMPLETE_MSG;
}
if (isset($_POST['log']) && $_POST['log'] != '' && $errors || (!isset($_POST['log']) || $_POST['log'] == '') && isset($_REQUEST['testcookie']) && $_REQUEST['testcookie']) {
if (isset($_REQUEST['pagetype']) && $_REQUEST['pagetype'] != '') {
wp_redirect($_REQUEST['pagetype'] . '&emsg=1');
} else {
wp_redirect(geodir_login_url(array('logemsg' => '1', 'redirect_to' => urlencode($_REQUEST['redirect_to']))));
}
exit;
}
break;
}
// end action switch
}
/**
* Settings page in admin panel
*
* @param none
* @return void
*/
function settings()
{
if (!current_user_can('manage_options')) {
wp_die(__('You do not have sufficient permissions to access this page.'));
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$errors = array();
foreach ($this->options_default as $key => $default) {
if (!array_key_exists($key, $_POST) && $default == 0) {
$_POST[$key] = 0;
update_option($key, $_POST[$key]);
} else {
if ($key == 'espresso-https_sharedssl_host') {
if (isset($_POST[$key])) {
$url = parse_url($_POST[$key]);
}
if (sizeof($url) > 1) {
$_POST[$key] = 'https://' . $url['host'] . @$url['path'];
if (substr($_POST[$key], -1, 1) == '/') {
$_POST[$key] = substr($_POST[$key], 0, strlen($_POST[$key]) - 1);
}
} else {
if ($_POST['espresso-https_sharedssl'] == 1) {
$errors[] = '<strong>Shared SSL Host</strong> - Invalid host.';
update_option('espresso-https_sharedssl', 0);
}
}
} else {
if ($key == 'espresso-https_sharedssl_admin') {
if (force_ssl_admin() || force_ssl_login()) {
$errors[] = '<strong>Shared SSL Admin</strong> - FORCE_SSL_ADMIN and FORCE_SSL_LOGIN can not be set to true in your wp-config.php.';
$_POST[$key] = 0;
}
} else {
if ($key == 'espresso-https_externalurls' && @ini_get('allow_url_fopen') != 1) {
$errors[] = '<strong>External HTTPS Elements</strong> - PHP configuration error: allow_url_fopen must be enabled.';
$_POST[$key] = 0;
} else {
if ($key == 'espresso-https_disable_autohttps' && version_compare(get_bloginfo('version'), '3.0', '<')) {
$_POST[$key] = 0;
}
}
}
}
update_option($key, $_POST[$key]);
}
}
if (array_key_exists('ajax', $_POST)) {
while (@ob_end_clean()) {
}
ob_start();
if (sizeof($errors) > 0) {
echo "<div class=\"error below-h2 fade\" id=\"message\">\n\t<ul>\n";
foreach ($errors as $error) {
echo "\t\t<li><p>" . $error . "</p></li>\n";
}
echo "\t</ul>\n</div>\n";
} else {
echo "<div class=\"updated below-h2 fade\" id=\"message\"><p>" . __('Settings saved.', 'event_espresso') . "</p></div>\n";
}
exit;
}
}
?>
<div class="wrap">
<div id="icon-options-event" class="icon32"> </div>
<h2><?php
_e('Event Espresso HTTPS Settings', 'event_espresso');
?>
</h2>
<?php
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (sizeof($errors) > 0) {
echo "<div class=\"error below-h2 fade\" id=\"message\">\n\t<ul>\n";
foreach ($errors as $error) {
echo "\t\t<li><p>" . $error . "</p></li>\n";
}
echo "\t</ul>\n</div>\n";
} else {
echo "\t\t<div class=\"updated below-h2 fade\" id=\"message\"><p>" . __('Settings saved.', 'event_espresso') . "</p></div>\n";
}
} else {
echo "\t<div id=\"message-wrap\"><div id=\"message-body\"></div></div>\n";
}
//do_action('espresso_right_column');
?>
<div id="eehttps-main">
<div id="post-body">
<form name="form" id="espresso-https" action="admin.php?page=espresso_https" method="post">
<?php
settings_fields('espresso-https');
?>
<fieldset>
<label for="espresso-https_internalurls"><input name="espresso-https_internalurls" type="checkbox" id="espresso-https_internalurls" value="1"<?php
echo get_option('espresso-https_internalurls') ? ' checked="checked"' : '';
?>
/> <strong>Internal HTTPS Elements</strong></label>
<p><?php
_e('Force internal elements to HTTPS when viewing a secure page.', 'event_espresso');
?>
</p>
<p class="description"><?php
_e('Fixes most partially encrypted errors.', 'event_espresso');
?>
</p>
</fieldset>
<fieldset>
<label for="espresso-https_externalurls"><input name="espresso-https_externalurls" type="checkbox" id="espresso-https_externalurls" value="1"<?php
echo get_option('espresso-https_externalurls') ? ' checked="checked"' : '';
?>
/> <strong><?php
_e('External HTTPS Elements', 'event_espresso');
?>
</strong></label>
<p><?php
_e('Attempt to automatically force external elements to HTTPS when viewing a secure page. External elements are any element not hosted on your domain.', 'event_espresso');
?>
</p>
<p class="description"><?php
_e('Warning: This option checks that the external element can be loaded via HTTPS while the page is loading. Depending on the amount of external elements, this could affect the load times of your pages.', 'event_espresso');
?>
</p>
</fieldset>
<fieldset>
<label for="espresso-https_bypass"><input name="espresso-https_bypass" type="checkbox" id="espresso-https_bypass" value="1"<?php
echo get_option('espresso-https_bypass') ? ' checked="checked"' : '';
?>
/> <strong>Bypass External Check</strong></label>
<p><?php
_e('Disable the option to check if an external element can be loaded over HTTPS.', 'event_espresso');
?>
</p>
<p class="description"><?php
_e('Warning: Bypassing the HTTPS check for external elements may cause elements to not load at all. Only enable this option if you know that all external elements can be loaded over HTTPS.', 'event_espresso');
?>
</p>
</fieldset>
<?php
if (version_compare(get_bloginfo('version'), '3.0', '>=')) {
?>
<fieldset>
<label for="espresso-https_disable_autohttps"><input name="espresso-https_disable_autohttps" type="checkbox" id="espresso-https_disable_autohttps" value="1"<?php
echo get_option('espresso-https_disable_autohttps') ? ' checked="checked"' : '';
?>
/> <strong>Disable Automatic HTTPS</strong></label>
<p><?php
_e('Prevents WordPress 3.0+ from making all links HTTPS when viewing a secure page.', 'event_espresso');
?>
</p>
<p class="description"><?php
_e('When a page is viewed via HTTPS in WordPress 3.0+, all internal page, category and post links are forced to HTTPS. This option will disable that.', 'event_espresso');
?>
</p>
</fieldset>
<?php
}
?>
<fieldset>
<label for="espresso-https_exclusive_https"><input name="espresso-https_exclusive_https" type="checkbox" id="espresso-https_exclusive_https" value="1"<?php
echo get_option('espresso-https_exclusive_https') ? ' checked="checked"' : '';
?>
/> <strong><?php
_e('Force SSL Exclusively', 'event_espresso');
?>
</strong></label>
<p><?php
_e('Exclusively force SSL on posts and pages with the \'Force SSL\' option checked. All others are redirected to HTTP.', 'event_espresso');
?>
</p>
<p class="description"><?php
_e('Espresso HTTPS adds a \'Force SSL\' checkbox to each post and page right above the publish button', 'event_espresso');
?>
(<a href="<?php
echo $this->plugin_url;
?>
/screenshot-2.png" class="thickbox"><?php
_e('screenshot', 'event_espresso');
?>
</a>). <?php
_e('When selected, the post or page will be forced to HTTPS. With this option enabled, all posts and pages without \'Force SSL\' checked will be redirected to HTTP.', 'event_espresso');
?>
</p>
</fieldset>
<fieldset>
<label for="espresso-https_sharedssl"><input name="espresso-https_sharedssl" type="checkbox" id="espresso-https_sharedssl" value="1"<?php
echo get_option('espresso-https_sharedssl') ? ' checked="checked"' : '';
?>
/> <strong>Shared SSL</strong></label>
<p><?php
_e('Enable this option if you are using a Shared SSL certificate and your Shared SSL Host is something other than', 'event_espresso');
?>
'<?php
echo $this->replace_http($this->http_url);
?>
/'.</p>
<label><strong><?php
_e('Shared SSL Host', 'event_espresso');
?>
</strong> <input name="espresso-https_sharedssl_host" type="text" id="espresso-https_sharedssl_host" value="<?php
echo get_option('espresso-https_sharedssl_host');
?>
" /></label>
</fieldset>
<fieldset>
<label for="espresso-https_sharedssl_admin"><input name="espresso-https_sharedssl_admin" type="checkbox" id="espresso-https_sharedssl_admin" value="1"<?php
echo get_option('espresso-https_sharedssl_admin') ? ' checked="checked"' : '';
?>
/> <strong>Force Shared SSL Admin</strong></label>
<p><?php
_e('Enable this option if you are using a Shared SSL certificate and you only want to access your admin panel over HTTPS.', 'event_espresso');
?>
</p>
<p class="description"><?php
_e('Notice: FORCE_SSL_ADMIN and FORCE_SSL_LOGIN can not be set to true in your wp-config.php.', 'event_espresso');
?>
</p>
</fieldset>
<?php
if (get_option('show_on_front') == 'posts') {
?>
<fieldset>
<label for="espresso-https_frontpage"><input name="espresso-https_frontpage" type="checkbox" id="espresso-https_frontpage" value="1"<?php
echo get_option('espresso-https_frontpage') ? ' checked="checked"' : '';
?>
/> <strong>HTTPS Front Page</strong></label>
<p><?php
_e('It appears you are using your latest posts for your home page. If you would like that page to have SSL enforced, enable this option.', 'event_espresso');
?>
</p>
</fieldset>
<?php
}
?>
<p class="button-controls">
<input type="submit" name="Submit" value="Save Changes" class="button-primary" />
</p>
</form>
</div>
</div>
</div>
<?php
}
/**
* Output the HTML that shows the wp-login dialog when the user is no longer logged in.
*
* @since 3.6.0
*/
function wp_auth_check_html()
{
$login_url = wp_login_url();
$current_domain = (is_ssl() ? 'https://' : 'http://') . $_SERVER['HTTP_HOST'];
$same_domain = strpos($login_url, $current_domain) === 0;
if ($same_domain && force_ssl_login() && !force_ssl_admin()) {
$same_domain = false;
}
/**
* Filter whether the authentication check originated at the same domain.
*
* @since 3.6.0
*
* @param bool $same_domain Whether the authentication check originated at the same domain.
*/
$same_domain = apply_filters('wp_auth_check_same_domain', $same_domain);
$wrap_class = $same_domain ? 'hidden' : 'hidden fallback';
?>
<div id="wp-auth-check-wrap" class="<?php
echo $wrap_class;
?>
">
<div id="wp-auth-check-bg"></div>
<div id="wp-auth-check">
<div class="wp-auth-check-close" tabindex="0" title="<?php
esc_attr_e('Close');
?>
"></div>
<?php
if ($same_domain) {
?>
<div id="wp-auth-check-form" data-src="<?php
echo esc_url(add_query_arg(array('interim-login' => 1), $login_url));
?>
"></div>
<?php
}
?>
<div class="wp-auth-fallback">
<p><b class="wp-auth-fallback-expired" tabindex="0"><?php
_e('Session expired');
?>
</b></p>
<p><a href="<?php
echo esc_url($login_url);
?>
" target="_blank"><?php
_e('Please log in again.');
?>
</a>
<?php
_e('The login page will open in a new window. After logging in you can close it and return to this page.');
?>
</p>
</div>
</div>
</div>
<?php
}
/**
* Defines cookie related WordPress constants
*
* @since 3.0.0
*/
function wp_ssl_constants()
{
/**
* @since 2.6.0
*/
if (!defined('FORCE_SSL_ADMIN')) {
define('FORCE_SSL_ADMIN', false);
}
force_ssl_admin(FORCE_SSL_ADMIN);
/**
* @since 2.6.0
*/
if (!defined('FORCE_SSL_LOGIN')) {
define('FORCE_SSL_LOGIN', false);
}
force_ssl_login(FORCE_SSL_LOGIN);
}
/**
* It is possible to define this in wp-config.php
* @since 2.6.0
*/
if ( !defined('FORCE_SSL_ADMIN') )
define('FORCE_SSL_ADMIN', false);
force_ssl_admin(FORCE_SSL_ADMIN);
/**
* It is possible to define this in wp-config.php
* @since 2.6.0
*/
if ( !defined('FORCE_SSL_LOGIN') )
define('FORCE_SSL_LOGIN', false);
force_ssl_login(FORCE_SSL_LOGIN);
/**
* It is possible to define this in wp-config.php
* @since 2.5.0
*/
if ( !defined( 'AUTOSAVE_INTERVAL' ) )
define( 'AUTOSAVE_INTERVAL', 60 );
require (ABSPATH . WPINC . '/vars.php');
// Check for hacks file if the option is enabled
if ( get_option('hack_file') ) {
if ( file_exists(ABSPATH . 'my-hacks.php') )
require(ABSPATH . 'my-hacks.php');
function loginUser($user_id)
{
$current_url_an = get_permalink();
$reauth = empty($_REQUEST['reauth']) ? false : true;
if ($reauth) {
wp_clear_auth_cookie();
}
if (isset($_REQUEST['redirect_to'])) {
$redirect_to = $_REQUEST['redirect_to'];
// Redirect to https if user wants ssl
if (isset($secure_cookie) && false !== strpos($redirect_to, 'wp-admin')) {
$redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
}
} else {
$redirect_to = admin_url();
}
if (!isset($secure_cookie) && is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) {
$secure_cookie = false;
}
// If cookies are disabled we can't log in even with a valid user+pass
if (isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE])) {
$user = new WP_Error('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress."));
} else {
$user = wp_signon('', isset($secure_cookie));
}
if (!$this->set_cookies($user_id)) {
return false;
}
$requested_redirect_to = isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : site_url();
$user_login_url = apply_filters('login_redirect', $redirect_to, $requested_redirect_to, $user);
$options = get_option(APSL_SETTINGS);
if (isset($options['apsl_custom_login_redirect_options']) && $options['apsl_custom_login_redirect_options'] != '') {
if ($options['apsl_custom_login_redirect_options'] == 'home') {
$user_login_url = home_url();
} else {
if ($options['apsl_custom_login_redirect_options'] == 'current_page') {
if (isset($_REQUEST['redirect_to'])) {
$redirect_to = $_REQUEST['redirect_to'];
// Redirect to https if user wants ssl
if (isset($secure_cookie) && false !== strpos($redirect_to, 'wp-admin')) {
$user_login_url = preg_replace('|^http://|', 'https://', $redirect_to);
}
} else {
$user_login_url = home_url();
}
} else {
if ($options['apsl_custom_login_redirect_options'] == 'custom_page') {
if ($options['apsl_custom_login_redirect_link'] != '') {
$login_page = $options['apsl_custom_login_redirect_link'];
$user_login_url = $login_page;
} else {
$user_login_url = home_url();
}
}
}
}
} else {
$user_login_url = home_url();
}
$redirect_to = $user_login_url;
wp_safe_redirect($redirect_to);
exit;
}
/**
* Set the scheme for a URL
*
* @since 3.4.0
*
* @param string $url Absolute url that includes a scheme
* @param string $scheme Optional. Scheme to give $url. Currently 'http', 'https', 'login', 'login_post', 'admin', or 'relative'.
* @return string $url URL with chosen scheme.
*/
function set_url_scheme($url, $scheme = null)
{
$orig_scheme = $scheme;
if (!in_array($scheme, array('http', 'https', 'relative'))) {
if (('login_post' == $scheme || 'rpc' == $scheme) && (force_ssl_login() || force_ssl_admin())) {
$scheme = 'https';
} elseif ('login' == $scheme && force_ssl_admin()) {
$scheme = 'https';
} elseif ('admin' == $scheme && force_ssl_admin()) {
$scheme = 'https';
} else {
$scheme = is_ssl() ? 'https' : 'http';
}
}
$url = trim($url);
if (substr($url, 0, 2) === '//') {
$url = 'http:' . $url;
}
if ('relative' == $scheme) {
$url = ltrim(preg_replace('#^\\w+://[^/]*#', '', $url));
if ($url !== '' && $url[0] === '/') {
$url = '/' . ltrim($url, "/ \t\n\r\v");
}
} else {
$url = preg_replace('#^\\w+://#', $scheme . '://', $url);
}
/**
* Filter the resulting URL after setting the scheme.
*
* @since 3.4.0
*
* @param string $url The complete URL including scheme and path.
* @param string $scheme Scheme applied to the URL. One of 'http', 'https', or 'relative'.
* @param string $orig_scheme Scheme requested for the URL. One of 'http', 'https', 'login',
* 'login_post', 'admin', 'rpc', or 'relative'.
*/
return apply_filters('set_url_scheme', $url, $scheme, $orig_scheme);
}
/**
* settings in plugin-admin-page
*
* @package Secure WordPress
*/
public function admin_menu()
{
global $wp_version;
if (function_exists('add_management_page') && current_user_can('manage_options')) {
if (!isset($_GET['update'])) {
$_GET['update'] = 'false';
}
if (!isset($_GET['uninstall'])) {
$_GET['uninstall'] = 'false';
}
// update, uninstall message
if (strpos($_SERVER['REQUEST_URI'], 'secure-wordpress.php') && $_GET['update'] == 'true') {
$return_message = __('Options updated.', FB_SWP_TEXTDOMAIN);
} elseif ($_GET['uninstall'] == 'true') {
$return_message = __('All entries from the database have been deleted. You can now deactivate this plugin.', FB_SWP_TEXTDOMAIN);
} else {
$return_message = '';
}
$message = '<div class="updated fade"><p>' . $return_message . '</p></div>';
$menutitle = '';
if (version_compare($wp_version, '2.7alpha', '>')) {
if ($return_message !== '') {
add_action('admin_notices', create_function('', "echo '{$message}';"));
}
$menutitle = '<img src="' . $this->get_resource_url('secure_wp.gif') . '" alt="" />' . ' ';
}
$menutitle .= __('Secure WP', FB_SWP_TEXTDOMAIN);
// added check for SSL login and to adjust url for logo accordingly
if (force_ssl_login() || force_ssl_admin()) {
$menutitle = str_replace('http://', 'https://', $menutitle);
}
if (version_compare($wp_version, '2.7alpha', '>') && function_exists('add_contextual_help')) {
$hook = add_submenu_page('options-general.php', __('Secure WordPress', FB_SWP_TEXTDOMAIN), $menutitle, 'manage_options', basename(__FILE__), array(&$this, 'display_page'));
add_contextual_help($hook, __('<a href="http://wordpress.org/extend/plugins/secure-wordpress/" target="_blank">Documentation</a>', FB_SWP_TEXTDOMAIN));
//add_filter( 'contextual_help', array(&$this, 'contextual_help') );
} else {
add_submenu_page('options-general.php', __('Secure WP', FB_SWP_TEXTDOMAIN), $menutitle, 9, basename(__FILE__), array(&$this, 'display_page'));
}
$plugin = plugin_basename(__FILE__);
add_filter('plugin_action_links_' . $plugin, array(&$this, 'filter_plugin_meta'), 10, 2);
if (version_compare($wp_version, '2.8alpha', '>')) {
add_filter('plugin_row_meta', array(&$this, 'filter_plugin_meta'), 10, 2);
}
}
}
}
}
if (isset($_REQUEST['redirect_to'])) {
$redirect_to = $_REQUEST['redirect_to'];
// Redirect to https if user wants ssl
if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) {
$redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
}
} else {
$redirect_to = admin_url();
}
$reauth = empty($_REQUEST['reauth']) ? false : true;
// If the user was redirected to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure
// cookie and redirect back to the referring non-secure admin page. This allows logins to always be POSTed over SSL while allowing the user to choose visiting
// the admin via http or https.
if (!$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) {
$secure_cookie = false;
}
$user = wp_signon('', $secure_cookie);
$redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user);
if (!is_wp_error($user) && !$reauth) {
if ($interim_login) {
$message = '<p class="message">' . __('You have logged in successfully.') . '</p>';
login_header('', $message);
?>
<?php
if (!$customize_login) {
?>
<script type="text/javascript">setTimeout( function(){window.close()}, 8000);</script>
<p class="alignright">
/**
* Forces redirection to an SSL page when required
*
* @since 1.0
*
* @return void
*/
function bb_ssl_redirect()
{
$page = bb_get_location();
do_action('bb_ssl_redirect');
if (BB_IS_ADMIN) {
if (!force_ssl_admin()) {
return;
}
} else {
switch ($page) {
case 'login-page':
case 'register-page':
if (!force_ssl_login()) {
return;
}
break;
case 'profile-page':
global $self;
if ($self == 'profile-edit.php') {
if (!force_ssl_login()) {
return;
}
} else {
return;
}
break;
default:
return;
break;
}
}
if (is_ssl()) {
return;
}
$uri_ssl = parse_url(bb_get_option('uri_ssl'));
$uri = $uri_ssl['scheme'] . '://' . $uri_ssl['host'] . $_SERVER['REQUEST_URI'];
bb_safe_redirect($uri);
exit;
}
/**
* Returns requested action URL
*
* @since 6.0
* @access public
*
* @param string $action Action to retrieve
* @param int|string $instance Optionally add an instance to the URL
* @return string The requested action URL
*/
function get_action_url($action = 'login', $instance = '')
{
if (empty($instance)) {
$instance = $this->instance;
}
if (isset($this->options[$action . '_widget']) && !$this->options[$action . '_widget']) {
$url = $GLOBALS['theme_my_login']->get_login_page_link('action=' . $action);
} else {
if (empty($instance)) {
$url = Theme_My_Login::get_current_url(array('action' => $action));
} else {
$url = Theme_My_Login::get_current_url(array('action' => $action, 'instance' => $instance));
}
}
// Respect FORCE_SSL_LOGIN
if ('login' == $action && force_ssl_login()) {
$url = preg_replace('|^http://|', 'https://', $url);
}
return apply_filters('tml_action_url', $url, $action, $instance);
}
/**
* Secure Login
* WordPress HTTPS Filter - force_ssl
*
* @param boolean $force_ssl
* @param int $post_id
* @param string $url
* @return boolean $force_ssl
*/
public function secure_login($force_ssl, $post_id = 0, $url = '')
{
if ($url != '' && $this->getPlugin()->isUrlLocal($url)) {
if (force_ssl_login() && preg_match('/wp-login\\.php$/', $url) === 1) {
$force_ssl = true;
}
}
return $force_ssl;
}
