/**
* Outputs the content of the widget
*
* @param array $args
* @param array $instance
*/
public function widget($args, $instance) {
$title = apply_filters('widget_title', $instance['title']);
echo $args['before_widget'];
echo '<div class="event-widget">';
if (is_user_logged_in()) {
if (!empty($instance['title'])) {
echo $args['before_title'] . __('Profile Links') . $args['after_title'];
}
$user_ID = get_current_user_id();
$profile_id = get_user_meta($user_ID, 'uiu_profile', TRUE);
$profile_link = !empty($profile_id) ? get_permalink($profile_id) : get_dashboard_url($user_ID);
?>
<ul class="menu user-menu">
<li class="menu-item"><a href="<?php echo $profile_link; ?>">My Profile</a> </li>
<li class="menu-item"><a href="<?php echo wp_logout_url(site_url()); ?>">Logout</a> </li>
</ul>
<?php
} else {
if (!empty($instance['title'])) {
echo $args['before_title'] . apply_filters('widget_title', $instance['title']) . $args['after_title'];
}
wp_login_form($args);
}
echo $args['after_widget'];
}
/**
* @ticket 39065
*/
public function test_get_dashboard_url_for_administrator_of_different_site()
{
if (!is_multisite()) {
$this->markTestSkipped('Test only runs in multisite.');
}
$site_id = self::factory()->blog->create(array('user_id' => self::$user_id));
remove_user_from_blog(self::$user_id, get_current_blog_id());
$expected = get_admin_url($site_id);
$result = get_dashboard_url(self::$user_id);
remove_user_from_blog(self::$user_id, $site_id);
add_user_to_blog(get_current_blog_id(), self::$user_id, 'administrator');
wpmu_delete_blog($site_id, true);
$this->assertEquals($expected, $result);
}
/**
* Add the "My Account" menu and all submenus.
*
* @since 3.1.0
*/
function wp_admin_bar_my_account_menu()
{
global $wp_admin_bar, $user_identity;
$user_id = get_current_user_id();
if (0 != $user_id) {
/* Add the 'My Account' menu */
$avatar = get_avatar(get_current_user_id(), 16);
$id = !empty($avatar) ? 'my-account-with-avatar' : 'my-account';
$wp_admin_bar->add_menu(array('id' => $id, 'title' => $avatar . $user_identity, 'href' => get_edit_profile_url($user_id)));
/* Add the "My Account" sub menus */
$wp_admin_bar->add_menu(array('parent' => $id, 'title' => __('Edit My Profile'), 'href' => get_edit_profile_url($user_id)));
if (is_multisite()) {
$wp_admin_bar->add_menu(array('parent' => $id, 'title' => __('Dashboard'), 'href' => get_dashboard_url($user_id)));
} else {
$wp_admin_bar->add_menu(array('parent' => $id, 'title' => __('Dashboard'), 'href' => admin_url()));
}
$wp_admin_bar->add_menu(array('parent' => $id, 'title' => __('Log Out'), 'href' => wp_logout_url()));
}
}
?>
</span>
</a>
</h1>
<?php
do_action('in_admin_header');
$links = array();
// Generate user profile and info links.
$links[5] = sprintf(__('Howdy, %1$s'), $user_identity);
$links[8] = '<a href="profile.php" title="' . esc_attr__('Edit your profile') . '">' . __('Your Profile') . '</a>';
if (is_multisite() && is_super_admin()) {
if (!is_network_admin()) {
$links[10] = '<a href="' . network_admin_url() . '" title="' . (!empty($update_title) ? $update_title : esc_attr__('Network Admin')) . '">' . __('Network Admin') . (!empty($total_update_count) ? ' (' . number_format_i18n($total_update_count) . ')' : '') . '</a>';
} else {
$links[10] = '<a href="' . get_dashboard_url(get_current_user_id()) . '" title="' . esc_attr__('Site Admin') . '">' . __('Site Admin') . '</a>';
}
}
$links[15] = '<a href="' . wp_logout_url() . '" title="' . esc_attr__('Log Out') . '">' . __('Log Out') . '</a>';
$links = apply_filters('admin_user_info_links', $links, $current_user);
ksort($links);
// Trim whitespace and pipes from links, then convert to list items.
$links = array_map('trim', $links, array_fill(0, count($links), " |\n\t"));
$howdy = array_shift($links);
$links_no_js = implode(' | ', $links);
$links_js = '<li>' . implode('</li><li>', $links) . '</li>';
?>
<div id="wphead-info">
<div id="user_info">
<p class="hide-if-js"><?php
/**
* Return the admin area URL for a user
*
* This function exists to make it easier to determine which admin area URL to
* use in what context. It also comes with its own filter to make it easier to
* target its usages.
*
* @since 0.1.0
*
* @param int $user_id
* @param string $scheme
* @param array $args
*
* @return string
*/
function wp_user_profiles_get_admin_area_url($user_id = 0, $scheme = '', $args = array())
{
$file = wp_user_profiles_get_file();
// User admin (multisite only)
if (is_user_admin()) {
$url = user_admin_url($file, $scheme);
// Network admin editing
} elseif (is_network_admin()) {
$url = network_admin_url($file, $scheme);
// Fallback dashboard
} else {
$url = get_dashboard_url($user_id, $file, $scheme);
}
// Add user ID to args array for other users
if (!empty($user_id) && $user_id !== get_current_user_id()) {
$args['user_id'] = $user_id;
}
// Add query args
$url = add_query_arg($args, $url);
// Filter and return
return apply_filters('wp_user_profiles_get_admin_area_url', $url, $user_id, $scheme, $args);
}
/**
* Print result message box error / updated
* @since 0.2.0
* @param array $form_message messages to print
*/
public static function result_message($form_message)
{
if (isset($form_message['error'])) {
echo '<div id="message" class="error">';
echo ' <p>' . $form_message['error'] . '</p>';
echo '</div>';
} else {
echo '<div id="message" class="updated">';
echo ' <p>';
echo ' <strong>' . $form_message['msg'] . ' : ' . '</strong>';
switch_to_blog($form_message['site_id']);
$user = get_current_user_id();
echo ' <a href="' . get_dashboard_url($user) . '">' . MUCD_NETWORK_PAGE_DUPLICATE_DASHBOARD . '</a> - ';
echo ' <a href="' . get_site_url() . '">' . MUCD_NETWORK_PAGE_DUPLICATE_VISIT . '</a> - ';
echo ' <a href="' . admin_url('customize.php') . '">' . MUCD_NETWORK_CUSTOMIZE . '</a>';
if ($log_url = MUCD_Duplicate::log_url()) {
echo ' - <a href="' . $log_url . '">' . MUCD_NETWORK_PAGE_DUPLICATE_VIEW_LOG . '</a>';
}
restore_current_blog();
echo ' </p>';
echo '</div>';
}
}
/**
* Add Site Link in Menu
*/
function _mw_adminimize_restore_links()
{
$_mw_adminimize_user_info = (int) _mw_adminimize_get_option_value('_mw_adminimize_user_info');
?>
<style type="text/css">
#mw_adminimize_admin_bar {
left: 0;
right: 0;
height: 33px;
z-index: 999;
border-bottom: 1px solid #dfdfdf;
}
#mw_adminimize_admin_bar #mw_title {
font-family: Georgia, "Times New Roman", Times, serif;
font-size: 16px;
color: #464646;
text-decoration: none;
padding-top: 8px;
display: block;
float: left;
}
#mw_adminimize_admin_bar #mw_title:hover {
text-decoration: underline;
}
#mw_adminimize_admin_bar #mw_adminimize_login {
padding: 8px 15px 0 0;
display: block;
float: right;
}
</style>
<div id="mw_adminimize_admin_bar">
<?php
echo '<a id="mw_title" href="' . home_url() . '" title="' . esc_attr__(get_bloginfo('name')) . '" target="_blank">' . get_bloginfo('name') . '</a>';
?>
<div id="mw_adminimize_login">
<?php
wp_get_current_user();
$current_user = wp_get_current_user();
if (empty($_mw_adminimize_user_info) || 0 === $_mw_adminimize_user_info || 3 === $_mw_adminimize_user_info) {
if (!$current_user instanceof WP_User) {
return;
}
echo ' ' . $current_user->user_login . ' ';
if (is_multisite() && is_super_admin()) {
if (!is_network_admin()) {
echo '| <a href="' . network_admin_url() . '" title="' . esc_attr__('Network Admin') . '">' . esc_attr__('Network Admin') . '</a>';
} else {
echo '| <a href="' . get_dashboard_url(get_current_user_id()) . '" title="' . esc_attr__('Site Admin') . '">' . esc_attr__('Site Admin') . '</a>';
}
}
}
if (empty($_mw_adminimize_user_info) || 0 == $_mw_adminimize_user_info || 2 == $_mw_adminimize_user_info || 3 == $_mw_adminimize_user_info) {
?>
| <?php
echo '<a href="' . wp_logout_url() . '" title="' . esc_attr__('Log Out') . '">' . esc_attr__('Log Out') . '</a>';
}
?>
</div>
</div>
<?php
}
/**
* Constructs a URL leading to a WordPress® Dashboard URI (directory/file).
*
* @param null|integer|\WP_User|users $user User we're dealing with here.
* This defaults to a NULL value (indicating the current user).
*
* @param string $url_uri_query_fragment A full URL; or a partial URI;
* or only a query string, or only a fragment. Any of these can be parsed here.
*
* @param string $scheme Optional. To force a specific scheme (i.e. `//`, `http`, `https`).
*
* @return string URL leading to a WordPress® admin URI (directory/file).
*
* @throws exception If invalid types are passed through arguments list.
*/
public function to_wp_user_dashboard_uri($user = NULL, $url_uri_query_fragment = '', $scheme = '')
{
$this->check_arg_types($this->©user_utils->which_types(), 'string', 'string', func_get_args());
$user = $this->©user_utils->which($user);
if (!$user->has_id()) {
throw $this->©exception($this->method(__FUNCTION__) . '#id_missing', get_defined_vars(), $this->__('The `$user` has no ID (cannot get Dashboard URL).'));
}
$parts = $this->must_parse_uri_parts($url_uri_query_fragment);
if (substr($parts['path'], -1) !== '/' && !$this->©file->has_extension($parts['path'])) {
$parts['path'] = trailingslashit($parts['path']);
}
$url = get_dashboard_url($user->ID, $this->unparse($parts));
return $scheme ? $this->set_scheme($url, $scheme) : $url;
}
function process_expired_password()
{
// Process the expired password
// Create an errors object for us to use
$errors = new WP_Error();
if (isset($_POST['user_login'])) {
$user_name = sanitize_user($_POST['user_login']);
} else {
$user_name = '';
}
// 1. Check the user exists
if ($user = get_user_by('login', $user_name)) {
// User exists - move forward
// 2. Check the passwords have been entered and that they match
if (!isset($_POST['pass1-text']) && isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) {
$errors->add('password_reset_mismatch', __('The passwords do not match.', 'expirepassword'));
} else {
// 3. Check the key is valid - *before* accessing user data
// Get the stored key
$thekey = shrkey_get_usermeta_timed_oncer($user->ID, '_shrkey_password_expired_key');
// Get and parse the passed key
$passedkey = preg_replace('/[^a-z0-9]/i', '', $_POST['key']);
if (!empty($thekey) && !empty($passedkey) && $thekey == $passedkey) {
// The key is valid as well - so we need to check we are not resetting to the old password
$existingpassword = $this->get_users_password_hash($user->ID);
if (wp_check_password($_POST['pass1'], $existingpassword)) {
// The password matches - we don't want them setting the same password as before...
$errors->add('password_reset_sameh', __('Please choose a different password from your previous one.', 'expirepassword'));
} else {
$this->reset_expired_password($user, $_POST['pass1']);
// Remove the expired key setting
shrkey_delete_usermeta_oncer($user->ID, '_shrkey_password_expired');
// Check what we want to do next
$autoauthenticate = shrkey_get_option('_shrkey_expirepassword_autoauthenticate', 'no');
if ($autoauthenticate == 'no') {
// Send the user back to the login
login_header(__('Password Reset'), '<p class="message reset-pass">' . __('Your password has been reset, please login again with your <strong>new</strong> password.', 'expirepassword') . ' <a href="' . esc_url(wp_login_url()) . '">' . __('Log in', 'expirepassword') . '</a></p>');
login_footer();
exit;
} else {
// Authenticate and let them move on - first do some checks wp-login.php does
$secure_cookie = '';
// 1. See if we need to use ssl
if (get_user_option('use_ssl', $user->ID)) {
$secure_cookie = true;
force_ssl_admin(true);
}
// 2. check for a redirect
if (isset($_POST['redirect_to'])) {
$redirect_to = $_POST['redirect_to'];
// Redirect to https if user wants ssl
if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) {
$redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
}
} else {
$redirect_to = admin_url();
}
// 3. Run the filter for nicities
$redirect_to = apply_filters('login_redirect', $redirect_to, isset($_POST['redirect_to']) ? $_POST['redirect_to'] : '', $user);
// 4. Authenticate the user
wp_set_auth_cookie($user->ID, false, $secure_cookie);
// 5. Finally redirect to the correct place
if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) {
// If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID)) {
$redirect_to = user_admin_url();
} elseif (is_multisite() && !$user->has_cap('read')) {
$redirect_to = get_dashboard_url($user->ID);
} elseif (!$user->has_cap('edit_posts')) {
$redirect_to = admin_url('profile.php');
}
}
wp_safe_redirect($redirect_to);
exit;
}
}
} else {
// The key either doesn't exist or doesn't match - possible security issue here, we want to produce an error message
// So we also blank the user out to force a re-login
unset($user);
// Add in our error message
login_header(__('Password Reset'), '<div id="login_error">' . __('Oops, something went wrong, please Login using your existing username and password and try again.', 'expirepassword') . ' <a href="' . esc_url(wp_login_url()) . '">' . __('Log in', 'expirepassword') . '</a></div>');
login_footer();
exit;
}
}
} else {
// The key either doesn't exist or doesn't match
$errors->add('password_expired_nouser', __('Could not change password, please try again.', 'expirepassword'));
}
// If we have errors then we need to display the form again
if ($errors->get_error_code()) {
// If we don't have a user record create a fake one
if (!isset($user) || is_wp_error($user)) {
$user = '';
}
// show the reset form again
$this->show_reset_password_form($user, wp_generate_password(35, false), isset($_POST['redirect_to']) ? $_POST['redirect_to'] : false, $errors);
}
exit;
}
/**
* Proccesses the request
*
* Callback for "template_redirect" hook in template-loader.php
*
* @since 6.3
* @access public
*/
public function template_redirect()
{
$this->request_action = isset($_REQUEST['action']) ? sanitize_key($_REQUEST['action']) : '';
if (!$this->request_action && self::is_tml_page()) {
$this->request_action = self::get_page_action(get_the_id());
}
$this->request_instance = isset($_REQUEST['instance']) ? sanitize_key($_REQUEST['instance']) : 0;
do_action_ref_array('tml_request', array(&$this));
// allow plugins to override the default actions, and to add extra actions if they want
do_action('login_form_' . $this->request_action);
if (has_action('tml_request_' . $this->request_action)) {
do_action_ref_array('tml_request_' . $this->request_action, array(&$this));
} else {
$http_post = 'POST' == $_SERVER['REQUEST_METHOD'];
switch ($this->request_action) {
case 'postpass':
if (!array_key_exists('post_password', $_POST)) {
wp_safe_redirect(wp_get_referer());
exit;
}
require_once ABSPATH . 'wp-includes/class-phpass.php';
$hasher = new PasswordHash(8, true);
$expire = apply_filters('post_password_expires', time() + 10 * DAY_IN_SECONDS);
if ($referer) {
$secure = 'https' === parse_url($referer, PHP_URL_SCHEME);
} else {
$secure = false;
}
setcookie('wp-postpass_' . COOKIEHASH, $hasher->HashPassword(wp_unslash($_POST['post_password'])), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure);
wp_safe_redirect(wp_get_referer());
exit;
break;
case 'logout':
check_admin_referer('log-out');
$user = wp_get_current_user();
wp_logout();
if (!empty($_REQUEST['redirect_to'])) {
$redirect_to = $requested_redirect_to = $_REQUEST['redirect_to'];
} else {
$redirect_to = site_url('wp-login.php?loggedout=true');
$requested_redirect_to = '';
}
$redirect_to = apply_filters('logout_redirect', $redirect_to, $requested_redirect_to, $user);
wp_safe_redirect($redirect_to);
exit;
break;
case 'lostpassword':
case 'retrievepassword':
if ($http_post) {
$this->errors = self::retrieve_password();
if (!is_wp_error($this->errors)) {
$redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : site_url('wp-login.php?checkemail=confirm');
wp_safe_redirect($redirect_to);
exit;
}
}
if (isset($_REQUEST['error'])) {
if ('invalidkey' == $_REQUEST['error']) {
$this->errors->add('invalidkey', __('Your password reset link appears to be invalid. Please request a new link below.', 'theme-my-login'));
} elseif ('expiredkey' == $_REQUEST['error']) {
$this->errors->add('expiredkey', __('Your password reset link has expired. Please request a new link below.', 'theme-my-login'));
}
}
do_action('lost_password');
break;
case 'resetpass':
case 'rp':
// Dirty hack for now
global $rp_login, $rp_key;
list($rp_path) = explode('?', wp_unslash($_SERVER['REQUEST_URI']));
$rp_cookie = 'wp-resetpass-' . COOKIEHASH;
if (isset($_GET['key'])) {
$value = sprintf('%s:%s', wp_unslash($_GET['login']), wp_unslash($_GET['key']));
setcookie($rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
wp_safe_redirect(remove_query_arg(array('key', 'login')));
exit;
}
if (isset($_COOKIE[$rp_cookie]) && 0 < strpos($_COOKIE[$rp_cookie], ':')) {
list($rp_login, $rp_key) = explode(':', wp_unslash($_COOKIE[$rp_cookie]), 2);
$user = check_password_reset_key($rp_key, $rp_login);
if (isset($_POST['pass1']) && !hash_equals($rp_key, $_POST['rp_key'])) {
$user = false;
}
} else {
$user = false;
}
if (!$user || is_wp_error($user)) {
setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
if ($user && $user->get_error_code() === 'expired_key') {
wp_redirect(site_url('wp-login.php?action=lostpassword&error=expiredkey'));
} else {
wp_redirect(site_url('wp-login.php?action=lostpassword&error=invalidkey'));
}
exit;
}
if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) {
$this->errors->add('password_reset_mismatch', __('The passwords do not match.', 'theme-my-login'));
}
do_action('validate_password_reset', $this->errors, $user);
if (!$this->errors->get_error_code() && isset($_POST['pass1']) && !empty($_POST['pass1'])) {
reset_password($user, $_POST['pass1']);
setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
$redirect_to = site_url('wp-login.php?resetpass=complete');
wp_safe_redirect($redirect_to);
exit;
}
wp_enqueue_script('utils');
wp_enqueue_script('user-profile');
break;
case 'register':
if (!get_option('users_can_register')) {
$redirect_to = site_url('wp-login.php?registration=disabled');
wp_redirect($redirect_to);
exit;
}
$user_login = '';
$user_email = '';
if ($http_post) {
if ('email' == $this->get_option('login_type')) {
$user_login = isset($_POST['user_email']) ? $_POST['user_email'] : '';
} else {
$user_login = isset($_POST['user_login']) ? $_POST['user_login'] : '';
}
$user_email = isset($_POST['user_email']) ? $_POST['user_email'] : '';
$this->errors = register_new_user($user_login, $user_email);
if (!is_wp_error($this->errors)) {
$redirect_to = !empty($_POST['redirect_to']) ? $_POST['redirect_to'] : site_url('wp-login.php?checkemail=registered');
wp_safe_redirect($redirect_to);
exit;
}
}
break;
case 'login':
default:
$secure_cookie = '';
$interim_login = isset($_REQUEST['interim-login']);
// If the user wants ssl but the session is not ssl, force a secure cookie.
if (!empty($_POST['log']) && !force_ssl_admin()) {
$user_name = sanitize_user($_POST['log']);
if ($user = get_user_by('login', $user_name)) {
if (get_user_option('use_ssl', $user->ID)) {
$secure_cookie = true;
force_ssl_admin(true);
}
}
}
if (!empty($_REQUEST['redirect_to'])) {
$redirect_to = $_REQUEST['redirect_to'];
// Redirect to https if user wants ssl
if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) {
$redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
}
} else {
$redirect_to = admin_url();
}
$reauth = empty($_REQUEST['reauth']) ? false : true;
if ($http_post && isset($_POST['log'])) {
$user = wp_signon('', $secure_cookie);
$redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user);
if (!is_wp_error($user) && !$reauth) {
if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) {
// If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID)) {
$redirect_to = user_admin_url();
} elseif (is_multisite() && !$user->has_cap('read')) {
$redirect_to = get_dashboard_url($user->ID);
} elseif (!$user->has_cap('edit_posts')) {
$redirect_to = $user->has_cap('read') ? admin_url('profile.php') : home_url();
}
}
wp_safe_redirect($redirect_to);
exit;
}
$this->errors = $user;
}
// Clear errors if loggedout is set.
if (!empty($_GET['loggedout']) || $reauth) {
$this->errors = new WP_Error();
}
// Some parts of this script use the main login form to display a message
if (isset($_GET['loggedout']) && true == $_GET['loggedout']) {
$this->errors->add('loggedout', __('You are now logged out.', 'theme-my-login'), 'message');
} elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) {
$this->errors->add('registerdisabled', __('User registration is currently not allowed.', 'theme-my-login'));
} elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) {
$this->errors->add('confirm', __('Check your e-mail for the confirmation link.', 'theme-my-login'), 'message');
} elseif (isset($_GET['resetpass']) && 'complete' == $_GET['resetpass']) {
$this->errors->add('password_reset', __('Your password has been reset.', 'theme-my-login'), 'message');
} elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) {
$this->errors->add('registered', __('Registration complete. Please check your e-mail.', 'theme-my-login'), 'message');
} elseif ($interim_login) {
$this->errors->add('expired', __('Your session has expired. Please log-in again.', 'theme-my-login'), 'message');
} elseif (strpos($redirect_to, 'about.php?updated')) {
$this->errors->add('updated', __('<strong>You have successfully updated WordPress!</strong> Please log back in to experience the awesomeness.', 'theme-my-login'), 'message');
} elseif ($reauth) {
$this->errors->add('reauth', __('Please log in to continue.', 'theme-my-login'), 'message');
}
// Clear any stale cookies.
if ($reauth) {
wp_clear_auth_cookie();
}
break;
}
// end switch
}
// endif has_filter()
}
/**
* Add the "Dashboard"/"Visit Site" menu.
*
* @since 3.2.0
* @deprecated 3.3.0
*/
function wp_admin_bar_dashboard_view_site_menu($wp_admin_bar)
{
_deprecated_function(__FUNCTION__, '3.3');
$user_id = get_current_user_id();
if (0 != $user_id) {
if (is_admin()) {
$wp_admin_bar->add_menu(array('id' => 'view-site', 'title' => __('Visit Site'), 'href' => home_url()));
} elseif (is_multisite()) {
$wp_admin_bar->add_menu(array('id' => 'dashboard', 'title' => __('Dashboard'), 'href' => get_dashboard_url($user_id)));
} else {
$wp_admin_bar->add_menu(array('id' => 'dashboard', 'title' => __('Dashboard'), 'href' => admin_url()));
}
}
}
function simplr_login_includes($post, $option, $file, $path)
{
global $errors, $is_iphone, $interim_login, $current_site;
$http_post = 'POST' == $_SERVER['REQUEST_METHOD'];
$options = get_option('simplr_reg_options');
global $wp;
$action = @$_REQUEST['action'];
if (@$_REQUEST['action'] == '') {
wp_redirect('?action=login');
}
if (isset($options->login_redirect) and end($path) == $post->post_name) {
switch ($action) {
case 'lostpassword':
case 'retrievepassword':
if (isset($http_post)) {
$errors = retrieve_password();
if (!is_wp_error($errors)) {
$redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : 'wp-login.php?checkemail=confirm';
wp_safe_redirect($redirect_to);
exit;
}
}
if (isset($_GET['error']) && 'invalidkey' == $_GET['error']) {
$errors->add('invalidkey', __('Sorry, that key does not appear to be valid.', 'simplr-registration-form'));
}
$redirect_to = apply_filters('lostpassword_redirect', !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '');
do_action('lost_password');
$user_login = isset($_POST['user_login']) ? stripslashes($_POST['user_login']) : '';
break;
case 'login':
case 'default':
$secure_cookie = '';
$interim_login = isset($_REQUEST['interim-login']);
// If the user wants ssl but the session is not ssl, force a secure cookie.
if (!empty($_POST['log']) && !force_ssl_admin()) {
$user_name = sanitize_user($_POST['log']);
if ($user = get_userdatabylogin($user_name)) {
if (get_user_option('use_ssl', $user->ID)) {
$secure_cookie = true;
force_ssl_admin(true);
}
}
}
if (isset($_REQUEST['redirect_to'])) {
$redirect_to = $_REQUEST['redirect_to'];
// Redirect to https if user wants ssl
if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) {
$redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
}
} else {
$redirect_to = admin_url();
}
$reauth = empty($_REQUEST['reauth']) ? false : true;
// If the user was redirected to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure
// cookie and redirect back to the referring non-secure admin page. This allows logins to always be POSTed over SSL while allowing the user to choose visiting
// the admin via http or https.
if (!$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) {
$secure_cookie = false;
}
$user = wp_signon('', $secure_cookie);
$redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user);
if (!is_wp_error($user) && !$reauth) {
if ($interim_login) {
$message = '<p class="message">' . __('You have logged in successfully.', 'simplr-registration-form') . '</p>';
?>
<script type="text/javascript">setTimeout( function(){window.close()}, 8000);</script>
<p class="alignright">
<input type="button" class="button-primary" value="<?php
esc_attr_e('Close', 'simplr-registration-form');
?>
" onclick="window.close()" /></p>
</div></body></html>
<?php
exit;
}
if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) {
// If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
if (is_multisite() && !get_active_blog_for_user($user->id) && !is_super_admin($user->id)) {
$redirect_to = user_admin_url();
} elseif (is_multisite() && !$user->has_cap('read')) {
$redirect_to = get_dashboard_url($user->id);
} elseif (!$user->has_cap('edit_posts')) {
$redirect_to = admin_url('profile.php');
}
}
wp_safe_redirect($redirect_to);
exit;
}
$errors = $user;
// Clear errors if loggedout is set.
if (!empty($_GET['loggedout']) || $reauth) {
$errors = new WP_Error();
}
// If cookies are disabled we can't log in even with a valid user+pass
if (isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE])) {
$errors->add('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress.", 'simplr-registration-form'));
}
// Some parts of this script use the main login form to display a message
if (isset($_GET['loggedout']) && TRUE == $_GET['loggedout']) {
$errors->add('loggedout', __('You are now logged out.', 'simplr-registration-form'), 'message');
} elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) {
$errors->add('registerdisabled', __('User registration is currently not allowed.', 'simplr-registration-form'));
} elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) {
$errors->add('confirm', __('Check your e-mail for the confirmation link.', 'simplr-registration-form'), 'message');
} elseif (isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail']) {
$errors->add('newpass', __('Check your e-mail for your new password.', 'simplr-registration-form'), 'message');
} elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) {
$errors->add('registered', __('Registration complete. Please check your e-mail.', 'simplr-registration-form'), 'message');
} elseif ($interim_login) {
$errors->add('expired', __('Your session has expired. Please log-in again.', 'simplr-registration-form'), 'message');
}
// Clear any stale cookies.
if ($reauth) {
wp_clear_auth_cookie();
}
break;
}
}
}
/**
* Add the "My Account" submenu items.
*
* @since 3.1.0
*
* @param WP_Admin_Bar $wp_admin_bar
*/
function wp_admin_bar_my_account_menu($wp_admin_bar)
{
$user_id = get_current_user_id();
$current_user = wp_get_current_user();
if (!$user_id) {
return;
}
if (current_user_can('read')) {
$profile_url = get_edit_profile_url($user_id);
} elseif (is_multisite()) {
$profile_url = get_dashboard_url($user_id, 'profile.php');
} else {
$profile_url = false;
}
$wp_admin_bar->add_group(array('parent' => 'my-account', 'id' => 'user-actions'));
$user_info = get_avatar($user_id, 64);
$user_info .= "<span class='display-name'>{$current_user->display_name}</span>";
if ($current_user->display_name !== $current_user->user_login) {
$user_info .= "<span class='username'>{$current_user->user_login}</span>";
}
$wp_admin_bar->add_menu(array('parent' => 'user-actions', 'id' => 'user-info', 'title' => $user_info, 'href' => $profile_url, 'meta' => array('tabindex' => -1)));
if (false !== $profile_url) {
$wp_admin_bar->add_menu(array('parent' => 'user-actions', 'id' => 'edit-profile', 'title' => __('Edit My Profile'), 'href' => $profile_url));
}
$wp_admin_bar->add_menu(array('parent' => 'user-actions', 'id' => 'logout', 'title' => __('Log Out'), 'href' => wp_logout_url()));
}
/**
* Proccesses the request
*
* Callback for "template_redirect" hook in template-loader.php
*
* @since 6.3
* @access public
*/
public function template_redirect()
{
$this->request_action = isset($_REQUEST['action']) ? sanitize_key($_REQUEST['action']) : '';
if (!$this->request_action && self::is_tml_page()) {
$this->request_action = self::get_page_action(get_the_id());
}
$this->request_instance = isset($_REQUEST['instance']) ? sanitize_key($_REQUEST['instance']) : 0;
do_action_ref_array('tml_request', array(&$this));
// allow plugins to override the default actions, and to add extra actions if they want
do_action('login_form_' . $this->request_action);
if (has_action('tml_request_' . $this->request_action)) {
do_action_ref_array('tml_request_' . $this->request_action, array(&$this));
} else {
$http_post = 'POST' == $_SERVER['REQUEST_METHOD'];
switch ($this->request_action) {
case 'postpass':
global $wp_hasher;
if (empty($wp_hasher)) {
require_once ABSPATH . 'wp-includes/class-phpass.php';
// By default, use the portable hash from phpass
$wp_hasher = new PasswordHash(8, true);
}
// 10 days
setcookie('wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword(stripslashes($_POST['post_password'])), time() + 864000, COOKIEPATH);
wp_safe_redirect(wp_get_referer());
exit;
break;
case 'logout':
check_admin_referer('log-out');
$user = wp_get_current_user();
wp_logout();
$redirect_to = apply_filters('logout_redirect', site_url('wp-login.php?loggedout=true'), isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user);
wp_safe_redirect($redirect_to);
exit;
break;
case 'lostpassword':
case 'retrievepassword':
if ($http_post) {
$this->errors = self::retrieve_password();
if (!is_wp_error($this->errors)) {
$redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : site_url('wp-login.php?checkemail=confirm');
wp_safe_redirect($redirect_to);
exit;
}
}
if (isset($_REQUEST['error']) && 'invalidkey' == $_REQUEST['error']) {
$this->errors->add('invalidkey', __('Sorry, that key does not appear to be valid.', 'theme-my-login'));
}
do_action('lost_password');
break;
case 'resetpass':
case 'rp':
$user = self::check_password_reset_key($_REQUEST['key'], $_REQUEST['login']);
if (is_wp_error($user)) {
$redirect_to = site_url('wp-login.php?action=lostpassword&error=invalidkey');
wp_redirect($redirect_to);
exit;
}
if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) {
$this->errors->add('password_reset_mismatch', __('The passwords do not match.', 'theme-my-login'));
} elseif (isset($_POST['pass1']) && !empty($_POST['pass1'])) {
self::reset_password($user, $_POST['pass1']);
$redirect_to = site_url('wp-login.php?resetpass=complete');
wp_safe_redirect($redirect_to);
exit;
}
wp_enqueue_script('utils');
wp_enqueue_script('user-profile');
break;
case 'register':
if (!get_option('users_can_register')) {
$redirect_to = site_url('wp-login.php?registration=disabled');
wp_redirect($redirect_to);
exit;
}
$user_login = '';
$user_email = '';
if ($http_post) {
$user_login = $_POST['user_login'];
$user_email = $_POST['user_email'];
$this->errors = self::register_new_user($user_login, $user_email);
if (!is_wp_error($this->errors)) {
$redirect_to = !empty($_POST['redirect_to']) ? $_POST['redirect_to'] : site_url('wp-login.php?checkemail=registered');
wp_safe_redirect($redirect_to);
exit;
}
}
break;
case 'login':
default:
$secure_cookie = '';
$interim_login = isset($_REQUEST['interim-login']);
// If the user wants ssl but the session is not ssl, force a secure cookie.
if (!empty($_POST['log']) && !force_ssl_admin()) {
$user_name = sanitize_user($_POST['log']);
if ($user = get_user_by('login', $user_name)) {
if (get_user_option('use_ssl', $user->ID)) {
$secure_cookie = true;
force_ssl_admin(true);
}
}
}
if (!empty($_REQUEST['redirect_to'])) {
$redirect_to = $_REQUEST['redirect_to'];
// Redirect to https if user wants ssl
if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) {
$redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
}
} else {
$redirect_to = admin_url();
}
$reauth = empty($_REQUEST['reauth']) ? false : true;
// If the user was redirected to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure
// cookie and redirect back to the referring non-secure admin page. This allows logins to always be POSTed over SSL while allowing the user to choose visiting
// the admin via http or https.
if (!$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) {
$secure_cookie = false;
}
if ($http_post && isset($_POST['log'])) {
$user = wp_signon('', $secure_cookie);
$redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user);
if (!is_wp_error($user) && !$reauth) {
if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) {
// If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID)) {
$redirect_to = user_admin_url();
} elseif (is_multisite() && !$user->has_cap('read')) {
$redirect_to = get_dashboard_url($user->ID);
} elseif (!$user->has_cap('edit_posts')) {
$redirect_to = admin_url('profile.php');
}
}
wp_safe_redirect($redirect_to);
exit;
}
$this->errors = $user;
}
// Clear errors if loggedout is set.
if (!empty($_GET['loggedout']) || $reauth) {
$this->errors = new WP_Error();
}
// Some parts of this script use the main login form to display a message
if (isset($_GET['loggedout']) && true == $_GET['loggedout']) {
$this->errors->add('loggedout', __('You are now logged out.', 'theme-my-login'), 'message');
} elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) {
$this->errors->add('registerdisabled', __('User registration is currently not allowed.', 'theme-my-login'));
} elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) {
$this->errors->add('confirm', __('Check your e-mail for the confirmation link.', 'theme-my-login'), 'message');
} elseif (isset($_GET['resetpass']) && 'complete' == $_GET['resetpass']) {
$this->errors->add('password_reset', __('Your password has been reset.', 'theme-my-login'), 'message');
} elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) {
$this->errors->add('registered', __('Registration complete. Please check your e-mail.', 'theme-my-login'), 'message');
} elseif ($interim_login) {
$this->errors->add('expired', __('Your session has expired. Please log-in again.', 'theme-my-login'), 'message');
} elseif (strpos($redirect_to, 'about.php?updated')) {
$this->errors->add('updated', __('<strong>You have successfully updated WordPress!</strong> Please log back in to experience the awesomeness.', 'theme-my-login'), 'message');
} elseif ($reauth) {
$this->errors->add('reauth', __('Please log in to continue.', 'theme-my-login'), 'message');
}
// Clear any stale cookies.
if ($reauth) {
wp_clear_auth_cookie();
}
break;
}
// end switch
}
// endif has_filter()
}
/**
* Login hooks
*/
function action_login()
{
$interim_login = isset($_REQUEST['interim-login']);
$secure_cookie = '';
$customize_login = isset($_REQUEST['customize-login']);
if ($customize_login) {
wp_enqueue_script('customize-base');
}
// If the user wants ssl but the session is not ssl, force a secure cookie.
if (!empty($_POST['log']) && !force_ssl_admin()) {
$user_name = sanitize_user($_POST['log']);
if ($user = get_user_by('login', $user_name)) {
if (get_user_option('use_ssl', $user->ID)) {
$secure_cookie = true;
force_ssl_admin(true);
}
}
}
if (isset($_REQUEST['redirect_to'])) {
$redirect_to = $_REQUEST['redirect_to'];
// Redirect to https if user wants ssl
if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) {
$redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
}
} else {
$redirect_to = admin_url();
}
$reauth = empty($_REQUEST['reauth']) ? false : true;
$user = wp_signon('', $secure_cookie);
if (empty($_COOKIE[LOGGED_IN_COOKIE])) {
if (headers_sent()) {
$user = new WP_Error('test_cookie', sprintf(__('<strong>ERROR</strong>: Cookies are blocked due to unexpected output. For help, please see <a href="%1$s">this documentation</a> or try the <a href="%2$s">support forums</a>.', 'colabsthemes'), 'http://codex.wordpress.org/Cookies', 'https://wordpress.org/support/'));
} elseif (isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE])) {
// If cookies are disabled we can't log in even with a valid user+pass
$user = new WP_Error('test_cookie', sprintf(__('<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href="%s">enable cookies</a> to use WordPress.', 'colabsthemes'), 'http://codex.wordpress.org/Cookies'));
}
}
$requested_redirect_to = isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '';
/**
* Filter the login redirect URL.
*
* @since 3.0.0
*
* @param string $redirect_to The redirect destination URL.
* @param string $requested_redirect_to The requested redirect destination URL passed as a parameter.
* @param WP_User|WP_Error $user WP_User object if login was successful, WP_Error object otherwise.
*/
$redirect_to = apply_filters('login_redirect', $redirect_to, $requested_redirect_to, $user);
if (!is_wp_error($user) && !$reauth) {
if ($interim_login) {
$message = '<div class="alert alert-success">' . __('You have logged in successfully.', 'colabsthemes') . '</div>';
$interim_login = '******';
echo $message;
}
if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) {
// If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID)) {
$redirect_to = user_admin_url();
} elseif (is_multisite() && !$user->has_cap('read')) {
$redirect_to = get_dashboard_url($user->ID);
} elseif (!$user->has_cap('edit_posts')) {
$redirect_to = admin_url('profile.php');
}
}
wp_safe_redirect($redirect_to);
exit;
}
$errors = $user;
// Clear errors if loggedout is set.
if (!empty($_GET['loggedout']) || $reauth) {
$errors = new WP_Error();
}
if ($interim_login) {
if (!$errors->get_error_code()) {
$errors->add('expired', __('Session expired. Please log in again. You will not move away from this page.', 'colabsthemes'), 'message');
}
} else {
// Some parts of this script use the main login form to display a message
if (isset($_GET['loggedout']) && true == $_GET['loggedout']) {
$errors->add('loggedout', __('You are now logged out.', 'colabsthemes'), 'message');
} elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) {
$errors->add('registerdisabled', __('User registration is currently not allowed.', 'colabsthemes'));
} elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) {
$errors->add('confirm', __('Check your e-mail for the confirmation link.', 'colabsthemes'), 'message');
} elseif (isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail']) {
$errors->add('newpass', __('Check your e-mail for your new password.', 'colabsthemes'), 'message');
} elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) {
$errors->add('registered', __('Registration complete. Please check your e-mail.', 'colabsthemes'), 'message');
} elseif (strpos($redirect_to, 'about.php?updated')) {
$errors->add('updated', __('<strong>You have successfully updated WordPress!</strong> Please log back in to see what’s new.', 'colabsthemes'), 'message');
}
}
/**
* Filter the login page errors.
*
* @since 3.6.0
*
* @param object $errors WP Error object.
* @param string $redirect_to Redirect destination URL.
*/
$errors = apply_filters('wp_login_errors', $errors, $redirect_to);
// Clear any stale cookies.
if ($reauth) {
wp_clear_auth_cookie();
}
// Error Messages
$this->render_messages($errors);
$this->login_form($interim_login, $redirect_to, $errors);
}
/**
* Function is responsible for initializing the login page
*
*/
function bum_init_page_login()
{
//reasons to return
if (!bum_is_page('Login')) {
return false;
}
// Redirect to https login if forced to use SSL
if (force_ssl_admin() && !is_ssl()) {
if (0 === strpos($_SERVER['REQUEST_URI'], 'http')) {
wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
exit;
} else {
wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
exit;
}
}
// Don't index any of these forms
add_filter('pre_option_blog_public', '__return_zero');
add_action('login_head', 'noindex');
//initializing
global $bum_action, $bum_errors, $bum_redirect_to, $bum_user, $bum_http_post, $bum_secure_cookie, $bum_interim_login, $bum_reauth, $bum_rememberme, $bum_messages_txt, $bum_errors_txt;
$bum_action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'login';
$bum_errors = new WP_Error();
if (isset($_GET['key'])) {
$bum_action = 'resetpass';
}
// validate action so as to default to the login screen
if (!in_array($bum_action, array('logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login'), true) && false === has_filter('login_form_' . $bum_action)) {
$bum_action = 'login';
}
nocache_headers();
header('Content-Type: ' . get_bloginfo('html_type') . '; charset=' . get_bloginfo('charset'));
if (defined('RELOCATE')) {
// Move flag is set
if (isset($_SERVER['PATH_INFO']) && $_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) {
$_SERVER['PHP_SELF'] = str_replace($_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF']);
}
$schema = is_ssl() ? 'https://' : 'http://';
if (dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != get_option('siteurl')) {
update_option('siteurl', dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']));
}
}
//Set a cookie now to see if they are supported by the browser.
setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN);
if (SITECOOKIEPATH != COOKIEPATH) {
setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN);
}
// allow plugins to override the default actions, and to add extra actions if they want
do_action('login_init');
do_action('login_form_' . $bum_action);
$bum_http_post = 'POST' == $_SERVER['REQUEST_METHOD'];
switch ($bum_action) {
case 'logout':
//check_admin_referer('log-out');
wp_logout();
$bum_redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : bum_get_permalink_login() . '?loggedout=true';
wp_safe_redirect($bum_redirect_to);
exit;
break;
case 'lostpassword':
case 'retrievepassword':
if ($bum_http_post) {
$bum_errors = bum_retrieve_password();
if (!is_wp_error($bum_errors)) {
$bum_redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : bum_get_permalink_login() . '&checkemail=confirm';
wp_safe_redirect($bum_redirect_to);
exit;
}
}
if (isset($_GET['error']) && 'invalidkey' == $_GET['error']) {
$bum_errors->add('invalidkey', __('Sorry, that key does not appear to be valid.'));
}
$bum_redirect_to = apply_filters('lostpassword_redirect', !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '');
do_action('lost_password');
break;
case 'resetpass':
case 'rp':
$bum_user = bum_check_password_reset_key($_GET['key'], $_GET['login']);
if (is_wp_error($bum_user)) {
wp_redirect(bum_get_permalink_login() . '?action=lostpassword&error=invalidkey');
exit;
}
$bum_errors = '';
if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) {
$bum_errors = new WP_Error('password_reset_mismatch', __('The passwords do not match.'));
} elseif (isset($_POST['pass1']) && !empty($_POST['pass1'])) {
bum_reset_password($bum_user, $_POST['pass1']);
exit;
}
wp_enqueue_script('utils');
wp_enqueue_script('user-profile');
break;
case 'register':
wp_redirect(bum_get_permalink_registration());
exit;
break;
case 'login':
default:
//redirect if logged in
if (is_user_logged_in()) {
wp_redirect(get_bloginfo('url'));
exit;
}
$bum_secure_cookie = '';
$bum_interim_login = isset($_REQUEST['interim-login']);
// If the user wants ssl but the session is not ssl, force a secure cookie.
if (!empty($_POST['log']) && !force_ssl_admin()) {
$bum_user_name = sanitize_user($_POST['log']);
if ($bum_user = get_userdatabylogin($bum_user_name)) {
if (get_user_option('use_ssl', $bum_user->ID)) {
$bum_secure_cookie = true;
force_ssl_admin(true);
}
}
}
if (isset($_REQUEST['redirect_to'])) {
$bum_redirect_to = $_REQUEST['redirect_to'];
// Redirect to https if user wants ssl
if ($bum_secure_cookie && false !== strpos($bum_redirect_to, 'wp-admin')) {
$bum_redirect_to = preg_replace('|^http://|', 'https://', $bum_redirect_to);
}
} else {
$bum_redirect_to = admin_url();
}
$bum_reauth = empty($_REQUEST['reauth']) ? false : true;
// If the user was redirected to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure
// cookie and redirect back to the referring non-secure admin page. This allows logins to always be POSTed over SSL while allowing the user to choose visiting
// the admin via http or https.
if (!$bum_secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($bum_redirect_to, 'https') && 0 === strpos($bum_redirect_to, 'http')) {
$bum_secure_cookie = false;
}
$bum_user = wp_signon('', $bum_secure_cookie);
$bum_redirect_to = apply_filters('login_redirect', $bum_redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $bum_user);
if (!is_wp_error($bum_user) && !$bum_reauth) {
if (empty($bum_redirect_to) || $bum_redirect_to == 'wp-admin/' || $bum_redirect_to == admin_url()) {
// If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
if (is_multisite() && !get_active_blog_for_user($bum_user->id)) {
$bum_redirect_to = user_admin_url();
} elseif (is_multisite() && !$bum_user->has_cap('read')) {
$bum_redirect_to = get_dashboard_url($bum_user->id);
} elseif (!$bum_user->has_cap('edit_posts')) {
$bum_redirect_to = bum_get_permalink_profile();
}
}
wp_safe_redirect($bum_redirect_to);
exit;
}
$bum_errors = $bum_user;
// Clear errors if loggedout is set.
if (!empty($_GET['loggedout']) || $bum_reauth) {
$bum_errors = new WP_Error();
}
// If cookies are disabled we can't log in even with a valid user+pass
if (isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE])) {
$bum_errors->add('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress."));
}
// Some parts of this script use the main login form to display a message
if (isset($_GET['loggedout']) && TRUE == $_GET['loggedout']) {
$bum_errors->add('loggedout', __('You are now logged out.'), 'message');
} elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) {
$bum_errors->add('registerdisabled', __('User registration is currently not allowed.'));
} elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) {
$bum_errors->add('confirm', __('Check your e-mail for the confirmation link.'), 'message');
} elseif (isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail']) {
$bum_errors->add('newpass', __('Check your e-mail for your new password.'), 'message');
} elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) {
$bum_errors->add('registered', __('Registration complete. Please check your e-mail.'), 'message');
} elseif ($bum_interim_login) {
$bum_errors->add('expired', __('Your session has expired. Please log-in again.'), 'message');
}
// Clear any stale cookies.
if ($bum_reauth) {
wp_clear_auth_cookie();
}
if (isset($_POST['log'])) {
$bum_user_login = '******' == $bum_errors->get_error_code() || 'empty_password' == $bum_errors->get_error_code() ? esc_attr(stripslashes($_POST['log'])) : '';
}
$bum_rememberme = !empty($_POST['rememberme']);
break;
}
if ($bum_errors->get_error_code()) {
$bum_errors_txt = '';
$bum_messages_txt = '';
foreach ($bum_errors->get_error_codes() as $code) {
$bum_severity = $bum_errors->get_error_data($code);
foreach ($bum_errors->get_error_messages($code) as $error) {
if ('message' == $bum_severity) {
$bum_messages_txt .= ' ' . $error . "<br />\n";
} else {
$bum_errors_txt .= ' ' . $error . "<br />\n";
}
}
}
}
}
/**
* Login user. SSL support is not tested.
*/
public function login()
{
global $json_api;
$secure_cookie = '';
// If the user wants ssl but the session is not ssl, force a secure cookie.
if (!empty($_POST['log']) && !force_ssl_admin()) {
$user_name = sanitize_user($_POST['log']);
if ($user = get_user_by('login', $user_name)) {
// i'm guessing the user can change their login options to work with SSL
if (get_user_option('use_ssl', $user->ID)) {
$secure_cookie = true;
//passing true to like so, force_ssl_admin(true), makes force_ssl_admin() return true and vice versa
//force_ssl_admin(true); http://codex.wordpress.org/Function_Reference/force_ssl_admin
// we are declaring error but not returning it for now
$errors = new WP_Error();
$errors->add('use_ssl', __("The login must use ssl."));
// not implemeted now
//return $errors;
}
}
}
if (isset($_REQUEST['redirect_to'])) {
$redirect_to = $_REQUEST['redirect_to'];
// Redirect to https if user wants ssl
if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) {
$redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
}
} else {
$redirect_to = admin_url();
}
$reauth = empty($_REQUEST['reauth']) ? false : true;
// If the user was redirected to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure
// cookie and redirect back to the referring non-secure admin page. This allows logins to always be POSTed over SSL while allowing the user to choose visiting
// the admin via http or https.
if (!$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) {
$secure_cookie = false;
}
//$user = wp_authenticate_username_password('', $_POST['log'], $_POST['pwd']);
$user = wp_signon('', $secure_cookie);
if (is_wp_error($user)) {
// user is an error object
$errors = $user;
// if both login and password are empty no error is added so we add one now
if (empty($_POST['log']) && empty($_POST['pwd'])) {
$errors->add('invalid_username', __("The username is empty."));
}
// Clear errors if loggedout is set.
if (!empty($_GET['loggedout']) || $reauth) {
$errors = new WP_Error();
}
// If cookies are disabled we can't log in even with a valid user+pass
if (isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE])) {
$errors->add('test_cookie', __("Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress."));
}
// Some parts of this script use the main login form to display a message
if (isset($_GET['loggedout']) && TRUE == $_GET['loggedout']) {
$errors->add('loggedout', __('You are now logged out.'), 'message');
} elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) {
$errors->add('registerdisabled', __('User registration is currently not allowed.'));
} elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) {
$errors->add('confirm', __('Check your e-mail for the confirmation link.'), 'message');
} elseif (isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail']) {
$errors->add('newpass', __('Check your e-mail for your new password.'), 'message');
} elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) {
$errors->add('registered', __('Registration complete. Please check your e-mail.'), 'message');
} elseif ($interim_login) {
$errors->add('expired', __('Your session has expired. Please log-in again.'), 'message');
}
// Clear any stale cookies.
if ($reauth) {
wp_clear_auth_cookie();
}
return $errors;
}
//if (!$reauth) {
// does not redirect
if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) {
// If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID)) {
$redirect_to = user_admin_url();
} elseif (is_multisite() && !$user->has_cap('read')) {
$redirect_to = get_dashboard_url($user->ID);
} elseif (!$user->has_cap('edit_posts')) {
$redirect_to = admin_url('profile.php');
}
}
wp_set_current_user($user->ID);
$user = $this->get_logged_in_user();
// left in redirect_to since we could return the value later if we wanted
return $user;
//}
}
function cc_login_redirect_rules($redirect_to, $requested_redirect_to, $user)
{
global $wp_roles;
// If they're on the login page, don't do anything
if (!isset($user->user_login)) {
return $redirect_to;
}
if (isset($_GET['wpc_to_redirect']) && !empty($_GET['wpc_to_redirect'])) {
return $redirect_to;
}
//redirect by login/logout redirect table
$wpc_enable_custom_redirects = $this->cc_get_settings('enable_custom_redirects', 'no');
if ('yes' == $wpc_enable_custom_redirects) {
global $wpdb;
//get individual redirect for users
$new_redirect_to = $wpdb->get_var($wpdb->prepare("SELECT rul_url FROM {$wpdb->prefix}wpc_client_login_redirects WHERE rul_value = '%s' AND rul_type='user'", $user->user_login));
if ($new_redirect_to) {
return $new_redirect_to;
} else {
//redirects for circles
$client_groups = $this->cc_get_client_groups_id($user->ID);
if (0 < count($client_groups)) {
$new_redirect_to = $wpdb->get_var("SELECT rul_url FROM {$wpdb->prefix}wpc_client_login_redirects WHERE rul_type='circle' AND rul_url != '' AND rul_value IN('" . implode("','", $client_groups) . "') ORDER BY rul_order DESC LIMIT 1");
if ($new_redirect_to) {
return $new_redirect_to;
}
}
//redirects for roles
$userdata = get_userdata($user->ID);
$userroles = $userdata->roles;
foreach ($userroles as $key => $userrole) {
$userroles[$key] = "'" . $userrole . "'";
}
$userroles = implode(',', $userroles);
$new_role_redirect_to = $wpdb->get_var("SELECT rul_url FROM {$wpdb->prefix}wpc_client_login_redirects WHERE rul_value IN(" . $userroles . ") AND rul_type='role' AND rul_url != '' ORDER BY rul_order DESC LIMIT 1");
if ($new_role_redirect_to) {
return $new_role_redirect_to;
}
//if not find redirect for user, circle and role use default redirect
$wpc_default_redirects = $this->cc_get_settings('default_redirects');
if (isset($wpc_default_redirects['login']) && '' != $wpc_default_redirects['login']) {
return $wpc_default_redirects['login'];
} else {
//redirection for administrators
if (user_can($user, 'administrator') && !user_can($user, 'manage_network_options')) {
return admin_url();
}
//redirect Client and Staff to my-hub page
if (user_can($user, 'wpc_client') && !user_can($user, 'manage_network_options')) {
return $this->cc_get_slug('hub_page_id');
}
if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) {
// If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID)) {
$redirect_to = user_admin_url();
} elseif (is_multisite() && !$user->has_cap('read')) {
$redirect_to = get_dashboard_url($user->ID);
} elseif (!$user->has_cap('edit_posts')) {
$redirect_to = admin_url('profile.php');
}
}
//redirect for another users
return $redirect_to;
}
}
} else {
//redirection for administrators
if (user_can($user, 'administrator') && !user_can($user, 'manage_network_options')) {
return admin_url();
}
//redirect Client and Staff to my-hub page
if (user_can($user, 'wpc_client') && !user_can($user, 'manage_network_options')) {
return $this->cc_get_slug('hub_page_id');
}
if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) {
// If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID)) {
$redirect_to = user_admin_url();
} elseif (is_multisite() && !$user->has_cap('read')) {
$redirect_to = get_dashboard_url($user->ID);
} elseif (!$user->has_cap('edit_posts')) {
$redirect_to = admin_url('profile.php');
}
}
//redirect for another users
return $redirect_to;
}
}
/**
* Get the URL to the user's profile editor.
*
* @since 3.1.0
*
* @param int $user User ID
* @param string $scheme The scheme to use. Default is 'admin', which obeys force_ssl_admin() and is_ssl(). 'http' or 'https' can be passed to force those schemes.
* @return string Dashboard url link with optional path appended
*/
function get_edit_profile_url($user, $scheme = 'admin')
{
$user = (int) $user;
if (is_user_admin()) {
$url = user_admin_url('profile.php', $scheme);
} elseif (is_network_admin()) {
$url = network_admin_url('profile.php', $scheme);
} else {
$url = get_dashboard_url($user, 'profile.php', $scheme);
}
return apply_filters('edit_profile_url', $url, $user, $scheme);
}
/**
* Prevent access to `profile.php`
*
* @since 0.2.0
*
* @param type $redirect_to
* @param type $requested_redirect_to
* @param type $user
*/
function wp_user_profiles_old_profile_redirect()
{
wp_safe_redirect(get_dashboard_url());
exit;
}
echo wp_customize_url();
?>
', channel: 'login' }).send('login') }, 1000 );</script>
<?php
}
?>
</body></html>
<?php
exit;
}
if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) {
// If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID)) {
$redirect_to = user_admin_url();
} elseif (is_multisite() && !$user->has_cap('read')) {
$redirect_to = get_dashboard_url($user->ID);
} elseif (!$user->has_cap('edit_posts')) {
$redirect_to = $user->has_cap('read') ? admin_url('profile.php') : home_url();
}
}
wp_safe_redirect($redirect_to);
exit;
}
$errors = $user;
// Clear errors if loggedout is set.
if (!empty($_GET['loggedout']) || $reauth) {
$errors = new WP_Error();
}
if ($interim_login) {
if (!$errors->get_error_code()) {
$errors->add('expired', __('Your session has expired. Please log in to continue where you left off.'), 'message');
public function doLogin()
{
$minecraftjp = $this->getMinecraftJP();
$authType = !empty($_SESSION['auth_type']) ? $_SESSION['auth_type'] : 'login';
$redirectTo = !empty($_SESSION['redirect_to']) ? $_SESSION['redirect_to'] : '';
if ($authType == 'link') {
try {
$mcjpUser = $minecraftjp->getUser();
} catch (\Exception $e) {
$this->setFlash($e->getMessage(), 'default', array('class' => 'error'));
wp_safe_redirect(admin_url('profile.php'));
exit;
}
if (!empty($mcjpUser)) {
$userId = get_current_user_id();
$existsUserId = $this->User->getUserIdBySub($mcjpUser['sub']);
if (!empty($existsUserId) && $existsUserId != $userId) {
$this->setFlash(__('This account is already linked.', App::NAME), 'default', array('class' => 'error'));
} else {
update_user_meta($userId, 'minecraftjp_sub', $mcjpUser['sub']);
update_user_meta($userId, 'minecraftjp_uuid', $mcjpUser['uuid']);
update_user_meta($userId, 'minecraftjp_username', $mcjpUser['preferred_username']);
$this->setFlash(__('Minecraft.jp account linked successfully.', App::NAME));
}
} else {
$this->setFlash(__('Authorization denied.', App::NAME), 'default', array('class' => 'error'));
}
wp_safe_redirect(admin_url('profile.php'));
} else {
try {
$mcjpUser = $minecraftjp->getUser();
} catch (\Exception $e) {
$this->setFlash($e->getMessage(), 'default', array('class' => 'error'));
wp_safe_redirect(site_url('wp-login.php'));
exit;
}
if (!empty($mcjpUser)) {
$userId = $this->User->getUserIdBySub($mcjpUser['sub']);
if (!$userId) {
if (!get_option('users_can_register') && !Configure::read('force_users_can_register')) {
wp_redirect(site_url('wp-login.php?registration=disabled'));
exit;
}
$password = wp_generate_password();
$result = wp_create_user($mcjpUser['preferred_username'] . Configure::read('username_suffix'), $password, $mcjpUser['email']);
if (is_wp_error($result)) {
$this->setFlash(__('username or email is already taken.', App::NAME), 'default', array('class' => 'error'));
wp_safe_redirect(site_url('wp-login.php'));
exit;
} else {
$userId = $result;
wp_update_user(array('ID' => $userId, 'user_url' => !empty($mcjpUser['website']) ? $mcjpUser['website'] : $mcjpUser['profile'], 'display_name' => $mcjpUser['preferred_username']));
update_user_meta($userId, 'nickname', $mcjpUser['preferred_username']);
update_user_meta($userId, 'minecraftjp_sub', $mcjpUser['sub']);
update_user_meta($userId, 'minecraftjp_uuid', $mcjpUser['uuid']);
// send password notification
wp_new_user_notification($userId, $password);
}
}
update_user_meta($userId, 'minecraftjp_username', $mcjpUser['preferred_username']);
wp_set_auth_cookie($userId, true);
$user = get_user_by('id', $userId);
if (empty($redirectTo) || $redirectTo == 'wp-admin/' || $redirectTo == admin_url()) {
if (is_multisite() && !get_active_blog_for_user($userId) && !is_super_admin($userId)) {
$redirectTo = user_admin_url();
} else {
if (is_multisite() && !$user->has_cap('read')) {
$redirectTo = get_dashboard_url($userId);
} else {
if (!$user->has_cap('edit_posts')) {
$redirectTo = admin_url('profile.php');
}
}
}
}
wp_safe_redirect($redirectTo);
exit;
} else {
$this->setFlash(__('Authorization denied.', App::NAME), 'default', array('class' => 'error'));
wp_safe_redirect(site_url('wp-login.php'));
exit;
}
}
}
/**
* Get the URL to the user's profile editor.
*
* @since 3.1.0
*
* @param int $user_id Optional. User ID. Defaults to current user.
* @param string $scheme The scheme to use. Default is 'admin', which obeys force_ssl_admin() and is_ssl().
* 'http' or 'https' can be passed to force those schemes.
* @return string Dashboard url link with optional path appended.
*/
function get_edit_profile_url($user_id = 0, $scheme = 'admin')
{
$user_id = $user_id ? (int) $user_id : get_current_user_id();
if (is_user_admin()) {
$url = user_admin_url('profile.php', $scheme);
} elseif (is_network_admin()) {
$url = network_admin_url('profile.php', $scheme);
} else {
$url = get_dashboard_url($user_id, 'profile.php', $scheme);
}
/**
* Filter the URL for a user's profile editor.
*
* @since 3.1.0
*
* @param string $url The complete URL including scheme and path.
* @param int $user_id The user ID.
* @param string $scheme Scheme to give the URL context. Accepts 'http', 'https', 'login',
* 'login_post', 'admin', 'relative' or null.
*/
return apply_filters('edit_profile_url', $url, $user_id, $scheme);
}
/**
* Render the login shortcode.
*
* @since 1.8.0
*
* @param array $args Shortcode paramters
* @param string $content Content between shortcode
* @return string HTML output
*/
function render_login($args, $content = '')
{
$defaults = $this->default_shortcode_parameter($args);
$defaults['action'] = 'login';
extract($defaults);
self::$args = $defaults;
$styles = $this->get_style_tag();
$html = sprintf('<div %s>%s', FusionCore_Plugin::attributes('login-shortcode'), $styles);
if (!is_user_logged_in()) {
$user_login = isset($_GET['log']) ? $_GET['log'] : '';
$html .= sprintf('<h3 class="fusion-login-heading">%s</h3>', $heading);
$html .= sprintf('<div class="fusion-login-caption">%s</div>', $caption);
$html .= sprintf('<%s %s>', $main_container, FusionCore_Plugin::attributes('login-shortcode-form'));
// Get the success/error notices
$this->render_notices($action);
$html .= '<div class="fusion-login-input-wrapper">';
$html .= sprintf('<label class="fusion-hidden-content" for="user_login">%s</label>', __('Username', 'fusion-core'));
$html .= sprintf('<input type="text" name="log" placeholder="%s" value="%s" size="20" class="fusion-login-username input-text" id="user_login" />', __('Username', 'fusion-core'), esc_attr($user_login));
$html .= '</div>';
$html .= '<div class="fusion-login-input-wrapper">';
$html .= sprintf('<label class="fusion-hidden-content" for="user_pass">%s</label>', __('Password', 'fusion-core'));
$html .= sprintf('<input type="password" name="pwd" placeholder="%s" value="" size="20" class="fusion-login-password input-text" id="user_pass" />', __('Password', 'fusion-core'));
$html .= '</div>';
$html .= '<div class="fusion-login-submit-wrapperr">';
$html .= sprintf('<button %s>%s</button>', FusionCore_Plugin::attributes('login-shortcode-button'), __('Log in', 'fusion-core'));
// Set the query string for successful password reset
if (!$redirection_link) {
$redirection_link = $this->get_redirection_link();
}
$html .= $this->render_hidden_login_inputs($redirection_link);
$html .= '</div>';
$html .= '<div class="fusion-login-links">';
$html .= sprintf('<a class="fusion-login-lost-passowrd" target="_self" href="%s">%s</a>', $lost_password_link, __('Lost password?', 'fusion-core'));
$html .= sprintf('<a class="fusion-login-register" target="_self" href="%s">%s</a>', $register_link, __('Register', 'fusion-core'));
$html .= '</div>';
$html .= sprintf('</%s>', $main_container);
} else {
$user = get_user_by('id', get_current_user_id());
$html .= sprintf('<div class="fusion-login-caption">%s %s</div>', __('Welcome', 'fusion-core'), ucwords($user->display_name));
$html .= sprintf('<div class="fusion-login-avatar">%s</div>', get_avatar($user->ID, apply_filters('fusion_login_box_avatar_size', 50)));
$html .= '<ul class="fusion-login-loggedin-links">';
$html .= sprintf('<li><a href="%s">%s</a></li>', get_dashboard_url(), __('Dashboard', 'fusion-core'));
$html .= sprintf('<li><a href="%s">%s</a></li>', get_edit_user_link($user->ID), __('Profile', 'fusion-core'));
$html .= sprintf('<li><a href="%s">%s</a></li>', wp_logout_url(get_permalink()), __('Logout', 'fusion-core'));
$html .= '</ul>';
}
$html .= '</div>';
return $html;
}
