function my_retrieve_password() { global $current_theme_locale_name, $wpdb, $current_site; $errors = new WP_Error(); if (empty($_POST['user_login'])) { $errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or e-mail address.', $current_theme_locale_name)); } else { if (strpos($_POST['user_login'], '@')) { $user_data = get_user_by('email', trim($_POST['user_login'])); if (empty($user_data)) { $errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.', $current_theme_locale_name)); } } else { $login = trim($_POST['user_login']); $user_data = get_user_by('login', $login); } } do_action('lostpassword_post'); if ($errors->get_error_code()) { return $errors; } if (!$user_data) { $errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or e-mail.', $current_theme_locale_name)); return $errors; } // redefining user_login ensures we return the right case in the email $user_login = $user_data->user_login; $user_email = $user_data->user_email; do_action('retreive_password', $user_login); // Misspelled and deprecated do_action('retrieve_password', $user_login); $allow = apply_filters('allow_password_reset', true, $user_data->ID); if (!$allow) { return new WP_Error('no_password_reset', __('Password reset is not allowed for this user', $current_theme_locale_name)); } else { if (is_wp_error($allow)) { return $allow; } } $key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM {$wpdb->users} WHERE user_login = %s", $user_login)); if (empty($key)) { // Generate something random for a key... $key = wp_generate_password(20, false); do_action('retrieve_password_key', $user_login, $key); // Now insert the new md5 key into the db $wpdb->update($wpdb->users, array('user_activation_key' => $key), array('user_login' => $user_login)); } $link = projectTheme_makeClickableLinks(get_bloginfo('url') . "/wp-login.php?action=rp&key={$key}&login="******"logo" alt="%s" src="%s"><br>Hello! You have requested to reset your password for the following account:', $current_theme_locale_name) . "\n<br><br>", $site_name, $logo_src); //$message .= get_bloginfo('url') . "\n<br>"; $message .= sprintf(__('Username: %s', $current_theme_locale_name), $user_login) . "\n<br>"; $message .= __('To reset your password, visit the following link:', $current_theme_locale_name) . "\n<br>"; $message .= '' . $link . "\n<br>"; $message .= __('Please ignore this message, if you did not request a reset of your password.', $current_theme_locale_name) . "\n<br>"; if (is_multisite()) { $blogname = $GLOBALS['current_site']->site_name; } else { // The blogname option is escaped with esc_html on the way into the database in sanitize_option // we want to reverse this for the plain text arena of emails. $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES); } $title = sprintf(__('Password Reset', $current_theme_locale_name)); //var_dump($message); $title = apply_filters('retrieve_password_title', $title); $message = apply_filters('retrieve_password_message', $message, $key); // var_dump($message); // die(); function set_html_content_type() { return 'text/html'; } add_filter('wp_mail_content_type', 'set_html_content_type'); if ($message && !wp_mail($user_email, $title, $message)) { wp_die(__('The e-mail could not be sent.', $current_theme_locale_name) . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...', $current_theme_locale_name)); } }
function ProjectTheme_send_email($recipients, $subject = '', $message = '') { $ProjectTheme_email_addr_from = get_option('ProjectTheme_email_addr_from'); $ProjectTheme_email_name_from = get_option('ProjectTheme_email_name_from'); $message = stripslashes($message); $subject = stripslashes($subject); $hh = array('MIME-Version: 1.0', 'Content-type: text/html; charset=' . get_bloginfo('charset'), sprintf('X-Mailer: PHP/%s', phpversion())); if (empty($ProjectTheme_email_name_from)) { $ProjectTheme_email_name_from = "Project Theme"; } if (empty($ProjectTheme_email_addr_from)) { $ProjectTheme_email_addr_from = "*****@*****.**"; } $headers = 'From: ' . $ProjectTheme_email_name_from . ' <' . $ProjectTheme_email_addr_from . '>' . PHP_EOL; $ProjectTheme_allow_html_emails = get_option('ProjectTheme_allow_html_emails'); if ($ProjectTheme_allow_html_emails != "yes") { $html = false; } else { $html = true; } $oktosend = true; $oktosend = apply_filters('ProjectTheme_ok_to_send_email', $oktosend); if ($oktosend) { if ($html) { $message = projectTheme_makeClickableLinks($message); $mailtext = "<html><head><title>" . $subject . "</title></head><body>" . nl2br($message) . "</body></html>"; return wp_mail($recipients, $subject, $mailtext); //, $hh); } else { $headers .= "MIME-Version: 1.0\n"; $headers .= "Content-Type: text/plain; charset=\"" . get_bloginfo('charset') . "\"\n"; $message = preg_replace('|&[^a][^m][^p].{0,3};|', '', $message); $message = preg_replace('|&|', '&', $message); $mailtext = wordwrap(strip_tags($message), 80, "\n"); return wp_mail($recipients, stripslashes($subject), stripslashes($mailtext)); //, $hh); } } }
function ProjectTheme_send_email_on_priv_mess_received($sender_uid, $receiver_uid) { $enable = get_option('ProjectTheme_priv_mess_received_email_enable'); $subject = get_option('ProjectTheme_priv_mess_received_email_subject'); $message = get_option('ProjectTheme_priv_mess_received_email_message'); if ($enable != "no") { $user = get_userdata($receiver_uid); $site_login_url = ProjectTheme_login_url(); $site_name = get_bloginfo('name'); $account_url = projectTheme_makeClickableLinks(get_permalink(get_option('ProjectTheme_my_account_page_id')) . 'private-messages/'); $sndr = get_userdata($sender_uid); $sndr_link = ProjectTheme_get_user_profile_link($sender_uid, true); // $sndr_link = sprintf('%s', ProjectTheme_get_user_profile_link($sender_uid)); $find = array('##sender_username##', '##sender_link##', '##receiver_username##', '##site_login_url##', '##your_site_name##', '##your_site_url##', '##my_account_url##'); $replace = array($sndr->user_login, $sndr_link, $user->user_login, $site_login_url, $site_name, get_bloginfo('siteurl'), $account_url); $tag = 'ProjectTheme_send_email_on_priv_mess_received'; $find = apply_filters($tag . '_find', $find); $replace = apply_filters($tag . '_replace', $replace); $message = ProjectTheme_replace_stuff_for_me($find, $replace, $message); $subject = ProjectTheme_replace_stuff_for_me($find, $replace, $subject); //--------------------------------------------- ProjectTheme_send_email($user->user_email, $subject, $message, false); } }
function ProjectTheme_do_login_scr() { /*do_action( 'login_enqueue_scripts' ); do_action( 'login_head' ); do_action('login_footer'); */ global $wpdb, $error, $wp_query, $current_theme_locale_name; if (!is_array($wp_query->query_vars)) { $wp_query->query_vars = array(); } $action = $_REQUEST['action']; $error = ''; nocache_headers(); header('Content-Type: ' . get_bloginfo('html_type') . '; charset=' . get_bloginfo('charset')); if (defined('RELOCATE')) { // Move flag is set if (isset($_SERVER['PATH_INFO']) && $_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) { $_SERVER['PHP_SELF'] = str_replace($_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF']); } $schema = isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on' ? 'https://' : 'http://'; if (dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != get_settings('siteurl')) { update_option('siteurl', dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'])); } } do_action('login_init'); do_action('login_form_' . $action); switch ($_REQUEST["action"]) { //logout case "logout": wp_clearcookie(); if (get_option("jk_logout_redirect_to")) { $redirect_to = get_option("jk_logout_redirect_to"); } else { $redirect_to = "wp-login.php"; } do_action('wp_logout'); nocache_headers(); if (isset($_REQUEST['redirect_to'])) { $redirect_to = $_REQUEST['redirect_to']; } wp_redirect(get_bloginfo('siteurl')); exit; break; //lost lost password //lost lost password case 'lostpassword': case 'retrievepassword': $http_post = 'POST' == $_SERVER['REQUEST_METHOD']; if ($http_post) { $errors = my_retrieve_password(); if (!is_wp_error($errors)) { $redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : 'wp-login.php?checkemail=confirm'; wp_safe_redirect($redirect_to); exit; } } if (isset($_GET['error']) && 'invalidkey' == $_GET['error']) { $errors->add('invalidkey', __('Sorry, that key does not appear to be valid.')); } $redirect_to = apply_filters('lostpassword_redirect', !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : ''); do_action('lost_password'); $user_login = isset($_POST['user_login']) ? stripslashes($_POST['user_login']) : ''; get_header(); ?> <div class="page_heading_me"> <div class="page_heading_me_inner"> <div class="mm_inn"><?php printf(__("Retrieve Password - %s", $current_theme_locale_name), get_bloginfo('name')); ?> </div> </div> </div> <!-- ########## --> <div id="main_wrapper"> <div id="main" class="wrapper"><div class="padd10"> <div class="my_box3"> <div class="padd10"> <div class="box_content"> <div class="login-submit-form"> <form name="lostpass" action="<?php echo esc_url(site_url('wp-login.php?action=lostpassword', 'login_post')); ?> " method="post" id="loginform"> <p><?php _e('Please enter your information here. We will send you a new password.', $current_theme_locale_name); ?> </p> <?php if ($errors) { echo "<div class='errrs'>" . $errors->get_error_message() . "</div>"; } ?> <input type="hidden" name="action" value="retrievepassword" /> <p> <label><?php _e('Username or Email:', $current_theme_locale_name); ?> </label> <input type="text" class="do_input" name="user_login" id="user_login" value="" size="30" tabindex="1" /> </p> <?php do_action('lostpassword_form'); ?> <p><label> </label> <input type="submit" name="submit" id="submit" value="<?php _e('Retrieve Password', $current_theme_locale_name); ?> " class="submit_bottom" tabindex="3" /> </p> </form> <script type="text/javascript"> $(function() { // gather all inputs of selected types var inputs = $('#user_tp, #user_email, #user_login, #log, #login_password, #rememberme, #submits, .green_btn'), inputTo; // bind on keydown inputs.on('keydown', function(e) { // if we pressed the tab if (e.keyCode == 9 || e.which == 9) { alert('tab'); // prevent default tab action e.preventDefault(); if (e.shiftKey) { // get previous input based on the current input inputTo = inputs.get(inputs.index(this) - 1); } else { // get next input based on the current input inputTo = inputs.get(inputs.index(this) + 1); } // move focus to inputTo, otherwise focus first input if (inputTo) { inputTo.focus(); } else { inputs[0].focus(); } } }); }); </script> </div> <ul id="logins"> <li><a href="<?php bloginfo('home'); ?> /" title="<?php _e('Are you lost?', $current_theme_locale_name); ?> ">« <?php _e('Home', $current_theme_locale_name); ?> </a></li> <?php if (get_settings('users_can_register')) { ?> <li><a href="<?php bloginfo('wpurl'); ?> /wp-login.php?action=register"><?php _e('Register', $current_theme_locale_name); ?> </a></li> <?php } ?> <li><a href="<?php bloginfo('wpurl'); ?> /wp-login.php"><?php _e('Login', $current_theme_locale_name); ?> </a></li> </ul> </div> </div> </div> </div></div></div> <?php get_footer(); die; break; case 'retrievepassword2': get_header(); $user_data = get_userdatabylogin($_POST['user_login']); // redefining user_login ensures we return the right case in the email $user_login = $user_data->user_login; $user_email = $user_data->user_email; if (!$user_email || $user_email != $_POST['email']) { ?> <div class="my_box3"> <div class="padd10"> <div class="box_title"><?php _e("Retrieve Error", $current_theme_locale_name); ?> - <?php echo get_bloginfo('name'); ?> </div> <div class="box_content"> <br/><br/> <?php echo sprintf(__('Sorry, that user does not seem to exist in our database. Perhaps you have the wrong username or e-mail address? <a href="%s">Try again</a>.', $current_theme_locale_name), 'wp-login.php?action=lostpassword'); ?> <br/><br/> </div></div></div> <?php get_footer(); die; } do_action('retreive_password', $user_login); // Misspelled and deprecated. do_action('retrieve_password', $user_login); // Generate something random for a password... md5'ing current time with a rand salt $key = substr(md5(uniqid(current_time('timestamp', 0))), 0, 50); // now insert the new pass md5'd into the db $wpdb->query("UPDATE {$wpdb->users} SET user_activation_key = '{$key}' WHERE user_login = '******'"); $message = __('Someone has asked to reset the password for the following site and username.', $current_theme_locale_name) . "\r\n\r\n"; $message .= get_option('siteurl') . "\r\n\r\n"; $message .= sprintf(__('Username: %s', $current_theme_locale_name), $user_login) . "\r\n\r\n"; $message .= __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.', $current_theme_locale_name) . "\r\n\r\n"; $message .= get_settings('siteurl') . "/wp-login.php?action=resetpass&key={$key}\r\n"; $m = ProjectTheme_send_email($user_email, sprintf(__('[%s] Password Reset', $current_theme_locale_name), get_settings('blogname')), $message); echo get_option("jk_login_after_head_html"); echo " <div id=\"login\">\n"; if ($m == false) { echo "<h1>" . __("There Was a Problem", $current_theme_locale_name) . "</h1>"; echo '<p>' . __('The e-mail could not be sent.', $current_theme_locale_name) . "<br />\n"; echo __('Possible reason: your host may have disabled the mail() function...', $current_theme_locale_name) . "</p>"; } else { echo "<h1>Success!</h1>"; echo '<p>' . sprintf(__("The e-mail was sent successfully to %s's e-mail address.", $current_theme_locale_name), $user_login) . '<br />'; echo "<a href='wp-login.php' title='" . __('Check your e-mail first, of course', $current_theme_locale_name) . "'>" . __('Click here to login!', $current_theme_locale_name) . '</a></p>'; } echo " </div>\n"; echo '</div></div></div>'; get_footer(); die; break; //reset password //reset password case 'rp': get_header(); //_get_whole_menu(); echo '<div class="my_box3"> <div class="padd10">'; echo " <div id=\"login\">\n"; // Generate something random for a password... md5'ing current time with a rand salt $key = preg_replace('/a-z0-9/i', '', $_GET['key']); if (empty($key)) { _e('<h1>Problem</h1>', $current_theme_locale_name); _e('Sorry, that key does not appear to be valid.', $current_theme_locale_name); echo " </div>\n"; echo '</div></td></tr></table></div></div>'; get_footer(); die; } $user = $wpdb->get_row("SELECT * FROM {$wpdb->users} WHERE user_activation_key = '{$key}'"); if (!$user) { _e('<h1>Problem</h1>', $current_theme_locale_name); _e('Sorry, that key does not appear to be valid.', $current_theme_locale_name); echo " </div>\n"; echo '</div></div>'; get_footer(); die; } do_action('password_reset'); $new_pass = substr(md5(uniqid(current_time('timestamp', 0))), 0, 7); $wpdb->query("UPDATE {$wpdb->users} SET user_pass = MD5('{$new_pass}'), user_activation_key = '' WHERE user_login = '******'"); wp_cache_delete($user->ID, 'users'); wp_cache_delete($user->user_login, 'userlogins'); $logo_src = get_option('projectTheme_logo_url'); $site_name = get_bloginfo('name'); $message = sprintf(__('<img id="logo" alt="%s" src="%s"><br>We have reset the password for the following account. Please find the new temporary password below (we recommend that you change it once you log in).<br>'), $site_name, $logo_src); $message .= sprintf(__('Username: %s', $current_theme_locale_name), $user->user_login) . "\r\n<br>"; $message .= sprintf(__('Password: %s', $current_theme_locale_name), $new_pass) . "\r\n<br>"; $message .= projectTheme_makeClickableLinks(get_bloginfo('siteurl') . "/wp-login.php") . "\r\n<br>"; $m = wp_mail($user->user_email, sprintf(__('Your new password', $current_theme_locale_name)), $message); //ProjectTheme_send_email($user->user_email, sprintf(__('Your new password',$current_theme_locale_name) ), $message); if ($m == false) { echo __('<h1>Problem</h1>', $current_theme_locale_name); echo '<p>' . __('The e-mail could not be sent.', $current_theme_locale_name) . "<br />\n"; echo __('Possible reason: your host may have disabled the mail() function...', $current_theme_locale_name) . '</p>'; } else { echo __('<h1>Success!</h1>', $current_theme_locale_name); echo '<p>' . sprintf(__('Your new password is in the mail.', $current_theme_locale_name), $user_login) . '<br />'; echo "<a href='wp-login.php' title='" . __('Check your e-mail first, of course', $current_theme_locale_name) . "'>" . __('Click here to login!', $current_theme_locale_name) . '</a></p>'; // send a copy of password change notification to the admin $message = sprintf(__('Password Lost and Changed for user: %s', $current_theme_locale_name), $user->user_login) . "\r\n"; ProjectTheme_send_email(get_settings('admin_email'), sprintf(__('[%s] Password Lost/Change', $current_theme_locale_name), get_settings('blogname')), $message); } echo " </div>\n"; echo '</div></div></div>'; get_footer(); die; break; //login and default action //login and default action case 'login': default: //check credentials - 99% of this is identical to the normal wordpress login sequence as of 2.0.4 //Any differences will be noted with end of line comments. $user_login = ''; $user_pass = ''; $using_cookie = false; /** * this is what the code was * if ( !isset( $_REQUEST['redirect_to'] ) ) * $redirect_to = 'wp-admin/'; * else * $redirect_to = $_REQUEST['redirect_to']; */ if (!isset($_REQUEST['redirect_to'])) { $redirect_to = get_permalink(get_option('ProjectTheme_my_account_page_id')); } else { $redirect_to = $_REQUEST['redirect_to']; } if (isset($_SESSION['redirect_me_back'])) { $redirect_to = $_SESSION['redirect_me_back']; } if ($_POST) { $user_login = $_POST['log']; $user_login = sanitize_user($user_login); $user_pass = $_POST['pwd']; $rememberme = $_POST['rememberme']; } else { if (function_exists('wp_get_cookie_login')) { $cookie_login = wp_get_cookie_login(); if (!empty($cookie_login)) { $using_cookie = true; $user_login = $cookie_login['login']; $user_pass = $cookie_login['password']; } } elseif (!empty($_COOKIE)) { if (!empty($_COOKIE[USER_COOKIE])) { $user_login = $_COOKIE[USER_COOKIE]; } if (!empty($_COOKIE[PASS_COOKIE])) { $user_pass = $_COOKIE[PASS_COOKIE]; $using_cookie = true; } } } do_action('wp_authenticate', $user_login, $user_pass); if ($user_login && $user_pass) { $user = new WP_User(0, $user_login); // If the user can't edit posts, send them to their profile. //if ( !$user->has_cap('edit_posts') && ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' ) ) // $redirect_to = get_settings('siteurl') . '/' . 'my-account'; if (wp_login($user_login, $user_pass, $using_cookie)) { if (!$using_cookie) { wp_setcookie($user_login, $user_pass, false, '', '', $rememberme); } do_action('wp_login', $user_login); wp_redirect($redirect_to); exit; } else { if ($using_cookie) { $error = __('Your session has expired.', $current_theme_locale_name); } } } else { if ($_POST && !$user_login) { $error = __('<strong>Error</strong>: The Username field is empty.', $current_theme_locale_name); } else { if ($_POST && !$user_pass) { $error = __('<strong>Error</strong>: The password field is empty.', $current_theme_locale_name); } } } get_header(); ?> <div class="page_heading_me"> <div class="page_heading_me_inner"> <div class="mm_inn"><?php printf(__("Login - %s", $current_theme_locale_name), get_bloginfo('name')); ?> </div> </div> </div> <!-- ########## --> <div id="main_wrapper"> <div id="main" class="wrapper"><div class="padd10"> <div class="my_box3"> <div class="padd10"> <div class="box_content"> <?php if (isset($_GET['checkemail']) && $_GET['checkemail'] == "confirm") { ?> <div class="check-email-div"><div class="padd10"> <?php _e('We have sent a confirmation message to your email address.<br/> Please follow the instructions in the email and get back to this page.', $current_theme_locale_name); ?> </div></div> <?php } ?> <?php if (!empty($error)) { ?> <div class="error"><ul> <?php echo "<li>{$error}</li>"; ?> </ul> </div> <?php } ?> <div class="login-submit-form"> <form name="loginform" id="loginform" action="<?php echo esc_url(site_url('wp-login.php', 'login_post')); ?> " method="post"> <p><label><?php _e('Username:'******'Password:'******'Keep me logged in', $current_theme_locale_name); ?> </p> <?php do_action('login_form'); ?> <p><label> </label> <input type="submit" class="submit_bottom" name="submits" id="submits" value="<?php _e('Sign in', $current_theme_locale_name); ?> " tabindex="4" /> <input type="hidden" name="redirect_to" value="<?php echo wp_specialchars($redirect_to); ?> " /> </p> </form> <script type="text/javascript"> $(function() { // gather all inputs of selected types var inputs = $('#user_tp, #user_email, #user_login, #log, #login_password, #rememberme, #submits, .green_btn'), inputTo; console.log(inputs); // bind on keydown inputs.on('keydown', function(e) { // if we pressed the tab if (e.keyCode == 9 || e.which == 9) { // prevent default tab action e.preventDefault(); if (e.shiftKey) { // get previous input based on the current input inputTo = inputs.get(inputs.index(this) - 1); } else { // get next input based on the current input inputTo = inputs.get(inputs.index(this) + 1); } // move focus to inputTo, otherwise focus first input if (inputTo) { inputTo.focus(); } else { inputs[0].focus(); } } }); }); </script> <ul id="logins"> <li><a class="green_btn" href="<?php bloginfo('home'); ?> /" title="<?php _e('Are you lost?', $current_theme_locale_name); ?> ">« <?php _e('Home', $current_theme_locale_name); ?> </a></li> <?php if (get_settings('users_can_register')) { ?> <li><a class="green_btn" href="<?php bloginfo('wpurl'); ?> /wp-login.php?action=register"><?php _e('Register', $current_theme_locale_name); ?> </a></li> <?php } ?> <li><a class="green_btn" href="<?php bloginfo('wpurl'); ?> /wp-login.php?action=lostpassword" title="<?php _e('Password Lost and Found', $current_theme_locale_name); ?> "><?php _e('Lost your password?', $current_theme_locale_name); ?> </a></li> </ul> </div> </div> </div> </div> </div> </div> </div> <?php get_footer(); die; break; } }