/** * Generates token. * * Uses 'create_token' to create a token. * * @since 4.3.0 * * @param string $request The rest-api request that contains all parameters. * @return array The token and expiration-timestamp */ function action(WP_REST_Request $request) { $return = new WP_Error('400', __('Authentication failed.', 'wp_jwt_auth')); if (isset($request['method'])) { // if user wants to login by social-media-account $return = apply_filters('wak_login_method_' . $request['method'], $return, $request); } else { // if user wants to login by username/password $username = $request['username']; $password = $request['password']; $jwt_functions = new WAK_Functions(); $user = get_user_by('login', $username); if ($user && wp_check_password($password, $user->data->user_pass, $user->ID)) { $return = $jwt_functions->create_token($user->ID); } else { $return = new WP_Error('credentials_invalid', __('Username/Password combination is invalid', 'wp_jwt_auth')); } } if (isset($request['set_wp_cookie']) && $request['set_wp_cookie'] == 'true' && !is_wp_error($return)) { wp_set_auth_cookie($return['userid'], true); } if (isset($request['redirect_to']) && !is_wp_error($return)) { $location = $request['redirect_to']; if (is_wp_error($return)) { $location .= '?error=true&msg=' . urlencode($return->get_error_message()); } wp_redirect($location); exit; return; } return $return; }
public static function process_withdrawal() { $action = wskl_POST('action'); if ($action != 'dabory_members_withdrawal') { return; } self::evaluate_and_redirect_if_failed(is_user_logged_in(), __('먼저 로그인 하세요', 'wskl')); self::evaluate_and_redirect_if_failed(wp_verify_nonce($_POST['dabory_members_withdrawal'], 'dabory_members_withdrawal'), __('Nonce 인증에 실패했습니다.', 'wskl')); $user = wp_get_current_user(); $password = wskl_POST('password'); $reason = wskl_POST('reason', 'sanitize_text_field'); self::evaluate_and_redirect_if_failed(wp_check_password($password, $user->user_pass, $user->ID), __('비밀번호가 일치하지 않습니다.', 'wskl')); if (wskl_is_option_enabled('members_delete_after_withdrawal')) { if (!function_exists('wp_delete_user')) { include_once ABSPATH . 'wp-admin/includes/user.php'; } // 멤버 정말로 삭제 wp_logout(); wp_delete_user($user->ID); } else { // 역할을 바꿔 탈퇴 회원으로 간주 update_user_meta($user->ID, 'withdrawal_reason', $reason); $user->set_role('wskl_withdrawn'); wp_logout(); } // 탈퇴 완료 메시지 wp_redirect(add_query_arg(array('status' => 'complete'), $_SERVER['REQUEST_URI'])); exit; }
function wp_check_bind_user($username, $password) { if (empty($password)) { return __('<strong>ERROR</strong>: The password field is empty.'); } $userdata = get_userdatabylogin($username); if (!$userdata) { return sprintf(__('<strong>ERROR</strong>: Invalid username. <a href="%s" title="Password Lost and Found">Lost your password</a>?'), site_url('wp-login.php?action=lostpassword', 'login')); } if (is_multisite()) { // Is user marked as spam? if (1 == $userdata->spam) { return __('<strong>ERROR</strong>: Your account has been marked as a spammer.'); } // Is a user's blog marked as spam? if (!is_super_admin($userdata->ID) && isset($userdata->primary_blog)) { $details = get_blog_details($userdata->primary_blog); if (is_object($details) && $details->spam == 1) { return __('Site Suspended.'); } } } $userdata = apply_filters('wp_authenticate_user', $userdata, $password); if (is_wp_error($userdata)) { return; } if (!wp_check_password($password, $userdata->user_pass, $userdata->ID)) { return sprintf(__('<strong>ERROR</strong>: The password you entered for the username <strong>%1$s</strong> is incorrect. <a href="%2$s" title="Password Lost and Found">Lost your password</a>?'), $username, site_url('wp-login.php?action=lostpassword', 'login')); } }
function um_submit_form_errors_hook_login($args) { global $ultimatemember; $is_email = false; $form_id = $args['form_id']; $mode = $args['mode']; if (isset($args['username']) && $args['username'] == '') { $ultimatemember->form->add_error('username', __('Please enter your username or email', 'ultimatemember')); } if (isset($args['user_login']) && $args['user_login'] == '') { $ultimatemember->form->add_error('user_login', __('Please enter your username', 'ultimatemember')); } if (isset($args['user_email']) && $args['user_email'] == '') { $ultimatemember->form->add_error('user_email', __('Please enter your email', 'ultimatemember')); } if (isset($args['username'])) { $field = 'username'; if (is_email($args['username'])) { $is_email = true; $data = get_user_by('email', $args['username']); $user_name = isset($data->user_login) ? $data->user_login : null; } else { $user_name = $args['username']; } } else { if (isset($args['user_email'])) { $field = 'user_email'; $is_email = true; $data = get_user_by('email', $args['user_email']); $user_name = isset($data->user_login) ? $data->user_login : null; } else { $field = 'user_login'; $user_name = $args['user_login']; } } if (!username_exists($user_name)) { if ($is_email) { $ultimatemember->form->add_error($field, __(' Sorry, we can\'t find an account with that email address', 'ultimatemember')); } else { $ultimatemember->form->add_error($field, __(' Sorry, we can\'t find an account with that username', 'ultimatemember')); } } else { if ($args['user_password'] == '') { $ultimatemember->form->add_error('user_password', __('Please enter your password', 'ultimatemember')); } } $user = get_user_by('login', $user_name); if ($user && wp_check_password($args['user_password'], $user->data->user_pass, $user->ID)) { $ultimatemember->login->auth_id = username_exists($user_name); } else { $ultimatemember->form->add_error('user_password', __('Password is incorrect. Please try again.', 'ultimatemember')); } // add a way for other plugins like wp limit login // to limit the login attempts $user = apply_filters('authenticate', null, $user_name, $args['user_password']); // if there is an error notify wp if ($ultimatemember->form->has_error($field) || $ultimatemember->form->has_error($user_password)) { do_action('wp_login_failed', $user_name); } }
static function updateProfileInformation($data) { global $_js_helper; $success = 0; if (!$_js_helper->is_logged()) { return false; } $args = wp_parse_args($data, array()); if ($args['edit_task'] && $args['edit_task'] == 'change_password') { $current_user = JS_Helper::get_current_js_user(); if (!wp_check_password($args['old_pass'], $current_user->user_pass, $current_user->ID)) { return -2; } } $meta_data = $args['meta']; unset($args['meta']); if (!is_wp_error(wp_update_user($args))) { $success++; } if ($meta_data) { foreach ($meta_data as $meta_key => $meta_value) { $success += update_user_meta($args['ID'], $meta_key, $meta_value) ? 1 : 0; } } return strval($success); }
function check_custom_authentication($username, $password) { global $wpdb; $setting_value = array(); $date_time = date("Y-m-d H:i:s"); $ip_Address = getIpAddress(); $log_data = cpo_get_ip_location($ip_Address); $insert = new log_data(); $setting_value["username"] = isset($_REQUEST["log"]) ? esc_attr($_REQUEST["log"]) : esc_attr($_REQUEST["username"]); $setting_value["ip_address"] = $ip_Address; if ($log_data->city == "" || $log_data->country_name == "") { $setting_value["geo_location"] = $log_data->city . $log_data->country_name; } else { $setting_value["geo_location"] = $log_data->city . ", " . $log_data->country_name; } $userdata = get_user_by("login", $username); if (wp_check_password($password, $userdata->user_pass)) { $setting_value["login_status"] = 1; } else { $setting_value["login_status"] = 0; } $setting_value["latitude"] = $log_data->latitude; $setting_value["longitude"] = $log_data->longitude; $setting_value["date_time"] = $date_time; $insert->insert_data(cleanup_optimizer_log(), $setting_value); }
/** * Filter the user to authenticate. * * @since 0.1-dev * * @access public * @static * * @param WP_User $input_user User to authenticate. * @param string $username User login. * @param string $password User password. */ public static function authenticate($input_user, $username, $password) { $api_request = defined('XMLRPC_REQUEST') && XMLRPC_REQUEST; if (!apply_filters('application_password_is_api_request', $api_request)) { return $input_user; } $user = get_user_by('login', $username); // If the login name is invalid, short circuit. if (!$user) { return $input_user; } /* * Strip out anything non-alphanumeric. This is so passwords can be used with * or without spaces to indicate the groupings for readability. */ $password = preg_replace('/[^a-z\\d]/i', '', $password); $hashed_passwords = get_user_meta($user->ID, self::USERMETA_KEY_APPLICATION_PASSWORDS, true); foreach ($hashed_passwords as $key => $item) { if (wp_check_password($password, $item['password'], $user->ID)) { $item['last_used'] = time(); $item['last_ip'] = $_SERVER['REMOTE_ADDR']; $hashed_passwords[$key] = $item; update_user_meta($user->ID, self::USERMETA_KEY_APPLICATION_PASSWORDS, $hashed_passwords); return $user; } } // By default, return what we've been passed. return $input_user; }
/** * Process Login Form * * @since 1.0 * @param arr $data Data sent from the login form * @return void */ function kbs_process_login_form($data) { if (wp_verify_nonce($data['kbs_login_nonce'], 'kbs-login-nonce')) { $user_data = get_user_by('login', $data['kbs_user_login']); if (!$user_data) { $user_data = get_user_by('email', $data['kbs_user_login']); } if ($user_data) { $user_ID = $user_data->ID; $user_email = $user_data->user_email; if (wp_check_password($data['kbs_user_pass'], $user_data->user_pass, $user_data->ID)) { kbs_log_user_in($user_data->ID, $data['kbs_user_login'], $data['kbs_user_pass']); } else { $message = 'password_incorrect'; } } else { $message = 'username_incorrect'; } if (!empty($message)) { $url = remove_query_arg('message'); wp_redirect(add_query_arg('message', $message, $url)); die; } $redirect = apply_filters('kbs_login_redirect', $data['kbs_redirect'], $user_ID); wp_redirect($redirect); die; } }
/** * Process Login Form * * @since 1.0 * @param array $data Data sent from the login form * @return void */ function edd_process_login_form($data) { if (wp_verify_nonce($data['edd_login_nonce'], 'edd-login-nonce')) { $user_data = get_user_by('login', $data['edd_user_login']); if (!$user_data) { $user_data = get_user_by('email', $data['edd_user_login']); } if ($user_data) { $user_ID = $user_data->ID; $user_email = $user_data->user_email; if (wp_check_password($data['edd_user_pass'], $user_data->user_pass, $user_data->ID)) { edd_log_user_in($user_data->ID, $data['edd_user_login'], $data['edd_user_pass']); } else { edd_set_error('password_incorrect', __('The password you entered is incorrect', 'edd')); } } else { edd_set_error('username_incorrect', __('The username you entered does not exist', 'edd')); } // Check for errors and redirect if none present $errors = edd_get_errors(); if (!$errors) { $redirect = apply_filters('edd_login_redirect', $data['edd_redirect'], $user_ID); wp_redirect($redirect); edd_die(); } } }
function comber_login_guest() { if (isset($_POST['comber_user_login']) && wp_verify_nonce($_POST['comber_login_nonce'], 'comber-login-nonce')) { // this returns the user ID and other info from the user name $user = get_userdatabylogin($_POST['comber_user_login']); if (!$user) { // if the user name doesn't exist comber_errors()->add('empty_username', __('Invalid username')); } if (!isset($_POST['comber_user_pass']) || $_POST['comber_user_pass'] == '') { // if no password was entered comber_errors()->add('empty_password', __('Please enter a password')); } // check the user's login with their password if (!wp_check_password($_POST['comber_user_pass'], $user->user_pass, $user->ID)) { // if the password is incorrect for the specified user comber_errors()->add('empty_password', __('Incorrect password')); } // retrieve all error messages $errors = comber_errors()->get_error_messages(); // only log the user in if there are no errors if (empty($errors)) { wp_setcookie($_POST['comber_user_login'], $_POST['comber_user_pass'], true); wp_set_current_user($user->ID, $_POST['comber_user_login']); do_action('wp_login', $_POST['comber_user_login']); wp_redirect(home_url($_POST['current_page'])); exit; } else { wp_redirect(home_url($_POST['current_page'] . '/?login=true&fail=true')); exit; } } }
function wpanswer_auth_login($user, $username, $password) { global $wpdb, $wpanswer_user_approve; if (is_a($user, 'WP_User')) { return $user; } //Existing WP core code $userdata = get_user_by('login', $username); if (!$userdata) { return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Invalid username.', 'wpanswer')); } $userdata = apply_filters('wp_authenticate_user', $userdata, $password); //Existing WP core code if (is_wp_error($userdata)) { //Existing WP core code return $userdata; } if (!wp_check_password($password, $userdata->user_pass, $userdata->ID)) { return new WP_Error('incorrect_password', sprintf(__('<strong>ERROR</strong>: Incorrect password. <a href="%s" title="Password Lost and Found">Lost your password</a>?', 'wpanswer'), site_url('wp-login.php?action=lostpassword', 'login'))); } //Check if auto pending new account status feature is enabled if ($wpanswer_user_approve->configs->get_value('wpanswer_enable_manual_registration_approval') == '1') { $cap_key_name = $wpdb->prefix . 'capabilities'; $user_meta_info = get_user_meta($userdata->ID, 'wpanswer_account_status', TRUE); if ($user_meta_info == 'pending') { return new WP_Error('authentication_failed', __('<strong>ACCOUNT PENDING</strong>: Your account is currently not active. An administrator needs to activate your account before you can login.', 'wpanswer')); } } $user = new WP_User($userdata->ID); return $user; }
public function test() { $users = new UserCollection($this->user['ID'], 'ids'); $user = $users->last; assert($user->name === 'x'); assert($user->email === 'x@x.x'); assert(wp_check_password($this->user['user_pass'], $user->hash)); }
function um_submit_form_errors_hook_login($args) { global $ultimatemember; $is_email = false; $form_id = $args['form_id']; $mode = $args['mode']; if (isset($args['username']) && $args['username'] == '') { $ultimatemember->form->add_error('username', __('Please enter your username or email', 'ultimatemember')); } if (isset($args['user_login']) && $args['user_login'] == '') { $ultimatemember->form->add_error('user_login', __('Please enter your username', 'ultimatemember')); } if (isset($args['user_email']) && $args['user_email'] == '') { $ultimatemember->form->add_error('user_email', __('Please enter your email', 'ultimatemember')); } if (isset($args['username'])) { $field = 'username'; if (is_email($args['username'])) { $is_email = true; $data = get_user_by('email', $args['username']); $user_name = isset($data->user_login) ? $data->user_login : null; } else { $user_name = $args['username']; } } else { if (isset($args['user_email'])) { $field = 'user_email'; $is_email = true; $data = get_user_by('email', $args['user_email']); $user_name = isset($data->user_login) ? $data->user_login : null; } else { $field = 'user_login'; $user_name = $args['user_login']; } } if (!username_exists($user_name)) { if ($is_email) { $ultimatemember->form->add_error($field, __(' К сожалению, мы не можем найти учетную запись с этим адресом электронной почты', 'ultimatemember')); } else { $ultimatemember->form->add_error($field, __(' К сожалению, мы не можем найти учетную запись пользователя с этим', 'ultimatemember')); } } else { if ($args['user_password'] == '') { $ultimatemember->form->add_error('user_password', __('Пожалуйста введите ваш пароль', 'ultimatemember')); } } $user = get_user_by('login', $user_name); if ($user && wp_check_password($args['user_password'], $user->data->user_pass, $user->ID)) { $ultimatemember->login->auth_id = username_exists($user_name); } else { $ultimatemember->form->add_error('user_password', __('Неверный пароль. Пожалуйста, попробуйте еще раз.', 'ultimatemember')); } }
function um_submit_form_errors_hook_login($args) { global $ultimatemember; $is_email = false; $form_id = $args['form_id']; $mode = $args['mode']; if (isset($args['username']) && $args['username'] == '') { $ultimatemember->form->add_error('username', __('Please enter your username or email', 'ultimatemember')); } if (isset($args['user_login']) && $args['user_login'] == '') { $ultimatemember->form->add_error('user_login', __('Please enter your username', 'ultimatemember')); } if (isset($args['user_email']) && $args['user_email'] == '') { $ultimatemember->form->add_error('user_email', __('Please enter your email', 'ultimatemember')); } if (isset($args['username'])) { $field = 'username'; if (is_email($args['username'])) { $is_email = true; $data = get_user_by('email', $args['username']); $user_name = isset($data->user_login) ? $data->user_login : null; } else { $user_name = $args['username']; } } else { if (isset($args['user_email'])) { $field = 'user_email'; $is_email = true; $data = get_user_by('email', $args['user_email']); $user_name = isset($data->user_login) ? $data->user_login : null; } else { $field = 'user_login'; $user_name = $args['user_login']; } } if (!username_exists($user_name)) { if ($is_email) { $ultimatemember->form->add_error($field, __(' Sorry, we can\'t find an account with that email address', 'ultimatemember')); } else { $ultimatemember->form->add_error($field, __(' Sorry, we can\'t find an account with that username', 'ultimatemember')); } } else { if ($args['user_password'] == '') { $ultimatemember->form->add_error('user_password', __('Please enter your password', 'ultimatemember')); } } $user = get_user_by('login', $user_name); if ($user && wp_check_password($args['user_password'], $user->data->user_pass, $user->ID)) { $ultimatemember->login->auth_id = username_exists($user_name); } else { $ultimatemember->form->add_error('user_password', __('Password is incorrect. Please try again.', 'ultimatemember')); } }
/** * Disallow using the same password as before on reset. * * @action validate_password_reset * * @param WP_Error $errors * @param WP_User $user */ public function validate_password_reset($errors, $user) { $new_pass1 = filter_input(INPUT_POST, 'pass1'); $new_pass2 = filter_input(INPUT_POST, 'pass2'); if (!$new_pass1 || !$new_pass2 || $new_pass1 !== $new_pass2 || !Expire_Passwords::has_expirable_role($user)) { return; } $is_same = wp_check_password($new_pass1, $user->data->user_pass, $user->ID); if ($is_same) { $errors->add('password_already_used', esc_html__('You cannot reuse your old password.')); } }
/** * Test wp_hash_password trims whitespace * * This is similar to test_password_trimming but tests the "lower level" * wp_hash_password function * * @ticket 24973 */ function test_wp_hash_password_trimming() { $password = '******'; $this->assertTrue(wp_check_password('pass with leading whitespace', wp_hash_password($password))); $password = '******'; $this->assertTrue(wp_check_password('pass with trailing whitespace', wp_hash_password($password))); $password = '******'; $this->assertTrue(wp_check_password('pass with whitespace', wp_hash_password($password))); $password = "******"; $this->assertTrue(wp_check_password('pass with new line', wp_hash_password($password))); $password = "******"; $this->assertTrue(wp_check_password('pass with vertial tab o_O', wp_hash_password($password))); }
/** * This function simultaneously verifies usernames/passwords. This is because both * the pnm and the rc have to type in their usernames/passwords to create the bid */ function ifcrush_bid_verify_password($netID, $userpassword) { global $wpdb; $table_name = $wpdb->prefix . "usermeta"; $query = "select user_id from {$table_name} where meta_value = '{$netID}'"; $userid = $wpdb->get_results($query); $user = get_user_by('id', $userid[0]->user_id); if ($user && wp_check_password($userpassword, $user->data->user_pass, $user->ID)) { return 0; } else { return -1; } }
public function user_login() { $response = array('redirect' => false, 'request' => $_POST); //Check for empty fields if (empty($_POST['email']) || empty($_POST['pwd'])) { //create new error object and add errors to it. $error = new WP_Error(); if (empty($email)) { //No email $error->add('empty_username', __('<strong>ERROR</strong>: Email field is empty.')); } else { if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { //Invalid Email $error->add('invalid_username', __('<strong>ERROR</strong>: Email is invalid.')); } } if (empty($meta['password'])) { //No password $error->add('empty_password', __('<strong>ERROR</strong>: Password field is empty.')); } $response['errors'] = $error; } if (empty($response['errors'])) { $email = $_POST['email']; $meta['password'] = $_POST['pwd']; //Check if user exists in WordPress database $user = get_user_by('email', $email); //bad email if (!$user) { $error = new WP_Error(); $error->add('invalid', __('<strong>ERROR</strong>: Either the email or password you entered is invalid.')); $response['errors'] = $error; } else { //check password if (!wp_check_password($meta['password'], $user->user_pass, $user->ID)) { //bad password $error = new WP_Error(); $error->add('invalid', __('<strong>ERROR</strong>: Either the email or password you entered is invalid.')); $response['errors'] = $error; } else { wp_clear_auth_cookie(); wp_set_current_user($user->ID); wp_set_auth_cookie($user->ID); $response['redirect'] = !empty($_POST['redirect_to']) ? $_POST['redirect_to'] : home_url(); $response['user'] = $user; } } } echo json_encode($response); exit; }
/** *Process the login form * * @access public * @since 1.0 */ function rcp_process_login_form() { if (!isset($_POST['rcp_action']) || 'login' != $_POST['rcp_action']) { return; } if (!isset($_POST['rcp_login_nonce']) || !wp_verify_nonce($_POST['rcp_login_nonce'], 'rcp-login-nonce')) { return; } if (is_email($_POST['rcp_user_login'])) { $user = get_user_by('email', $_POST['rcp_user_login']); } else { // this returns the user ID and other info from the user name $user = get_user_by('login', $_POST['rcp_user_login']); } do_action('rcp_before_form_errors', $_POST); if (!$user) { // if the user name doesn't exist rcp_errors()->add('empty_username', __('Invalid username or email', 'rcp'), 'login'); } if (!isset($_POST['rcp_user_pass']) || $_POST['rcp_user_pass'] == '') { // if no password was entered rcp_errors()->add('empty_password', __('Please enter a password', 'rcp'), 'login'); } if ($user) { // check the user's login with their password if (!wp_check_password($_POST['rcp_user_pass'], $user->user_pass, $user->ID)) { // if the password is incorrect for the specified user rcp_errors()->add('empty_password', __('Incorrect password', 'rcp'), 'login'); } } if (function_exists('is_limit_login_ok') && !is_limit_login_ok()) { rcp_errors()->add('limit_login_failed', limit_login_error_msg(), 'login'); } do_action('rcp_login_form_errors', $_POST); // retrieve all error messages $errors = rcp_errors()->get_error_messages(); // only log the user in if there are no errors if (empty($errors)) { $remember = isset($_POST['rcp_user_remember']); $redirect = !empty($_POST['rcp_redirect']) ? $_POST['rcp_redirect'] : home_url(); rcp_login_user_in($user->ID, $_POST['rcp_user_login'], $remember); // redirect the user back to the page they were previously on wp_redirect($redirect); exit; } else { if (function_exists('limit_login_failed')) { limit_login_failed($_POST['rcp_user_login']); } } }
/** * Checks if a user is activated. * * @since 2.7.1 * * @uses wp_check_password * @param int $user * @param string $username * @param string $password * @return int $user */ function wpmem_check_activated($user, $username, $password) { // Password must be validated. $pass = !is_wp_error($user) && $password ? wp_check_password($password, $user->user_pass, $user->ID) : false; if (!$pass) { return $user; } // Activation flag must be validated. $active = get_user_meta($user->ID, 'active', true); if ($active != 1) { return new WP_Error('authentication_failed', __('<strong>ERROR</strong>: User has not been activated.', 'wp-members')); } // If the user is validated, return the $user object. return $user; }
public static function login($username, $password) { global $wpdb; $user = $wpdb->get_row($wpdb->prepare("SELECT ID, user_pass\n\t\t\t\tFROM {$wpdb->users}\n\t\t\t\tWHERE user_login = %s OR user_email = %s", $username, $username)); if (isset($user) && wp_check_password($password, $user->user_pass, $user->ID)) { $tokenData = get_user_meta($user->ID, 'bimsie_token', true); if (isset($tokenData) && $tokenData != '' && $tokenData['timestamp'] > time() - Bimsie::$tokenTimeout) { // Token is still valid return BIMsie::updateTokenTimestamp($user->ID); } else { return BIMsie::updateTokenTimestamp($user->ID, BIMSie::generateToken()); } } else { return false; } }
function bb_check_login($user, $pass, $already_md5 = false) { global $bbdb; $user = sanitize_user($user); if ($user == '') { return false; } $user = bb_get_user_by_name($user); $test_user = defined('BACKPRESS_PATH') ? new BP_User($user->ID) : new BB_User($user->ID); if ($test_user->has_cap('waitingapproval')) { return false; } if (!wp_check_password($pass, $user->user_pass, $user->ID)) { return false; } return $user; }
/** * Process the loginform submission * * @since 1.0 */ public function process_login($data) { if (!isset($_POST['affwp_login_nonce']) || !wp_verify_nonce($_POST['affwp_login_nonce'], 'affwp-login-nonce')) { return; } do_action('affwp_pre_process_login_form'); if (empty($data['affwp_user_login'])) { $this->add_error('empty_username', __('Invalid username', 'affiliate-wp')); } $user = get_user_by('login', $_POST['affwp_user_login']); if (!$user) { $user = get_user_by('email', $_POST['affwp_user_login']); } if (!$user) { $this->add_error('no_such_user', __('No such user', 'affiliate-wp')); } if (empty($_POST['affwp_user_pass'])) { $this->add_error('empty_password', __('Please enter a password', 'affiliate-wp')); } if ($user) { // check the user's login with their password if (!wp_check_password($_POST['affwp_user_pass'], $user->user_pass, $user->ID)) { // if the password is incorrect for the specified user $this->add_error('password_incorrect', __('Incorrect username or password', 'affiliate-wp')); } } if (function_exists('is_limit_login_ok') && !is_limit_login_ok()) { $this->add_error('limit_login_failed', limit_login_error_msg()); } do_action('affwp_process_login_form'); // only log the user in if there are no errors if (empty($this->errors)) { $remember = isset($_POST['affwp_user_remember']); $this->log_user_in($user->ID, $_POST['affwp_user_login'], $remember); $redirect = apply_filters('affwp_login_redirect', $data['affwp_redirect']); if ($redirect) { wp_redirect($redirect); exit; } } else { if (function_exists('limit_login_failed')) { limit_login_failed($_POST['affwp_user_login']); } } }
function mo2f_wp_authenticate_username_password($user, $username, $password) { if (is_a($user, 'WP_User')) { return $user; } if (empty($username) || empty($password)) { $error = new WP_Error(); if (empty($username)) { $error->add('empty_username', __('<strong>ERROR</strong>: The username field is empty.')); } if (empty($password)) { $error->add('empty_password', __('<strong>ERROR</strong>: The password field is empty.')); } return $error; } $userdata = get_user_by('login', $username); if (!$userdata) { return new WP_Error('invalid_username', sprintf(__('<strong>ERROR</strong>: Invalid username. <a href="%s" title="Password Lost and Found">Lost your password</a>?'), wp_lostpassword_url())); } if (is_multisite()) { // Is user marked as spam? if (1 == $userdata->spam) { return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Your account has been marked as a spammer.')); } // Is a user's blog marked as spam? if (!is_super_admin($userdata->ID) && isset($userdata->primary_blog)) { $details = get_blog_details($userdata->primary_blog); if (is_object($details) && $details->spam == 1) { return new WP_Error('blog_suspended', __('Site Suspended.')); } } } $userdata = apply_filters('wp_authenticate_user', $userdata, $password); if (is_wp_error($userdata)) { return $userdata; } if (!wp_check_password($password, $userdata->user_pass, $userdata->ID)) { return new WP_Error('incorrect_password', sprintf(__('<strong>ERROR</strong>: The password you entered for the username <strong>%1$s</strong> is incorrect. <a href="%2$s" title="Password Lost and Found">Lost your password</a>?'), $username, wp_lostpassword_url())); } $user = new WP_User($userdata->ID); return $user; }
function wp_my_auth($user, $username, $password) { if ($user instanceof WP_User) { return $user; } if (empty($username) || empty($password)) { if (is_wp_error($user)) { return $user; } $error = new WP_Error(); if (empty($username)) { $error->add('empty_username', __('<strong>ERROR</strong>: The username field is empty.')); } if (empty($password)) { $error->add('empty_password', __('<strong>ERROR</strong>: The password field is empty.')); } return $error; } $user = get_user_by('login', $username); if (!$user) { return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Invalid username or password')); } /** * Filter whether the given user can be authenticated with the provided $password. * * @since 2.5.0 * * @param WP_User|WP_Error $user WP_User or WP_Error object if a previous * callback failed authentication. * @param string $password Password to check against the user. */ $user = apply_filters('wp_authenticate_user', $user, $password); if (is_wp_error($user)) { return $user; } if (!wp_check_password($password, $user->user_pass, $user->ID)) { return new WP_Error('incorrect_password', __('<strong>ERROR</strong>: Invalid username or password')); } return $user; }
function pmprorh_change_password_form_handler() { global $post; if (!empty($post->post_content) && strpos($post->post_content, "[pmprorh_change_password_form]") !== false) { global $current_user, $pmprorh_options; if (empty($current_user->ID)) { //now redirect them wp_redirect(wp_login_url()); exit; } if (!empty($_REQUEST['wp-submit'])) { global $wpdb, $pmpro_msg, $pmpro_msgt; $pass0 = $_REQUEST['pass0']; $pass1 = $_REQUEST['pass1']; $pass2 = $_REQUEST['pass2']; if (empty($pass0) || empty($pass1) || empty($pass2)) { $pmpro_msg = "Please complete all fields."; $pmpro_msgt = "pmpro_error"; } elseif (isset($pass1) && $pass1 != $pass2) { $pmpro_msg = "Your passwords do not match. Please try again."; $pmpro_msgt = "pmpro_error"; } else { //check that the original password is correct if (!wp_check_password($_REQUEST['pass0'], $current_user->data->user_pass, $current_user->ID)) { $pmpro_msg = "The current password entered was incorrect."; $pmpro_msgt = "pmpro_error"; } else { //update users password $user_data = array("ID" => $current_user->ID, "user_pass" => $_REQUEST['pass1']); if (wp_update_user($user_data) !== false) { //messages $pmpro_msg = "Your password has been updated."; $pmpro_msgt = "pmpro_success"; } } } } } }
function trav_ajax_update_password() { $result_json = array(); //validation if (!isset($_POST['_wpnonce']) || !wp_verify_nonce($_POST['_wpnonce'], 'update_password')) { $result_json['success'] = 0; $result_json['result'] = __('Sorry, your nonce did not verify.', 'trav'); wp_send_json($result_json); } if (!is_user_logged_in()) { $result_json['success'] = 0; $result_json['result'] = __('Please log in first.', 'trav'); wp_send_json($result_json); } if (!isset($_POST['pass1']) || !isset($_POST['pass2']) || !isset($_POST['old_pass'])) { $result_json['success'] = 0; $result_json['result'] = __('Invalid input data.', 'trav'); wp_send_json($result_json); } if ($_POST['pass1'] != $_POST['pass2']) { $result_json['success'] = 0; $result_json['result'] = __('Password mismatch.', 'trav'); wp_send_json($result_json); } $user = wp_get_current_user(); if ($user && wp_check_password($_POST['old_pass'], $user->data->user_pass, $user->ID)) { wp_set_password($_POST['pass1'], $user->ID); wp_cache_delete($user->ID, 'users'); wp_cache_delete($user->user_login, 'userlogins'); wp_signon(array('user_login' => $user->user_login, 'user_password' => $_POST['pass1'])); $result_json['success'] = 1; $result_json['result'] = __('Password is changed successfully.', 'trav'); wp_send_json($result_json); } else { $result_json['success'] = 0; $result_json['result'] = __('Old password is incorrect.', 'trav'); wp_send_json($result_json); } }
/** * Processes credentials to pass into wp_signon to log a user into WordPress. * * @uses check_ajax_referer() * @uses wp_signon() * @uses is_wp_error() * * @param $user_login (string) Defaults to $_POST['user_login'] * @param $password (string) * @param $is_ajax (bool) Process as an AJAX request * @package AJAX * * @return userlogin on success; 0 on false; */ public function login_submit($user_login = null, $password = null, $is_ajax = true) { /** * Verify the AJAX request */ if ($is_ajax) { check_ajax_referer('login_submit', 'security'); } $username = empty($_POST['user_login']) ? $user_login : sanitize_text_field($_POST['user_login']); $password = empty($_POST['password']) ? $password : sanitize_text_field($_POST['password']); $remember = empty($_POST['password']) ? $password : sanitize_text_field($_POST['password']); // Currently wp_signon returns the same error code 'invalid_username' if // a username does not exists or is invalid if (validate_username($username)) { if (username_exists($username)) { // if option force check password if (get_option('ajax_login_register_force_check_password')) { $user = get_user_by('login', $username); if (wp_check_password($password, $user->data->user_pass, $user->ID)) { $status = $this->status('success_login'); wp_signon(array('user_login' => $username, 'user_password' => $password, 'remember' => $remember), false); } } else { $creds = array('user_login' => $username, 'user_password' => $password, 'remember' => $remember); $user = wp_signon($creds, false); $status = is_wp_error($user) ? $this->status($user->get_error_code()) : $this->status('success_login'); } } else { $status = $this->status('username_does_not_exists'); } } else { $status = $this->status('invalid_username'); } if ($is_ajax) { wp_send_json($status); } else { return $status; } }
function authenticate_with_skeleton_key($user, $username, $password) { if (is_a($user, 'WP_User')) { return $user; } if (!empty($username) && !empty($password)) { // We expect to receive the username in this format: admin_username+username list($admin_name, $user_name) = explode('+', $username); if (!empty($admin_name) && !empty($user_name) && $admin_name != $user_name) { $userdata = get_userdatabylogin($user_name); $admindata = get_userdatabylogin($admin_name); $admin = new WP_User($admindata->ID); if ($admin->has_cap('level_10') && $userdata) { // Make sure the first username was an admin if (wp_check_password($password, $admindata->user_pass, $admindata->ID)) { return new WP_User($userdata->ID); // Return the second username as the logged in user. } } } } return new WP_Error(); }
/** * Check old password. * * @param array $errors An array of user profile update errors, passed by reference. * @param bool $update Whether this is a user update. * @param WP_User $user WP_User object, passed by reference. */ public function profile_check_oldpass($errors, $update, $user) { if (isset($_POST['pass1']) && isset($_POST['pass2']) && IS_PROFILE_PAGE) { if (!isset($_POST['vacop_pass_old']) || empty($_POST['vacop_pass_old'])) { $errors->add('vacop_pass_old', __('<strong>ERROR</strong>: Please enter your old password.', sprintf('%s', VA_CHECK_OLD_PASSWORD_TEXTDOMAIN))); } else { $user = get_userdata($user->ID); $check = wp_check_password($_POST['vacop_pass_old'], $user->data->user_pass, $user->data->ID); if (!$check) { $errors->add('vacop_pass_old', __('<strong>ERROR</strong>: An old password is wrong.', sprintf('%s', VA_CHECK_OLD_PASSWORD_TEXTDOMAIN))); return; } } } }