/**
* Proccesses the request
*
* Callback for "parse_request" hook in WP::parse_request()
*
* @see WP::parse_request()
* @since 6.0
* @access public
*/
function parse_request()
{
$errors =& $this->errors;
$action =& $this->request_action;
$instance =& $this->request_instance;
if (is_admin()) {
return;
}
do_action_ref_array('tml_request', array(&$this));
// allow plugins to override the default actions, and to add extra actions if they want
do_action('login_form_' . $action);
if (has_action('tml_request_' . $action)) {
do_action_ref_array('tml_request_' . $action, array(&$this));
} else {
$http_post = 'POST' == $_SERVER['REQUEST_METHOD'];
switch ($action) {
case 'logout':
check_admin_referer('log-out');
$user = wp_get_current_user();
$redirect_to = apply_filters('logout_redirect', site_url('wp-login.php?loggedout=true'), isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user);
wp_logout();
wp_safe_redirect($redirect_to);
exit;
break;
case 'lostpassword':
case 'retrievepassword':
$this->check_ssl();
if ($http_post) {
$errors = $this->retrieve_password();
if (!is_wp_error($errors)) {
$redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : Theme_My_Login::get_current_url('checkemail=confirm');
if (!empty($instance)) {
$redirect_to = add_query_arg('instance', $instance, $redirect_to);
}
wp_safe_redirect($redirect_to);
exit;
}
}
if (isset($_REQUEST['error']) && 'invalidkey' == $_REQUEST['error']) {
$errors->add('invalidkey', __('Sorry, that key does not appear to be valid.', 'theme-my-login'));
}
break;
case 'resetpass':
case 'rp':
$this->check_ssl();
$user = $this->check_password_reset_key($_REQUEST['key'], $_REQUEST['login']);
if (is_wp_error($user)) {
wp_redirect(Theme_My_Login::get_current_url('action=lostpassword&error=invalidkey'));
exit;
}
$errors = '';
if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) {
$errors = new WP_Error('password_reset_mismatch', __('Your passwords do not match.', 'theme-my-login'));
} elseif (isset($_POST['pass1']) && !empty($_POST['pass1'])) {
$this->reset_password($user, $_POST['pass1']);
$redirect_to = Theme_My_Login::get_current_url('resetpass=complete');
if (isset($_REQUEST['instance']) & !empty($_REQUEST['instance'])) {
$redirect_to = add_query_arg('instance', $_REQUEST['instance'], $redirect_to);
}
wp_safe_redirect($redirect_to);
exit;
}
$suffix = defined('SCRIPT_DEBUG') && SCRIPT_DEBUG ? '.dev' : '';
wp_enqueue_script('user-profile', admin_url("js/user-profile{$suffix}.js"), array('jquery'), '', true);
wp_enqueue_script('password-strength-meter', admin_url("js/password-strength-meter{$suffix}.js"), array('jquery'), '', true);
wp_localize_script('password-strength-meter', 'pwsL10n', array('empty' => __('Strength indicator', 'theme-my-login'), 'short' => __('Very weak', 'theme-my-login'), 'bad' => __('Weak', 'theme-my-login'), 'good' => _x('Medium', 'password strength', 'theme-my-login'), 'strong' => __('Strong', 'theme-my-login'), 'l10n_print_after' => 'try{convertEntities(pwsL10n);}catch(e){};'));
break;
case 'register':
if (!get_option('users_can_register')) {
wp_redirect(Theme_My_Login::get_current_url('registration=disabled'));
exit;
}
$this->check_ssl();
$user_login = '';
$user_email = '';
if ($http_post) {
if (version_compare($GLOBALS['wp_version'], '3.1', '<')) {
require_once ABSPATH . WPINC . '/registration.php';
}
$user_login = $_POST['user_login'];
$user_email = $_POST['user_email'];
$errors = Theme_My_Login::register_new_user($user_login, $user_email);
if (!is_wp_error($errors)) {
$redirect_to = !empty($_POST['redirect_to']) ? $_POST['redirect_to'] : Theme_My_Login::get_current_url('checkemail=registered');
if (!empty($instance)) {
$redirect_to = add_query_arg('instance', $instance, $redirect_to);
}
$redirect_to = apply_filters('register_redirect', $redirect_to);
wp_safe_redirect($redirect_to);
exit;
}
}
break;
case 'login':
default:
$secure_cookie = '';
$interim_login = isset($_REQUEST['interim-login']);
// If the user wants ssl but the session is not ssl, force a secure cookie.
if (!empty($_POST['log']) && !force_ssl_admin()) {
$user_name = sanitize_user($_POST['log']);
if ($user = get_userdatabylogin($user_name)) {
if (get_user_option('use_ssl', $user->ID)) {
$secure_cookie = true;
force_ssl_admin(true);
}
}
}
if (isset($_REQUEST['redirect_to']) && !empty($_REQUEST['redirect_to'])) {
$redirect_to = $_REQUEST['redirect_to'];
// Redirect to https if user wants ssl
if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) {
$redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
}
} else {
$redirect_to = admin_url();
}
$reauth = empty($_REQUEST['reauth']) ? false : true;
// If the user was redirected to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure
// cookie and redirect back to the referring non-secure admin page. This allows logins to always be POSTed over SSL while allowing the user to choose visiting
// the admin via http or https.
if (!$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) {
$secure_cookie = false;
}
if ($http_post && isset($_POST['log'])) {
$this->check_ssl();
// Set a cookie now to see if they are supported by the browser.
setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN);
if (SITECOOKIEPATH != COOKIEPATH) {
setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN);
}
$user = wp_signon('', $secure_cookie);
$redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user);
if (!is_wp_error($user) && !$reauth) {
// If the user can't edit posts, send them to their profile.
if (!$user->has_cap('edit_posts') && (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url())) {
$redirect_to = admin_url('profile.php');
}
wp_safe_redirect($redirect_to);
exit;
}
$errors = $user;
}
$this->redirect_to = $redirect_to;
// Clear errors if loggedout is set.
if (!empty($_GET['loggedout']) || $reauth) {
$errors = new WP_Error();
}
// If cookies are disabled we can't log in even with a valid user+pass
if (isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE])) {
$errors->add('test_cookie', __('<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href="http://www.google.com/cookies.html">enable cookies</a> to use WordPress.', 'theme-my-login'));
}
// Some parts of this script use the main login form to display a message
if (isset($_GET['loggedout']) && TRUE == $_GET['loggedout']) {
$errors->add('loggedout', __('You are now logged out.', 'theme-my-login'), 'message');
} elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) {
$errors->add('registerdisabled', __('User registration is currently not allowed.', 'theme-my-login'));
} elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) {
$errors->add('confirm', __('Check your e-mail for the confirmation link.', 'theme-my-login'), 'message');
} elseif (isset($_GET['resetpass']) && 'complete' == $_GET['resetpass']) {
$errors->add('password_reset', __('Your password has been reset.', 'theme-my-login'), 'message');
} elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) {
$errors->add('registered', __('Registration complete. Please check your e-mail.', 'theme-my-login'), 'message');
} elseif ($interim_login) {
$errors->add('expired', __('Your session has expired. Please log-in again.', 'theme-my-login'), 'message');
} elseif ($reauth) {
$errors->add('reauth', __('Please log in to continue.', 'theme-my-login'), 'message');
}
// Clear any stale cookies.
if ($reauth) {
wp_clear_auth_cookie();
}
break;
}
// end switch
}
// endif has_filter()
}
/**
* Proccesses the request
*
* Callback for "parse_request" hook in WP::parse_request()
*
* @see WP::parse_request()
* @since 6.0
* @access public
*/
function parse_request(&$wp)
{
$errors =& $this->errors;
$action =& $this->request_action;
if (isset($wp->query_vars['action'])) {
$action = $wp->query_vars['action'];
unset($wp->query_vars['action']);
}
$instance =& $this->request_instance;
if (is_admin()) {
return;
}
do_action_ref_array('tml_request', array(&$this));
// allow plugins to override the default actions, and to add extra actions if they want
do_action('login_form_' . $action);
if (has_action('tml_request_' . $action)) {
do_action_ref_array('tml_request_' . $action, array(&$this));
} else {
$http_post = 'POST' == $_SERVER['REQUEST_METHOD'];
switch ($action) {
case 'postpass':
global $wp_hasher;
if (empty($wp_hasher)) {
require_once ABSPATH . 'wp-includes/class-phpass.php';
// By default, use the portable hash from phpass
$wp_hasher = new PasswordHash(8, true);
}
// 10 days
setcookie('wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword(stripslashes($_POST['post_password'])), time() + 864000, COOKIEPATH);
wp_safe_redirect(wp_get_referer());
exit;
break;
case 'logout':
check_admin_referer('log-out');
$user = wp_get_current_user();
wp_logout();
$redirect_to = apply_filters('logout_redirect', site_url('wp-login.php?loggedout=true'), isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user);
wp_safe_redirect($redirect_to);
exit;
break;
case 'lostpassword':
case 'retrievepassword':
if ($http_post) {
$errors = $this->retrieve_password();
if (!is_wp_error($errors)) {
$redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : Theme_My_Login::get_current_url('checkemail=confirm');
if (!empty($instance)) {
$redirect_to = add_query_arg('instance', $instance, $redirect_to);
}
wp_safe_redirect($redirect_to);
exit;
}
}
if (isset($_REQUEST['error']) && 'invalidkey' == $_REQUEST['error']) {
$errors->add('invalidkey', __('Sorry, that key does not appear to be valid.', 'theme-my-login'));
}
do_action('lost_password');
break;
case 'resetpass':
case 'rp':
$user = $this->check_password_reset_key($_REQUEST['key'], $_REQUEST['login']);
if (is_wp_error($user)) {
wp_redirect(Theme_My_Login::get_current_url('action=lostpassword&error=invalidkey'));
exit;
}
$errors = '';
if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) {
$errors = new WP_Error('password_reset_mismatch', __('The passwords do not match.', 'theme-my-login'));
} elseif (isset($_POST['pass1']) && !empty($_POST['pass1'])) {
$this->reset_password($user, $_POST['pass1']);
$redirect_to = Theme_My_Login::get_current_url('resetpass=complete');
if (isset($_REQUEST['instance']) & !empty($_REQUEST['instance'])) {
$redirect_to = add_query_arg('instance', $_REQUEST['instance'], $redirect_to);
}
wp_safe_redirect($redirect_to);
exit;
}
wp_enqueue_script('utils');
wp_enqueue_script('user-profile');
break;
case 'register':
if (!get_option('users_can_register')) {
wp_redirect(Theme_My_Login::get_current_url('registration=disabled'));
exit;
}
$user_login = '';
$user_email = '';
if ($http_post) {
$user_login = $_POST['user_login'];
$user_email = $_POST['user_email'];
$errors = Theme_My_Login::register_new_user($user_login, $user_email);
if (!is_wp_error($errors)) {
$redirect_to = !empty($_POST['redirect_to']) ? $_POST['redirect_to'] : Theme_My_Login::get_current_url('checkemail=registered');
if (!empty($instance)) {
$redirect_to = add_query_arg('instance', $instance, $redirect_to);
}
$redirect_to = apply_filters('register_redirect', $redirect_to);
wp_safe_redirect($redirect_to);
exit;
}
}
break;
case 'login':
default:
$secure_cookie = '';
$interim_login = isset($_REQUEST['interim-login']);
// If the user wants ssl but the session is not ssl, force a secure cookie.
if (!empty($_POST['log']) && !force_ssl_admin()) {
$user_name = sanitize_user($_POST['log']);
if ($user = get_user_by('login', $user_name)) {
if (get_user_option('use_ssl', $user->ID)) {
$secure_cookie = true;
force_ssl_admin(true);
}
}
}
if (!empty($_REQUEST['redirect_to'])) {
$redirect_to = $_REQUEST['redirect_to'];
// Redirect to https if user wants ssl
if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) {
$redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
}
} else {
$redirect_to = admin_url();
}
$reauth = empty($_REQUEST['reauth']) ? false : true;
// If the user was redirected to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure
// cookie and redirect back to the referring non-secure admin page. This allows logins to always be POSTed over SSL while allowing the user to choose visiting
// the admin via http or https.
if (!$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) {
$secure_cookie = false;
}
if ($http_post && isset($_POST['log'])) {
// Set a cookie now to see if they are supported by the browser.
setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN);
if (SITECOOKIEPATH != COOKIEPATH) {
setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN);
}
$user = wp_signon('', $secure_cookie);
$redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user);
if (!is_wp_error($user) && !$reauth) {
if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) {
// If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID)) {
$redirect_to = user_admin_url();
} elseif (is_multisite() && !$user->has_cap('read')) {
$redirect_to = get_dashboard_url($user->ID);
} elseif (!$user->has_cap('edit_posts')) {
$redirect_to = admin_url('profile.php');
}
}
wp_safe_redirect($redirect_to);
exit;
}
$errors = $user;
}
$this->redirect_to = $redirect_to;
// Clear errors if loggedout is set.
if (!empty($_GET['loggedout']) || $reauth) {
$errors = new WP_Error();
}
// If cookies are disabled we can't log in even with a valid user+pass
if (isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE])) {
$errors->add('test_cookie', __('<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href="http://www.google.com/cookies.html">enable cookies</a> to use WordPress.', 'theme-my-login'));
}
// Some parts of this script use the main login form to display a message
if (isset($_GET['loggedout']) && true == $_GET['loggedout']) {
$errors->add('loggedout', __('You are now logged out.', 'theme-my-login'), 'message');
} elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) {
$errors->add('registerdisabled', __('User registration is currently not allowed.', 'theme-my-login'));
} elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) {
$errors->add('confirm', __('Check your e-mail for the confirmation link.', 'theme-my-login'), 'message');
} elseif (isset($_GET['resetpass']) && 'complete' == $_GET['resetpass']) {
$errors->add('password_reset', __('Your password has been reset.', 'theme-my-login'), 'message');
} elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) {
$errors->add('registered', __('Registration complete. Please check your e-mail.', 'theme-my-login'), 'message');
} elseif ($interim_login) {
$errors->add('expired', __('Your session has expired. Please log-in again.', 'theme-my-login'), 'message');
} elseif (strpos($redirect_to, 'about.php?updated')) {
$errors->add('updated', __('<strong>You have successfully updated WordPress!</strong> Please log back in to experience the awesomeness.'), 'message');
} elseif ($reauth) {
$errors->add('reauth', __('Please log in to continue.', 'theme-my-login'), 'message');
}
// Clear any stale cookies.
if ($reauth) {
wp_clear_auth_cookie();
}
break;
}
// end switch
}
// endif has_filter()
}
