/** * Outputs the content of the widget * * @param array $args * @param array $instance */ public function widget($args, $instance) { $title = apply_filters('widget_title', $instance['title']); echo $args['before_widget']; echo '<div class="event-widget">'; if (is_user_logged_in()) { if (!empty($instance['title'])) { echo $args['before_title'] . __('Profile Links') . $args['after_title']; } $user_ID = get_current_user_id(); $profile_id = get_user_meta($user_ID, 'uiu_profile', TRUE); $profile_link = !empty($profile_id) ? get_permalink($profile_id) : get_dashboard_url($user_ID); ?> <ul class="menu user-menu"> <li class="menu-item"><a href="<?php echo $profile_link; ?>">My Profile</a> </li> <li class="menu-item"><a href="<?php echo wp_logout_url(site_url()); ?>">Logout</a> </li> </ul> <?php } else { if (!empty($instance['title'])) { echo $args['before_title'] . apply_filters('widget_title', $instance['title']) . $args['after_title']; } wp_login_form($args); } echo $args['after_widget']; }
/** * @ticket 39065 */ public function test_get_dashboard_url_for_administrator_of_different_site() { if (!is_multisite()) { $this->markTestSkipped('Test only runs in multisite.'); } $site_id = self::factory()->blog->create(array('user_id' => self::$user_id)); remove_user_from_blog(self::$user_id, get_current_blog_id()); $expected = get_admin_url($site_id); $result = get_dashboard_url(self::$user_id); remove_user_from_blog(self::$user_id, $site_id); add_user_to_blog(get_current_blog_id(), self::$user_id, 'administrator'); wpmu_delete_blog($site_id, true); $this->assertEquals($expected, $result); }
/** * Add the "My Account" menu and all submenus. * * @since 3.1.0 */ function wp_admin_bar_my_account_menu() { global $wp_admin_bar, $user_identity; $user_id = get_current_user_id(); if (0 != $user_id) { /* Add the 'My Account' menu */ $avatar = get_avatar(get_current_user_id(), 16); $id = !empty($avatar) ? 'my-account-with-avatar' : 'my-account'; $wp_admin_bar->add_menu(array('id' => $id, 'title' => $avatar . $user_identity, 'href' => get_edit_profile_url($user_id))); /* Add the "My Account" sub menus */ $wp_admin_bar->add_menu(array('parent' => $id, 'title' => __('Edit My Profile'), 'href' => get_edit_profile_url($user_id))); if (is_multisite()) { $wp_admin_bar->add_menu(array('parent' => $id, 'title' => __('Dashboard'), 'href' => get_dashboard_url($user_id))); } else { $wp_admin_bar->add_menu(array('parent' => $id, 'title' => __('Dashboard'), 'href' => admin_url())); } $wp_admin_bar->add_menu(array('parent' => $id, 'title' => __('Log Out'), 'href' => wp_logout_url())); } }
?> </span> </a> </h1> <?php do_action('in_admin_header'); $links = array(); // Generate user profile and info links. $links[5] = sprintf(__('Howdy, %1$s'), $user_identity); $links[8] = '<a href="profile.php" title="' . esc_attr__('Edit your profile') . '">' . __('Your Profile') . '</a>'; if (is_multisite() && is_super_admin()) { if (!is_network_admin()) { $links[10] = '<a href="' . network_admin_url() . '" title="' . (!empty($update_title) ? $update_title : esc_attr__('Network Admin')) . '">' . __('Network Admin') . (!empty($total_update_count) ? ' (' . number_format_i18n($total_update_count) . ')' : '') . '</a>'; } else { $links[10] = '<a href="' . get_dashboard_url(get_current_user_id()) . '" title="' . esc_attr__('Site Admin') . '">' . __('Site Admin') . '</a>'; } } $links[15] = '<a href="' . wp_logout_url() . '" title="' . esc_attr__('Log Out') . '">' . __('Log Out') . '</a>'; $links = apply_filters('admin_user_info_links', $links, $current_user); ksort($links); // Trim whitespace and pipes from links, then convert to list items. $links = array_map('trim', $links, array_fill(0, count($links), " |\n\t")); $howdy = array_shift($links); $links_no_js = implode(' | ', $links); $links_js = '<li>' . implode('</li><li>', $links) . '</li>'; ?> <div id="wphead-info"> <div id="user_info"> <p class="hide-if-js"><?php
/** * Return the admin area URL for a user * * This function exists to make it easier to determine which admin area URL to * use in what context. It also comes with its own filter to make it easier to * target its usages. * * @since 0.1.0 * * @param int $user_id * @param string $scheme * @param array $args * * @return string */ function wp_user_profiles_get_admin_area_url($user_id = 0, $scheme = '', $args = array()) { $file = wp_user_profiles_get_file(); // User admin (multisite only) if (is_user_admin()) { $url = user_admin_url($file, $scheme); // Network admin editing } elseif (is_network_admin()) { $url = network_admin_url($file, $scheme); // Fallback dashboard } else { $url = get_dashboard_url($user_id, $file, $scheme); } // Add user ID to args array for other users if (!empty($user_id) && $user_id !== get_current_user_id()) { $args['user_id'] = $user_id; } // Add query args $url = add_query_arg($args, $url); // Filter and return return apply_filters('wp_user_profiles_get_admin_area_url', $url, $user_id, $scheme, $args); }
/** * Print result message box error / updated * @since 0.2.0 * @param array $form_message messages to print */ public static function result_message($form_message) { if (isset($form_message['error'])) { echo '<div id="message" class="error">'; echo ' <p>' . $form_message['error'] . '</p>'; echo '</div>'; } else { echo '<div id="message" class="updated">'; echo ' <p>'; echo ' <strong>' . $form_message['msg'] . ' : ' . '</strong>'; switch_to_blog($form_message['site_id']); $user = get_current_user_id(); echo ' <a href="' . get_dashboard_url($user) . '">' . MUCD_NETWORK_PAGE_DUPLICATE_DASHBOARD . '</a> - '; echo ' <a href="' . get_site_url() . '">' . MUCD_NETWORK_PAGE_DUPLICATE_VISIT . '</a> - '; echo ' <a href="' . admin_url('customize.php') . '">' . MUCD_NETWORK_CUSTOMIZE . '</a>'; if ($log_url = MUCD_Duplicate::log_url()) { echo ' - <a href="' . $log_url . '">' . MUCD_NETWORK_PAGE_DUPLICATE_VIEW_LOG . '</a>'; } restore_current_blog(); echo ' </p>'; echo '</div>'; } }
/** * Add Site Link in Menu */ function _mw_adminimize_restore_links() { $_mw_adminimize_user_info = (int) _mw_adminimize_get_option_value('_mw_adminimize_user_info'); ?> <style type="text/css"> #mw_adminimize_admin_bar { left: 0; right: 0; height: 33px; z-index: 999; border-bottom: 1px solid #dfdfdf; } #mw_adminimize_admin_bar #mw_title { font-family: Georgia, "Times New Roman", Times, serif; font-size: 16px; color: #464646; text-decoration: none; padding-top: 8px; display: block; float: left; } #mw_adminimize_admin_bar #mw_title:hover { text-decoration: underline; } #mw_adminimize_admin_bar #mw_adminimize_login { padding: 8px 15px 0 0; display: block; float: right; } </style> <div id="mw_adminimize_admin_bar"> <?php echo '<a id="mw_title" href="' . home_url() . '" title="' . esc_attr__(get_bloginfo('name')) . '" target="_blank">' . get_bloginfo('name') . '</a>'; ?> <div id="mw_adminimize_login"> <?php wp_get_current_user(); $current_user = wp_get_current_user(); if (empty($_mw_adminimize_user_info) || 0 === $_mw_adminimize_user_info || 3 === $_mw_adminimize_user_info) { if (!$current_user instanceof WP_User) { return; } echo ' ' . $current_user->user_login . ' '; if (is_multisite() && is_super_admin()) { if (!is_network_admin()) { echo '| <a href="' . network_admin_url() . '" title="' . esc_attr__('Network Admin') . '">' . esc_attr__('Network Admin') . '</a>'; } else { echo '| <a href="' . get_dashboard_url(get_current_user_id()) . '" title="' . esc_attr__('Site Admin') . '">' . esc_attr__('Site Admin') . '</a>'; } } } if (empty($_mw_adminimize_user_info) || 0 == $_mw_adminimize_user_info || 2 == $_mw_adminimize_user_info || 3 == $_mw_adminimize_user_info) { ?> | <?php echo '<a href="' . wp_logout_url() . '" title="' . esc_attr__('Log Out') . '">' . esc_attr__('Log Out') . '</a>'; } ?> </div> </div> <?php }
/** * Constructs a URL leading to a WordPress® Dashboard URI (directory/file). * * @param null|integer|\WP_User|users $user User we're dealing with here. * This defaults to a NULL value (indicating the current user). * * @param string $url_uri_query_fragment A full URL; or a partial URI; * or only a query string, or only a fragment. Any of these can be parsed here. * * @param string $scheme Optional. To force a specific scheme (i.e. `//`, `http`, `https`). * * @return string URL leading to a WordPress® admin URI (directory/file). * * @throws exception If invalid types are passed through arguments list. */ public function to_wp_user_dashboard_uri($user = NULL, $url_uri_query_fragment = '', $scheme = '') { $this->check_arg_types($this->©user_utils->which_types(), 'string', 'string', func_get_args()); $user = $this->©user_utils->which($user); if (!$user->has_id()) { throw $this->©exception($this->method(__FUNCTION__) . '#id_missing', get_defined_vars(), $this->__('The `$user` has no ID (cannot get Dashboard URL).')); } $parts = $this->must_parse_uri_parts($url_uri_query_fragment); if (substr($parts['path'], -1) !== '/' && !$this->©file->has_extension($parts['path'])) { $parts['path'] = trailingslashit($parts['path']); } $url = get_dashboard_url($user->ID, $this->unparse($parts)); return $scheme ? $this->set_scheme($url, $scheme) : $url; }
function process_expired_password() { // Process the expired password // Create an errors object for us to use $errors = new WP_Error(); if (isset($_POST['user_login'])) { $user_name = sanitize_user($_POST['user_login']); } else { $user_name = ''; } // 1. Check the user exists if ($user = get_user_by('login', $user_name)) { // User exists - move forward // 2. Check the passwords have been entered and that they match if (!isset($_POST['pass1-text']) && isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) { $errors->add('password_reset_mismatch', __('The passwords do not match.', 'expirepassword')); } else { // 3. Check the key is valid - *before* accessing user data // Get the stored key $thekey = shrkey_get_usermeta_timed_oncer($user->ID, '_shrkey_password_expired_key'); // Get and parse the passed key $passedkey = preg_replace('/[^a-z0-9]/i', '', $_POST['key']); if (!empty($thekey) && !empty($passedkey) && $thekey == $passedkey) { // The key is valid as well - so we need to check we are not resetting to the old password $existingpassword = $this->get_users_password_hash($user->ID); if (wp_check_password($_POST['pass1'], $existingpassword)) { // The password matches - we don't want them setting the same password as before... $errors->add('password_reset_sameh', __('Please choose a different password from your previous one.', 'expirepassword')); } else { $this->reset_expired_password($user, $_POST['pass1']); // Remove the expired key setting shrkey_delete_usermeta_oncer($user->ID, '_shrkey_password_expired'); // Check what we want to do next $autoauthenticate = shrkey_get_option('_shrkey_expirepassword_autoauthenticate', 'no'); if ($autoauthenticate == 'no') { // Send the user back to the login login_header(__('Password Reset'), '<p class="message reset-pass">' . __('Your password has been reset, please login again with your <strong>new</strong> password.', 'expirepassword') . ' <a href="' . esc_url(wp_login_url()) . '">' . __('Log in', 'expirepassword') . '</a></p>'); login_footer(); exit; } else { // Authenticate and let them move on - first do some checks wp-login.php does $secure_cookie = ''; // 1. See if we need to use ssl if (get_user_option('use_ssl', $user->ID)) { $secure_cookie = true; force_ssl_admin(true); } // 2. check for a redirect if (isset($_POST['redirect_to'])) { $redirect_to = $_POST['redirect_to']; // Redirect to https if user wants ssl if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) { $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to); } } else { $redirect_to = admin_url(); } // 3. Run the filter for nicities $redirect_to = apply_filters('login_redirect', $redirect_to, isset($_POST['redirect_to']) ? $_POST['redirect_to'] : '', $user); // 4. Authenticate the user wp_set_auth_cookie($user->ID, false, $secure_cookie); // 5. Finally redirect to the correct place if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) { // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile. if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID)) { $redirect_to = user_admin_url(); } elseif (is_multisite() && !$user->has_cap('read')) { $redirect_to = get_dashboard_url($user->ID); } elseif (!$user->has_cap('edit_posts')) { $redirect_to = admin_url('profile.php'); } } wp_safe_redirect($redirect_to); exit; } } } else { // The key either doesn't exist or doesn't match - possible security issue here, we want to produce an error message // So we also blank the user out to force a re-login unset($user); // Add in our error message login_header(__('Password Reset'), '<div id="login_error">' . __('Oops, something went wrong, please Login using your existing username and password and try again.', 'expirepassword') . ' <a href="' . esc_url(wp_login_url()) . '">' . __('Log in', 'expirepassword') . '</a></div>'); login_footer(); exit; } } } else { // The key either doesn't exist or doesn't match $errors->add('password_expired_nouser', __('Could not change password, please try again.', 'expirepassword')); } // If we have errors then we need to display the form again if ($errors->get_error_code()) { // If we don't have a user record create a fake one if (!isset($user) || is_wp_error($user)) { $user = ''; } // show the reset form again $this->show_reset_password_form($user, wp_generate_password(35, false), isset($_POST['redirect_to']) ? $_POST['redirect_to'] : false, $errors); } exit; }
/** * Proccesses the request * * Callback for "template_redirect" hook in template-loader.php * * @since 6.3 * @access public */ public function template_redirect() { $this->request_action = isset($_REQUEST['action']) ? sanitize_key($_REQUEST['action']) : ''; if (!$this->request_action && self::is_tml_page()) { $this->request_action = self::get_page_action(get_the_id()); } $this->request_instance = isset($_REQUEST['instance']) ? sanitize_key($_REQUEST['instance']) : 0; do_action_ref_array('tml_request', array(&$this)); // allow plugins to override the default actions, and to add extra actions if they want do_action('login_form_' . $this->request_action); if (has_action('tml_request_' . $this->request_action)) { do_action_ref_array('tml_request_' . $this->request_action, array(&$this)); } else { $http_post = 'POST' == $_SERVER['REQUEST_METHOD']; switch ($this->request_action) { case 'postpass': if (!array_key_exists('post_password', $_POST)) { wp_safe_redirect(wp_get_referer()); exit; } require_once ABSPATH . 'wp-includes/class-phpass.php'; $hasher = new PasswordHash(8, true); $expire = apply_filters('post_password_expires', time() + 10 * DAY_IN_SECONDS); if ($referer) { $secure = 'https' === parse_url($referer, PHP_URL_SCHEME); } else { $secure = false; } setcookie('wp-postpass_' . COOKIEHASH, $hasher->HashPassword(wp_unslash($_POST['post_password'])), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure); wp_safe_redirect(wp_get_referer()); exit; break; case 'logout': check_admin_referer('log-out'); $user = wp_get_current_user(); wp_logout(); if (!empty($_REQUEST['redirect_to'])) { $redirect_to = $requested_redirect_to = $_REQUEST['redirect_to']; } else { $redirect_to = site_url('wp-login.php?loggedout=true'); $requested_redirect_to = ''; } $redirect_to = apply_filters('logout_redirect', $redirect_to, $requested_redirect_to, $user); wp_safe_redirect($redirect_to); exit; break; case 'lostpassword': case 'retrievepassword': if ($http_post) { $this->errors = self::retrieve_password(); if (!is_wp_error($this->errors)) { $redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : site_url('wp-login.php?checkemail=confirm'); wp_safe_redirect($redirect_to); exit; } } if (isset($_REQUEST['error'])) { if ('invalidkey' == $_REQUEST['error']) { $this->errors->add('invalidkey', __('Your password reset link appears to be invalid. Please request a new link below.', 'theme-my-login')); } elseif ('expiredkey' == $_REQUEST['error']) { $this->errors->add('expiredkey', __('Your password reset link has expired. Please request a new link below.', 'theme-my-login')); } } do_action('lost_password'); break; case 'resetpass': case 'rp': // Dirty hack for now global $rp_login, $rp_key; list($rp_path) = explode('?', wp_unslash($_SERVER['REQUEST_URI'])); $rp_cookie = 'wp-resetpass-' . COOKIEHASH; if (isset($_GET['key'])) { $value = sprintf('%s:%s', wp_unslash($_GET['login']), wp_unslash($_GET['key'])); setcookie($rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true); wp_safe_redirect(remove_query_arg(array('key', 'login'))); exit; } if (isset($_COOKIE[$rp_cookie]) && 0 < strpos($_COOKIE[$rp_cookie], ':')) { list($rp_login, $rp_key) = explode(':', wp_unslash($_COOKIE[$rp_cookie]), 2); $user = check_password_reset_key($rp_key, $rp_login); if (isset($_POST['pass1']) && !hash_equals($rp_key, $_POST['rp_key'])) { $user = false; } } else { $user = false; } if (!$user || is_wp_error($user)) { setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true); if ($user && $user->get_error_code() === 'expired_key') { wp_redirect(site_url('wp-login.php?action=lostpassword&error=expiredkey')); } else { wp_redirect(site_url('wp-login.php?action=lostpassword&error=invalidkey')); } exit; } if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) { $this->errors->add('password_reset_mismatch', __('The passwords do not match.', 'theme-my-login')); } do_action('validate_password_reset', $this->errors, $user); if (!$this->errors->get_error_code() && isset($_POST['pass1']) && !empty($_POST['pass1'])) { reset_password($user, $_POST['pass1']); setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true); $redirect_to = site_url('wp-login.php?resetpass=complete'); wp_safe_redirect($redirect_to); exit; } wp_enqueue_script('utils'); wp_enqueue_script('user-profile'); break; case 'register': if (!get_option('users_can_register')) { $redirect_to = site_url('wp-login.php?registration=disabled'); wp_redirect($redirect_to); exit; } $user_login = ''; $user_email = ''; if ($http_post) { if ('email' == $this->get_option('login_type')) { $user_login = isset($_POST['user_email']) ? $_POST['user_email'] : ''; } else { $user_login = isset($_POST['user_login']) ? $_POST['user_login'] : ''; } $user_email = isset($_POST['user_email']) ? $_POST['user_email'] : ''; $this->errors = register_new_user($user_login, $user_email); if (!is_wp_error($this->errors)) { $redirect_to = !empty($_POST['redirect_to']) ? $_POST['redirect_to'] : site_url('wp-login.php?checkemail=registered'); wp_safe_redirect($redirect_to); exit; } } break; case 'login': default: $secure_cookie = ''; $interim_login = isset($_REQUEST['interim-login']); // If the user wants ssl but the session is not ssl, force a secure cookie. if (!empty($_POST['log']) && !force_ssl_admin()) { $user_name = sanitize_user($_POST['log']); if ($user = get_user_by('login', $user_name)) { if (get_user_option('use_ssl', $user->ID)) { $secure_cookie = true; force_ssl_admin(true); } } } if (!empty($_REQUEST['redirect_to'])) { $redirect_to = $_REQUEST['redirect_to']; // Redirect to https if user wants ssl if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) { $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to); } } else { $redirect_to = admin_url(); } $reauth = empty($_REQUEST['reauth']) ? false : true; if ($http_post && isset($_POST['log'])) { $user = wp_signon('', $secure_cookie); $redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user); if (!is_wp_error($user) && !$reauth) { if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) { // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile. if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID)) { $redirect_to = user_admin_url(); } elseif (is_multisite() && !$user->has_cap('read')) { $redirect_to = get_dashboard_url($user->ID); } elseif (!$user->has_cap('edit_posts')) { $redirect_to = $user->has_cap('read') ? admin_url('profile.php') : home_url(); } } wp_safe_redirect($redirect_to); exit; } $this->errors = $user; } // Clear errors if loggedout is set. if (!empty($_GET['loggedout']) || $reauth) { $this->errors = new WP_Error(); } // Some parts of this script use the main login form to display a message if (isset($_GET['loggedout']) && true == $_GET['loggedout']) { $this->errors->add('loggedout', __('You are now logged out.', 'theme-my-login'), 'message'); } elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) { $this->errors->add('registerdisabled', __('User registration is currently not allowed.', 'theme-my-login')); } elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) { $this->errors->add('confirm', __('Check your e-mail for the confirmation link.', 'theme-my-login'), 'message'); } elseif (isset($_GET['resetpass']) && 'complete' == $_GET['resetpass']) { $this->errors->add('password_reset', __('Your password has been reset.', 'theme-my-login'), 'message'); } elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) { $this->errors->add('registered', __('Registration complete. Please check your e-mail.', 'theme-my-login'), 'message'); } elseif ($interim_login) { $this->errors->add('expired', __('Your session has expired. Please log-in again.', 'theme-my-login'), 'message'); } elseif (strpos($redirect_to, 'about.php?updated')) { $this->errors->add('updated', __('<strong>You have successfully updated WordPress!</strong> Please log back in to experience the awesomeness.', 'theme-my-login'), 'message'); } elseif ($reauth) { $this->errors->add('reauth', __('Please log in to continue.', 'theme-my-login'), 'message'); } // Clear any stale cookies. if ($reauth) { wp_clear_auth_cookie(); } break; } // end switch } // endif has_filter() }
/** * Add the "Dashboard"/"Visit Site" menu. * * @since 3.2.0 * @deprecated 3.3.0 */ function wp_admin_bar_dashboard_view_site_menu($wp_admin_bar) { _deprecated_function(__FUNCTION__, '3.3'); $user_id = get_current_user_id(); if (0 != $user_id) { if (is_admin()) { $wp_admin_bar->add_menu(array('id' => 'view-site', 'title' => __('Visit Site'), 'href' => home_url())); } elseif (is_multisite()) { $wp_admin_bar->add_menu(array('id' => 'dashboard', 'title' => __('Dashboard'), 'href' => get_dashboard_url($user_id))); } else { $wp_admin_bar->add_menu(array('id' => 'dashboard', 'title' => __('Dashboard'), 'href' => admin_url())); } } }
function simplr_login_includes($post, $option, $file, $path) { global $errors, $is_iphone, $interim_login, $current_site; $http_post = 'POST' == $_SERVER['REQUEST_METHOD']; $options = get_option('simplr_reg_options'); global $wp; $action = @$_REQUEST['action']; if (@$_REQUEST['action'] == '') { wp_redirect('?action=login'); } if (isset($options->login_redirect) and end($path) == $post->post_name) { switch ($action) { case 'lostpassword': case 'retrievepassword': if (isset($http_post)) { $errors = retrieve_password(); if (!is_wp_error($errors)) { $redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : 'wp-login.php?checkemail=confirm'; wp_safe_redirect($redirect_to); exit; } } if (isset($_GET['error']) && 'invalidkey' == $_GET['error']) { $errors->add('invalidkey', __('Sorry, that key does not appear to be valid.', 'simplr-registration-form')); } $redirect_to = apply_filters('lostpassword_redirect', !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : ''); do_action('lost_password'); $user_login = isset($_POST['user_login']) ? stripslashes($_POST['user_login']) : ''; break; case 'login': case 'default': $secure_cookie = ''; $interim_login = isset($_REQUEST['interim-login']); // If the user wants ssl but the session is not ssl, force a secure cookie. if (!empty($_POST['log']) && !force_ssl_admin()) { $user_name = sanitize_user($_POST['log']); if ($user = get_userdatabylogin($user_name)) { if (get_user_option('use_ssl', $user->ID)) { $secure_cookie = true; force_ssl_admin(true); } } } if (isset($_REQUEST['redirect_to'])) { $redirect_to = $_REQUEST['redirect_to']; // Redirect to https if user wants ssl if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) { $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to); } } else { $redirect_to = admin_url(); } $reauth = empty($_REQUEST['reauth']) ? false : true; // If the user was redirected to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure // cookie and redirect back to the referring non-secure admin page. This allows logins to always be POSTed over SSL while allowing the user to choose visiting // the admin via http or https. if (!$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) { $secure_cookie = false; } $user = wp_signon('', $secure_cookie); $redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user); if (!is_wp_error($user) && !$reauth) { if ($interim_login) { $message = '<p class="message">' . __('You have logged in successfully.', 'simplr-registration-form') . '</p>'; ?> <script type="text/javascript">setTimeout( function(){window.close()}, 8000);</script> <p class="alignright"> <input type="button" class="button-primary" value="<?php esc_attr_e('Close', 'simplr-registration-form'); ?> " onclick="window.close()" /></p> </div></body></html> <?php exit; } if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) { // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile. if (is_multisite() && !get_active_blog_for_user($user->id) && !is_super_admin($user->id)) { $redirect_to = user_admin_url(); } elseif (is_multisite() && !$user->has_cap('read')) { $redirect_to = get_dashboard_url($user->id); } elseif (!$user->has_cap('edit_posts')) { $redirect_to = admin_url('profile.php'); } } wp_safe_redirect($redirect_to); exit; } $errors = $user; // Clear errors if loggedout is set. if (!empty($_GET['loggedout']) || $reauth) { $errors = new WP_Error(); } // If cookies are disabled we can't log in even with a valid user+pass if (isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE])) { $errors->add('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress.", 'simplr-registration-form')); } // Some parts of this script use the main login form to display a message if (isset($_GET['loggedout']) && TRUE == $_GET['loggedout']) { $errors->add('loggedout', __('You are now logged out.', 'simplr-registration-form'), 'message'); } elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) { $errors->add('registerdisabled', __('User registration is currently not allowed.', 'simplr-registration-form')); } elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) { $errors->add('confirm', __('Check your e-mail for the confirmation link.', 'simplr-registration-form'), 'message'); } elseif (isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail']) { $errors->add('newpass', __('Check your e-mail for your new password.', 'simplr-registration-form'), 'message'); } elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) { $errors->add('registered', __('Registration complete. Please check your e-mail.', 'simplr-registration-form'), 'message'); } elseif ($interim_login) { $errors->add('expired', __('Your session has expired. Please log-in again.', 'simplr-registration-form'), 'message'); } // Clear any stale cookies. if ($reauth) { wp_clear_auth_cookie(); } break; } } }
/** * Add the "My Account" submenu items. * * @since 3.1.0 * * @param WP_Admin_Bar $wp_admin_bar */ function wp_admin_bar_my_account_menu($wp_admin_bar) { $user_id = get_current_user_id(); $current_user = wp_get_current_user(); if (!$user_id) { return; } if (current_user_can('read')) { $profile_url = get_edit_profile_url($user_id); } elseif (is_multisite()) { $profile_url = get_dashboard_url($user_id, 'profile.php'); } else { $profile_url = false; } $wp_admin_bar->add_group(array('parent' => 'my-account', 'id' => 'user-actions')); $user_info = get_avatar($user_id, 64); $user_info .= "<span class='display-name'>{$current_user->display_name}</span>"; if ($current_user->display_name !== $current_user->user_login) { $user_info .= "<span class='username'>{$current_user->user_login}</span>"; } $wp_admin_bar->add_menu(array('parent' => 'user-actions', 'id' => 'user-info', 'title' => $user_info, 'href' => $profile_url, 'meta' => array('tabindex' => -1))); if (false !== $profile_url) { $wp_admin_bar->add_menu(array('parent' => 'user-actions', 'id' => 'edit-profile', 'title' => __('Edit My Profile'), 'href' => $profile_url)); } $wp_admin_bar->add_menu(array('parent' => 'user-actions', 'id' => 'logout', 'title' => __('Log Out'), 'href' => wp_logout_url())); }
/** * Proccesses the request * * Callback for "template_redirect" hook in template-loader.php * * @since 6.3 * @access public */ public function template_redirect() { $this->request_action = isset($_REQUEST['action']) ? sanitize_key($_REQUEST['action']) : ''; if (!$this->request_action && self::is_tml_page()) { $this->request_action = self::get_page_action(get_the_id()); } $this->request_instance = isset($_REQUEST['instance']) ? sanitize_key($_REQUEST['instance']) : 0; do_action_ref_array('tml_request', array(&$this)); // allow plugins to override the default actions, and to add extra actions if they want do_action('login_form_' . $this->request_action); if (has_action('tml_request_' . $this->request_action)) { do_action_ref_array('tml_request_' . $this->request_action, array(&$this)); } else { $http_post = 'POST' == $_SERVER['REQUEST_METHOD']; switch ($this->request_action) { case 'postpass': global $wp_hasher; if (empty($wp_hasher)) { require_once ABSPATH . 'wp-includes/class-phpass.php'; // By default, use the portable hash from phpass $wp_hasher = new PasswordHash(8, true); } // 10 days setcookie('wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword(stripslashes($_POST['post_password'])), time() + 864000, COOKIEPATH); wp_safe_redirect(wp_get_referer()); exit; break; case 'logout': check_admin_referer('log-out'); $user = wp_get_current_user(); wp_logout(); $redirect_to = apply_filters('logout_redirect', site_url('wp-login.php?loggedout=true'), isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user); wp_safe_redirect($redirect_to); exit; break; case 'lostpassword': case 'retrievepassword': if ($http_post) { $this->errors = self::retrieve_password(); if (!is_wp_error($this->errors)) { $redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : site_url('wp-login.php?checkemail=confirm'); wp_safe_redirect($redirect_to); exit; } } if (isset($_REQUEST['error']) && 'invalidkey' == $_REQUEST['error']) { $this->errors->add('invalidkey', __('Sorry, that key does not appear to be valid.', 'theme-my-login')); } do_action('lost_password'); break; case 'resetpass': case 'rp': $user = self::check_password_reset_key($_REQUEST['key'], $_REQUEST['login']); if (is_wp_error($user)) { $redirect_to = site_url('wp-login.php?action=lostpassword&error=invalidkey'); wp_redirect($redirect_to); exit; } if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) { $this->errors->add('password_reset_mismatch', __('The passwords do not match.', 'theme-my-login')); } elseif (isset($_POST['pass1']) && !empty($_POST['pass1'])) { self::reset_password($user, $_POST['pass1']); $redirect_to = site_url('wp-login.php?resetpass=complete'); wp_safe_redirect($redirect_to); exit; } wp_enqueue_script('utils'); wp_enqueue_script('user-profile'); break; case 'register': if (!get_option('users_can_register')) { $redirect_to = site_url('wp-login.php?registration=disabled'); wp_redirect($redirect_to); exit; } $user_login = ''; $user_email = ''; if ($http_post) { $user_login = $_POST['user_login']; $user_email = $_POST['user_email']; $this->errors = self::register_new_user($user_login, $user_email); if (!is_wp_error($this->errors)) { $redirect_to = !empty($_POST['redirect_to']) ? $_POST['redirect_to'] : site_url('wp-login.php?checkemail=registered'); wp_safe_redirect($redirect_to); exit; } } break; case 'login': default: $secure_cookie = ''; $interim_login = isset($_REQUEST['interim-login']); // If the user wants ssl but the session is not ssl, force a secure cookie. if (!empty($_POST['log']) && !force_ssl_admin()) { $user_name = sanitize_user($_POST['log']); if ($user = get_user_by('login', $user_name)) { if (get_user_option('use_ssl', $user->ID)) { $secure_cookie = true; force_ssl_admin(true); } } } if (!empty($_REQUEST['redirect_to'])) { $redirect_to = $_REQUEST['redirect_to']; // Redirect to https if user wants ssl if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) { $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to); } } else { $redirect_to = admin_url(); } $reauth = empty($_REQUEST['reauth']) ? false : true; // If the user was redirected to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure // cookie and redirect back to the referring non-secure admin page. This allows logins to always be POSTed over SSL while allowing the user to choose visiting // the admin via http or https. if (!$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) { $secure_cookie = false; } if ($http_post && isset($_POST['log'])) { $user = wp_signon('', $secure_cookie); $redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user); if (!is_wp_error($user) && !$reauth) { if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) { // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile. if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID)) { $redirect_to = user_admin_url(); } elseif (is_multisite() && !$user->has_cap('read')) { $redirect_to = get_dashboard_url($user->ID); } elseif (!$user->has_cap('edit_posts')) { $redirect_to = admin_url('profile.php'); } } wp_safe_redirect($redirect_to); exit; } $this->errors = $user; } // Clear errors if loggedout is set. if (!empty($_GET['loggedout']) || $reauth) { $this->errors = new WP_Error(); } // Some parts of this script use the main login form to display a message if (isset($_GET['loggedout']) && true == $_GET['loggedout']) { $this->errors->add('loggedout', __('You are now logged out.', 'theme-my-login'), 'message'); } elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) { $this->errors->add('registerdisabled', __('User registration is currently not allowed.', 'theme-my-login')); } elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) { $this->errors->add('confirm', __('Check your e-mail for the confirmation link.', 'theme-my-login'), 'message'); } elseif (isset($_GET['resetpass']) && 'complete' == $_GET['resetpass']) { $this->errors->add('password_reset', __('Your password has been reset.', 'theme-my-login'), 'message'); } elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) { $this->errors->add('registered', __('Registration complete. Please check your e-mail.', 'theme-my-login'), 'message'); } elseif ($interim_login) { $this->errors->add('expired', __('Your session has expired. Please log-in again.', 'theme-my-login'), 'message'); } elseif (strpos($redirect_to, 'about.php?updated')) { $this->errors->add('updated', __('<strong>You have successfully updated WordPress!</strong> Please log back in to experience the awesomeness.', 'theme-my-login'), 'message'); } elseif ($reauth) { $this->errors->add('reauth', __('Please log in to continue.', 'theme-my-login'), 'message'); } // Clear any stale cookies. if ($reauth) { wp_clear_auth_cookie(); } break; } // end switch } // endif has_filter() }
/** * Login hooks */ function action_login() { $interim_login = isset($_REQUEST['interim-login']); $secure_cookie = ''; $customize_login = isset($_REQUEST['customize-login']); if ($customize_login) { wp_enqueue_script('customize-base'); } // If the user wants ssl but the session is not ssl, force a secure cookie. if (!empty($_POST['log']) && !force_ssl_admin()) { $user_name = sanitize_user($_POST['log']); if ($user = get_user_by('login', $user_name)) { if (get_user_option('use_ssl', $user->ID)) { $secure_cookie = true; force_ssl_admin(true); } } } if (isset($_REQUEST['redirect_to'])) { $redirect_to = $_REQUEST['redirect_to']; // Redirect to https if user wants ssl if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) { $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to); } } else { $redirect_to = admin_url(); } $reauth = empty($_REQUEST['reauth']) ? false : true; $user = wp_signon('', $secure_cookie); if (empty($_COOKIE[LOGGED_IN_COOKIE])) { if (headers_sent()) { $user = new WP_Error('test_cookie', sprintf(__('<strong>ERROR</strong>: Cookies are blocked due to unexpected output. For help, please see <a href="%1$s">this documentation</a> or try the <a href="%2$s">support forums</a>.', 'colabsthemes'), 'http://codex.wordpress.org/Cookies', 'https://wordpress.org/support/')); } elseif (isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE])) { // If cookies are disabled we can't log in even with a valid user+pass $user = new WP_Error('test_cookie', sprintf(__('<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href="%s">enable cookies</a> to use WordPress.', 'colabsthemes'), 'http://codex.wordpress.org/Cookies')); } } $requested_redirect_to = isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : ''; /** * Filter the login redirect URL. * * @since 3.0.0 * * @param string $redirect_to The redirect destination URL. * @param string $requested_redirect_to The requested redirect destination URL passed as a parameter. * @param WP_User|WP_Error $user WP_User object if login was successful, WP_Error object otherwise. */ $redirect_to = apply_filters('login_redirect', $redirect_to, $requested_redirect_to, $user); if (!is_wp_error($user) && !$reauth) { if ($interim_login) { $message = '<div class="alert alert-success">' . __('You have logged in successfully.', 'colabsthemes') . '</div>'; $interim_login = '******'; echo $message; } if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) { // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile. if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID)) { $redirect_to = user_admin_url(); } elseif (is_multisite() && !$user->has_cap('read')) { $redirect_to = get_dashboard_url($user->ID); } elseif (!$user->has_cap('edit_posts')) { $redirect_to = admin_url('profile.php'); } } wp_safe_redirect($redirect_to); exit; } $errors = $user; // Clear errors if loggedout is set. if (!empty($_GET['loggedout']) || $reauth) { $errors = new WP_Error(); } if ($interim_login) { if (!$errors->get_error_code()) { $errors->add('expired', __('Session expired. Please log in again. You will not move away from this page.', 'colabsthemes'), 'message'); } } else { // Some parts of this script use the main login form to display a message if (isset($_GET['loggedout']) && true == $_GET['loggedout']) { $errors->add('loggedout', __('You are now logged out.', 'colabsthemes'), 'message'); } elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) { $errors->add('registerdisabled', __('User registration is currently not allowed.', 'colabsthemes')); } elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) { $errors->add('confirm', __('Check your e-mail for the confirmation link.', 'colabsthemes'), 'message'); } elseif (isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail']) { $errors->add('newpass', __('Check your e-mail for your new password.', 'colabsthemes'), 'message'); } elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) { $errors->add('registered', __('Registration complete. Please check your e-mail.', 'colabsthemes'), 'message'); } elseif (strpos($redirect_to, 'about.php?updated')) { $errors->add('updated', __('<strong>You have successfully updated WordPress!</strong> Please log back in to see what’s new.', 'colabsthemes'), 'message'); } } /** * Filter the login page errors. * * @since 3.6.0 * * @param object $errors WP Error object. * @param string $redirect_to Redirect destination URL. */ $errors = apply_filters('wp_login_errors', $errors, $redirect_to); // Clear any stale cookies. if ($reauth) { wp_clear_auth_cookie(); } // Error Messages $this->render_messages($errors); $this->login_form($interim_login, $redirect_to, $errors); }
/** * Function is responsible for initializing the login page * */ function bum_init_page_login() { //reasons to return if (!bum_is_page('Login')) { return false; } // Redirect to https login if forced to use SSL if (force_ssl_admin() && !is_ssl()) { if (0 === strpos($_SERVER['REQUEST_URI'], 'http')) { wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI'])); exit; } else { wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); exit; } } // Don't index any of these forms add_filter('pre_option_blog_public', '__return_zero'); add_action('login_head', 'noindex'); //initializing global $bum_action, $bum_errors, $bum_redirect_to, $bum_user, $bum_http_post, $bum_secure_cookie, $bum_interim_login, $bum_reauth, $bum_rememberme, $bum_messages_txt, $bum_errors_txt; $bum_action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'login'; $bum_errors = new WP_Error(); if (isset($_GET['key'])) { $bum_action = 'resetpass'; } // validate action so as to default to the login screen if (!in_array($bum_action, array('logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login'), true) && false === has_filter('login_form_' . $bum_action)) { $bum_action = 'login'; } nocache_headers(); header('Content-Type: ' . get_bloginfo('html_type') . '; charset=' . get_bloginfo('charset')); if (defined('RELOCATE')) { // Move flag is set if (isset($_SERVER['PATH_INFO']) && $_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) { $_SERVER['PHP_SELF'] = str_replace($_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF']); } $schema = is_ssl() ? 'https://' : 'http://'; if (dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != get_option('siteurl')) { update_option('siteurl', dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'])); } } //Set a cookie now to see if they are supported by the browser. setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN); if (SITECOOKIEPATH != COOKIEPATH) { setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN); } // allow plugins to override the default actions, and to add extra actions if they want do_action('login_init'); do_action('login_form_' . $bum_action); $bum_http_post = 'POST' == $_SERVER['REQUEST_METHOD']; switch ($bum_action) { case 'logout': //check_admin_referer('log-out'); wp_logout(); $bum_redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : bum_get_permalink_login() . '?loggedout=true'; wp_safe_redirect($bum_redirect_to); exit; break; case 'lostpassword': case 'retrievepassword': if ($bum_http_post) { $bum_errors = bum_retrieve_password(); if (!is_wp_error($bum_errors)) { $bum_redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : bum_get_permalink_login() . '&checkemail=confirm'; wp_safe_redirect($bum_redirect_to); exit; } } if (isset($_GET['error']) && 'invalidkey' == $_GET['error']) { $bum_errors->add('invalidkey', __('Sorry, that key does not appear to be valid.')); } $bum_redirect_to = apply_filters('lostpassword_redirect', !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : ''); do_action('lost_password'); break; case 'resetpass': case 'rp': $bum_user = bum_check_password_reset_key($_GET['key'], $_GET['login']); if (is_wp_error($bum_user)) { wp_redirect(bum_get_permalink_login() . '?action=lostpassword&error=invalidkey'); exit; } $bum_errors = ''; if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) { $bum_errors = new WP_Error('password_reset_mismatch', __('The passwords do not match.')); } elseif (isset($_POST['pass1']) && !empty($_POST['pass1'])) { bum_reset_password($bum_user, $_POST['pass1']); exit; } wp_enqueue_script('utils'); wp_enqueue_script('user-profile'); break; case 'register': wp_redirect(bum_get_permalink_registration()); exit; break; case 'login': default: //redirect if logged in if (is_user_logged_in()) { wp_redirect(get_bloginfo('url')); exit; } $bum_secure_cookie = ''; $bum_interim_login = isset($_REQUEST['interim-login']); // If the user wants ssl but the session is not ssl, force a secure cookie. if (!empty($_POST['log']) && !force_ssl_admin()) { $bum_user_name = sanitize_user($_POST['log']); if ($bum_user = get_userdatabylogin($bum_user_name)) { if (get_user_option('use_ssl', $bum_user->ID)) { $bum_secure_cookie = true; force_ssl_admin(true); } } } if (isset($_REQUEST['redirect_to'])) { $bum_redirect_to = $_REQUEST['redirect_to']; // Redirect to https if user wants ssl if ($bum_secure_cookie && false !== strpos($bum_redirect_to, 'wp-admin')) { $bum_redirect_to = preg_replace('|^http://|', 'https://', $bum_redirect_to); } } else { $bum_redirect_to = admin_url(); } $bum_reauth = empty($_REQUEST['reauth']) ? false : true; // If the user was redirected to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure // cookie and redirect back to the referring non-secure admin page. This allows logins to always be POSTed over SSL while allowing the user to choose visiting // the admin via http or https. if (!$bum_secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($bum_redirect_to, 'https') && 0 === strpos($bum_redirect_to, 'http')) { $bum_secure_cookie = false; } $bum_user = wp_signon('', $bum_secure_cookie); $bum_redirect_to = apply_filters('login_redirect', $bum_redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $bum_user); if (!is_wp_error($bum_user) && !$bum_reauth) { if (empty($bum_redirect_to) || $bum_redirect_to == 'wp-admin/' || $bum_redirect_to == admin_url()) { // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile. if (is_multisite() && !get_active_blog_for_user($bum_user->id)) { $bum_redirect_to = user_admin_url(); } elseif (is_multisite() && !$bum_user->has_cap('read')) { $bum_redirect_to = get_dashboard_url($bum_user->id); } elseif (!$bum_user->has_cap('edit_posts')) { $bum_redirect_to = bum_get_permalink_profile(); } } wp_safe_redirect($bum_redirect_to); exit; } $bum_errors = $bum_user; // Clear errors if loggedout is set. if (!empty($_GET['loggedout']) || $bum_reauth) { $bum_errors = new WP_Error(); } // If cookies are disabled we can't log in even with a valid user+pass if (isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE])) { $bum_errors->add('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress.")); } // Some parts of this script use the main login form to display a message if (isset($_GET['loggedout']) && TRUE == $_GET['loggedout']) { $bum_errors->add('loggedout', __('You are now logged out.'), 'message'); } elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) { $bum_errors->add('registerdisabled', __('User registration is currently not allowed.')); } elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) { $bum_errors->add('confirm', __('Check your e-mail for the confirmation link.'), 'message'); } elseif (isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail']) { $bum_errors->add('newpass', __('Check your e-mail for your new password.'), 'message'); } elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) { $bum_errors->add('registered', __('Registration complete. Please check your e-mail.'), 'message'); } elseif ($bum_interim_login) { $bum_errors->add('expired', __('Your session has expired. Please log-in again.'), 'message'); } // Clear any stale cookies. if ($bum_reauth) { wp_clear_auth_cookie(); } if (isset($_POST['log'])) { $bum_user_login = '******' == $bum_errors->get_error_code() || 'empty_password' == $bum_errors->get_error_code() ? esc_attr(stripslashes($_POST['log'])) : ''; } $bum_rememberme = !empty($_POST['rememberme']); break; } if ($bum_errors->get_error_code()) { $bum_errors_txt = ''; $bum_messages_txt = ''; foreach ($bum_errors->get_error_codes() as $code) { $bum_severity = $bum_errors->get_error_data($code); foreach ($bum_errors->get_error_messages($code) as $error) { if ('message' == $bum_severity) { $bum_messages_txt .= ' ' . $error . "<br />\n"; } else { $bum_errors_txt .= ' ' . $error . "<br />\n"; } } } } }
/** * Login user. SSL support is not tested. */ public function login() { global $json_api; $secure_cookie = ''; // If the user wants ssl but the session is not ssl, force a secure cookie. if (!empty($_POST['log']) && !force_ssl_admin()) { $user_name = sanitize_user($_POST['log']); if ($user = get_user_by('login', $user_name)) { // i'm guessing the user can change their login options to work with SSL if (get_user_option('use_ssl', $user->ID)) { $secure_cookie = true; //passing true to like so, force_ssl_admin(true), makes force_ssl_admin() return true and vice versa //force_ssl_admin(true); http://codex.wordpress.org/Function_Reference/force_ssl_admin // we are declaring error but not returning it for now $errors = new WP_Error(); $errors->add('use_ssl', __("The login must use ssl.")); // not implemeted now //return $errors; } } } if (isset($_REQUEST['redirect_to'])) { $redirect_to = $_REQUEST['redirect_to']; // Redirect to https if user wants ssl if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) { $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to); } } else { $redirect_to = admin_url(); } $reauth = empty($_REQUEST['reauth']) ? false : true; // If the user was redirected to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure // cookie and redirect back to the referring non-secure admin page. This allows logins to always be POSTed over SSL while allowing the user to choose visiting // the admin via http or https. if (!$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && 0 !== strpos($redirect_to, 'https') && 0 === strpos($redirect_to, 'http')) { $secure_cookie = false; } //$user = wp_authenticate_username_password('', $_POST['log'], $_POST['pwd']); $user = wp_signon('', $secure_cookie); if (is_wp_error($user)) { // user is an error object $errors = $user; // if both login and password are empty no error is added so we add one now if (empty($_POST['log']) && empty($_POST['pwd'])) { $errors->add('invalid_username', __("The username is empty.")); } // Clear errors if loggedout is set. if (!empty($_GET['loggedout']) || $reauth) { $errors = new WP_Error(); } // If cookies are disabled we can't log in even with a valid user+pass if (isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE])) { $errors->add('test_cookie', __("Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress.")); } // Some parts of this script use the main login form to display a message if (isset($_GET['loggedout']) && TRUE == $_GET['loggedout']) { $errors->add('loggedout', __('You are now logged out.'), 'message'); } elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) { $errors->add('registerdisabled', __('User registration is currently not allowed.')); } elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) { $errors->add('confirm', __('Check your e-mail for the confirmation link.'), 'message'); } elseif (isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail']) { $errors->add('newpass', __('Check your e-mail for your new password.'), 'message'); } elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) { $errors->add('registered', __('Registration complete. Please check your e-mail.'), 'message'); } elseif ($interim_login) { $errors->add('expired', __('Your session has expired. Please log-in again.'), 'message'); } // Clear any stale cookies. if ($reauth) { wp_clear_auth_cookie(); } return $errors; } //if (!$reauth) { // does not redirect if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) { // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile. if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID)) { $redirect_to = user_admin_url(); } elseif (is_multisite() && !$user->has_cap('read')) { $redirect_to = get_dashboard_url($user->ID); } elseif (!$user->has_cap('edit_posts')) { $redirect_to = admin_url('profile.php'); } } wp_set_current_user($user->ID); $user = $this->get_logged_in_user(); // left in redirect_to since we could return the value later if we wanted return $user; //} }
function cc_login_redirect_rules($redirect_to, $requested_redirect_to, $user) { global $wp_roles; // If they're on the login page, don't do anything if (!isset($user->user_login)) { return $redirect_to; } if (isset($_GET['wpc_to_redirect']) && !empty($_GET['wpc_to_redirect'])) { return $redirect_to; } //redirect by login/logout redirect table $wpc_enable_custom_redirects = $this->cc_get_settings('enable_custom_redirects', 'no'); if ('yes' == $wpc_enable_custom_redirects) { global $wpdb; //get individual redirect for users $new_redirect_to = $wpdb->get_var($wpdb->prepare("SELECT rul_url FROM {$wpdb->prefix}wpc_client_login_redirects WHERE rul_value = '%s' AND rul_type='user'", $user->user_login)); if ($new_redirect_to) { return $new_redirect_to; } else { //redirects for circles $client_groups = $this->cc_get_client_groups_id($user->ID); if (0 < count($client_groups)) { $new_redirect_to = $wpdb->get_var("SELECT rul_url FROM {$wpdb->prefix}wpc_client_login_redirects WHERE rul_type='circle' AND rul_url != '' AND rul_value IN('" . implode("','", $client_groups) . "') ORDER BY rul_order DESC LIMIT 1"); if ($new_redirect_to) { return $new_redirect_to; } } //redirects for roles $userdata = get_userdata($user->ID); $userroles = $userdata->roles; foreach ($userroles as $key => $userrole) { $userroles[$key] = "'" . $userrole . "'"; } $userroles = implode(',', $userroles); $new_role_redirect_to = $wpdb->get_var("SELECT rul_url FROM {$wpdb->prefix}wpc_client_login_redirects WHERE rul_value IN(" . $userroles . ") AND rul_type='role' AND rul_url != '' ORDER BY rul_order DESC LIMIT 1"); if ($new_role_redirect_to) { return $new_role_redirect_to; } //if not find redirect for user, circle and role use default redirect $wpc_default_redirects = $this->cc_get_settings('default_redirects'); if (isset($wpc_default_redirects['login']) && '' != $wpc_default_redirects['login']) { return $wpc_default_redirects['login']; } else { //redirection for administrators if (user_can($user, 'administrator') && !user_can($user, 'manage_network_options')) { return admin_url(); } //redirect Client and Staff to my-hub page if (user_can($user, 'wpc_client') && !user_can($user, 'manage_network_options')) { return $this->cc_get_slug('hub_page_id'); } if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) { // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile. if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID)) { $redirect_to = user_admin_url(); } elseif (is_multisite() && !$user->has_cap('read')) { $redirect_to = get_dashboard_url($user->ID); } elseif (!$user->has_cap('edit_posts')) { $redirect_to = admin_url('profile.php'); } } //redirect for another users return $redirect_to; } } } else { //redirection for administrators if (user_can($user, 'administrator') && !user_can($user, 'manage_network_options')) { return admin_url(); } //redirect Client and Staff to my-hub page if (user_can($user, 'wpc_client') && !user_can($user, 'manage_network_options')) { return $this->cc_get_slug('hub_page_id'); } if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) { // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile. if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID)) { $redirect_to = user_admin_url(); } elseif (is_multisite() && !$user->has_cap('read')) { $redirect_to = get_dashboard_url($user->ID); } elseif (!$user->has_cap('edit_posts')) { $redirect_to = admin_url('profile.php'); } } //redirect for another users return $redirect_to; } }
/** * Get the URL to the user's profile editor. * * @since 3.1.0 * * @param int $user User ID * @param string $scheme The scheme to use. Default is 'admin', which obeys force_ssl_admin() and is_ssl(). 'http' or 'https' can be passed to force those schemes. * @return string Dashboard url link with optional path appended */ function get_edit_profile_url($user, $scheme = 'admin') { $user = (int) $user; if (is_user_admin()) { $url = user_admin_url('profile.php', $scheme); } elseif (is_network_admin()) { $url = network_admin_url('profile.php', $scheme); } else { $url = get_dashboard_url($user, 'profile.php', $scheme); } return apply_filters('edit_profile_url', $url, $user, $scheme); }
/** * Prevent access to `profile.php` * * @since 0.2.0 * * @param type $redirect_to * @param type $requested_redirect_to * @param type $user */ function wp_user_profiles_old_profile_redirect() { wp_safe_redirect(get_dashboard_url()); exit; }
echo wp_customize_url(); ?> ', channel: 'login' }).send('login') }, 1000 );</script> <?php } ?> </body></html> <?php exit; } if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) { // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile. if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID)) { $redirect_to = user_admin_url(); } elseif (is_multisite() && !$user->has_cap('read')) { $redirect_to = get_dashboard_url($user->ID); } elseif (!$user->has_cap('edit_posts')) { $redirect_to = $user->has_cap('read') ? admin_url('profile.php') : home_url(); } } wp_safe_redirect($redirect_to); exit; } $errors = $user; // Clear errors if loggedout is set. if (!empty($_GET['loggedout']) || $reauth) { $errors = new WP_Error(); } if ($interim_login) { if (!$errors->get_error_code()) { $errors->add('expired', __('Your session has expired. Please log in to continue where you left off.'), 'message');
public function doLogin() { $minecraftjp = $this->getMinecraftJP(); $authType = !empty($_SESSION['auth_type']) ? $_SESSION['auth_type'] : 'login'; $redirectTo = !empty($_SESSION['redirect_to']) ? $_SESSION['redirect_to'] : ''; if ($authType == 'link') { try { $mcjpUser = $minecraftjp->getUser(); } catch (\Exception $e) { $this->setFlash($e->getMessage(), 'default', array('class' => 'error')); wp_safe_redirect(admin_url('profile.php')); exit; } if (!empty($mcjpUser)) { $userId = get_current_user_id(); $existsUserId = $this->User->getUserIdBySub($mcjpUser['sub']); if (!empty($existsUserId) && $existsUserId != $userId) { $this->setFlash(__('This account is already linked.', App::NAME), 'default', array('class' => 'error')); } else { update_user_meta($userId, 'minecraftjp_sub', $mcjpUser['sub']); update_user_meta($userId, 'minecraftjp_uuid', $mcjpUser['uuid']); update_user_meta($userId, 'minecraftjp_username', $mcjpUser['preferred_username']); $this->setFlash(__('Minecraft.jp account linked successfully.', App::NAME)); } } else { $this->setFlash(__('Authorization denied.', App::NAME), 'default', array('class' => 'error')); } wp_safe_redirect(admin_url('profile.php')); } else { try { $mcjpUser = $minecraftjp->getUser(); } catch (\Exception $e) { $this->setFlash($e->getMessage(), 'default', array('class' => 'error')); wp_safe_redirect(site_url('wp-login.php')); exit; } if (!empty($mcjpUser)) { $userId = $this->User->getUserIdBySub($mcjpUser['sub']); if (!$userId) { if (!get_option('users_can_register') && !Configure::read('force_users_can_register')) { wp_redirect(site_url('wp-login.php?registration=disabled')); exit; } $password = wp_generate_password(); $result = wp_create_user($mcjpUser['preferred_username'] . Configure::read('username_suffix'), $password, $mcjpUser['email']); if (is_wp_error($result)) { $this->setFlash(__('username or email is already taken.', App::NAME), 'default', array('class' => 'error')); wp_safe_redirect(site_url('wp-login.php')); exit; } else { $userId = $result; wp_update_user(array('ID' => $userId, 'user_url' => !empty($mcjpUser['website']) ? $mcjpUser['website'] : $mcjpUser['profile'], 'display_name' => $mcjpUser['preferred_username'])); update_user_meta($userId, 'nickname', $mcjpUser['preferred_username']); update_user_meta($userId, 'minecraftjp_sub', $mcjpUser['sub']); update_user_meta($userId, 'minecraftjp_uuid', $mcjpUser['uuid']); // send password notification wp_new_user_notification($userId, $password); } } update_user_meta($userId, 'minecraftjp_username', $mcjpUser['preferred_username']); wp_set_auth_cookie($userId, true); $user = get_user_by('id', $userId); if (empty($redirectTo) || $redirectTo == 'wp-admin/' || $redirectTo == admin_url()) { if (is_multisite() && !get_active_blog_for_user($userId) && !is_super_admin($userId)) { $redirectTo = user_admin_url(); } else { if (is_multisite() && !$user->has_cap('read')) { $redirectTo = get_dashboard_url($userId); } else { if (!$user->has_cap('edit_posts')) { $redirectTo = admin_url('profile.php'); } } } } wp_safe_redirect($redirectTo); exit; } else { $this->setFlash(__('Authorization denied.', App::NAME), 'default', array('class' => 'error')); wp_safe_redirect(site_url('wp-login.php')); exit; } } }
/** * Get the URL to the user's profile editor. * * @since 3.1.0 * * @param int $user_id Optional. User ID. Defaults to current user. * @param string $scheme The scheme to use. Default is 'admin', which obeys force_ssl_admin() and is_ssl(). * 'http' or 'https' can be passed to force those schemes. * @return string Dashboard url link with optional path appended. */ function get_edit_profile_url($user_id = 0, $scheme = 'admin') { $user_id = $user_id ? (int) $user_id : get_current_user_id(); if (is_user_admin()) { $url = user_admin_url('profile.php', $scheme); } elseif (is_network_admin()) { $url = network_admin_url('profile.php', $scheme); } else { $url = get_dashboard_url($user_id, 'profile.php', $scheme); } /** * Filter the URL for a user's profile editor. * * @since 3.1.0 * * @param string $url The complete URL including scheme and path. * @param int $user_id The user ID. * @param string $scheme Scheme to give the URL context. Accepts 'http', 'https', 'login', * 'login_post', 'admin', 'relative' or null. */ return apply_filters('edit_profile_url', $url, $user_id, $scheme); }
/** * Render the login shortcode. * * @since 1.8.0 * * @param array $args Shortcode paramters * @param string $content Content between shortcode * @return string HTML output */ function render_login($args, $content = '') { $defaults = $this->default_shortcode_parameter($args); $defaults['action'] = 'login'; extract($defaults); self::$args = $defaults; $styles = $this->get_style_tag(); $html = sprintf('<div %s>%s', FusionCore_Plugin::attributes('login-shortcode'), $styles); if (!is_user_logged_in()) { $user_login = isset($_GET['log']) ? $_GET['log'] : ''; $html .= sprintf('<h3 class="fusion-login-heading">%s</h3>', $heading); $html .= sprintf('<div class="fusion-login-caption">%s</div>', $caption); $html .= sprintf('<%s %s>', $main_container, FusionCore_Plugin::attributes('login-shortcode-form')); // Get the success/error notices $this->render_notices($action); $html .= '<div class="fusion-login-input-wrapper">'; $html .= sprintf('<label class="fusion-hidden-content" for="user_login">%s</label>', __('Username', 'fusion-core')); $html .= sprintf('<input type="text" name="log" placeholder="%s" value="%s" size="20" class="fusion-login-username input-text" id="user_login" />', __('Username', 'fusion-core'), esc_attr($user_login)); $html .= '</div>'; $html .= '<div class="fusion-login-input-wrapper">'; $html .= sprintf('<label class="fusion-hidden-content" for="user_pass">%s</label>', __('Password', 'fusion-core')); $html .= sprintf('<input type="password" name="pwd" placeholder="%s" value="" size="20" class="fusion-login-password input-text" id="user_pass" />', __('Password', 'fusion-core')); $html .= '</div>'; $html .= '<div class="fusion-login-submit-wrapperr">'; $html .= sprintf('<button %s>%s</button>', FusionCore_Plugin::attributes('login-shortcode-button'), __('Log in', 'fusion-core')); // Set the query string for successful password reset if (!$redirection_link) { $redirection_link = $this->get_redirection_link(); } $html .= $this->render_hidden_login_inputs($redirection_link); $html .= '</div>'; $html .= '<div class="fusion-login-links">'; $html .= sprintf('<a class="fusion-login-lost-passowrd" target="_self" href="%s">%s</a>', $lost_password_link, __('Lost password?', 'fusion-core')); $html .= sprintf('<a class="fusion-login-register" target="_self" href="%s">%s</a>', $register_link, __('Register', 'fusion-core')); $html .= '</div>'; $html .= sprintf('</%s>', $main_container); } else { $user = get_user_by('id', get_current_user_id()); $html .= sprintf('<div class="fusion-login-caption">%s %s</div>', __('Welcome', 'fusion-core'), ucwords($user->display_name)); $html .= sprintf('<div class="fusion-login-avatar">%s</div>', get_avatar($user->ID, apply_filters('fusion_login_box_avatar_size', 50))); $html .= '<ul class="fusion-login-loggedin-links">'; $html .= sprintf('<li><a href="%s">%s</a></li>', get_dashboard_url(), __('Dashboard', 'fusion-core')); $html .= sprintf('<li><a href="%s">%s</a></li>', get_edit_user_link($user->ID), __('Profile', 'fusion-core')); $html .= sprintf('<li><a href="%s">%s</a></li>', wp_logout_url(get_permalink()), __('Logout', 'fusion-core')); $html .= '</ul>'; } $html .= '</div>'; return $html; }