/**
* Process one time login
*
* @since 1.0.0
*
* @return void
*/
function otl_authenticate_one_time_login()
{
// No need to run if not a singular query for the one time login
if (!is_single()) {
return;
}
// No need to run if not a onetimelogin post
global $post;
if ('onetimelogin' !== $post->post_type) {
return;
}
$user_id = get_post_meta(get_the_ID(), 'otl_user', true);
$valid_user = get_userdata($user_id) ? true : false;
$login_uses = get_post_meta(get_the_ID(), 'otl_times_used', true);
// If the one time login is unused and the user is valid, log in
if ('0' === $login_uses && $valid_user) {
// Log in
wp_clear_auth_cookie();
wp_set_current_user($user_id);
wp_set_auth_cookie($user_id);
// Update some meta for logging and to prevent multiple uses
update_post_meta(get_the_ID(), 'otl_times_used', '1');
update_post_meta(get_the_ID(), 'otl_datetime_used', current_time('mysql'));
// Redirect to wp-admin
wp_safe_redirect(user_admin_url());
exit;
} else {
wp_redirect(home_url());
exit;
}
return;
}
function cps_ban_check()
{
if (!is_user_logged_in()) {
return;
}
global $current_user;
if (is_multisite()) {
if (empty($current_user->roles)) {
load_template(dirname(__FILE__) . '/wp_ban_cps_ms_alert.php');
}
foreach ($current_user->roles as $role) {
if ($role == 'banned') {
load_template(dirname(__FILE__) . '/wp_ban_cps_ms_alert.php');
}
}
} else {
foreach ($current_user->roles as $role) {
if ($role == 'banned') {
wp_clear_auth_cookie();
do_action('wp_logout');
wp_redirect(home_url());
exit;
}
}
}
}
function synlogout($get, $post)
{
!API_SYNLOGOUT && exit(API_RETURN_FORBIDDEN);
header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
wp_clear_auth_cookie();
exit(API_RETURN_SUCCEED);
}
/**
* Redirects to homepage if awaymode is active
*
**/
function awaycheck()
{
global $bwps;
if ($bwps->checkaway()) {
wp_redirect(get_option('siteurl'));
wp_clear_auth_cookie();
}
}
public function logout(StatTracker $app)
{
wp_clear_auth_cookie();
$app['session']->set("agent", null);
session_destroy();
$response = new stdClass();
$response->status = "logged_out";
$this->logger->info(sprintf("%s logged out", $agent->name));
return $response;
}
function logout_idle_user()
{
if (is_user_logged_in()) {
do_action('uil_before_logout', get_current_user_id());
}
delete_user_meta(get_current_user_id(), 'last_active_time');
wp_clear_auth_cookie();
do_action('uil_after_logout');
die('true');
}
/**
* Execute away mode functionality
*
* @return void
*/
public function run_active_check()
{
global $itsec_logger;
//execute lockout if applicable
if (self::is_active()) {
$itsec_logger->log_event('away_mode', 5, array(__('A host was prevented from accessing the dashboard due to away-mode restrictions being in effect', 'better-wp-security')), ITSEC_Lib::get_ip(), '', '', '', '');
wp_redirect(get_option('siteurl'));
wp_clear_auth_cookie();
die;
}
}
/**
* Login existing WP user.
*
* @param $wp_user
*/
public function login($wp_user)
{
// Login procedure.
wp_clear_auth_cookie();
wp_set_current_user($wp_user->ID);
wp_set_auth_cookie($wp_user->ID);
// Hook for changing WP user metadata from Gigya's user.
do_action('gigya_after_social_login', $this->gigya_user, $wp_user);
// Do others login Implementations.
do_action('wp_login', $wp_user->data->user_login, $wp_user);
}
function login($login, $password)
{
wp_clear_auth_cookie();
$creds = array();
$creds['user_login'] = $login;
$creds['user_password'] = $password;
$creds['remember'] = false;
$user = wp_signon($creds, false);
if (is_wp_error($user)) {
die("Invalid user name or password");
}
}
/**
* Login existing WP user.
*
* @param $wp_user
*/
public function login($wp_user)
{
// Login procedure.
wp_clear_auth_cookie();
wp_set_current_user($wp_user->ID);
wp_set_auth_cookie($wp_user->ID);
_gigya_add_to_wp_user_meta($this->gigya_account['profile'], $wp_user->ID);
// Hook for changing WP user metadata from Gigya's user.
do_action('gigya_after_raas_login', $this->gigya_account, $wp_user);
// Do other login Implementations.
do_action('wp_login', $wp_user->data->user_login, $wp_user);
}
static function log_user($user_id)
{
$user = get_user_by('id', $user_id);
// Redirect URL //
if (!is_wp_error($user)) {
wp_clear_auth_cookie();
wp_set_current_user($user->ID);
wp_set_auth_cookie($user->ID);
return TRUE;
}
return FALSE;
}
public function user_login()
{
$response = array('redirect' => false, 'request' => $_POST);
//Check for empty fields
if (empty($_POST['email']) || empty($_POST['pwd'])) {
//create new error object and add errors to it.
$error = new WP_Error();
if (empty($email)) {
//No email
$error->add('empty_username', __('<strong>ERROR</strong>: Email field is empty.'));
} else {
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
//Invalid Email
$error->add('invalid_username', __('<strong>ERROR</strong>: Email is invalid.'));
}
}
if (empty($meta['password'])) {
//No password
$error->add('empty_password', __('<strong>ERROR</strong>: Password field is empty.'));
}
$response['errors'] = $error;
}
if (empty($response['errors'])) {
$email = $_POST['email'];
$meta['password'] = $_POST['pwd'];
//Check if user exists in WordPress database
$user = get_user_by('email', $email);
//bad email
if (!$user) {
$error = new WP_Error();
$error->add('invalid', __('<strong>ERROR</strong>: Either the email or password you entered is invalid.'));
$response['errors'] = $error;
} else {
//check password
if (!wp_check_password($meta['password'], $user->user_pass, $user->ID)) {
//bad password
$error = new WP_Error();
$error->add('invalid', __('<strong>ERROR</strong>: Either the email or password you entered is invalid.'));
$response['errors'] = $error;
} else {
wp_clear_auth_cookie();
wp_set_current_user($user->ID);
wp_set_auth_cookie($user->ID);
$response['redirect'] = !empty($_POST['redirect_to']) ? $_POST['redirect_to'] : home_url();
$response['user'] = $user;
}
}
}
echo json_encode($response);
exit;
}
function pc_wp_user_login($user_login, $user)
{
global $wpdb;
global $pc_wp_user;
// do not execute if is a pvtcontent login
if (!isset($GLOBALS['pc_wps_standard_login'])) {
$user_data = $pc_wp_user->wp_user_is_linked($user->ID);
if ($user_data) {
// PC-FILTER - custom login control for custom checks - passes false and user id - return message to abort login otherwise false
$custom_check = apply_filters('pc_login_custom_check', false, $user_data->id);
// check status
if ((int) $user_data->status !== 1 || $custom_check !== false) {
// Clear cookies -> log user out
wp_clear_auth_cookie();
$error_param = $custom_check !== false ? $custom_check : $user_data->status;
// redirect adding disabling parameter - for pc_wp_user_login_message() function
$login_url = site_url('wp-login.php', 'login');
$login_url = add_query_arg('pc_disabled', $error_param, $login_url);
wp_redirect($login_url);
exit;
} else {
include_once PC_DIR . '/functions.php';
//// login in pvtContent
// setup user session, cookie and global
$_SESSION['pc_user_id'] = $user_data->id;
$GLOBALS['pc_user_id'] = $user_data->id;
// set cookie
$cookie_time = isset($_POST['rememberme']) ? 3600 * 24 * 30 * 6 : 3600 * 6;
// 6 month or 6 hours
setcookie('pc_user', $user_data->id . '|||' . $user_data->psw, time() + $cookie_time, '/');
// update last login date
$wpdb->update(PC_USERS_TABLE, array('last_access' => current_time('mysql')), array('id' => $user_data->id));
//// redirect after login
// check for custom categories redirects
$custom_cat_redirect = pc_user_cats_login_redirect($user_data->categories);
if ($custom_cat_redirect) {
$redirect_url = $custom_cat_redirect;
} else {
if (get_option('pg_logged_user_redirect')) {
$redirect_url = pc_man_redirects('pg_logged_user_redirect');
} else {
$redirect_url = site_url();
}
}
wp_redirect($redirect_url);
exit;
}
}
}
}
function wppb_autologin_after_password_changed()
{
if (isset($_POST['action']) && $_POST['action'] == 'edit_profile') {
if (isset($_POST['passw1']) && !empty($_POST['passw1']) && !empty($_POST['form_name'])) {
/* all the error checking filters are defined in each field file so we need them here */
if (file_exists(WPPB_PLUGIN_DIR . '/front-end/default-fields/default-fields.php')) {
require_once WPPB_PLUGIN_DIR . '/front-end/default-fields/default-fields.php';
}
if (file_exists(WPPB_PLUGIN_DIR . '/front-end/extra-fields/extra-fields.php')) {
require_once WPPB_PLUGIN_DIR . '/front-end/extra-fields/extra-fields.php';
}
/* we get the form_name through $_POST so we can apply correctly the filter so we generate the correct fields in the current form */
$form_fields = apply_filters('wppb_change_form_fields', get_option('wppb_manage_fields'), array('form_type' => 'edit_profile', 'form_fields' => array(), 'form_name' => $_POST['form_name'], 'role' => '', 'ID' => Profile_Builder_Form_Creator::wppb_get_form_id_from_form_name($_POST['form_name'], 'edit_profile')));
if (!empty($form_fields)) {
/* check for errors in the form through the filters */
$output_field_errors = array();
foreach ($form_fields as $field) {
$error_for_field = apply_filters('wppb_check_form_field_' . Wordpress_Creation_Kit_PB::wck_generate_slug($field['field']), '', $field, $_POST, 'edit_profile');
if (!empty($error_for_field)) {
$output_field_errors[$field['id']] = '<span class="wppb-form-error">' . $error_for_field . '</span>';
}
}
/* if we have no errors change the password */
if (empty($output_field_errors)) {
$user_id = get_current_user_id();
if (!is_multisite() && current_user_can('edit_users') || is_multisite() && current_user_can('manage_network')) {
if (isset($_GET['edit_user']) && !empty($_GET['edit_user'])) {
$user_id = $_GET['edit_user'];
}
}
if (!isset($_GET['edit_user'])) {
wp_clear_auth_cookie();
/* set the new password for the user */
wp_set_password($_POST['passw1'], $user_id);
// Here we calculate the expiration length of the current auth cookie and compare it to the default expiration.
// If it's greater than this, then we know the user checked 'Remember Me' when they logged in.
$logged_in_cookie = wp_parse_auth_cookie('', 'logged_in');
/** This filter is documented in wp-includes/pluggable.php */
$default_cookie_life = apply_filters('auth_cookie_expiration', 2 * DAY_IN_SECONDS, $user_id, false);
$remember = $logged_in_cookie['expiration'] - time() > $default_cookie_life;
wp_set_auth_cookie($user_id, $remember);
} else {
wp_set_password($_POST['passw1'], $user_id);
}
}
}
}
}
}
/**
* Clear the authentication cookies.
*
* @param array|string $cookie The current authentication cookie.
*/
public static function purge_browser_cookie($cookie)
{
// Remove the action to prevent recursion with some plugins (notably s2member)
remove_action(current_action(), array(__CLASS__, __FUNCTION__));
/*
* Sometimes the cookie is empty because WordPress uses multiple types of auth cookies.
* When one of the cookies is empty, we don't want to purge the cookies because other
* cookies may have us legitimately logged in *and* empty cookies (e.g., unset) aren't
* doing the cache-busting that prompts us to want to purge.
*/
if (empty($cookie)) {
return;
}
wp_clear_auth_cookie();
}
function ihc_do_logout($current_url)
{
$url = get_option('ihc_general_logout_redirect');
if ($url && $url != -1) {
$link = get_permalink($url);
} else {
//redirect to same page
global $wp;
$link = remove_query_arg('ihcaction', $current_url);
}
wp_clear_auth_cookie();
do_action('wp_logout');
nocache_headers();
wp_redirect($link);
exit;
}
function admin_init()
{
global $current_user;
$reset_wp = isset($_POST['reset_wp']) && $_POST['reset_wp'] == 'true' ? true : false;
$reset_wp_confirm = isset($_POST['reset_wp_confirm']) && $_POST['reset_wp_confirm'] == 'reset-wp' ? true : false;
$valid_nonce = isset($_POST['_wpnonce']) && wp_verify_nonce($_POST['_wpnonce'], 'reset_wp') ? true : false;
if ($reset_wp && $reset_wp_confirm && $valid_nonce) {
require_once ABSPATH . '/wp-admin/includes/upgrade.php';
$blogname = get_option('blogname');
$admin_email = get_option('admin_email');
$blog_public = get_option('blog_public');
if ($current_user->user_login != 'admin') {
$user = get_user_by('login', 'admin');
}
if (empty($user->user_level) || $user->user_level < 10) {
$user = $current_user;
}
global $wpdb;
$prefix = str_replace('_', '\\_', $wpdb->prefix);
$tables = $wpdb->get_col("SHOW TABLES LIKE '{$prefix}%'");
foreach ($tables as $table) {
$wpdb->query("DROP TABLE {$table}");
}
$result = wp_install($blogname, $user->user_login, $user->user_email, $blog_public);
extract($result, EXTR_SKIP);
$query = $wpdb->prepare("UPDATE {$wpdb->users} SET user_pass = '******', user_activation_key = '' WHERE ID = '" . $user_id . "' ");
$wpdb->query($query);
$get_user_meta = function_exists('get_user_meta') ? 'get_user_meta' : 'get_usermeta';
$update_user_meta = function_exists('update_user_meta') ? 'update_user_meta' : 'update_usermeta';
if ($get_user_meta($user_id, 'default_password_nag')) {
$update_user_meta($user_id, 'default_password_nag', false);
}
if ($get_user_meta($user_id, $wpdb->prefix . 'default_password_nag')) {
$update_user_meta($user_id, $wpdb->prefix . 'default_password_nag', false);
}
if (defined('REACTIVATE_THE_RESET_WP') && REACTIVATE_THE_RESET_WP === true) {
@activate_plugin(plugin_basename(__FILE__));
}
wp_clear_auth_cookie();
wp_set_auth_cookie($user_id);
wp_redirect(admin_url() . "?reset-wp=reset-wp");
exit;
}
if (array_key_exists('reset-wp', $_GET) && stristr($_SERVER['HTTP_REFERER'], 'reset-wp')) {
add_action('admin_notices', array(&$this, 'admin_notices_successfully_reset'));
}
}
public function load_session_id()
{
global $user, $auth, $phpbb_container, $phpbb_extension_manager;
$user->session_begin();
$auth->acl($user->data);
if (!\wpphpbbu\User::is_user_logged_in()) {
$userid = \wpphpbbu\User::get_userid();
// Get user ID
// $user->setup(false,false);
if ($userid > 0) {
wp_clear_auth_cookie();
$wpuser = wp_set_current_user($userid);
// Set the current user
wp_set_auth_cookie($userid, true, false);
}
}
// Return current user session id
return $user->session_id;
}
function login()
{
global $secken, $wpdb;
if (!empty($_GET['redirect_to']) && $_GET['redirect_to'] === 'yangcong_login' && isset($_POST['uuid'])) {
$info = $secken->getResult($_POST['uuid']);
if (!empty($info['uid'])) {
$author_id = $wpdb->get_var("SELECT user_id FROM {$wpdb->usermeta} WHERE meta_key = 'yangcong_uid' AND meta_value ='{$info['uid']}'");
if (is_numeric($author_id)) {
wp_clear_auth_cookie();
wp_set_auth_cookie($author_id, true, is_ssl());
wp_set_current_user($author_id);
message(__('登录成功', 'yangcong'), 1, isset($_POST['redirect_to']) ? $_POST['redirect_to'] : null);
} else {
message(__('登录失败', 'yangcong'));
}
} else {
message($secken->getMessage());
}
}
}
public static function request()
{
$nonce = isset($_REQUEST['nonce']) ? $_REQUEST['nonce'] : '';
if ($nonce && wp_verify_nonce($nonce, 'gatekeeper')) {
if (is_user_logged_in()) {
wp_logout();
}
$id = (int) $_REQUEST['id'];
if ($id) {
$token = $_REQUEST['token'];
$user_token = get_user_meta($id, 'login_token', true);
if ($user_token == $token) {
wp_clear_auth_cookie();
wp_set_current_user($id);
wp_set_auth_cookie($id);
delete_user_meta($id, 'login_token');
}
}
}
wp_redirect('/');
exit(0);
}
public static function ajax()
{
$result = [];
$nonce = isset($_REQUEST['nonce']) ? $_REQUEST['nonce'] : '';
if ($nonce && wp_verify_nonce($nonce, 'gatekeeper')) {
if (is_user_logged_in()) {
wp_logout();
}
$user = \get_user_by('email', $_REQUEST['email']);
if (!$user) {
$user = \get_user_by('login', $_REQUEST['email']);
}
if (!$user) {
$result['status'] = 'error';
$result['message'] = __('Sorry! Given credentials are not correct.', 'gatekeeper');
} else {
$creds = [];
$creds['user_login'] = $user->user_login;
$creds['user_password'] = $_REQUEST['password'];
$creds['remember'] = isset($_REQUEST['remember']) ? $_REQUEST['remember'] : false;
$user = wp_signon($creds, false);
if (is_wp_error($user)) {
$result['status'] = 'error';
$result['message'] = __('Sorry! Given credentials are not correct.', 'gatekeeper');
} else {
wp_clear_auth_cookie();
wp_set_current_user($user->ID);
wp_set_auth_cookie($user->ID);
$result['status'] = 'success';
$result['message'] = __('Welcome! We will now start redirecting you...', 'gatekeeper');
}
}
} else {
$result['status'] = 'error';
$result['message'] = __("Security error! Try reload the page and try again! (nonce={$nonce})", 'gatekeeper');
}
echo json_encode($result);
exit(0);
}
/**
* Update a user in the database.
*
* It is possible to update a user's password by specifying the 'user_pass'
* value in the $userdata parameter array.
*
* If current user's password is being updated, then the cookies will be
* cleared.
*
* @since 2.0.0
*
* @see wp_insert_user() For what fields can be set in $userdata.
*
* @param mixed $userdata An array of user data or a user object of type stdClass or WP_User.
* @return int|WP_Error The updated user's ID or a WP_Error object if the user could not be updated.
*/
function wp_update_user($userdata)
{
if ($userdata instanceof stdClass) {
$userdata = get_object_vars($userdata);
} elseif ($userdata instanceof WP_User) {
$userdata = $userdata->to_array();
}
$ID = isset($userdata['ID']) ? (int) $userdata['ID'] : 0;
if (!$ID) {
return new WP_Error('invalid_user_id', __('Invalid user ID.'));
}
// First, get all of the original fields
$user_obj = get_userdata($ID);
if (!$user_obj) {
return new WP_Error('invalid_user_id', __('Invalid user ID.'));
}
$user = $user_obj->to_array();
// Add additional custom fields
foreach (_get_additional_user_keys($user_obj) as $key) {
$user[$key] = get_user_meta($ID, $key, true);
}
// Escape data pulled from DB.
$user = add_magic_quotes($user);
if (!empty($userdata['user_pass']) && $userdata['user_pass'] !== $user_obj->user_pass) {
// If password is changing, hash it now
$plaintext_pass = $userdata['user_pass'];
$userdata['user_pass'] = wp_hash_password($userdata['user_pass']);
/**
* Filter whether to send the password change email.
*
* @since 4.3.0
*
* @see wp_insert_user() For `$user` and `$userdata` fields.
*
* @param bool $send Whether to send the email.
* @param array $user The original user array.
* @param array $userdata The updated user array.
*
*/
$send_password_change_email = apply_filters('send_password_change_email', true, $user, $userdata);
}
if (isset($userdata['user_email']) && $user['user_email'] !== $userdata['user_email']) {
/**
* Filter whether to send the email change email.
*
* @since 4.3.0
*
* @see wp_insert_user() For `$user` and `$userdata` fields.
*
* @param bool $send Whether to send the email.
* @param array $user The original user array.
* @param array $userdata The updated user array.
*
*/
$send_email_change_email = apply_filters('send_email_change_email', true, $user, $userdata);
}
wp_cache_delete($user['user_email'], 'useremail');
// Merge old and new fields with new fields overwriting old ones.
$userdata = array_merge($user, $userdata);
$user_id = wp_insert_user($userdata);
if (!is_wp_error($user_id)) {
$blog_name = wp_specialchars_decode(get_option('blogname'));
if (!empty($send_password_change_email)) {
/* translators: Do not translate USERNAME, ADMIN_EMAIL, EMAIL, SITENAME, SITEURL: those are placeholders. */
$pass_change_text = __('Hi ###USERNAME###,
This notice confirms that your password was changed on ###SITENAME###.
If you did not change your password, please contact the Site Administrator at
###ADMIN_EMAIL###
This email has been sent to ###EMAIL###
Regards,
All at ###SITENAME###
###SITEURL###');
$pass_change_email = array('to' => $user['user_email'], 'subject' => __('[%s] Notice of Password Change'), 'message' => $pass_change_text, 'headers' => '');
/**
* Filter the contents of the email sent when the user's password is changed.
*
* @since 4.3.0
*
* @param array $pass_change_email {
* Used to build wp_mail().
* @type string $to The intended recipients. Add emails in a comma separated string.
* @type string $subject The subject of the email.
* @type string $message The content of the email.
* The following strings have a special meaning and will get replaced dynamically:
* - ###USERNAME### The current user's username.
* - ###ADMIN_EMAIL### The admin email in case this was unexpected.
* - ###EMAIL### The old email.
* - ###SITENAME### The name of the site.
* - ###SITEURL### The URL to the site.
* @type string $headers Headers. Add headers in a newline (\r\n) separated string.
* }
* @param array $user The original user array.
* @param array $userdata The updated user array.
*
*/
$pass_change_email = apply_filters('password_change_email', $pass_change_email, $user, $userdata);
$pass_change_email['message'] = str_replace('###USERNAME###', $user['user_login'], $pass_change_email['message']);
$pass_change_email['message'] = str_replace('###ADMIN_EMAIL###', get_option('admin_email'), $pass_change_email['message']);
$pass_change_email['message'] = str_replace('###EMAIL###', $user['user_email'], $pass_change_email['message']);
$pass_change_email['message'] = str_replace('###SITENAME###', get_option('blogname'), $pass_change_email['message']);
$pass_change_email['message'] = str_replace('###SITEURL###', home_url(), $pass_change_email['message']);
wp_mail($pass_change_email['to'], sprintf($pass_change_email['subject'], $blog_name), $pass_change_email['message'], $pass_change_email['headers']);
}
if (!empty($send_email_change_email)) {
/* translators: Do not translate USERNAME, ADMIN_EMAIL, EMAIL, SITENAME, SITEURL: those are placeholders. */
$email_change_text = __('Hi ###USERNAME###,
This notice confirms that your email was changed on ###SITENAME###.
If you did not change your email, please contact the Site Administrator at
###ADMIN_EMAIL###
This email has been sent to ###EMAIL###
Regards,
All at ###SITENAME###
###SITEURL###');
$email_change_email = array('to' => $user['user_email'], 'subject' => __('[%s] Notice of Email Change'), 'message' => $email_change_text, 'headers' => '');
/**
* Filter the contents of the email sent when the user's email is changed.
*
* @since 4.3.0
*
* @param array $email_change_email {
* Used to build wp_mail().
* @type string $to The intended recipients.
* @type string $subject The subject of the email.
* @type string $message The content of the email.
* The following strings have a special meaning and will get replaced dynamically:
* - ###USERNAME### The current user's username.
* - ###ADMIN_EMAIL### The admin email in case this was unexpected.
* - ###EMAIL### The old email.
* - ###SITENAME### The name of the site.
* - ###SITEURL### The URL to the site.
* @type string $headers Headers.
* }
* @param array $user The original user array.
* @param array $userdata The updated user array.
*/
$email_change_email = apply_filters('email_change_email', $email_change_email, $user, $userdata);
$email_change_email['message'] = str_replace('###USERNAME###', $user['user_login'], $email_change_email['message']);
$email_change_email['message'] = str_replace('###ADMIN_EMAIL###', get_option('admin_email'), $email_change_email['message']);
$email_change_email['message'] = str_replace('###EMAIL###', $user['user_email'], $email_change_email['message']);
$email_change_email['message'] = str_replace('###SITENAME###', get_option('blogname'), $email_change_email['message']);
$email_change_email['message'] = str_replace('###SITEURL###', home_url(), $email_change_email['message']);
wp_mail($email_change_email['to'], sprintf($email_change_email['subject'], $blog_name), $email_change_email['message'], $email_change_email['headers']);
}
}
// Update the cookies if the password changed.
$current_user = wp_get_current_user();
if ($current_user->ID == $ID) {
if (isset($plaintext_pass)) {
wp_clear_auth_cookie();
// Here we calculate the expiration length of the current auth cookie and compare it to the default expiration.
// If it's greater than this, then we know the user checked 'Remember Me' when they logged in.
$logged_in_cookie = wp_parse_auth_cookie('', 'logged_in');
/** This filter is documented in wp-includes/pluggable.php */
$default_cookie_life = apply_filters('auth_cookie_expiration', 2 * DAY_IN_SECONDS, $ID, false);
$remember = $logged_in_cookie['expiration'] - time() > $default_cookie_life;
wp_set_auth_cookie($ID, $remember);
}
}
return $user_id;
}
function cerber_stop_cookies($cookie_elements)
{
if (cerber_check_groove()) {
return;
}
// keep already logged in users
if (!cerber_is_allowed(cerber_get_ip())) {
wp_clear_auth_cookie();
}
}
} elseif (strpos($redirect_to, 'about.php?updated')) {
$errors->add('updated', __('<strong>You have successfully updated WordPress!</strong> Please log back in to see what’s new.'), 'message');
}
}
/**
* Filter the login page errors.
*
* @since 3.6.0
*
* @param object $errors WP Error object.
* @param string $redirect_to Redirect destination URL.
*/
$errors = apply_filters('wp_login_errors', $errors, $redirect_to);
// Clear any stale cookies.
if ($reauth) {
wp_clear_auth_cookie();
}
login_header(__('Log In'), '', $errors);
if (isset($_POST['log'])) {
$user_login = '******' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ? esc_attr(wp_unslash($_POST['log'])) : '';
}
$rememberme = !empty($_POST['rememberme']);
if (!empty($errors->errors)) {
$aria_describedby_error = ' aria-describedby="login_error"';
} else {
$aria_describedby_error = '';
}
?>
<form name="loginform" id="loginform" action="<?php
echo esc_url(wp_login_url());
/**
* Proccesses the request
*
* Callback for "template_redirect" hook in template-loader.php
*
* @since 6.3
* @access public
*/
public function template_redirect()
{
$this->request_action = isset($_REQUEST['action']) ? sanitize_key($_REQUEST['action']) : '';
if (!$this->request_action && self::is_tml_page()) {
$this->request_action = self::get_page_action(get_the_id());
}
$this->request_instance = isset($_REQUEST['instance']) ? sanitize_key($_REQUEST['instance']) : 0;
do_action_ref_array('tml_request', array(&$this));
// allow plugins to override the default actions, and to add extra actions if they want
do_action('login_form_' . $this->request_action);
if (has_action('tml_request_' . $this->request_action)) {
do_action_ref_array('tml_request_' . $this->request_action, array(&$this));
} else {
$http_post = 'POST' == $_SERVER['REQUEST_METHOD'];
switch ($this->request_action) {
case 'postpass':
if (!array_key_exists('post_password', $_POST)) {
wp_safe_redirect(wp_get_referer());
exit;
}
require_once ABSPATH . 'wp-includes/class-phpass.php';
$hasher = new PasswordHash(8, true);
$expire = apply_filters('post_password_expires', time() + 10 * DAY_IN_SECONDS);
if ($referer) {
$secure = 'https' === parse_url($referer, PHP_URL_SCHEME);
} else {
$secure = false;
}
setcookie('wp-postpass_' . COOKIEHASH, $hasher->HashPassword(wp_unslash($_POST['post_password'])), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure);
wp_safe_redirect(wp_get_referer());
exit;
break;
case 'logout':
check_admin_referer('log-out');
$user = wp_get_current_user();
wp_logout();
if (!empty($_REQUEST['redirect_to'])) {
$redirect_to = $requested_redirect_to = $_REQUEST['redirect_to'];
} else {
$redirect_to = site_url('wp-login.php?loggedout=true');
$requested_redirect_to = '';
}
$redirect_to = apply_filters('logout_redirect', $redirect_to, $requested_redirect_to, $user);
wp_safe_redirect($redirect_to);
exit;
break;
case 'lostpassword':
case 'retrievepassword':
if ($http_post) {
$this->errors = self::retrieve_password();
if (!is_wp_error($this->errors)) {
$redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : site_url('wp-login.php?checkemail=confirm');
wp_safe_redirect($redirect_to);
exit;
}
}
if (isset($_REQUEST['error'])) {
if ('invalidkey' == $_REQUEST['error']) {
$this->errors->add('invalidkey', __('Your password reset link appears to be invalid. Please request a new link below.', 'theme-my-login'));
} elseif ('expiredkey' == $_REQUEST['error']) {
$this->errors->add('expiredkey', __('Your password reset link has expired. Please request a new link below.', 'theme-my-login'));
}
}
do_action('lost_password');
break;
case 'resetpass':
case 'rp':
// Dirty hack for now
global $rp_login, $rp_key;
list($rp_path) = explode('?', wp_unslash($_SERVER['REQUEST_URI']));
$rp_cookie = 'wp-resetpass-' . COOKIEHASH;
if (isset($_GET['key'])) {
$value = sprintf('%s:%s', wp_unslash($_GET['login']), wp_unslash($_GET['key']));
setcookie($rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
wp_safe_redirect(remove_query_arg(array('key', 'login')));
exit;
}
if (isset($_COOKIE[$rp_cookie]) && 0 < strpos($_COOKIE[$rp_cookie], ':')) {
list($rp_login, $rp_key) = explode(':', wp_unslash($_COOKIE[$rp_cookie]), 2);
$user = check_password_reset_key($rp_key, $rp_login);
if (isset($_POST['pass1']) && !hash_equals($rp_key, $_POST['rp_key'])) {
$user = false;
}
} else {
$user = false;
}
if (!$user || is_wp_error($user)) {
setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
if ($user && $user->get_error_code() === 'expired_key') {
wp_redirect(site_url('wp-login.php?action=lostpassword&error=expiredkey'));
} else {
wp_redirect(site_url('wp-login.php?action=lostpassword&error=invalidkey'));
}
exit;
}
if (isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2']) {
$this->errors->add('password_reset_mismatch', __('The passwords do not match.', 'theme-my-login'));
}
do_action('validate_password_reset', $this->errors, $user);
if (!$this->errors->get_error_code() && isset($_POST['pass1']) && !empty($_POST['pass1'])) {
reset_password($user, $_POST['pass1']);
setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true);
$redirect_to = site_url('wp-login.php?resetpass=complete');
wp_safe_redirect($redirect_to);
exit;
}
wp_enqueue_script('utils');
wp_enqueue_script('user-profile');
break;
case 'register':
if (!get_option('users_can_register')) {
$redirect_to = site_url('wp-login.php?registration=disabled');
wp_redirect($redirect_to);
exit;
}
$user_login = '';
$user_email = '';
if ($http_post) {
if ('email' == $this->get_option('login_type')) {
$user_login = isset($_POST['user_email']) ? $_POST['user_email'] : '';
} else {
$user_login = isset($_POST['user_login']) ? $_POST['user_login'] : '';
}
$user_email = isset($_POST['user_email']) ? $_POST['user_email'] : '';
$this->errors = register_new_user($user_login, $user_email);
if (!is_wp_error($this->errors)) {
$redirect_to = !empty($_POST['redirect_to']) ? $_POST['redirect_to'] : site_url('wp-login.php?checkemail=registered');
wp_safe_redirect($redirect_to);
exit;
}
}
break;
case 'login':
default:
$secure_cookie = '';
$interim_login = isset($_REQUEST['interim-login']);
// If the user wants ssl but the session is not ssl, force a secure cookie.
if (!empty($_POST['log']) && !force_ssl_admin()) {
$user_name = sanitize_user($_POST['log']);
if ($user = get_user_by('login', $user_name)) {
if (get_user_option('use_ssl', $user->ID)) {
$secure_cookie = true;
force_ssl_admin(true);
}
}
}
if (!empty($_REQUEST['redirect_to'])) {
$redirect_to = $_REQUEST['redirect_to'];
// Redirect to https if user wants ssl
if ($secure_cookie && false !== strpos($redirect_to, 'wp-admin')) {
$redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
}
} else {
$redirect_to = admin_url();
}
$reauth = empty($_REQUEST['reauth']) ? false : true;
if ($http_post && isset($_POST['log'])) {
$user = wp_signon('', $secure_cookie);
$redirect_to = apply_filters('login_redirect', $redirect_to, isset($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : '', $user);
if (!is_wp_error($user) && !$reauth) {
if (empty($redirect_to) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url()) {
// If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID)) {
$redirect_to = user_admin_url();
} elseif (is_multisite() && !$user->has_cap('read')) {
$redirect_to = get_dashboard_url($user->ID);
} elseif (!$user->has_cap('edit_posts')) {
$redirect_to = $user->has_cap('read') ? admin_url('profile.php') : home_url();
}
}
wp_safe_redirect($redirect_to);
exit;
}
$this->errors = $user;
}
// Clear errors if loggedout is set.
if (!empty($_GET['loggedout']) || $reauth) {
$this->errors = new WP_Error();
}
// Some parts of this script use the main login form to display a message
if (isset($_GET['loggedout']) && true == $_GET['loggedout']) {
$this->errors->add('loggedout', __('You are now logged out.', 'theme-my-login'), 'message');
} elseif (isset($_GET['registration']) && 'disabled' == $_GET['registration']) {
$this->errors->add('registerdisabled', __('User registration is currently not allowed.', 'theme-my-login'));
} elseif (isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail']) {
$this->errors->add('confirm', __('Check your e-mail for the confirmation link.', 'theme-my-login'), 'message');
} elseif (isset($_GET['resetpass']) && 'complete' == $_GET['resetpass']) {
$this->errors->add('password_reset', __('Your password has been reset.', 'theme-my-login'), 'message');
} elseif (isset($_GET['checkemail']) && 'registered' == $_GET['checkemail']) {
$this->errors->add('registered', __('Registration complete. Please check your e-mail.', 'theme-my-login'), 'message');
} elseif ($interim_login) {
$this->errors->add('expired', __('Your session has expired. Please log-in again.', 'theme-my-login'), 'message');
} elseif (strpos($redirect_to, 'about.php?updated')) {
$this->errors->add('updated', __('<strong>You have successfully updated WordPress!</strong> Please log back in to experience the awesomeness.', 'theme-my-login'), 'message');
} elseif ($reauth) {
$this->errors->add('reauth', __('Please log in to continue.', 'theme-my-login'), 'message');
}
// Clear any stale cookies.
if ($reauth) {
wp_clear_auth_cookie();
}
break;
}
// end switch
}
// endif has_filter()
}
/**
* Log the current user out.
*
* @since 2.5.0
*/
function wp_logout()
{
wp_destroy_current_session();
wp_clear_auth_cookie();
/**
* Fires after a user is logged-out.
*
* @since 1.5.0
*/
do_action('wp_logout');
}
/**
* Lets the module know that this is a reauthorization
*
* @since 4.1
*
* @return void
*/
public function auth_cookie_expired()
{
$this->auth_cookie_expired = true;
wp_clear_auth_cookie();
}
/**
* Update an user in the database.
*
* It is possible to update a user's password by specifying the 'user_pass'
* value in the $userdata parameter array.
*
* If $userdata does not contain an 'ID' key, then a new user will be created
* and the new user's ID will be returned.
*
* If current user's password is being updated, then the cookies will be
* cleared.
*
* @since 2.0.0
* @see wp_insert_user() For what fields can be set in $userdata
* @uses wp_insert_user() Used to update existing user or add new one if user doesn't exist already
*
* @param array $userdata An array of user data.
* @return int The updated user's ID.
*/
function wp_update_user($userdata)
{
$ID = (int) $userdata['ID'];
// First, get all of the original fields
$user_obj = get_userdata($ID);
$user = get_object_vars($user_obj->data);
// Add additional custom fields
foreach (_get_additional_user_keys($user_obj) as $key) {
$user[$key] = get_user_meta($ID, $key, true);
}
// Escape data pulled from DB.
$user = add_magic_quotes($user);
// If password is changing, hash it now.
if (!empty($userdata['user_pass'])) {
$plaintext_pass = $userdata['user_pass'];
$userdata['user_pass'] = wp_hash_password($userdata['user_pass']);
}
wp_cache_delete($user['user_email'], 'useremail');
// Merge old and new fields with new fields overwriting old ones.
$userdata = array_merge($user, $userdata);
$user_id = wp_insert_user($userdata);
// Update the cookies if the password changed.
$current_user = wp_get_current_user();
if ($current_user->ID == $ID) {
if (isset($plaintext_pass)) {
wp_clear_auth_cookie();
wp_set_auth_cookie($ID);
}
}
return $user_id;
}
function wp_logout()
{
if (OPENAM_REST_ENABLED and OPENAM_LOGOUT_TOO) {
$tokenId = $_COOKIE[OPENAM_COOKIE_NAME];
if (!empty($tokenId) and is_user_logged_in()) {
do_action('wp_logout');
$headers = array(OPENAM_COOKIE_NAME => $tokenId, 'Content-Type' => 'application/json');
$url = OPENAM_BASE_URL . OPENAM_SESSION_URI . "?_action=logout";
$response = wp_remote_post($url, array('headers' => $headers, 'sslverify' => false));
openam_debug("wp_logout: RAW RESPONSE LOGOUT: " . print_r($response, TRUE));
$expiration_date = time() - 60;
setcookie(OPENAM_COOKIE_NAME, '', $expiration_date, '/', DOMAIN);
}
}
wp_clear_auth_cookie();
do_action('wp_logout');
}
/**
* Clears the authentication cookie, logging the user out.
*
* @since 1.5
* @deprecated Use wp_clear_auth_cookie()
* @see wp_clear_auth_cookie()
*/
function wp_clearcookie()
{
_deprecated_function(__FUNCTION__, '2.5', 'wp_clear_auth_cookie()');
wp_clear_auth_cookie();
}
