/** *Process the login form * * @access public * @since 1.0 */ function rcp_process_login_form() { if (!isset($_POST['rcp_action']) || 'login' != $_POST['rcp_action']) { return; } if (!isset($_POST['rcp_login_nonce']) || !wp_verify_nonce($_POST['rcp_login_nonce'], 'rcp-login-nonce')) { return; } if (is_email($_POST['rcp_user_login'])) { $user = get_user_by('email', $_POST['rcp_user_login']); } else { // this returns the user ID and other info from the user name $user = get_user_by('login', $_POST['rcp_user_login']); } do_action('rcp_before_form_errors', $_POST); if (!$user) { // if the user name doesn't exist rcp_errors()->add('empty_username', __('Invalid username or email', 'rcp'), 'login'); } if (!isset($_POST['rcp_user_pass']) || $_POST['rcp_user_pass'] == '') { // if no password was entered rcp_errors()->add('empty_password', __('Please enter a password', 'rcp'), 'login'); } if ($user) { // check the user's login with their password if (!wp_check_password($_POST['rcp_user_pass'], $user->user_pass, $user->ID)) { // if the password is incorrect for the specified user rcp_errors()->add('empty_password', __('Incorrect password', 'rcp'), 'login'); } } if (function_exists('is_limit_login_ok') && !is_limit_login_ok()) { rcp_errors()->add('limit_login_failed', limit_login_error_msg(), 'login'); } do_action('rcp_login_form_errors', $_POST); // retrieve all error messages $errors = rcp_errors()->get_error_messages(); // only log the user in if there are no errors if (empty($errors)) { $remember = isset($_POST['rcp_user_remember']); $redirect = !empty($_POST['rcp_redirect']) ? $_POST['rcp_redirect'] : home_url(); rcp_login_user_in($user->ID, $_POST['rcp_user_login'], $remember); // redirect the user back to the page they were previously on wp_redirect($redirect); exit; } else { if (function_exists('limit_login_failed')) { limit_login_failed($_POST['rcp_user_login']); } } }
/** * Process the loginform submission * * @since 1.0 */ public function process_login($data) { if (!isset($_POST['affwp_login_nonce']) || !wp_verify_nonce($_POST['affwp_login_nonce'], 'affwp-login-nonce')) { return; } do_action('affwp_pre_process_login_form'); if (empty($data['affwp_user_login'])) { $this->add_error('empty_username', __('Invalid username', 'affiliate-wp')); } $user = get_user_by('login', $_POST['affwp_user_login']); if (!$user) { $user = get_user_by('email', $_POST['affwp_user_login']); } if (!$user) { $this->add_error('no_such_user', __('No such user', 'affiliate-wp')); } if (empty($_POST['affwp_user_pass'])) { $this->add_error('empty_password', __('Please enter a password', 'affiliate-wp')); } if ($user) { // check the user's login with their password if (!wp_check_password($_POST['affwp_user_pass'], $user->user_pass, $user->ID)) { // if the password is incorrect for the specified user $this->add_error('password_incorrect', __('Incorrect username or password', 'affiliate-wp')); } } if (function_exists('is_limit_login_ok') && !is_limit_login_ok()) { $this->add_error('limit_login_failed', limit_login_error_msg()); } do_action('affwp_process_login_form'); // only log the user in if there are no errors if (empty($this->errors)) { $remember = isset($_POST['affwp_user_remember']); $this->log_user_in($user->ID, $_POST['affwp_user_login'], $remember); $redirect = apply_filters('affwp_login_redirect', $data['affwp_redirect']); if ($redirect) { wp_redirect($redirect); exit; } } else { if (function_exists('limit_login_failed')) { limit_login_failed($_POST['affwp_user_login']); } } }
function limit_login_fixup_error_messages($content) { global $limit_login_just_lockedout, $limit_login_nonempty_credentials, $limit_login_my_error_shown; if (!should_limit_login_show_msg()) { return $content; } /* * During lockout we do not want to show any other error messages (like * unknown user or empty password). */ if (!is_limit_login_ok() && !$limit_login_just_lockedout) { return limit_login_error_msg(); } /* * We want to filter the messages 'Invalid username' and * 'Invalid password' as that is an information leak regarding user * account names (prior to WP 2.9?). * * Also, if more than one error message, put an extra <br /> tag between * them. */ $msgs = explode("<br />\n", $content); if (strlen(end($msgs)) == 0) { /* remove last entry empty string */ array_pop($msgs); } $count = count($msgs); $my_warn_count = $limit_login_my_error_shown ? 1 : 0; if ($limit_login_nonempty_credentials && $count > $my_warn_count) { /* Replace error message, including ours if necessary */ $content = __('<strong>ERROR</strong>: Incorrect username or password.', 'limit-login-attempts') . "<br />\n"; if ($limit_login_my_error_shown) { $content .= "<br />\n" . limit_login_get_message() . "<br />\n"; } return $content; } elseif ($count <= 1) { return $content; } $new = ''; while ($count-- > 0) { $new .= array_shift($msgs) . "<br />\n"; if ($count > 0) { $new .= "<br />\n"; } } return $new; }