/**
*Process the login form
*
* @access public
* @since 1.0
*/
function rcp_process_login_form()
{
if (!isset($_POST['rcp_action']) || 'login' != $_POST['rcp_action']) {
return;
}
if (!isset($_POST['rcp_login_nonce']) || !wp_verify_nonce($_POST['rcp_login_nonce'], 'rcp-login-nonce')) {
return;
}
if (is_email($_POST['rcp_user_login'])) {
$user = get_user_by('email', $_POST['rcp_user_login']);
} else {
// this returns the user ID and other info from the user name
$user = get_user_by('login', $_POST['rcp_user_login']);
}
do_action('rcp_before_form_errors', $_POST);
if (!$user) {
// if the user name doesn't exist
rcp_errors()->add('empty_username', __('Invalid username or email', 'rcp'), 'login');
}
if (!isset($_POST['rcp_user_pass']) || $_POST['rcp_user_pass'] == '') {
// if no password was entered
rcp_errors()->add('empty_password', __('Please enter a password', 'rcp'), 'login');
}
if ($user) {
// check the user's login with their password
if (!wp_check_password($_POST['rcp_user_pass'], $user->user_pass, $user->ID)) {
// if the password is incorrect for the specified user
rcp_errors()->add('empty_password', __('Incorrect password', 'rcp'), 'login');
}
}
if (function_exists('is_limit_login_ok') && !is_limit_login_ok()) {
rcp_errors()->add('limit_login_failed', limit_login_error_msg(), 'login');
}
do_action('rcp_login_form_errors', $_POST);
// retrieve all error messages
$errors = rcp_errors()->get_error_messages();
// only log the user in if there are no errors
if (empty($errors)) {
$remember = isset($_POST['rcp_user_remember']);
$redirect = !empty($_POST['rcp_redirect']) ? $_POST['rcp_redirect'] : home_url();
rcp_login_user_in($user->ID, $_POST['rcp_user_login'], $remember);
// redirect the user back to the page they were previously on
wp_redirect($redirect);
exit;
} else {
if (function_exists('limit_login_failed')) {
limit_login_failed($_POST['rcp_user_login']);
}
}
}
/**
* Process the loginform submission
*
* @since 1.0
*/
public function process_login($data)
{
if (!isset($_POST['affwp_login_nonce']) || !wp_verify_nonce($_POST['affwp_login_nonce'], 'affwp-login-nonce')) {
return;
}
do_action('affwp_pre_process_login_form');
if (empty($data['affwp_user_login'])) {
$this->add_error('empty_username', __('Invalid username', 'affiliate-wp'));
}
$user = get_user_by('login', $_POST['affwp_user_login']);
if (!$user) {
$user = get_user_by('email', $_POST['affwp_user_login']);
}
if (!$user) {
$this->add_error('no_such_user', __('No such user', 'affiliate-wp'));
}
if (empty($_POST['affwp_user_pass'])) {
$this->add_error('empty_password', __('Please enter a password', 'affiliate-wp'));
}
if ($user) {
// check the user's login with their password
if (!wp_check_password($_POST['affwp_user_pass'], $user->user_pass, $user->ID)) {
// if the password is incorrect for the specified user
$this->add_error('password_incorrect', __('Incorrect username or password', 'affiliate-wp'));
}
}
if (function_exists('is_limit_login_ok') && !is_limit_login_ok()) {
$this->add_error('limit_login_failed', limit_login_error_msg());
}
do_action('affwp_process_login_form');
// only log the user in if there are no errors
if (empty($this->errors)) {
$remember = isset($_POST['affwp_user_remember']);
$this->log_user_in($user->ID, $_POST['affwp_user_login'], $remember);
$redirect = apply_filters('affwp_login_redirect', $data['affwp_redirect']);
if ($redirect) {
wp_redirect($redirect);
exit;
}
} else {
if (function_exists('limit_login_failed')) {
limit_login_failed($_POST['affwp_user_login']);
}
}
}
function limit_login_fixup_error_messages($content)
{
global $limit_login_just_lockedout, $limit_login_nonempty_credentials, $limit_login_my_error_shown;
if (!should_limit_login_show_msg()) {
return $content;
}
/*
* During lockout we do not want to show any other error messages (like
* unknown user or empty password).
*/
if (!is_limit_login_ok() && !$limit_login_just_lockedout) {
return limit_login_error_msg();
}
/*
* We want to filter the messages 'Invalid username' and
* 'Invalid password' as that is an information leak regarding user
* account names (prior to WP 2.9?).
*
* Also, if more than one error message, put an extra <br /> tag between
* them.
*/
$msgs = explode("<br />\n", $content);
if (strlen(end($msgs)) == 0) {
/* remove last entry empty string */
array_pop($msgs);
}
$count = count($msgs);
$my_warn_count = $limit_login_my_error_shown ? 1 : 0;
if ($limit_login_nonempty_credentials && $count > $my_warn_count) {
/* Replace error message, including ours if necessary */
$content = __('<strong>ERROR</strong>: Incorrect username or password.', 'limit-login-attempts') . "<br />\n";
if ($limit_login_my_error_shown) {
$content .= "<br />\n" . limit_login_get_message() . "<br />\n";
}
return $content;
} elseif ($count <= 1) {
return $content;
}
$new = '';
while ($count-- > 0) {
$new .= array_shift($msgs) . "<br />\n";
if ($count > 0) {
$new .= "<br />\n";
}
}
return $new;
}
