Pastebin launched a little side project called VERYVIRAL.com, check it out ;-) Want more features on Pastebin? Sign Up, it's FREE!
Guest

Code For Form

By: sueheap23 on Jan 25th, 2013  |  syntax: PHP  |  size: 28.64 KB  |  views: 116  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. <?php
  2. /**
  3.  * WordPress User Page
  4.  *
  5.  * Handles authentication, registering, resetting passwords, forgot password,
  6.  * and other user handling.
  7.  *
  8.  * @package WordPress
  9.  */
  10.  
  11. /** Make sure that the WordPress bootstrap has run before continuing. */
  12. require( dirname(__FILE__) . '/wp-load.php' );
  13.  
  14. // Redirect to https login if forced to use SSL
  15. if ( force_ssl_admin() && ! is_ssl() ) {
  16.         if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
  17.                 wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
  18.                 exit();
  19.         } else {
  20.                 wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
  21.                 exit();
  22.         }
  23. }
  24.  
  25. /**
  26.  * Outputs the header for the login page.
  27.  *
  28.  * @uses do_action() Calls the 'login_head' for outputting HTML in the Log In
  29.  *              header.
  30.  * @uses apply_filters() Calls 'login_headerurl' for the top login link.
  31.  * @uses apply_filters() Calls 'login_headertitle' for the top login title.
  32.  * @uses apply_filters() Calls 'login_message' on the message to display in the
  33.  *              header.
  34.  * @uses $error The error global, which is checked for displaying errors.
  35.  *
  36.  * @param string $title Optional. WordPress Log In Page title to display in
  37.  *              <title/> element.
  38.  * @param string $message Optional. Message to display in header.
  39.  * @param WP_Error $wp_error Optional. WordPress Error Object
  40.  */
  41. function login_header($title = 'Log In', $message = '', $wp_error = '') {
  42.         global $error, $interim_login, $current_site, $action;
  43.  
  44.         // Don't index any of these forms
  45.         add_action( 'login_head', 'wp_no_robots' );
  46.  
  47.         if ( empty($wp_error) )
  48.                 $wp_error = new WP_Error();
  49.  
  50.         // Shake it!
  51.         $shake_error_codes = array( 'empty_password', 'empty_email', 'invalid_email', 'invalidcombo', 'empty_username', 'invalid_username', 'incorrect_password' );
  52.         $shake_error_codes = apply_filters( 'shake_error_codes', $shake_error_codes );
  53.  
  54.         if ( $shake_error_codes && $wp_error->get_error_code() && in_array( $wp_error->get_error_code(), $shake_error_codes ) )
  55.                 add_action( 'login_head', 'wp_shake_js', 12 );
  56.  
  57.         ?><!DOCTYPE html>
  58.         <html xmlns="http://www.w3.org/1999/xhtml" <?php language_attributes(); ?>>
  59.         <head>
  60.         <meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" />
  61.         <title><?php bloginfo('name'); ?><?php echo $title; ?></title>
  62.         <?php
  63.  
  64.         wp_admin_css( 'wp-admin', true );
  65.         wp_admin_css( 'colors-fresh', true );
  66.  
  67.         if ( wp_is_mobile() ) { ?>
  68.                 <meta name="viewport" content="width=320; initial-scale=0.9; maximum-scale=1.0; user-scalable=0;" /><?php
  69.         }
  70.  
  71.         do_action( 'login_enqueue_scripts' );
  72.         do_action( 'login_head' );
  73.  
  74.         if ( is_multisite() ) {
  75.                 $login_header_url   = network_home_url();
  76.                 $login_header_title = $current_site->site_name;
  77.         } else {
  78.                 $login_header_url   = __( 'http://wordpress.org/' );
  79.                 $login_header_title = __( 'Powered by WordPress' );
  80.         }
  81.  
  82.         $login_header_url   = apply_filters( 'login_headerurl',   $login_header_url   );
  83.         $login_header_title = apply_filters( 'login_headertitle', $login_header_title );
  84.  
  85.         // Don't allow interim logins to navigate away from the page.
  86.         if ( $interim_login )
  87.                 $login_header_url = '#';
  88.  
  89.         $classes = array( 'login-action-' . $action, 'wp-core-ui' );
  90.         if ( wp_is_mobile() )
  91.                 $classes[] = 'mobile';
  92.         if ( is_rtl() )
  93.                 $classes[] = 'rtl';
  94.         $classes = apply_filters( 'login_body_class', $classes, $action );
  95.         ?>
  96.         </head>
  97.         <body class="login <?php echo esc_attr( implode( ' ', $classes ) ); ?>">
  98.         <div id="login">
  99.                 <h1><a>" title="<?php echo esc_attr( $login_header_title ); ?>"><?php bloginfo( 'name' ); ?></a></h1>
  100.         <?php
  101.  
  102.         unset( $login_header_url, $login_header_title );
  103.  
  104.         $message = apply_filters('login_message', $message);
  105.         if ( !empty( $message ) )
  106.                 echo $message . "\n";
  107.  
  108.         // In case a plugin uses $error rather than the $wp_errors object
  109.         if ( !empty( $error ) ) {
  110.                 $wp_error->add('error', $error);
  111.                 unset($error);
  112.         }
  113.  
  114.         if ( $wp_error->get_error_code() ) {
  115.                 $errors = '';
  116.                 $messages = '';
  117.                 foreach ( $wp_error->get_error_codes() as $code ) {
  118.                         $severity = $wp_error->get_error_data($code);
  119.                         foreach ( $wp_error->get_error_messages($code) as $error ) {
  120.                                 if ( 'message' == $severity )
  121.                                         $messages .= '  ' . $error . "\n";
  122.                                 else
  123.                                         $errors .= '    ' . $error . "\n";
  124.                         }
  125.                 }
  126.                 if ( !empty($errors) )
  127.                         echo '<div id="login_error">' . apply_filters('login_errors', $errors) . "</div>\n";
  128.                 if ( !empty($messages) )
  129.                         echo '<p class="message">' . apply_filters('login_messages', $messages) . "</p>\n";
  130.         }
  131. } // End of login_header()
  132.  
  133. /**
  134.  * Outputs the footer for the login page.
  135.  *
  136.  * @param string $input_id Which input to auto-focus
  137.  */
  138. function login_footer($input_id = '') {
  139.         global $interim_login;
  140.  
  141.         // Don't allow interim logins to navigate away from the page.
  142.         if ( ! $interim_login ): ?>
  143.         <p id="backtoblog"><a>" title="<?php esc_attr_e( 'Are you lost?' ); ?>"><?php printf( __( '← Back to %s' ), get_bloginfo( 'title', 'display' ) ); ?></a></p>
  144.         <?php endif; ?>
  145.  
  146.         </div>
  147.  
  148.         <?php if ( !empty($input_id) ) : ?>
  149.         <script type="text/javascript">
  150.         try{document.getElementById('<?php echo $input_id; ?>').focus();}catch(e){}
  151.         if(typeof wpOnload=='function')wpOnload();
  152.         </script>
  153.         <?php endif; ?>
  154.  
  155.         <?php do_action('login_footer'); ?>
  156.         <div class="clear"></div>
  157.         </body>
  158.         </html>
  159.         <?php
  160. }
  161.  
  162. function wp_shake_js() {
  163.         if ( wp_is_mobile() )
  164.                 return;
  165. ?>
  166. <script type="text/javascript">
  167. addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
  168. function s(id,pos){g(id).left=pos+'px';}
  169. function g(id){return document.getElementById(id).style;}
  170. function shake(id,a,d){c=a.shift();s(id,c);if(a.length>0){setTimeout(function(){shake(id,a,d);},d);}else{try{g(id).position='static';wp_attempt_focus();}catch(e){}}}
  171. addLoadEvent(function(){ var p=new Array(15,30,15,0,-15,-30,-15,0);p=p.concat(p.concat(p));var i=document.forms[0].id;g(i).position='relative';shake(i,p,20);});
  172. </script>
  173. <?php
  174. }
  175.  
  176. /**
  177.  * Handles sending password retrieval email to user.
  178.  *
  179.  * @uses $wpdb WordPress Database object
  180.  *
  181.  * @return bool|WP_Error True: when finish. WP_Error on error
  182.  */
  183. function retrieve_password() {
  184.         global $wpdb, $current_site;
  185.  
  186.         $errors = new WP_Error();
  187.  
  188.         if ( empty( $_POST['user_login'] ) ) {
  189.                 $errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or e-mail address.'));
  190.         } else if ( strpos( $_POST['user_login'], '@' ) ) {
  191.                 $user_data = get_user_by( 'email', trim( $_POST['user_login'] ) );
  192.                 if ( empty( $user_data ) )
  193.                         $errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.'));
  194.         } else {
  195.                 $login = trim($_POST['user_login']);
  196.                 $user_data = get_user_by('login', $login);
  197.         }
  198.  
  199.         do_action('lostpassword_post');
  200.  
  201.         if ( $errors->get_error_code() )
  202.                 return $errors;
  203.  
  204.         if ( !$user_data ) {
  205.                 $errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or e-mail.'));
  206.                 return $errors;
  207.         }
  208.  
  209.         // redefining user_login ensures we return the right case in the email
  210.         $user_login = $user_data->user_login;
  211.         $user_email = $user_data->user_email;
  212.  
  213.         do_action('retreive_password', $user_login);  // Misspelled and deprecated
  214.         do_action('retrieve_password', $user_login);
  215.  
  216.         $allow = apply_filters('allow_password_reset', true, $user_data->ID);
  217.  
  218.         if ( ! $allow )
  219.                 return new WP_Error('no_password_reset', __('Password reset is not allowed for this user'));
  220.         else if ( is_wp_error($allow) )
  221.                 return $allow;
  222.  
  223.         $key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login));
  224.         if ( empty($key) ) {
  225.                 // Generate something random for a key...
  226.                 $key = wp_generate_password(20, false);
  227.                 do_action('retrieve_password_key', $user_login, $key);
  228.                 // Now insert the new md5 key into the db
  229.                 $wpdb->update($wpdb->users, array('user_activation_key' => $key), array('user_login' => $user_login));
  230.         }
  231.         $message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n";
  232.         $message .= network_home_url( '/' ) . "\r\n\r\n";
  233.         $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
  234.         $message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n";
  235.         $message .= __('To reset your password, visit the following address:') . "\r\n\r\n";
  236.         $message .= '<' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ">\r\n";
  237.  
  238.         if ( is_multisite() )
  239.                 $blogname = $GLOBALS['current_site']->site_name;
  240.         else
  241.                 // The blogname option is escaped with esc_html on the way into the database in sanitize_option
  242.                 // we want to reverse this for the plain text arena of emails.
  243.                 $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
  244.  
  245.         $title = sprintf( __('[%s] Password Reset'), $blogname );
  246.  
  247.         $title = apply_filters('retrieve_password_title', $title);
  248.         $message = apply_filters('retrieve_password_message', $message, $key);
  249.  
  250.         if ( $message && !wp_mail($user_email, $title, $message) )
  251.                 wp_die( __('The e-mail could not be sent.') . "\n" . __('Possible reason: your host may have disabled the mail() function...') );
  252.  
  253.         return true;
  254. }
  255.  
  256. /**
  257.  * Retrieves a user row based on password reset key and login
  258.  *
  259.  * @uses $wpdb WordPress Database object
  260.  *
  261.  * @param string $key Hash to validate sending user's password
  262.  * @param string $login The user login
  263.  * @return object|WP_Error User's database row on success, error object for invalid keys
  264.  */
  265. function check_password_reset_key($key, $login) {
  266.         global $wpdb;
  267.  
  268.         $key = preg_replace('/[^a-z0-9]/i', '', $key);
  269.  
  270.         if ( empty( $key ) || !is_string( $key ) )
  271.                 return new WP_Error('invalid_key', __('Invalid key'));
  272.  
  273.         if ( empty($login) || !is_string($login) )
  274.                 return new WP_Error('invalid_key', __('Invalid key'));
  275.  
  276.         $user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_activation_key = %s AND user_login = %s", $key, $login));
  277.  
  278.         if ( empty( $user ) )
  279.                 return new WP_Error('invalid_key', __('Invalid key'));
  280.  
  281.         return $user;
  282. }
  283.  
  284. /**
  285.  * Handles resetting the user's password.
  286.  *
  287.  * @param object $user The user
  288.  * @param string $new_pass New password for the user in plaintext
  289.  */
  290. function reset_password($user, $new_pass) {
  291.         do_action('password_reset', $user, $new_pass);
  292.  
  293.         wp_set_password($new_pass, $user->ID);
  294.  
  295.         wp_password_change_notification($user);
  296. }
  297.  
  298. /**
  299.  * Handles registering a new user.
  300.  *
  301.  * @param string $user_login User's username for logging in
  302.  * @param string $user_email User's email address to send password and add
  303.  * @return int|WP_Error Either user's ID or error on failure.
  304.  */
  305. function register_new_user( $user_login, $user_email ) {
  306.         $errors = new WP_Error();
  307.  
  308.         $sanitized_user_login = sanitize_user( $user_login );
  309.         $user_email = apply_filters( 'user_registration_email', $user_email );
  310.  
  311.         // Check the username
  312.         if ( $sanitized_user_login == '' ) {
  313.                 $errors->add( 'empty_username', __( '<strong>ERROR</strong>: Please enter a username.' ) );
  314.         } elseif ( ! validate_username( $user_login ) ) {
  315.                 $errors->add( 'invalid_username', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ) );
  316.                 $sanitized_user_login = '';
  317.         } elseif ( username_exists( $sanitized_user_login ) ) {
  318.                 $errors->add( 'username_exists', __( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' ) );
  319.         }
  320.  
  321.         // Check the e-mail address
  322.         if ( $user_email == '' ) {
  323.                 $errors->add( 'empty_email', __( '<strong>ERROR</strong>: Please type your e-mail address.' ) );
  324.         } elseif ( ! is_email( $user_email ) ) {
  325.                 $errors->add( 'invalid_email', __( '<strong>ERROR</strong>: The email address isn’t correct.' ) );
  326.                 $user_email = '';
  327.         } elseif ( email_exists( $user_email ) ) {
  328.                 $errors->add( 'email_exists', __( '<strong>ERROR</strong>: This email is already registered, please choose another one.' ) );
  329.         }
  330.  
  331.         do_action( 'register_post', $sanitized_user_login, $user_email, $errors );
  332.  
  333.         $errors = apply_filters( 'registration_errors', $errors, $sanitized_user_login, $user_email );
  334.  
  335.         if ( $errors->get_error_code() )
  336.                 return $errors;
  337.  
  338.         $user_pass = wp_generate_password( 12, false);
  339.         $user_id = wp_create_user( $sanitized_user_login, $user_pass, $user_email );
  340.         if ( ! $user_id ) {
  341.                 $errors->add( 'registerfail', sprintf( __( '<strong>ERROR</strong>: Couldn’t register you... please contact the <a href="mailto:%s">webmaster</a> !' ), get_option( 'admin_email' ) ) );
  342.                 return $errors;
  343.         }
  344.  
  345.         update_user_option( $user_id, 'default_password_nag', true, true ); //Set up the Password change nag.
  346.  
  347.         wp_new_user_notification( $user_id, $user_pass );
  348.  
  349.         return $user_id;
  350. }
  351.  
  352. //
  353. // Main
  354. //
  355.  
  356. $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'login';
  357. $errors = new WP_Error();
  358.  
  359. if ( isset($_GET['key']) )
  360.         $action = 'resetpass';
  361.  
  362. // validate action so as to default to the login screen
  363. if ( !in_array( $action, array( 'postpass', 'logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login' ), true ) && false === has_filter( 'login_form_' . $action ) )
  364.         $action = 'login';
  365.  
  366. nocache_headers();
  367.  
  368. header('Content-Type: '.get_bloginfo('html_type').'; charset='.get_bloginfo('charset'));
  369.  
  370. if ( defined( 'RELOCATE' ) && RELOCATE ) { // Move flag is set
  371.         if ( isset( $_SERVER['PATH_INFO'] ) && ($_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) )
  372.                 $_SERVER['PHP_SELF'] = str_replace( $_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF'] );
  373.  
  374.         $url = dirname( set_url_scheme( 'http://' .  $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] ) );
  375.         if ( $url != get_option( 'siteurl' ) )
  376.                 update_option( 'siteurl', $url );
  377. }
  378.  
  379. //Set a cookie now to see if they are supported by the browser.
  380. setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN);
  381. if ( SITECOOKIEPATH != COOKIEPATH )
  382.         setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN);
  383.  
  384. // allow plugins to override the default actions, and to add extra actions if they want
  385. do_action( 'login_init' );
  386. do_action( 'login_form_' . $action );
  387.  
  388. $http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
  389. switch ($action) {
  390.  
  391. case 'postpass' :
  392.         if ( empty( $wp_hasher ) ) {
  393.                 require_once( ABSPATH . 'wp-includes/class-phpass.php' );
  394.                 // By default, use the portable hash from phpass
  395.                 $wp_hasher = new PasswordHash(8, true);
  396.         }
  397.  
  398.         // 10 days
  399.         setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH );
  400.  
  401.         wp_safe_redirect( wp_get_referer() );
  402.         exit();
  403.  
  404. break;
  405.  
  406. case 'logout' :
  407.         check_admin_referer('log-out');
  408.         wp_logout();
  409.  
  410.         $redirect_to = !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : 'wp-login.php?loggedout=true';
  411.         wp_safe_redirect( $redirect_to );
  412.         exit();
  413.  
  414. break;
  415.  
  416. case 'lostpassword' :
  417. case 'retrievepassword' :
  418.  
  419.         if ( $http_post ) {
  420.                 $errors = retrieve_password();
  421.                 if ( !is_wp_error($errors) ) {
  422.                         $redirect_to = !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : 'wp-login.php?checkemail=confirm';
  423.                         wp_safe_redirect( $redirect_to );
  424.                         exit();
  425.                 }
  426.         }
  427.  
  428.         if ( isset($_GET['error']) && 'invalidkey' == $_GET['error'] ) $errors->add('invalidkey', __('Sorry, that key does not appear to be valid.'));
  429.         $redirect_to = apply_filters( 'lostpassword_redirect', !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '' );
  430.  
  431.         do_action('lost_password');
  432.         login_header(__('Lost Password'), '<p class="message">' . __('Please enter your username or email address. You will receive a link to create a new password via email.') . '</p>', $errors);
  433.  
  434.         $user_login = isset($_POST['user_login']) ? stripslashes($_POST['user_login']) : '';
  435.  
  436. ?>
  437.  
  438. <form name="lostpasswordform" id="lostpasswordform" action="<?php echo esc_url( site_url( 'wp-login.php?action=lostpassword', 'login_post' ) ); ?>" method="post">
  439.         <p>
  440.                 <label for="user_login" ><?php _e('Username or E-mail:') ?>
  441.                 <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label>
  442.         </p>
  443. <?php do_action('lostpassword_form'); ?>
  444.         <input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />
  445.         <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Get New Password'); ?>" /></p>
  446. </form>
  447.  
  448. <p id="nav">
  449. <a>"><?php _e('Log in') ?></a>
  450. <?php if ( get_option( 'users_can_register' ) ) : ?>
  451.  | <a>"><?php _e( 'Register' ); ?></a>
  452. <?php endif; ?>
  453. </p>
  454.  
  455. <?php
  456. login_footer('user_login');
  457. break;
  458.  
  459. case 'resetpass' :
  460. case 'rp' :
  461.         $user = check_password_reset_key($_GET['key'], $_GET['login']);
  462.  
  463.         if ( is_wp_error($user) ) {
  464.                 wp_redirect( site_url('wp-login.php?action=lostpassword&error=invalidkey') );
  465.                 exit;
  466.         }
  467.  
  468.         $errors = new WP_Error();
  469.  
  470.         if ( isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2'] )
  471.                 $errors->add( 'password_reset_mismatch', __( 'The passwords do not match.' ) );
  472.  
  473.         do_action( 'validate_password_reset', $errors, $user );
  474.  
  475.         if ( ( ! $errors->get_error_code() ) && isset( $_POST['pass1'] ) && !empty( $_POST['pass1'] ) ) {
  476.                 reset_password($user, $_POST['pass1']);
  477.                 login_header( __( 'Password Reset' ), '<p class="message reset-pass">' . __( 'Your password has been reset.' ) . ' <a href="' . esc_url( wp_login_url() ) . '">' . __( 'Log in' ) . '</a></p>' );
  478.                 login_footer();
  479.                 exit;
  480.         }
  481.  
  482.         wp_enqueue_script('utils');
  483.         wp_enqueue_script('user-profile');
  484.  
  485.         login_header(__('Reset Password'), '<p class="message reset-pass">' . __('Enter your new password below.') . '</p>', $errors );
  486.  
  487. ?>
  488. <form name="resetpassform" id="resetpassform" action="<?php echo esc_url( site_url( 'wp-login.php?action=resetpass&key=' . urlencode( $_GET['key'] ) . '&login=' . urlencode( $_GET['login'] ), 'login_post' ) ); ?>" method="post">
  489.         <input type="hidden" id="user_login" value="<?php echo esc_attr( $_GET['login'] ); ?>" autocomplete="off" />
  490.  
  491.         <p>
  492.                 <label for="pass1"><?php _e('New password') ?>
  493.                 <input type="password" name="pass1" id="pass1" class="input" size="20" value="" autocomplete="off" /></label>
  494.         </p>
  495.         <p>
  496.                 <label for="pass2"><?php _e('Confirm new password') ?>
  497.                 <input type="password" name="pass2" id="pass2" class="input" size="20" value="" autocomplete="off" /></label>
  498.         </p>
  499.  
  500.         <div id="pass-strength-result" class="hide-if-no-js"><?php _e('Strength indicator'); ?></div>
  501.         <p class="description indicator-hint"><?php _e('Hint: The password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers and symbols like ! " ? $ % ^ & ).'); ?></p>
  502.  
  503.         <br class="clear" />
  504.         <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Reset Password'); ?>" /></p>
  505. </form>
  506.  
  507. <p id="nav">
  508. <a>"><?php _e( 'Log in' ); ?></a>
  509. <?php if ( get_option( 'users_can_register' ) ) : ?>
  510.  | <a>"><?php _e( 'Register' ); ?></a>
  511. <?php endif; ?>
  512. </p>
  513.  
  514. <?php
  515. login_footer('user_pass');
  516. break;
  517.  
  518. case 'register' :
  519.         if ( is_multisite() ) {
  520.                 // Multisite uses wp-signup.php
  521.                 wp_redirect( apply_filters( 'wp_signup_location', network_site_url('wp-signup.php') ) );
  522.                 exit;
  523.         }
  524.  
  525.         if ( !get_option('users_can_register') ) {
  526.                 wp_redirect( site_url('wp-login.php?registration=disabled') );
  527.                 exit();
  528.         }
  529.  
  530.         $user_login = '';
  531.         $user_email = '';
  532.         if ( $http_post ) {
  533.                 $user_login = $_POST['user_login'];
  534.                 $user_email = $_POST['user_email'];
  535.                 $errors = register_new_user($user_login, $user_email);
  536.                 if ( !is_wp_error($errors) ) {
  537.                         $redirect_to = !empty( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : 'wp-login.php?checkemail=registered';
  538.                         wp_safe_redirect( $redirect_to );
  539.                         exit();
  540.                 }
  541.         }
  542.  
  543.         $redirect_to = apply_filters( 'registration_redirect', !empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '' );
  544.         login_header(__('Registration Form'), '<p class="message register">' . __('Register For This Site') . '</p>', $errors);
  545. ?>
  546.  
  547. <form name="registerform" id="registerform" action="<?php echo esc_url( site_url('wp-login.php?action=register', 'login_post') ); ?>" method="post">
  548.         <p>
  549.                 <label for="user_login"><?php _e('Username') ?>
  550.                 <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr(stripslashes($user_login)); ?>" size="20" /></label>
  551.         </p>
  552.         <p>
  553.                 <label for="user_email"><?php _e('E-mail') ?>
  554.                 <input type="text" name="user_email" id="user_email" class="input" value="<?php echo esc_attr(stripslashes($user_email)); ?>" size="25" /></label>
  555.         </p>
  556. <?php do_action('register_form'); ?>
  557.         <p id="reg_passmail"><?php _e('A password will be e-mailed to you.') ?></p>
  558.         <br class="clear" />
  559.         <input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />
  560.         <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Register'); ?>" /></p>
  561. </form>
  562.  
  563. <p id="nav">
  564. <a>"><?php _e( 'Log in' ); ?></a> |
  565. <a>" title="<?php esc_attr_e( 'Password Lost and Found' ) ?>"><?php _e( 'Lost your password?' ); ?></a>
  566. </p>
  567.  
  568. <?php
  569. login_footer('user_login');
  570. break;
  571.  
  572. case 'login' :
  573. default:
  574.         $secure_cookie = '';
  575.         $interim_login = isset($_REQUEST['interim-login']);
  576.         $customize_login = isset( $_REQUEST['customize-login'] );
  577.         if ( $customize_login )
  578.                 wp_enqueue_script( 'customize-base' );
  579.  
  580.         // If the user wants ssl but the session is not ssl, force a secure cookie.
  581.         if ( !empty($_POST['log']) && !force_ssl_admin() ) {
  582.                 $user_name = sanitize_user($_POST['log']);
  583.                 if ( $user = get_user_by('login', $user_name) ) {
  584.                         if ( get_user_option('use_ssl', $user->ID) ) {
  585.                                 $secure_cookie = true;
  586.                                 force_ssl_admin(true);
  587.                         }
  588.                 }
  589.         }
  590.  
  591.         if ( isset( $_REQUEST['redirect_to'] ) ) {
  592.                 $redirect_to = $_REQUEST['redirect_to'];
  593.                 // Redirect to https if user wants ssl
  594.                 if ( $secure_cookie && false !== strpos($redirect_to, 'wp-admin') )
  595.                         $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to);
  596.         } else {
  597.                 $redirect_to = admin_url();
  598.         }
  599.  
  600.         $reauth = empty($_REQUEST['reauth']) ? false : true;
  601.  
  602.         // If the user was redirected to a secure login form from a non-secure admin page, and secure login is required but secure admin is not, then don't use a secure
  603.         // cookie and redirect back to the referring non-secure admin page. This allows logins to always be POSTed over SSL while allowing the user to choose visiting
  604.         // the admin via http or https.
  605.         if ( !$secure_cookie && is_ssl() && force_ssl_login() && !force_ssl_admin() && ( 0 !== strpos($redirect_to, 'https') ) && ( 0 === strpos($redirect_to, 'http') ) )
  606.                 $secure_cookie = false;
  607.  
  608.         $user = wp_signon('', $secure_cookie);
  609.  
  610.         $redirect_to = apply_filters('login_redirect', $redirect_to, isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '', $user);
  611.  
  612.         if ( !is_wp_error($user) && !$reauth ) {
  613.                 if ( $interim_login ) {
  614.                         $message = '<p class="message">' . __('You have logged in successfully.') . '</p>';
  615.                         login_header( '', $message ); ?>
  616.  
  617.                         <?php if ( ! $customize_login ) : ?>
  618.                         <script type="text/javascript">setTimeout( function(){window.close()}, 8000);</script>
  619.                         <p class="alignright">
  620.                         <input type="button" class="button-primary" value="<?php esc_attr_e('Close'); ?>" onclick="window.close()" /></p>
  621.                         <?php endif; ?>
  622.                         </div>
  623.                         <?php do_action( 'login_footer' ); ?>
  624.                         <?php if ( $customize_login ) : ?>
  625.                                 <script type="text/javascript">setTimeout( function(){ new wp.customize.Messenger({ url: '<?php echo wp_customize_url(); ?>', channel: 'login' }).send('login') }, 1000 );</script>
  626.                         <?php endif; ?>
  627.                         </body></html>
  628. <?php           exit;
  629.                 }
  630.  
  631.                 if ( ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url() ) ) {
  632.                         // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
  633.                         if ( is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin( $user->ID ) )
  634.                                 $redirect_to = user_admin_url();
  635.                         elseif ( is_multisite() && !$user->has_cap('read') )
  636.                                 $redirect_to = get_dashboard_url( $user->ID );
  637.                         elseif ( !$user->has_cap('edit_posts') )
  638.                                 $redirect_to = admin_url('profile.php');
  639.                 }
  640.                 wp_safe_redirect($redirect_to);
  641.                 exit();
  642.         }
  643.  
  644.         $errors = $user;
  645.         // Clear errors if loggedout is set.
  646.         if ( !empty($_GET['loggedout']) || $reauth )
  647.                 $errors = new WP_Error();
  648.  
  649.         // If cookies are disabled we can't log in even with a valid user+pass
  650.         if ( isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE]) )
  651.                 $errors->add('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress."));
  652.  
  653.         // Some parts of this script use the main login form to display a message
  654.         if              ( isset($_GET['loggedout']) && true == $_GET['loggedout'] )
  655.                 $errors->add('loggedout', __('You are now logged out.'), 'message');
  656.         elseif  ( isset($_GET['registration']) && 'disabled' == $_GET['registration'] )
  657.                 $errors->add('registerdisabled', __('User registration is currently not allowed.'));
  658.         elseif  ( isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail'] )
  659.                 $errors->add('confirm', __('Check your e-mail for the confirmation link.'), 'message');
  660.         elseif  ( isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail'] )
  661.                 $errors->add('newpass', __('Check your e-mail for your new password.'), 'message');
  662.         elseif  ( isset($_GET['checkemail']) && 'registered' == $_GET['checkemail'] )
  663.                 $errors->add('registered', __('Registration complete. Please check your e-mail.'), 'message');
  664.         elseif  ( $interim_login )
  665.                 $errors->add('expired', __('Your session has expired. Please log-in again.'), 'message');
  666.         elseif ( strpos( $redirect_to, 'about.php?updated' ) )
  667.                 $errors->add('updated', __( '<strong>You have successfully updated WordPress!</strong> Please log back in to experience the awesomeness.' ), 'message' );
  668.  
  669.         // Clear any stale cookies.
  670.         if ( $reauth )
  671.                 wp_clear_auth_cookie();
  672.  
  673.         login_header(__('Log In'), '', $errors);
  674.  
  675.         if ( isset($_POST['log']) )
  676.                 $user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? esc_attr(stripslashes($_POST['log'])) : '';
  677.         $rememberme = ! empty( $_POST['rememberme'] );
  678. ?>
  679.  
  680. <form name="loginform" id="loginform" action="<?php echo esc_url( site_url( 'wp-login.php', 'login_post' ) ); ?>" method="post">
  681.         <p>
  682.                 <label for="user_login"><?php _e('Username') ?>
  683.                 <input type="text" name="log" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label>
  684.         </p>
  685.         <p>
  686.                 <label for="user_pass"><?php _e('Password') ?>
  687.                 <input type="password" name="pwd" id="user_pass" class="input" value="" size="20" /></label>
  688.         </p>
  689. <?php do_action('login_form'); ?>
  690.         <p class="forgetmenot"><label for="rememberme"><input name="rememberme" type="checkbox" id="rememberme" value="forever" <?php checked( $rememberme ); ?> /> <?php esc_attr_e('Remember Me'); ?></label></p>
  691.         <p class="submit">
  692.                 <input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Log In'); ?>" />
  693. <?php   if ( $interim_login ) { ?>
  694.                 <input type="hidden" name="interim-login" value="1" />
  695. <?php   } else { ?>
  696.                 <input type="hidden" name="redirect_to" value="<?php echo esc_attr($redirect_to); ?>" />
  697. <?php   } ?>
  698. <?php   if ( $customize_login ) : ?>
  699.                 <input type="hidden" name="customize-login" value="1" />
  700. <?php   endif; ?>
  701.                 <input type="hidden" name="testcookie" value="1" />
  702.         </p>
  703. </form>
  704.  
  705. <?php if ( !$interim_login ) { ?>
  706. <p id="nav">
  707. <?php if ( isset($_GET['checkemail']) && in_array( $_GET['checkemail'], array('confirm', 'newpass') ) ) : ?>
  708. <?php elseif ( get_option('users_can_register') ) : ?>
  709. <a>"><?php _e( 'Register' ); ?></a> |
  710. <a>" title="<?php esc_attr_e( 'Password Lost and Found' ); ?>"><?php _e( 'Lost your password?' ); ?></a>
  711. <?php else : ?>
  712. <a>" title="<?php esc_attr_e( 'Password Lost and Found' ); ?>"><?php _e( 'Lost your password?' ); ?></a>
  713. <?php endif; ?>
  714. </p>
  715. <?php } ?>
  716.  
  717. <script type="text/javascript">
  718. function wp_attempt_focus(){
  719. setTimeout( function(){ try{
  720. <?php if ( $user_login || $interim_login ) { ?>
  721. d = document.getElementById('user_pass');
  722. d.value = '';
  723. <?php } else { ?>
  724. d = document.getElementById('user_login');
  725. <?php if ( 'invalid_username' == $errors->get_error_code() ) { ?>
  726. if( d.value != '' )
  727. d.value = '';
  728. <?php
  729. }
  730. }?>
  731. d.focus();
  732. d.select();
  733. } catch(e){}
  734. }, 200);
  735. }
  736.  
  737. <?php if ( !$error ) { ?>
  738. wp_attempt_focus();
  739. <?php } ?>
  740. if(typeof wpOnload=='function')wpOnload();
  741. </script>
  742.  
  743. <?php
  744. login_footer();
  745. break;
  746. } // end action switch