2003-04-01 16:12:34 +02:00
< ? php
2004-10-04 06:30:45 +02:00
require ( './wp-config.php' );
2004-10-04 08:23:53 +02:00
function login ( $username , $password , $already_md5 = false ) {
global $wpdb , $error ;
if ( ! $already_md5 )
$pwd = md5 ( $password );
if ( ! $username )
2004-10-04 06:30:45 +02:00
return false ;
2004-10-04 08:23:53 +02:00
if ( ! $password ) {
$error = __ ( '<strong>Error</strong>: The password field is empty.' );
2004-10-04 06:30:45 +02:00
return false ;
}
2004-10-04 08:23:53 +02:00
$login = $wpdb -> get_row ( " SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = ' $username ' " );
2004-10-04 06:30:45 +02:00
if ( ! $login ) {
2004-10-04 08:23:53 +02:00
$error = __ ( '<strong>Error</strong>: Wrong login.' );
2004-10-04 06:30:45 +02:00
$pwd = '' ;
return false ;
} else {
2004-10-04 08:23:53 +02:00
if ( $login -> user_login == $username && $login -> user_pass == $pwd ) {
2004-10-04 06:30:45 +02:00
return true ;
} else {
2004-10-04 08:23:53 +02:00
$error = __ ( '<strong>Error</strong>: Incorrect password.' );
2004-10-04 06:30:45 +02:00
$pwd = '' ;
2004-10-04 08:23:53 +02:00
return false ;
2004-10-04 06:30:45 +02:00
}
}
}
2003-04-01 16:12:34 +02:00
if ( ! function_exists ( 'add_magic_quotes' )) {
function add_magic_quotes ( $array ) {
foreach ( $array as $k => $v ) {
if ( is_array ( $v )) {
$array [ $k ] = add_magic_quotes ( $v );
} else {
$array [ $k ] = addslashes ( $v );
}
}
return $array ;
}
}
if ( ! get_magic_quotes_gpc ()) {
2004-04-21 00:56:47 +02:00
$_GET = add_magic_quotes ( $_GET );
$_POST = add_magic_quotes ( $_POST );
$_COOKIE = add_magic_quotes ( $_COOKIE );
2003-04-01 16:12:34 +02:00
}
2004-10-04 08:23:53 +02:00
$wpvarstoreset = array ( 'action' );
2003-04-01 16:12:34 +02:00
2003-12-18 10:36:13 +01:00
for ( $i = 0 ; $i < count ( $wpvarstoreset ); $i = $i + 1 ) {
$wpvar = $wpvarstoreset [ $i ];
if ( ! isset ( $$wpvar )) {
2004-04-21 00:56:47 +02:00
if ( empty ( $_POST [ " $wpvar " ])) {
if ( empty ( $_GET [ " $wpvar " ])) {
2003-12-18 10:36:13 +01:00
$$wpvar = '' ;
2003-04-01 16:12:34 +02:00
} else {
2004-04-21 00:56:47 +02:00
$$wpvar = $_GET [ " $wpvar " ];
2003-04-01 16:12:34 +02:00
}
} else {
2004-04-21 00:56:47 +02:00
$$wpvar = $_POST [ " $wpvar " ];
2003-04-01 16:12:34 +02:00
}
}
}
2004-10-04 08:23:53 +02:00
$error = '' ;
2004-08-09 11:29:25 +02:00
// If someone has moved WordPress let's try to detect it
if ( dirname ( 'http://' . $_SERVER [ 'HTTP_HOST' ] . $_SERVER [ 'REQUEST_URI' ]) != get_settings ( 'siteurl' ) )
update_option ( 'siteurl' , dirname ( 'http://' . $_SERVER [ 'HTTP_HOST' ] . $_SERVER [ 'REQUEST_URI' ]) );
2003-04-01 16:12:34 +02:00
switch ( $action ) {
2003-06-01 07:16:53 +02:00
case 'logout' :
2003-04-01 16:12:34 +02:00
2004-10-04 08:23:53 +02:00
setcookie ( 'wordpressuser_' . COOKIEHASH , ' ' , time () - 31536000 , COOKIEPATH );
setcookie ( 'wordpresspass_' . COOKIEHASH , ' ' , time () - 31536000 , COOKIEPATH );
2003-08-03 02:00:22 +02:00
header ( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' );
header ( 'Last-Modified: ' . gmdate ( 'D, d M Y H:i:s' ) . ' GMT' );
header ( 'Cache-Control: no-cache, must-revalidate' );
header ( 'Pragma: no-cache' );
2004-10-04 08:23:53 +02:00
if ( $is_IIS )
2003-12-11 01:22:36 +01:00
header ( 'Refresh: 0;url=wp-login.php' );
2004-10-04 08:23:53 +02:00
else
2003-12-11 01:22:36 +01:00
header ( 'Location: wp-login.php' );
2003-04-01 16:12:34 +02:00
exit ();
break ;
2003-06-01 07:16:53 +02:00
case 'lostpassword' :
2003-04-01 16:12:34 +02:00
2003-05-23 19:21:52 +02:00
?>
<! DOCTYPE html PUBLIC " -//W3C//DTD XHTML 1.0 Transitional//EN " " http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd " >
< html xmlns = " http://www.w3.org/1999/xhtml " >
2003-04-01 16:12:34 +02:00
< head >
2004-10-04 08:23:53 +02:00
< title > WordPress & raquo ; < ? php _e ( 'Lost Password' ) ?> </title>
< meta http - equiv = " Content-Type " content = " text/html; charset=<?php bloginfo('charset'); ?> " />
2004-02-26 17:15:48 +01:00
< link rel = " stylesheet " href = " <?php echo get_settings('siteurl'); ?>/wp-admin/wp-admin.css " type = " text/css " />
2003-06-11 08:03:41 +02:00
< script type = " text/javascript " >
function focusit () {
// focus on first input field
2004-06-23 01:33:05 +02:00
document . getElementById ( 'user_login' ) . focus ();
2003-06-11 08:03:41 +02:00
}
window . onload = focusit ;
</ script >
2003-04-01 16:12:34 +02:00
</ head >
2003-05-23 19:21:52 +02:00
< body >
< div id = " login " >
2004-10-04 08:23:53 +02:00
< h1 >< a href = " http://wordpress.org/ " > WordPress </ a ></ h1 >
< p >< ? php _e ( 'Please enter your information here. We will send you a new password.' ) ?> </p>
2003-04-01 16:12:34 +02:00
< ? php
2004-10-04 08:23:53 +02:00
if ( $error )
echo " <div id='loginerror'> $error </div> " ;
2003-04-01 16:12:34 +02:00
?>
2004-10-04 08:23:53 +02:00
< form name = " lostpass " action = " wp-login.php " method = " post " id = " lostpass " >
< p >
2003-04-01 16:12:34 +02:00
< input type = " hidden " name = " action " value = " retrievepassword " />
2004-10-04 08:23:53 +02:00
< label >< ? php _e ( 'Login' ) ?> : <input type="text" name="user_login" id="user_login" value="" size="12" tabindex="1" /></label><br />
< label >< ? php _e ( 'E-mail' ) ?> : <input type="text" name="email" id="email" value="" size="12" tabindex="2" /></label><br />
</ p >
< p class = " submit " >< input type = " submit " name = " submit " value = " <?php _e('Retrieve Password'); ?> » " tabindex = " 3 " /></ p >
2003-04-01 16:12:34 +02:00
</ form >
2003-05-23 19:21:52 +02:00
</ div >
2003-04-01 16:12:34 +02:00
</ body >
</ html >
2004-10-04 08:23:53 +02:00
< ? php
2003-04-01 16:12:34 +02:00
break ;
2003-06-01 07:16:53 +02:00
case 'retrievepassword' :
2003-04-01 16:12:34 +02:00
2004-10-04 08:23:53 +02:00
$user_data = get_userdatabylogin ( $_POST [ 'user_login' ]);
2004-05-18 03:29:29 +02:00
// redefining user_login ensures we return the right case in the email
2004-05-30 10:24:24 +02:00
$user_login = $user_data -> user_login ;
2003-06-01 13:05:36 +02:00
$user_email = $user_data -> user_email ;
2003-04-01 16:12:34 +02:00
2004-10-04 08:23:53 +02:00
if ( ! $user_email || $user_email != $_POST [ 'email' ])
die ( sprintf ( __ ( 'Sorry, that user does not seem to exist in our database. Perhaps you have the wrong username or e-mail address? <a href="%s">Try again</a>.' ), 'wp-login.php?action=lostpassword' ));
// Generate something random for a password... md5'ing current time with a rand salt
$user_pass = substr ( MD5 ( 'time' . rand ( 1 , 16000 ) ), 0 , 6 );
// now insert the new pass md5'd into the db
2004-05-24 10:22:18 +02:00
$wpdb -> query ( " UPDATE $wpdb->users SET user_pass = MD5(' $user_pass ') WHERE user_login = ' $user_login ' " );
2004-10-04 08:23:53 +02:00
$message = __ ( 'Login' ) . " : $user_login\r\n " ;
$message .= __ ( 'Password' ) . " : $user_pass\r\n " ;
$message .= get_settings ( 'siteurl' ) . '/wp-login.php' ;
2003-04-01 16:12:34 +02:00
2004-10-04 09:44:04 +02:00
$m = wp_mail ( $user_email , sprintf ( __ ( " [%s] Your login and password " ), get_settings ( 'blogname' )), $message );
2003-04-01 16:12:34 +02:00
if ( $m == false ) {
2004-06-15 01:44:00 +02:00
echo '<p>' . __ ( 'The e-mail could not be sent.' ) . " <br /> \n " ;
echo __ ( 'Possible reason: your host may have disabled the mail() function...' ) . " </p> " ;
2003-04-01 16:12:34 +02:00
die ();
} else {
2004-06-15 01:44:00 +02:00
echo '<p>' . sprintf ( __ ( " The e-mail was sent successfully to %s's e-mail address. " ), $user_login ) . '<br />' ;
echo " <a href='wp-login.php' title=' " . __ ( 'Check your e-mail first, of course' ) . " '> " . __ ( 'Click here to login!' ) . '</a></p>' ;
2004-02-09 10:56:57 +01:00
// send a copy of password change notification to the admin
2004-10-04 09:44:04 +02:00
wp_mail ( get_settings ( 'admin_email' ), sprintf ( __ ( '[%s] Password Lost/Change' ), get_settings ( 'blogname' )), sprintf ( __ ( 'Password Lost and Changed for user: %s' ), $user_login ));
2003-04-01 16:12:34 +02:00
die ();
}
break ;
2004-10-04 08:45:01 +02:00
case 'login' :
2003-04-01 16:12:34 +02:00
default :
2004-10-04 08:45:01 +02:00
if ( ! empty ( $_POST ) ) {
$log = $_POST [ 'log' ];
$pwd = $_POST [ 'pwd' ];
$redirect_to = preg_replace ( '|[^a-z/.:_-]|i' , '' , $_POST [ 'redirect_to' ]);
}
$user = get_userdatabylogin ( $log );
if ( 0 == $user -> user_level ) {
$redirect_to = get_settings ( 'siteurl' ) . '/wp-admin/profile.php' ;
}
if ( ! login ( $log , $pwd ) ) {
header ( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' );
header ( 'Last-Modified: ' . gmdate ( 'D, d M Y H:i:s' ) . ' GMT' );
header ( 'Cache-Control: no-cache, must-revalidate' );
header ( 'Pragma: no-cache' );
} else {
$user_login = $log ;
$user_pass = md5 ( $pwd );
setcookie ( 'wordpressuser_' . $cookiehash , $user_login , time () + 31536000 , COOKIEPATH );
setcookie ( 'wordpresspass_' . $cookiehash , md5 ( $user_pass ), time () + 31536000 , COOKIEPATH );
header ( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' );
header ( 'Last-Modified: ' . gmdate ( 'D, d M Y H:i:s' ) . ' GMT' );
header ( 'Cache-Control: no-cache, must-revalidate' );
header ( 'Pragma: no-cache' );
if ( $is_IIS )
header ( " Refresh: 0;url= $redirect_to " );
else
header ( " Location: $redirect_to " );
}
2004-10-04 08:23:53 +02:00
if ( ! empty ( $_COOKIE [ 'wordpressuser_' . COOKIEHASH ]) && ! empty ( $_COOKIE [ 'wordpresspass_' . COOKIEHASH ]) ) {
$user_login = $_COOKIE [ 'wordpressuser_' . COOKIEHASH ];
$user_pass_md5 = $_COOKIE [ 'wordpresspass_' . COOKIEHASH ];
2003-04-01 16:12:34 +02:00
}
2004-10-04 08:23:53 +02:00
if ( ! login ( $user_login , $user_pass_md5 , true ) ) {
if ( ! empty ( $_COOKIE [ 'wordpressuser_' . COOKIEHASH ]) )
$error = 'Your session has expired.' ;
2003-04-01 16:12:34 +02:00
} else {
2004-10-04 08:23:53 +02:00
header ( 'Expires: Wed, 5 Jun 1979 23:41:00 GMT' ); // Michel's birthday
header ( 'Last-Modified: ' . gmdate ( 'D, d M Y H:i:s' ) . ' GMT' );
header ( 'Cache-Control: no-cache, must-revalidate' );
header ( 'Pragma: no-cache' );
header ( 'Location: wp-admin/' );
2003-04-01 16:12:34 +02:00
exit ();
}
2003-06-11 08:03:41 +02:00
?>
<! DOCTYPE html PUBLIC " -//W3C//DTD XHTML 1.0 Transitional//EN " " http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd " >
2003-05-23 19:21:52 +02:00
< html xmlns = " http://www.w3.org/1999/xhtml " >
2003-04-01 16:12:34 +02:00
< head >
2004-10-04 08:23:53 +02:00
< title > WordPress & rsaquo ; < ? php _e ( 'Login' ) ?> </title>
< meta http - equiv = " Content-Type " content = " text/html; charset=<?php bloginfo('charset'); ?> " />
< link rel = " stylesheet " href = " <?php bloginfo('wpurl'); ?>/wp-admin/wp-admin.css " type = " text/css " />
2003-06-11 08:03:41 +02:00
< script type = " text/javascript " >
function focusit () {
// focus on first input field
2004-06-23 01:33:05 +02:00
document . getElementById ( 'log' ) . focus ();
2003-06-11 08:03:41 +02:00
}
window . onload = focusit ;
</ script >
2003-04-01 16:12:34 +02:00
</ head >
2003-05-23 19:21:52 +02:00
< body >
2003-04-01 16:12:34 +02:00
2003-05-23 19:21:52 +02:00
< div id = " login " >
2004-10-04 08:23:53 +02:00
< h1 >< a href = " http://wordpress.org/ " > WordPress </ a ></ h1 >
2003-04-01 16:12:34 +02:00
< ? php
2004-10-04 08:23:53 +02:00
if ( $error )
echo " <div id='login_error'> $error </div> " ;
2003-04-01 16:12:34 +02:00
?>
2004-10-04 08:23:53 +02:00
< form name = " loginform " id = " loginform " action = " wp-login.php?action=login " method = " post " >
< p >< label >< ? php _e ( 'Login' ) ?> : <input type="text" name="log" id="log" value="" size="20" tabindex="1" /></label></p>
< p >< label >< ? php _e ( 'Password' ) ?> : <input type="password" name="pwd" value="" size="20" tabindex="2" /></label></p>
< p class = " submit " >< input type = " submit " name = " submit " value = " <?php _e('Login'); ?> » " tabindex = " 3 " />
2004-04-21 00:56:47 +02:00
< ? php if ( isset ( $_GET [ " redirect_to " ])) { ?>
< input type = " hidden " name = " redirect_to " value = " <?php echo $_GET["redirect_to"] ?> " />
2003-11-12 16:22:47 +01:00
< ? php } else { ?>
2003-10-26 21:34:24 +01:00
< input type = " hidden " name = " redirect_to " value = " wp-admin/ " />
2003-11-12 16:22:47 +01:00
< ? php } ?>
2004-10-04 08:23:53 +02:00
</ p >
2003-04-01 16:12:34 +02:00
</ form >
2004-10-04 08:23:53 +02:00
< ul >
< li >< a href = " <?php bloginfo('home'); ?> " title = " <?php _e('Are you lost?') ?> " >& laquo ; < ? php _e ( 'Back to blog' ) ?> </a></li>
< ? php if ( get_settings ( 'users_can_register' )) : ?>
< li >< a href = " <?php bloginfo('wpurl'); ?>/wp-register.php " >< ? php _e ( 'Register' ) ?> </a></li>
< ? php endif ; ?>
< li >< a href = " <?php bloginfo('wpurl'); ?>/wp-login.php?action=lostpassword " title = " <?php _e('Password Lost and Found') ?> " >< ? php _e ( 'Lost your password?' ) ?> </a></li>
</ ul >
2003-05-23 19:21:52 +02:00
</ div >
2003-04-01 16:12:34 +02:00
</ body >
</ html >
2003-06-11 08:03:41 +02:00
< ? php
2003-04-01 16:12:34 +02:00
break ;
2003-06-11 08:03:41 +02:00
} // end action switch
2004-10-04 08:23:53 +02:00
?>