2003-04-01 16:12:34 +02:00
< ? php
2004-12-16 03:57:05 +01:00
require ( dirname ( __FILE__ ) . '/wp-config.php' );
2003-04-01 16:12:34 +02:00
2004-12-18 21:56:26 +01:00
$action = $_REQUEST [ 'action' ];
2004-10-04 08:23:53 +02:00
$error = '' ;
2004-10-10 20:07:33 +02:00
2006-04-21 00:08:37 +02:00
if ( isset ( $_GET [ 'key' ]) )
$action = 'resetpass' ;
2005-06-09 02:17:43 +02:00
nocache_headers ();
2005-04-19 05:35:48 +02:00
header ( 'Content-Type: ' . get_bloginfo ( 'html_type' ) . '; charset=' . get_bloginfo ( 'charset' ));
2004-10-10 20:07:33 +02:00
2005-01-24 08:30:49 +01:00
if ( defined ( 'RELOCATE' ) ) { // Move flag is set
if ( isset ( $_SERVER [ 'PATH_INFO' ] ) && ( $_SERVER [ 'PATH_INFO' ] != $_SERVER [ 'PHP_SELF' ]) )
$_SERVER [ 'PHP_SELF' ] = str_replace ( $_SERVER [ 'PATH_INFO' ], '' , $_SERVER [ 'PHP_SELF' ] );
2005-11-11 02:21:28 +01:00
$schema = ( isset ( $_SERVER [ 'HTTPS' ]) && strtolower ( $_SERVER [ 'HTTPS' ]) == 'on' ) ? 'https://' : 'http://' ;
if ( dirname ( $schema . $_SERVER [ 'HTTP_HOST' ] . $_SERVER [ 'PHP_SELF' ]) != get_settings ( 'siteurl' ) )
update_option ( 'siteurl' , dirname ( $schema . $_SERVER [ 'HTTP_HOST' ] . $_SERVER [ 'PHP_SELF' ]) );
2005-01-24 08:30:49 +01:00
}
2004-08-09 11:29:25 +02:00
2003-04-01 16:12:34 +02:00
switch ( $action ) {
2003-06-01 07:16:53 +02:00
case 'logout' :
2003-04-01 16:12:34 +02:00
2005-01-20 05:56:24 +01:00
wp_clearcookie ();
2005-02-05 03:22:36 +01:00
do_action ( 'wp_logout' );
2005-06-09 02:17:43 +02:00
nocache_headers ();
2005-11-11 02:35:15 +01:00
$redirect_to = 'wp-login.php' ;
if ( isset ( $_REQUEST [ 'redirect_to' ]) )
$redirect_to = preg_replace ( '|[^a-z0-9-~+_.?#=&;,/:]|i' , '' , $_REQUEST [ 'redirect_to' ]);
2006-02-12 08:53:23 +01:00
2005-11-11 02:35:15 +01:00
wp_redirect ( $redirect_to );
2003-04-01 16:12:34 +02:00
exit ();
break ;
2003-06-01 07:16:53 +02:00
case 'lostpassword' :
2005-03-09 23:49:42 +01:00
do_action ( 'lost_password' );
?>
2003-05-23 19:21:52 +02:00
<! DOCTYPE html PUBLIC " -//W3C//DTD XHTML 1.0 Transitional//EN " " http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd " >
< html xmlns = " http://www.w3.org/1999/xhtml " >
2003-04-01 16:12:34 +02:00
< head >
2004-10-04 08:23:53 +02:00
< title > WordPress & raquo ; < ? php _e ( 'Lost Password' ) ?> </title>
2005-02-14 05:36:57 +01:00
< meta http - equiv = " Content-Type " content = " <?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?> " />
2004-02-26 17:15:48 +01:00
< link rel = " stylesheet " href = " <?php echo get_settings('siteurl'); ?>/wp-admin/wp-admin.css " type = " text/css " />
2003-06-11 08:03:41 +02:00
< script type = " text/javascript " >
function focusit () {
// focus on first input field
2004-06-23 01:33:05 +02:00
document . getElementById ( 'user_login' ) . focus ();
2003-06-11 08:03:41 +02:00
}
window . onload = focusit ;
</ script >
2005-02-05 03:19:00 +01:00
< style type = " text/css " >
#user_login, #email, #submit {
font - size : 1.7 em ;
}
</ style >
2003-04-01 16:12:34 +02:00
</ head >
2003-05-23 19:21:52 +02:00
< body >
< div id = " login " >
2004-10-04 08:23:53 +02:00
< h1 >< a href = " http://wordpress.org/ " > WordPress </ a ></ h1 >
< p >< ? php _e ( 'Please enter your information here. We will send you a new password.' ) ?> </p>
2003-04-01 16:12:34 +02:00
< ? php
2004-10-04 08:23:53 +02:00
if ( $error )
2004-11-27 23:54:23 +01:00
echo " <div id='login_error'> $error </div> " ;
2003-04-01 16:12:34 +02:00
?>
2004-10-04 08:23:53 +02:00
< form name = " lostpass " action = " wp-login.php " method = " post " id = " lostpass " >
< p >
2003-04-01 16:12:34 +02:00
< input type = " hidden " name = " action " value = " retrievepassword " />
2005-03-13 18:06:18 +01:00
< label >< ? php _e ( 'Username:' ) ?> <br />
2005-02-05 03:19:00 +01:00
< input type = " text " name = " user_login " id = " user_login " value = " " size = " 20 " tabindex = " 1 " /></ label ></ p >
2005-03-13 18:06:18 +01:00
< p >< label >< ? php _e ( 'E-mail:' ) ?> <br />
2005-02-05 03:19:00 +01:00
< input type = " text " name = " email " id = " email " value = " " size = " 25 " tabindex = " 2 " /></ label >< br />
2004-10-04 08:23:53 +02:00
</ p >
2006-02-17 02:29:33 +01:00
< p class = " submit " >< input type = " submit " name = " submit " id = " submit " value = " <?php _e('Retrieve Password »'); ?> " tabindex = " 3 " /></ p >
2003-04-01 16:12:34 +02:00
</ form >
2005-02-05 03:19:00 +01:00
< ul >
2005-11-17 11:10:10 +01:00
< li >< a href = " <?php bloginfo('home'); ?>/ " title = " <?php _e('Are you lost?') ?> " >& laquo ; < ? php _e ( 'Back to blog' ) ?> </a></li>
2005-02-05 03:19:00 +01:00
< ? php if ( get_settings ( 'users_can_register' )) : ?>
< li >< a href = " <?php bloginfo('wpurl'); ?>/wp-register.php " >< ? php _e ( 'Register' ) ?> </a></li>
< ? php endif ; ?>
< li >< a href = " <?php bloginfo('wpurl'); ?>/wp-login.php " >< ? php _e ( 'Login' ) ?> </a></li>
</ ul >
2003-05-23 19:21:52 +02:00
</ div >
2003-04-01 16:12:34 +02:00
</ body >
</ html >
2004-10-04 08:23:53 +02:00
< ? php
2003-04-01 16:12:34 +02:00
break ;
2003-06-01 07:16:53 +02:00
case 'retrievepassword' :
2004-10-04 08:23:53 +02:00
$user_data = get_userdatabylogin ( $_POST [ 'user_login' ]);
2004-05-18 03:29:29 +02:00
// redefining user_login ensures we return the right case in the email
2004-05-30 10:24:24 +02:00
$user_login = $user_data -> user_login ;
2003-06-01 13:05:36 +02:00
$user_email = $user_data -> user_email ;
2003-04-01 16:12:34 +02:00
2004-10-04 08:23:53 +02:00
if ( ! $user_email || $user_email != $_POST [ 'email' ])
die ( sprintf ( __ ( 'Sorry, that user does not seem to exist in our database. Perhaps you have the wrong username or e-mail address? <a href="%s">Try again</a>.' ), 'wp-login.php?action=lostpassword' ));
2005-03-22 02:09:39 +01:00
do_action ( 'retreive_password' , $user_login ); // Misspelled and deprecated.
do_action ( 'retrieve_password' , $user_login );
2005-03-09 23:49:42 +01:00
2004-10-04 08:23:53 +02:00
// Generate something random for a password... md5'ing current time with a rand salt
2006-04-20 23:44:14 +02:00
$key = substr ( md5 ( uniqid ( microtime () ) ), 0 , 8 );
2004-10-04 08:23:53 +02:00
// now insert the new pass md5'd into the db
2005-02-05 03:19:00 +01:00
$wpdb -> query ( " UPDATE $wpdb->users SET user_activation_key = ' $key ' WHERE user_login = ' $user_login ' " );
2005-06-24 03:22:55 +02:00
$message = __ ( 'Someone has asked to reset the password for the following site and username.' ) . " \r \n \r \n " ;
2005-03-25 22:41:45 +01:00
$message .= get_option ( 'siteurl' ) . " \r \n \r \n " ;
2005-03-13 18:06:18 +01:00
$message .= sprintf ( __ ( 'Username: %s' ), $user_login ) . " \r \n \r \n " ;
2005-03-25 22:41:45 +01:00
$message .= __ ( 'To reset your password visit the following address, otherwise just ignore this email and nothing will happen.' ) . " \r \n \r \n " ;
2006-04-20 23:44:14 +02:00
$message .= get_settings ( 'siteurl' ) . " /wp-login.php?action=rp&key= $key\r\n " ;
2005-02-07 07:43:23 +01:00
2005-03-25 22:41:45 +01:00
$m = wp_mail ( $user_email , sprintf ( __ ( '[%s] Password Reset' ), get_settings ( 'blogname' )), $message );
2005-02-05 03:19:00 +01:00
if ( $m == false ) {
echo '<p>' . __ ( 'The e-mail could not be sent.' ) . " <br /> \n " ;
echo __ ( 'Possible reason: your host may have disabled the mail() function...' ) . " </p> " ;
die ();
} else {
echo '<p>' . sprintf ( __ ( " The e-mail was sent successfully to %s's e-mail address. " ), $user_login ) . '<br />' ;
echo " <a href='wp-login.php' title=' " . __ ( 'Check your e-mail first, of course' ) . " '> " . __ ( 'Click here to login!' ) . '</a></p>' ;
die ();
}
break ;
case 'resetpass' :
2006-04-20 23:44:14 +02:00
case 'rp' :
2005-02-05 03:19:00 +01:00
// Generate something random for a password... md5'ing current time with a rand salt
2005-06-13 01:14:52 +02:00
$key = preg_replace ( '/a-z0-9/i' , '' , $_GET [ 'key' ]);
2005-03-13 18:15:56 +01:00
if ( empty ( $key ) )
die ( __ ( 'Sorry, that key does not appear to be valid.' ) );
2005-02-05 03:19:00 +01:00
$user = $wpdb -> get_row ( " SELECT * FROM $wpdb->users WHERE user_activation_key = ' $key ' " );
if ( ! $user )
die ( __ ( 'Sorry, that key does not appear to be valid.' ) );
2005-03-09 23:49:42 +01:00
do_action ( 'password_reset' );
2005-02-07 07:43:23 +01:00
$new_pass = substr ( md5 ( uniqid ( microtime () ) ), 0 , 7 );
$wpdb -> query ( " UPDATE $wpdb->users SET user_pass = MD5(' $new_pass '), user_activation_key = '' WHERE user_login = ' $user->user_login ' " );
2005-12-23 21:30:25 +01:00
wp_cache_delete ( $user -> ID , 'users' );
2006-02-12 08:53:23 +01:00
wp_cache_delete ( $user -> user_login , 'userlogins' );
2005-03-13 18:06:18 +01:00
$message = sprintf ( __ ( 'Username: %s' ), $user -> user_login ) . " \r \n " ;
$message .= sprintf ( __ ( 'Password: %s' ), $new_pass ) . " \r \n " ;
2005-03-25 22:41:45 +01:00
$message .= get_settings ( 'siteurl' ) . " /wp-login.php \r \n " ;
2003-04-01 16:12:34 +02:00
2005-03-25 22:41:45 +01:00
$m = wp_mail ( $user -> user_email , sprintf ( __ ( '[%s] Your new password' ), get_settings ( 'blogname' )), $message );
2003-04-01 16:12:34 +02:00
if ( $m == false ) {
2005-03-25 22:41:45 +01:00
echo '<p>' . __ ( 'The e-mail could not be sent.' ) . " <br /> \n " ;
echo __ ( 'Possible reason: your host may have disabled the mail() function...' ) . '</p>' ;
2003-04-01 16:12:34 +02:00
die ();
} else {
2005-03-25 22:41:45 +01:00
echo '<p>' . sprintf ( __ ( 'Your new password is in the mail.' ), $user_login ) . '<br />' ;
2004-06-15 01:44:00 +02:00
echo " <a href='wp-login.php' title=' " . __ ( 'Check your e-mail first, of course' ) . " '> " . __ ( 'Click here to login!' ) . '</a></p>' ;
2004-02-09 10:56:57 +01:00
// send a copy of password change notification to the admin
2005-03-25 22:41:45 +01:00
$message = sprintf ( __ ( 'Password Lost and Changed for user: %s' ), $user -> user_login ) . " \r \n " ;
wp_mail ( get_settings ( 'admin_email' ), sprintf ( __ ( '[%s] Password Lost/Change' ), get_settings ( 'blogname' )), $message );
2005-02-07 07:43:23 +01:00
die ();
}
2003-04-01 16:12:34 +02:00
break ;
2004-10-04 08:45:01 +02:00
case 'login' :
2003-04-01 16:12:34 +02:00
default :
2004-11-27 23:54:23 +01:00
$user_login = '' ;
$user_pass = '' ;
$using_cookie = false ;
2005-09-14 22:57:21 +02:00
if ( ! isset ( $_REQUEST [ 'redirect_to' ] ) )
$redirect_to = 'wp-admin/' ;
else
$redirect_to = $_REQUEST [ 'redirect_to' ];
$redirect_to = preg_replace ( '|[^a-z0-9-~+_.?#=&;,/:]|i' , '' , $redirect_to );
2004-11-27 23:54:23 +01:00
2005-11-17 01:51:34 +01:00
if ( $_POST ) {
2004-11-27 23:54:23 +01:00
$user_login = $_POST [ 'log' ];
2005-11-17 01:51:34 +01:00
$user_login = sanitize_user ( $user_login );
2004-12-18 21:56:26 +01:00
$user_pass = $_POST [ 'pwd' ];
2005-07-23 08:56:59 +02:00
$rememberme = $_POST [ 'rememberme' ];
2006-02-22 08:30:28 +01:00
} else {
$cookie_login = wp_get_cookie_login ();
if ( ! empty ( $cookie_login ) ) {
2004-11-27 23:54:23 +01:00
$using_cookie = true ;
2006-02-22 08:30:28 +01:00
$user_login = $cookie_login [ 'login' ];
$user_pass = $cookie_login [ 'password' ];
2004-11-27 23:54:23 +01:00
}
2004-10-04 08:45:01 +02:00
}
2005-03-09 23:49:42 +01:00
do_action ( 'wp_authenticate' , array ( & $user_login , & $user_pass ));
2006-01-02 09:46:13 +01:00
if ( $user_login && $user_pass ) {
2005-12-15 17:45:20 +01:00
$user = new WP_User ( 0 , $user_login );
2006-02-12 08:53:23 +01:00
2005-07-15 03:24:08 +02:00
// If the user can't edit posts, send them to their profile.
2005-11-05 23:17:34 +01:00
if ( ! $user -> has_cap ( 'edit_posts' ) && ( empty ( $redirect_to ) || $redirect_to == 'wp-admin/' ) )
2005-11-17 01:51:34 +01:00
$redirect_to = get_settings ( 'siteurl' ) . '/wp-admin/profile.php' ;
2006-02-12 08:53:23 +01:00
2004-11-27 23:54:23 +01:00
if ( wp_login ( $user_login , $user_pass , $using_cookie ) ) {
2005-11-05 23:17:34 +01:00
if ( ! $using_cookie )
2005-07-23 08:56:59 +02:00
wp_setcookie ( $user_login , $user_pass , false , '' , '' , $rememberme );
2005-02-05 03:22:36 +01:00
do_action ( 'wp_login' , $user_login );
2005-03-13 17:36:09 +01:00
wp_redirect ( $redirect_to );
2005-11-05 23:17:34 +01:00
exit ;
2004-10-11 09:00:22 +02:00
} else {
2006-02-12 08:53:23 +01:00
if ( $using_cookie )
2004-11-27 23:54:23 +01:00
$error = __ ( 'Your session has expired.' );
2004-10-11 09:00:22 +02:00
}
2003-04-01 16:12:34 +02:00
}
2004-12-18 21:56:26 +01:00
?>
2003-06-11 08:03:41 +02:00
<! DOCTYPE html PUBLIC " -//W3C//DTD XHTML 1.0 Transitional//EN " " http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd " >
2003-05-23 19:21:52 +02:00
< html xmlns = " http://www.w3.org/1999/xhtml " >
2003-04-01 16:12:34 +02:00
< head >
2004-10-04 08:23:53 +02:00
< title > WordPress & rsaquo ; < ? php _e ( 'Login' ) ?> </title>
2005-02-14 05:36:57 +01:00
< meta http - equiv = " Content-Type " content = " <?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?> " />
2004-10-04 08:23:53 +02:00
< link rel = " stylesheet " href = " <?php bloginfo('wpurl'); ?>/wp-admin/wp-admin.css " type = " text/css " />
2003-06-11 08:03:41 +02:00
< script type = " text/javascript " >
function focusit () {
2004-06-23 01:33:05 +02:00
document . getElementById ( 'log' ) . focus ();
2003-06-11 08:03:41 +02:00
}
window . onload = focusit ;
</ script >
2003-04-01 16:12:34 +02:00
</ head >
2003-05-23 19:21:52 +02:00
< body >
2003-04-01 16:12:34 +02:00
2003-05-23 19:21:52 +02:00
< div id = " login " >
2004-10-04 08:23:53 +02:00
< h1 >< a href = " http://wordpress.org/ " > WordPress </ a ></ h1 >
2003-04-01 16:12:34 +02:00
< ? php
2004-12-18 21:56:26 +01:00
if ( $error )
2004-10-04 08:23:53 +02:00
echo " <div id='login_error'> $error </div> " ;
2003-04-01 16:12:34 +02:00
?>
2004-10-06 07:31:52 +02:00
< form name = " loginform " id = " loginform " action = " wp-login.php " method = " post " >
2005-11-17 01:51:34 +01:00
< p >< label >< ? php _e ( 'Username:' ) ?> <br /><input type="text" name="log" id="log" value="<?php echo wp_specialchars(stripslashes($user_login), 1); ?>" size="20" tabindex="1" /></label></p>
2005-03-13 18:06:18 +01:00
< p >< label >< ? php _e ( 'Password:' ) ?> <br /> <input type="password" name="pwd" id="pwd" value="" size="20" tabindex="2" /></label></p>
2005-07-23 08:56:59 +02:00
< p >
2005-08-03 03:56:02 +02:00
< label >< input name = " rememberme " type = " checkbox " id = " rememberme " value = " forever " tabindex = " 3 " />
2005-07-23 08:56:59 +02:00
< ? php _e ( 'Remember me' ); ?> </label></p>
2004-12-18 21:56:26 +01:00
< p class = " submit " >
2005-08-03 03:56:02 +02:00
< input type = " submit " name = " submit " id = " submit " value = " <?php _e('Login'); ?> » " tabindex = " 4 " />
2004-12-18 21:56:26 +01:00
< input type = " hidden " name = " redirect_to " value = " <?php echo $redirect_to ; ?> " />
2004-10-04 08:23:53 +02:00
</ p >
2003-04-01 16:12:34 +02:00
</ form >
2004-10-04 08:23:53 +02:00
< ul >
2005-11-17 11:10:10 +01:00
< li >< a href = " <?php bloginfo('home'); ?>/ " title = " <?php _e('Are you lost?') ?> " >& laquo ; < ? php _e ( 'Back to blog' ) ?> </a></li>
2004-10-04 08:23:53 +02:00
< ? php if ( get_settings ( 'users_can_register' )) : ?>
< li >< a href = " <?php bloginfo('wpurl'); ?>/wp-register.php " >< ? php _e ( 'Register' ) ?> </a></li>
< ? php endif ; ?>
< li >< a href = " <?php bloginfo('wpurl'); ?>/wp-login.php?action=lostpassword " title = " <?php _e('Password Lost and Found') ?> " >< ? php _e ( 'Lost your password?' ) ?> </a></li>
</ ul >
2003-05-23 19:21:52 +02:00
</ div >
2003-04-01 16:12:34 +02:00
</ body >
</ html >
2003-06-11 08:03:41 +02:00
< ? php
2003-04-01 16:12:34 +02:00
break ;
2003-06-11 08:03:41 +02:00
} // end action switch
2005-03-13 18:06:18 +01:00
?>