2003-04-01 16:12:34 +02:00
< ? php
2003-05-23 18:29:12 +02:00
require ( 'b2config.php' );
2003-05-25 14:43:31 +02:00
require_once ( $abspath . $b2inc . '/b2template.functions.php' );
require_once ( $abspath . $b2inc . '/b2functions.php' );
require_once ( $abspath . $b2inc . '/b2vars.php' );
2003-06-01 22:59:33 +02:00
require_once ( $abspath . $b2inc . '/wp-db.php' );
2003-04-01 16:12:34 +02:00
if ( ! function_exists ( 'add_magic_quotes' )) {
function add_magic_quotes ( $array ) {
foreach ( $array as $k => $v ) {
if ( is_array ( $v )) {
$array [ $k ] = add_magic_quotes ( $v );
} else {
$array [ $k ] = addslashes ( $v );
}
}
return $array ;
}
}
if ( ! get_magic_quotes_gpc ()) {
$HTTP_GET_VARS = add_magic_quotes ( $HTTP_GET_VARS );
$HTTP_POST_VARS = add_magic_quotes ( $HTTP_POST_VARS );
$HTTP_COOKIE_VARS = add_magic_quotes ( $HTTP_COOKIE_VARS );
}
$b2varstoreset = array ( 'action' , 'mode' , 'error' , 'text' , 'popupurl' , 'popuptitle' );
for ( $i = 0 ; $i < count ( $b2varstoreset ); $i = $i + 1 ) {
$b2var = $b2varstoreset [ $i ];
if ( ! isset ( $$b2var )) {
if ( empty ( $HTTP_POST_VARS [ " $b2var " ])) {
if ( empty ( $HTTP_GET_VARS [ " $b2var " ])) {
$$b2var = '' ;
} else {
$$b2var = $HTTP_GET_VARS [ " $b2var " ];
}
} else {
$$b2var = $HTTP_POST_VARS [ " $b2var " ];
}
}
}
switch ( $action ) {
2003-06-01 07:16:53 +02:00
case 'logout' :
2003-04-01 16:12:34 +02:00
2003-06-01 07:16:53 +02:00
setcookie ( 'wordpressuser' );
setcookie ( 'wordpresspass' );
header ( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' );
header ( 'Last-Modified: ' . gmdate ( 'D, d M Y H:i:s' ) . ' GMT' );
header ( 'Cache-Control: no-cache, must-revalidate' );
header ( 'Pragma: no-cache' );
2003-04-01 16:12:34 +02:00
if ( $is_IIS ) {
2003-06-01 07:16:53 +02:00
header ( 'Refresh: 0;url=b2login.php' );
2003-04-01 16:12:34 +02:00
} else {
2003-06-01 07:16:53 +02:00
header ( 'Location: b2login.php' );
2003-04-01 16:12:34 +02:00
}
exit ();
break ;
2003-06-01 07:16:53 +02:00
case 'login' :
2003-04-01 16:12:34 +02:00
if ( ! empty ( $HTTP_POST_VARS )) {
$log = $HTTP_POST_VARS [ " log " ];
$pwd = $HTTP_POST_VARS [ " pwd " ];
$redirect_to = $HTTP_POST_VARS [ " redirect_to " ];
}
function login () {
2003-06-01 07:16:53 +02:00
global $wpdb , $log , $pwd , $error , $user_ID ;
2003-04-01 16:12:34 +02:00
global $tableusers , $pass_is_md5 ;
2003-06-01 07:16:53 +02:00
$user_login = & $log ;
$password = & $pwd ;
2003-04-01 16:12:34 +02:00
if ( ! $user_login ) {
2003-06-01 07:16:53 +02:00
$error = " <strong>ERROR</strong>: the login field is empty " ;
2003-04-01 16:12:34 +02:00
return false ;
}
if ( ! $password ) {
2003-06-01 07:16:53 +02:00
$error = " <strong>ERROR</strong>: the password field is empty " ;
2003-04-01 16:12:34 +02:00
return false ;
}
2003-06-01 07:16:53 +02:00
if ( 'md5:' == substr ( $password , 0 , 4 )) {
2003-04-01 16:12:34 +02:00
$pass_is_md5 = 1 ;
2003-06-01 07:16:53 +02:00
$password = substr ( $password , 4 , strlen ( $password ));
$query = " SELECT ID, user_login, user_pass FROM $tableusers WHERE user_login = ' $user_login ' AND MD5(user_pass) = ' $password ' " ;
2003-04-01 16:12:34 +02:00
} else {
$pass_is_md5 = 0 ;
2003-06-01 07:16:53 +02:00
$query = " SELECT ID, user_login, user_pass FROM $tableusers WHERE user_login = ' $user_login ' AND user_pass = ' $password ' " ;
2003-04-01 16:12:34 +02:00
}
2003-06-01 07:16:53 +02:00
$login = $wpdb -> get_row ( $query );
2003-04-01 16:12:34 +02:00
2003-06-01 07:16:53 +02:00
if ( ! $login ) {
$error = '<b>ERROR</b>: wrong login or password' ;
$pwd = '' ;
2003-04-01 16:12:34 +02:00
return false ;
} else {
2003-06-01 07:16:53 +02:00
$user_ID = $login -> ID ;
if (( $pass_is_md5 == 0 && $login -> user_login == $user_login && $login -> user_pass == $password ) || ( $pass_is_md5 == 1 && $login -> user_login == $user_login && md5 ( $login -> user_pass ) == $password )) {
2003-04-01 16:12:34 +02:00
return true ;
} else {
2003-06-01 07:16:53 +02:00
$error = '<b>ERROR</b>: wrong login or password' ;
$pwd = '' ;
2003-04-01 16:12:34 +02:00
return false ;
}
}
}
if ( ! login ()) {
2003-06-01 07:16:53 +02:00
header ( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' );
header ( 'Last-Modified: ' . gmdate ( 'D, d M Y H:i:s' ) . ' GMT' );
header ( 'Cache-Control: no-cache, must-revalidate' );
header ( 'Pragma: no-cache' );
if ( $is_IIS ) {
header ( 'Refresh: 0;url=b2login.php' );
} else {
header ( 'Location: b2login.php' );
}
2003-04-01 16:12:34 +02:00
exit ();
} else {
2003-06-01 07:16:53 +02:00
$user_login = $log ;
$user_pass = $pwd ;
setcookie ( 'wordpressuser' , $user_login , time () + 31536000 );
2003-04-01 16:12:34 +02:00
if ( $pass_is_md5 ) {
2003-06-01 07:16:53 +02:00
setcookie ( 'wordpresspass' , $user_pass , time () + 31536000 );
2003-04-01 16:12:34 +02:00
} else {
2003-06-01 07:16:53 +02:00
setcookie ( 'wordpresspass' , md5 ( $user_pass ), time () + 31536000 );
2003-04-01 16:12:34 +02:00
}
2003-06-01 07:16:53 +02:00
if ( empty ( $HTTP_COOKIE_VARS [ 'wordpressblogid' ])) {
setcookie ( 'wordpressblogid' , 1 , time () + 31536000 );
2003-04-01 16:12:34 +02:00
}
2003-06-01 07:16:53 +02:00
header ( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' );
header ( 'Last-Modified: ' . gmdate ( 'D, d M Y H:i:s' ) . ' GMT' );
header ( 'Cache-Control: no-cache, must-revalidate' );
header ( 'Pragma: no-cache' );
2003-04-01 16:12:34 +02:00
switch ( $mode ) {
2003-06-01 07:16:53 +02:00
case 'bookmarklet' :
$location = " wp-admin/b2bookmarklet.php?text= $text &popupurl= $popupurl &popuptitle= $popuptitle " ;
2003-04-01 16:12:34 +02:00
break ;
2003-06-01 07:16:53 +02:00
case 'sidebar' :
$location = " wp-admin/sidebar.php?text= $text &popupurl= $popupurl &popuptitle= $popuptitle " ;
2003-04-01 16:12:34 +02:00
break ;
2003-06-01 07:16:53 +02:00
case 'profile' :
$location = " wp-admin/profile.php?text= $text &popupurl= $popupurl &popuptitle= $popuptitle " ;
2003-04-01 16:12:34 +02:00
break ;
default :
2003-06-01 07:16:53 +02:00
$location = " $redirect_to " ;
2003-04-01 16:12:34 +02:00
break ;
}
if ( $is_IIS ) {
header ( " Refresh: 0;url= $location " );
} else {
header ( " Location: $location " );
}
}
break ;
2003-06-01 07:16:53 +02:00
case 'lostpassword' :
2003-04-01 16:12:34 +02:00
2003-05-23 19:21:52 +02:00
?>
<! DOCTYPE html PUBLIC " -//W3C//DTD XHTML 1.0 Transitional//EN " " http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd " >
< html xmlns = " http://www.w3.org/1999/xhtml " >
2003-04-01 16:12:34 +02:00
< head >
2003-05-23 19:21:52 +02:00
< title > WordPress > Lost password ? </ title >
< meta http - equiv = " Content-Type " content = " text/html; charset=iso-8859-1 " />
2003-05-24 23:50:22 +02:00
< link rel = " stylesheet " href = " <?php echo $siteurl ; ?>/wp-admin/b2.css " type = " text/css " />
2003-04-01 16:12:34 +02:00
</ head >
2003-05-23 19:21:52 +02:00
< body >
2003-04-01 16:12:34 +02:00
2003-05-23 19:21:52 +02:00
< div id = " login " >
< p > Type your login here and click OK . You will receive an email with your password .</ p >
2003-04-01 16:12:34 +02:00
< ? php
if ( $error ) echo " <div align= \" right \" style= \" padding:4px; \" ><font color= \" #FF0000 \" > $error </font><br /> </div> " ;
?>
< form name = " " action = " b2login.php " method = " post " >
< input type = " hidden " name = " action " value = " retrievepassword " />
2003-05-23 19:21:52 +02:00
< label > Login : < input type = " text " name = " user_login " id = " user_login " value = " " size = " 12 " /></ label >
< input type = " submit " name = " Submit2 " value = " OK " class = " search " >
2003-04-01 16:12:34 +02:00
</ form >
2003-05-23 19:21:52 +02:00
</ div >
2003-04-01 16:12:34 +02:00
2003-06-01 07:16:53 +02:00
2003-04-01 16:12:34 +02:00
</ body >
</ html >
< ? php
break ;
2003-06-01 07:16:53 +02:00
case 'retrievepassword' :
2003-04-01 16:12:34 +02:00
$user_login = $HTTP_POST_VARS [ " user_login " ];
$user_data = get_userdatabylogin ( $user_login );
2003-06-01 13:05:36 +02:00
$user_email = $user_data -> user_email ;
$user_pass = $user_data -> user_pass ;
2003-04-01 16:12:34 +02:00
$message = " Login: $user_login\r\n " ;
$message .= " Password: $user_pass\r\n " ;
2003-06-01 07:16:53 +02:00
$m = mail ( $user_email , " Your weblog's login/password " , $message );
2003-04-01 16:12:34 +02:00
if ( $m == false ) {
echo " <p>The email could not be sent.<br /> \n " ;
echo " Possible reason: your host may have disabled the mail() function...</p> " ;
die ();
} else {
2003-06-01 07:16:53 +02:00
echo " <p>The email was sent successfully to $user_login 's email address.<br />
< a href = 'b2login.php' title = 'Check your email first, of course' > Click here to login !</ a ></ p > " ;
2003-04-01 16:12:34 +02:00
die ();
}
break ;
default :
2003-06-01 13:05:36 +02:00
if (( ! empty ( $HTTP_COOKIE_VARS [ 'wordpressuser' ])) && ( ! empty ( $HTTP_COOKIE_VARS [ 'wordpresspass' ]))) {
$user_login = $HTTP_COOKIE_VARS [ 'wordpressuser' ];
$user_pass_md5 = $HTTP_COOKIE_VARS [ 'wordpresspass' ];
2003-04-01 16:12:34 +02:00
}
function checklogin () {
2003-06-01 07:16:53 +02:00
global $user_login , $user_pass_md5 , $user_ID ;
2003-04-01 16:12:34 +02:00
$userdata = get_userdatabylogin ( $user_login );
2003-06-01 13:05:36 +02:00
if ( $user_pass_md5 != md5 ( $userdata -> user_pass )) {
2003-04-01 16:12:34 +02:00
return false ;
} else {
return true ;
}
}
if ( ! ( checklogin ()) ) {
2003-06-01 13:05:36 +02:00
if ( ! empty ( $HTTP_COOKIE_VARS [ 'wordpressuser' ])) {
2003-04-01 16:12:34 +02:00
$error = " Error: wrong login/password " ; //, or your session has expired.";
}
} else {
2003-06-01 07:16:53 +02:00
header ( " Expires: Wed, 5 Jun 1979 23:41:00 GMT " ); /* private joke: this is Michel's birthdate - though officially it's on the 6th, since he's GMT+1 :) */
2003-04-01 16:12:34 +02:00
header ( " Last-Modified: " . gmdate ( " D, d M Y H:i:s " ) . " GMT " ); /* different all the time */
header ( " Cache-Control: no-cache, must-revalidate " ); /* to cope with HTTP/1.1 */
header ( " Pragma: no-cache " );
2003-05-23 00:51:40 +02:00
header ( " Location: wp-admin/b2edit.php " );
2003-04-01 16:12:34 +02:00
exit ();
}
2003-05-23 19:21:52 +02:00
?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
< html xmlns = " http://www.w3.org/1999/xhtml " >
2003-04-01 16:12:34 +02:00
< head >
2003-05-23 19:21:52 +02:00
< title > WordPress > Login form </ title >
2003-06-01 07:16:53 +02:00
< meta http - equiv = " Content-Type " content = " text/html; charset=iso-8859-1 " />
< link rel = " stylesheet " href = " <?php echo $siteurl ; ?>/wp-admin/b2.css " type = " text/css " />
2003-04-01 16:12:34 +02:00
</ head >
2003-05-23 19:21:52 +02:00
< body >
2003-04-01 16:12:34 +02:00
2003-06-01 07:16:53 +02:00
2003-04-01 16:12:34 +02:00
2003-05-23 19:21:52 +02:00
< div id = " login " >
2003-05-25 01:10:14 +02:00
< p >< a href = " <?php echo $siteurl ?> " > Back to blog ? </ a >< br />
2003-05-24 23:29:49 +02:00
< ? php if ( $users_can_register ) { ?>
2003-05-24 23:50:22 +02:00
< a href = " <?php echo $siteurl ; ?>/b2register.php " > Register ? </ a >< br />
2003-05-24 23:29:49 +02:00
< ? php } ?>
2003-05-24 23:50:22 +02:00
< a href = " <?php echo $siteurl ; ?>/b2login.php?action=lostpassword " > Lost your password ? </ a ></ p >
2003-04-01 16:12:34 +02:00
< ? php
if ( $error ) echo " <div align= \" right \" style= \" padding:4px; \" ><font color= \" #FF0000 \" > $error </font><br /> </div> " ;
?>
2003-05-25 01:10:14 +02:00
< form name = " " action = " <?php echo $path ; ?>/b2login.php " method = " post " >
2003-04-01 16:12:34 +02:00
< ? php if ( $mode == " bookmarklet " ) { ?>
< input type = " hidden " name = " mode " value = " <?php echo $mode ?> " />
< input type = " hidden " name = " text " value = " <?php echo $text ?> " />
< input type = " hidden " name = " popupurl " value = " <?php echo $popupurl ?> " />
< input type = " hidden " name = " popuptitle " value = " <?php echo $popuptitle ?> " />
< ? php } ?>
2003-05-23 00:51:40 +02:00
< input type = " hidden " name = " redirect_to " value = " wp-admin/b2edit.php " />
2003-04-01 16:12:34 +02:00
< input type = " hidden " name = " action " value = " login " />
2003-05-23 19:21:52 +02:00
< label > Login : < input type = " text " name = " log " value = " " size = " 8 " /></ label >< br />
< label > Password : < input type = " password " name = " pwd " value = " " size = " 8 " /></ label >< br />
< input type = " submit " name = " Submit2 " value = " OK " class = " search " >
2003-04-01 16:12:34 +02:00
</ form >
2003-05-23 19:21:52 +02:00
</ div >
2003-04-01 16:12:34 +02:00
</ body >
</ html >
< ? php
break ;
}
?>