From 18585460f5a8908ba0260c130c2b1cb56252e92f Mon Sep 17 00:00:00 2001
From: Ryan Boren <ryan@git.wordpress.org>
Date: Mon, 11 Oct 2004 07:00:22 +0000
Subject: [PATCH] Login fixes.

git-svn-id: https://develop.svn.wordpress.org/trunk@1774 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-admin/auth.php         |  2 +-
 wp-includes/functions.php |  3 +--
 wp-login.php              | 47 ++++++++++++++++++++++-----------------
 3 files changed, 28 insertions(+), 24 deletions(-)

diff --git a/wp-admin/auth.php b/wp-admin/auth.php
index c6b8176580..269a3b970a 100644
--- a/wp-admin/auth.php
+++ b/wp-admin/auth.php
@@ -1,7 +1,7 @@
 <?php
 require_once('../wp-config.php');
 
-if ( !empty($_COOKIE['wordpressuser_' . COOKIEHASH]) && !wp_login($_COOKIE['wordpressuser_' . COOKIEHASH], $_COOKIE['wordpresspass_' . COOKIEHASH]) ) {
+if ( !empty($_COOKIE['wordpressuser_' . COOKIEHASH]) && !wp_login($_COOKIE['wordpressuser_' . COOKIEHASH], $_COOKIE['wordpresspass_' . COOKIEHASH], true) ) {
 	header('Expires: Wed, 5 Jun 1979 23:41:00 GMT'); // Michel's birthday
 	header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
 	header('Cache-Control: no-cache, must-revalidate');
diff --git a/wp-includes/functions.php b/wp-includes/functions.php
index 8defb3f166..02e0b3cc8c 100644
--- a/wp-includes/functions.php
+++ b/wp-includes/functions.php
@@ -1907,8 +1907,7 @@ function wp_login($username, $password, $already_md5 = false) {
 		$error = __('<strong>Error</strong>: Wrong login.');
 		return false;
 	} else {
-
-		if ( ($login->user_login == $username && $login->user_pass == $password) || ($already_md5 && $login->user_login == $username && md5($login->user_pass) == $password) ) {
+		if ( ($already_md5 && $login->user_login == $username && $login->user_pass == $password) || ($login->user_login == $username && $login->user_pass == md5($password)) ) {
 			return true;
 		} else {
 			$error = __('<strong>Error</strong>: Incorrect password.');
diff --git a/wp-login.php b/wp-login.php
index 5c4b1f6179..5c9bae8040 100644
--- a/wp-login.php
+++ b/wp-login.php
@@ -142,8 +142,12 @@ default:
 
 	if( !empty($_POST) ) {
 		$log = $_POST['log'];
-		$pwd = md5($_POST['pwd']);
+		$pwd = $_POST['pwd'];
 		$redirect_to = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $_POST['redirect_to']);
+	} else {
+		$log = '';
+		$pwd = '';
+		$redirect_to = '';
 	}
 	
 	$user = get_userdatabylogin($log);
@@ -152,30 +156,31 @@ default:
 		$redirect_to = get_settings('siteurl') . '/wp-admin/profile.php';
 	}
 
-	if ( wp_login($log, $pwd) ) {
-		$user_login = $log;
-		$user_pass = $pwd;
-		setcookie('wordpressuser_'. COOKIEHASH, $user_login, time() + 31536000, COOKIEPATH);
-		setcookie('wordpresspass_'. COOKIEHASH, md5($user_pass), time() + 31536000, COOKIEPATH);
-
-		if ($is_IIS)
-			header("Refresh: 0;url=$redirect_to");
-		else
-			header("Location: $redirect_to");
-	}
-
-	if( !empty($_COOKIE['wordpressuser_' . COOKIEHASH]) && !empty($_COOKIE['wordpresspass_' . COOKIEHASH]) ) {
+	if ($log && $pwd) {
+		if ( wp_login($log, $pwd) ) {
+			$user_login = $log;
+			$user_pass = md5($pwd);
+			setcookie('wordpressuser_'. COOKIEHASH, $user_login, time() + 31536000, COOKIEPATH);
+			setcookie('wordpresspass_'. COOKIEHASH, $user_pass, time() + 31536000, COOKIEPATH);
+			
+			if ($is_IIS)
+				header("Refresh: 0;url=$redirect_to");
+			else
+				header("Location: $redirect_to");
+		}
+	} else if ( !empty($_COOKIE['wordpressuser_' . COOKIEHASH]) && !empty($_COOKIE['wordpresspass_' . COOKIEHASH]) ) {
 		$user_login = $_COOKIE['wordpressuser_' . COOKIEHASH];
 		$user_pass_md5 = $_COOKIE['wordpresspass_' . COOKIEHASH];
+
+		if ( wp_login($user_login, $user_pass_md5, true) ) {
+			header('Location: wp-admin/');
+			exit();
+		} else {
+			if ( !empty($_COOKIE['wordpressuser_' . COOKIEHASH]) )
+				$error = 'Your session has expired.';
+		}
 	}
 
-	if ( wp_login($user_login, $user_pass_md5, true) ) {
-		header('Location: wp-admin/');
-		exit();
-	} else {
-		if ( !empty($_COOKIE['wordpressuser_' . COOKIEHASH]) )
-			$error = 'Your session has expired.';
-	}
 	?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">