diff --git a/b2login.php b/b2login.php index 9c2efae405..a42a90e30d 100644 --- a/b2login.php +++ b/b2login.php @@ -40,30 +40,26 @@ for ($i = 0; $i < count($b2varstoreset); $i = $i + 1) { } } -/* connecting the db */ -$connexion = @mysql_connect($server,$loginsql,$passsql) or die("Can't connect to the database
".mysql_error()); -mysql_select_db("$base"); - switch($action) { -case "logout": +case 'logout': - setcookie("wordpressuser"); - setcookie("wordpresspass"); - header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); - header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); - header("Cache-Control: no-cache, must-revalidate"); // for HTTP/1.1 - header("Pragma: no-cache"); + setcookie('wordpressuser'); + setcookie('wordpresspass'); + header('Expires: Wed, 11 Jan 1984 05:00:00 GMT'); + header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); + header('Cache-Control: no-cache, must-revalidate'); + header('Pragma: no-cache'); if ($is_IIS) { - header("Refresh: 0;url=b2login.php"); + header('Refresh: 0;url=b2login.php'); } else { - header("Location: b2login.php"); + header('Location: b2login.php'); } exit(); break; -case "login": +case 'login': if(!empty($HTTP_POST_VARS)) { $log = $HTTP_POST_VARS["log"]; @@ -72,88 +68,86 @@ case "login": } function login() { - global $server,$loginsql,$passsql,$base,$log,$pwd,$error,$user_ID; + global $wpdb, $log, $pwd, $error, $user_ID; global $tableusers, $pass_is_md5; - $user_login=$log; - $password=$pwd; + $user_login = &$log; + $password = &$pwd; if (!$user_login) { - $error="ERROR: the login field is empty"; + $error="ERROR: the login field is empty"; return false; } if (!$password) { - $error="ERROR: the password field is empty"; + $error="ERROR: the password field is empty"; return false; } - if (substr($password,0,4)=="md5:") { + if ('md5:' == substr($password, 0, 4)) { $pass_is_md5 = 1; - $password = substr($password,4,strlen($password)); - $query = " SELECT ID, user_login, user_pass FROM $tableusers WHERE user_login = '$user_login' AND MD5(user_pass) = '$password' "; + $password = substr($password, 4, strlen($password)); + $query = "SELECT ID, user_login, user_pass FROM $tableusers WHERE user_login = '$user_login' AND MD5(user_pass) = '$password'"; } else { $pass_is_md5 = 0; - $query = " SELECT ID, user_login, user_pass FROM $tableusers WHERE user_login = '$user_login' AND user_pass = '$password' "; + $query = "SELECT ID, user_login, user_pass FROM $tableusers WHERE user_login = '$user_login' AND user_pass = '$password'"; } - $result = mysql_query($query) or die("Incorrect Login/Password request: ".mysql_error()); + $login = $wpdb->get_row($query); - $lines = mysql_num_rows($result); - if ($lines<1) { - $error="ERROR: wrong login or password"; - $pwd=""; + if (!$login) { + $error = 'ERROR: wrong login or password'; + $pwd = ''; return false; } else { - $res=mysql_fetch_row($result); - $user_ID=$res[0]; - if (($pass_is_md5==0 && $res[1]==$user_login && $res[2]==$password) || ($pass_is_md5==1 && $res[1]==$user_login && md5($res[2])==$password)) { + $user_ID = $login->ID; + if (($pass_is_md5 == 0 && $login->user_login == $user_login && $login->user_pass == $password) || ($pass_is_md5 == 1 && $login->user_login == $user_login && md5($login->user_pass) == $password)) { return true; } else { - $error="ERROR: wrong login or password"; - $pwd=""; + $error = 'ERROR: wrong login or password'; + $pwd = ''; return false; } } } if (!login()) { - header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); - header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); - header("Cache-Control: no-cache, must-revalidate"); - header("Pragma: no-cache"); - if ($is_IIS) { - header("Refresh: 0;url=b2login.php"); - } else { - header("Location: b2login.php"); - } + header('Expires: Wed, 11 Jan 1984 05:00:00 GMT'); + header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); + header('Cache-Control: no-cache, must-revalidate'); + header('Pragma: no-cache'); + if ($is_IIS) { + header('Refresh: 0;url=b2login.php'); + } else { + header('Location: b2login.php'); + } exit(); } else { - $user_login=$log; - $user_pass=$pwd; - setcookie("wordpressuser",$user_login,time()+31536000); + $user_login = $log; + $user_pass = $pwd; + setcookie('wordpressuser', $user_login, time()+31536000); if ($pass_is_md5) { - setcookie("wordpresspass",$user_pass,time()+31536000); + setcookie('wordpresspass', $user_pass, time()+31536000); } else { - setcookie("wordpresspass",md5($user_pass),time()+31536000); + setcookie('wordpresspass', md5($user_pass), time()+31536000); } - if (empty($HTTP_COOKIE_VARS["wordpressblogid"])) { - setcookie("wordpressblogid","1",time()+31536000); + if (empty($HTTP_COOKIE_VARS['wordpressblogid'])) { + setcookie('wordpressblogid', 1,time()+31536000); } - header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); - header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); - header("Cache-Control: no-cache, must-revalidate"); - header("Pragma: no-cache"); + header('Expires: Wed, 11 Jan 1984 05:00:00 GMT'); + header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); + header('Cache-Control: no-cache, must-revalidate'); + header('Pragma: no-cache'); switch($mode) { - case "bookmarklet": - $location="wp-admin/b2bookmarklet.php?text=$text&popupurl=$popupurl&popuptitle=$popuptitle"; + case 'bookmarklet': + $location = "wp-admin/b2bookmarklet.php?text=$text&popupurl=$popupurl&popuptitle=$popuptitle"; break; - case "sidebar": - $location="wp-admin/sidebar.php?text=$text&popupurl=$popupurl&popuptitle=$popuptitle"; + case 'sidebar': + $location = "wp-admin/sidebar.php?text=$text&popupurl=$popupurl&popuptitle=$popuptitle"; break; - case "profile": - $location="wp-admin/profile.php?text=$text&popupurl=$popupurl&popuptitle=$popuptitle"; + case 'profile': + $location = "wp-admin/profile.php?text=$text&popupurl=$popupurl&popuptitle=$popuptitle"; break; default: - $location="$redirect_to"; + $location = "$redirect_to"; break; } @@ -167,7 +161,7 @@ case "login": break; -case "lostpassword": +case 'lostpassword': ?> @@ -176,29 +170,9 @@ case "lostpassword": WordPress > Lost password ? - - - - -

Type your login here and click OK. You will receive an email with your password.

@@ -214,9 +188,7 @@ if ($error) echo "
-
+ @@ -225,7 +197,7 @@ if ($error) echo "
The email could not be sent.
\n"; echo "Possible reason: your host may have disabled the mail() function...

"; die(); } else { - echo "

The email was sent successfully to $user_login's email address.
\n"; - echo "Click here to login !

"; + echo "

The email was sent successfully to $user_login's email address.
+ Click here to login!

"; die(); } @@ -258,8 +230,7 @@ default: } function checklogin() { - global $server,$loginsql,$passsql,$base; - global $user_login,$user_pass_md5,$user_ID; + global $user_login, $user_pass_md5, $user_ID; $userdata = get_userdatabylogin($user_login); @@ -275,7 +246,7 @@ default: $error="Error: wrong login/password"; //, or your session has expired."; } } else { - header("Expires: Wed, 5 Jun 1979 23:41:00 GMT"); /* private joke: this is my birthdate - though officially it's on the 6th, since I'm GMT+1 :) */ + header("Expires: Wed, 5 Jun 1979 23:41:00 GMT"); /* private joke: this is Michel's birthdate - though officially it's on the 6th, since he's GMT+1 :) */ header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); /* different all the time */ header("Cache-Control: no-cache, must-revalidate"); /* to cope with HTTP/1.1 */ header("Pragma: no-cache"); @@ -286,31 +257,12 @@ default: WordPress > Login form - - - + + - - - -
+

Back to blog?
@@ -339,9 +291,6 @@ if ($error) echo "

-
diff --git a/wp-admin/b2verifauth.php b/wp-admin/b2verifauth.php index 23b750ff49..f8ba6e677e 100644 --- a/wp-admin/b2verifauth.php +++ b/wp-admin/b2verifauth.php @@ -2,14 +2,10 @@ require_once('../b2config.php'); -/* connecting the db */ -$connexion = @mysql_connect($server,$loginsql,$passsql) or die("Can't connect to the database
".mysql_error()); -mysql_select_db("$base"); - /* checking login & pass in the database */ function veriflog() { global $HTTP_COOKIE_VARS; - global $tableusers,$tablesettings,$tablecategories,$tableposts,$tablecomments; + global $tableusers, $wpdb; if (!empty($HTTP_COOKIE_VARS["wordpressuser"])) { $user_login = $HTTP_COOKIE_VARS["wordpressuser"]; @@ -18,20 +14,17 @@ function veriflog() { return false; } - if (!($user_login != "")) + if (!($user_login != '')) return false; if (!$user_pass_md5) return false; - $query = " SELECT user_login, user_pass FROM $tableusers WHERE user_login = '$user_login' "; - $result = @mysql_query($query) or die("Query: $query

Error: ".mysql_error()); + $login = $wpdb->get_row("SELECT user_login, user_pass FROM $tableusers WHERE user_login = '$user_login'"); - $lines = mysql_num_rows($result); - if ($lines<1) { + if (!$login) { return false; } else { - $res=mysql_fetch_row($result); - if ($res[0] == $user_login && md5($res[1]) == $user_pass_md5) { + if ($login->user_login == $user_login && md5($login->user_pass) == $user_pass_md5) { return true; } else { return false; @@ -41,12 +34,12 @@ function veriflog() { //if ( $user_login!="" && $user_pass!="" && $id_session!="" && $adresse_ip==$REMOTE_ADDR) { // if ( !(veriflog()) AND !(verifcookielog()) ) { if (!(veriflog())) { - header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); - header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); - header("Cache-Control: no-cache, must-revalidate"); - header("Pragma: no-cache"); + header('Expires: Wed, 11 Jan 1984 05:00:00 GMT'); + header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); + header('Cache-Control: no-cache, must-revalidate'); + header('Pragma: no-cache'); if (!empty($HTTP_COOKIE_VARS["wordpressuser"])) { - $error="Error: wrong login or password"; + $error="Error: wrong login or password"; } header("Location: $path/b2login.php"); exit();