[wp-cvs] wordpress wp-login.php, 1.22.4.6, 1.22.4.7 wp-settings.php, 1.41, 1.41.4.1

Ryan Boren rboren at users.sourceforge.net
Sat Nov 27 22:54:54 UTC 2004 

Update of /cvsroot/cafelog/wordpress
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv19152

Modified Files:
      Tag: WordPress-Ver-1_2-Branch
	wp-login.php wp-settings.php 
Log Message:
Login cleanup.  Port from 1.3.

Index: wp-settings.php
===================================================================
RCS file: /cvsroot/cafelog/wordpress/wp-settings.php,v
retrieving revision 1.41
retrieving revision 1.41.4.1
diff -C2 -d -r1.41 -r1.41.4.1
*** wp-settings.php	8 May 2004 20:42:51 -0000	1.41
--- wp-settings.php	27 Nov 2004 22:54:52 -0000	1.41.4.1
***************
*** 52,56 ****
      // Used to guarantee unique cookies
      $cookiehash = md5(get_settings('siteurl'));
! 
  } //end !$_wp_installing
  
--- 52,56 ----
      // Used to guarantee unique cookies
      $cookiehash = md5(get_settings('siteurl'));
! 		define('COOKIEHASH', $cookiehash); 
  } //end !$_wp_installing
  

Index: wp-login.php
===================================================================
RCS file: /cvsroot/cafelog/wordpress/wp-login.php,v
retrieving revision 1.22.4.6
retrieving revision 1.22.4.7
diff -C2 -d -r1.22.4.6 -r1.22.4.7
*** wp-login.php	12 Oct 2004 21:11:34 -0000	1.22.4.6
--- wp-login.php	27 Nov 2004 22:54:52 -0000	1.22.4.7
***************
*** 2,41 ****
  require('./wp-config.php');
  
- function login($username, $password, $already_md5 = false) {
- 	global $wpdb, $error, $tableusers;
- 
- 	if ( !$username )
- 		return false;
- 
- 	if ( !$password ) {
- 		$error = __('<strong>Error</strong>: The password field is empty.');
- 		return false;
- 	}
- 
- 	$login = $wpdb->get_row("SELECT ID, user_login, user_pass FROM $tableusers WHERE user_login = '$username'");
- 
- 	if (!$login) {
- 		$error = __('<strong>Error</strong>: Wrong login.');
- 		$pwd = '';
- 		return false;
- 	} else {
- 
- 		if ( ($login->user_login == $username && $login->user_pass == $password) || ($already_md5 && $login->user_login == $username && md5($login->user_pass) == $password) ) {
- 			return true;
- 		} else {
- 			$error = __('<strong>Error</strong>: Incorrect password.');
- 			$pwd = '';
- 			return false;
- 		}
- 	}
- }
- 
- function wp_mail($to, $subject, $message, $headers = '', $more = '') {
- 	if ( function_exists('mb_send_mail') )
- 		return mb_send_mail($to, $subject, $message, $headers, $more);
- 	else
- 		return mail($to, $subject, $message, $headers, $more);
- }
- 
  if (!function_exists('add_magic_quotes')) {
  	function add_magic_quotes($array) {
--- 2,5 ----
***************
*** 73,77 ****
--- 37,48 ----
  	}
  }
+ 
  $error = '';
+ 
+ header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
+ header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
+ header('Cache-Control: no-cache, must-revalidate');
+ header('Pragma: no-cache');
+ 
  // If someone has moved WordPress let's try to detect it
  if ( dirname('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']) != get_settings('siteurl') )
***************
*** 82,91 ****
  case 'logout':
  
!     setcookie('wordpressuser_' . $cookiehash, ' ', time() - 31536000, COOKIEPATH);
!     setcookie('wordpresspass_' . $cookiehash, ' ', time() - 31536000, COOKIEPATH);
! 	header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
! 	header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
! 	header('Cache-Control: no-cache, must-revalidate');
! 	header('Pragma: no-cache');
  	if ($is_IIS)
  		header('Refresh: 0;url=wp-login.php');
--- 53,59 ----
  case 'logout':
  
!     setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH);
!     setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH);
! 
  	if ($is_IIS)
  		header('Refresh: 0;url=wp-login.php');
***************
*** 119,123 ****
  <?php
  if ($error)
! 	echo "<div id='loginerror'>$error</div>";
  ?>
  
--- 87,91 ----
  <?php
  if ($error)
! 	echo "<div id='login_error'>$error</div>";
  ?>
  
***************
*** 149,153 ****
  	$user_pass = substr( MD5('time' . rand(1, 16000) ), 0, 6);
  	// now insert the new pass md5'd into the db
!  	$wpdb->query("UPDATE $tableusers SET user_pass = MD5('$user_pass') WHERE user_login = '$user_login'");
  	$message  = __('Login') . ": $user_login\r\n";
  	$message .= __('Password') . ": $user_pass\r\n";
--- 117,121 ----
  	$user_pass = substr( MD5('time' . rand(1, 16000) ), 0, 6);
  	// now insert the new pass md5'd into the db
!  	$wpdb->query("UPDATE $wpdb->users SET user_pass = MD5('$user_pass') WHERE user_login = '$user_login'");
  	$message  = __('Login') . ": $user_login\r\n";
  	$message .= __('Password') . ": $user_pass\r\n";
***************
*** 173,226 ****
  default:
  
  	if( !empty($_POST) ) {
! 		$log = $_POST['log'];
! 		$pwd = md5($_POST['pwd']);
  		$redirect_to = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $_POST['redirect_to']);
  	}
  	
! 	$user = get_userdatabylogin($log);
! 	
  	if (0 == $user->user_level) {
  		$redirect_to = get_settings('siteurl') . '/wp-admin/profile.php';
  	}
  
! 	if ( !login($log, $pwd) ) {
! 		header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
! 		header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
! 		header('Cache-Control: no-cache, must-revalidate');
! 		header('Pragma: no-cache');
! 	} else {
! 		$user_login = $log;
! 		$user_pass = $pwd;
! 		setcookie('wordpressuser_'.$cookiehash, $user_login, time() + 31536000, COOKIEPATH);
! 		setcookie('wordpresspass_'.$cookiehash, md5($user_pass), time() + 31536000, COOKIEPATH);
! 
! 		header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
! 		header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
! 		header('Cache-Control: no-cache, must-revalidate');
! 		header('Pragma: no-cache');
! 
! 		if ($is_IIS)
! 			header("Refresh: 0;url=$redirect_to");
! 		else
! 			header("Location: $redirect_to");
! 	}
! 
! 	if( !empty($_COOKIE['wordpressuser_' . $cookiehash]) && !empty($_COOKIE['wordpresspass_' . $cookiehash]) ) {
! 		$user_login = $_COOKIE['wordpressuser_' . $cookiehash];
! 		$user_pass_md5 = $_COOKIE['wordpresspass_' . $cookiehash];
! 	}
  
! 	if ( !login($user_login, $user_pass_md5, true) ) {
! 		if ( !empty($_COOKIE['wordpressuser_' . $cookiehash]) )
! 			$error = 'Your session has expired.';
! 	} else {
! 		header('Expires: Wed, 5 Jun 1979 23:41:00 GMT'); // Michel's birthday
! 		header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
! 		header('Cache-Control: no-cache, must-revalidate');
! 		header('Pragma: no-cache');
! 		header('Location: wp-admin/');
! 		exit();
  	}
  	?>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
--- 141,186 ----
  default:
  
+ 	$user_login = '';
+ 	$user_pass = '';
+ 	$redirect_to = '';
+ 	$using_cookie = false;
+ 
  	if( !empty($_POST) ) {
! 		$user_login = $_POST['log'];
! 		$user_pass = $_POST['pwd'];
  		$redirect_to = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $_POST['redirect_to']);
+ 	} elseif ( !empty($_COOKIE) ) {
+ 		if (! empty($_COOKIE['wordpressuser_' . COOKIEHASH]))
+ 			$user_login = $_COOKIE['wordpressuser_' . COOKIEHASH];
+ 		if (! empty($_COOKIE['wordpresspass_' . COOKIEHASH])) {
+ 			$user_pass = $_COOKIE['wordpresspass_' . COOKIEHASH];
+ 			$using_cookie = true;
+ 		}
  	}
  	
! 	$user = get_userdatabylogin($user_login);
  	if (0 == $user->user_level) {
  		$redirect_to = get_settings('siteurl') . '/wp-admin/profile.php';
  	}
  
! 	if ($user_login && $user_pass) {
! 		if ( wp_login($user_login, $user_pass, $using_cookie) ) {
! 			if (! $using_cookie) {
! 				$user_pass = md5(md5($user_pass)); // Double hash the password in the cookie.
! 				setcookie('wordpressuser_'. COOKIEHASH, $user_login, time() + 31536000, COOKIEPATH);
! 				setcookie('wordpresspass_'. COOKIEHASH, $user_pass, time() + 31536000, COOKIEPATH);
! 			}
  
! 			if ($is_IIS)
! 				header("Refresh: 0;url=$redirect_to");
! 			else
! 				header("Location: $redirect_to");
! 			exit();
! 		} else {
! 			if ($using_cookie)			
! 				$error = __('Your session has expired.');
! 		}
  	}
+ 	
  	?>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
***************
*** 247,251 ****
  ?>
  
! <form name="loginform" id="loginform" action="wp-login.php?action=login" method="post">
  <p><label><?php _e('Login') ?>: <input type="text" name="log" id="log" value="" size="20" tabindex="1" /></label></p>
  <p><label><?php _e('Password') ?>: <input type="password" name="pwd" value="" size="20" tabindex="2" /></label></p>
--- 207,211 ----
  ?>
  
! <form name="loginform" id="loginform" action="wp-login.php" method="post">
  <p><label><?php _e('Login') ?>: <input type="text" name="log" id="log" value="" size="20" tabindex="1" /></label></p>
  <p><label><?php _e('Password') ?>: <input type="password" name="pwd" value="" size="20" tabindex="2" /></label></p>

More information about the cvs mailing list