-
Notifications
You must be signed in to change notification settings - Fork 4
/
bb-login.php
155 lines (116 loc) · 4.69 KB
/
bb-login.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
<?php
// Load bbPress
require( './bb-load.php' );
// SSL redirect if required
bb_ssl_redirect();
// Don't cache this page at all
nocache_headers();
/** Look for redirection ******************************************************/
// Look for 'redirect_to'
if ( isset( $_REQUEST['redirect_to'] ) && is_string( $_REQUEST['redirect_to'] ) )
$re = $_REQUEST['redirect_to'];
// Look for 're'
if ( empty( $re ) && isset( $_REQUEST['re'] ) && is_string( $_REQUEST['re'] ) )
$re = $_REQUEST['re'];
// Use referer
if ( empty( $re ) )
$re = wp_get_referer();
// Don't redirect to register or password reset pages
if ( empty( $re ) ) {
// Grab home path and URL for comparison
$home_url = parse_url( bb_get_uri( null, null, BB_URI_CONTEXT_TEXT ) );
$home_path = $home_url['path'];
if ( false !== strpos( $re, $home_path . 'register.php' ) || false !== strpos( $re, $home_path . 'bb-reset-password.php' ) )
$re = bb_get_uri( null, null, BB_URI_CONTEXT_HEADER );
}
/**
* If this page was accessed using SSL, make sure the redirect is a full URL so
* that we don't end up on an SSL page again (unless the whole site is under SSL)
*/
if ( is_ssl() && 0 === strpos( $re, '/' ) )
$re = bb_get_uri( $re , null, BB_URI_CONTEXT_HEADER );
// Clean the redirection destination
if ( !empty( $re ) ) {
$re = esc_url( $re );
$re = esc_attr( $re );
$redirect_to = $re;
}
// Fallback to site root
if ( empty( $re ) )
$re = bb_get_uri();
/** Handle logout *************************************************************/
// User is logged in
if ( bb_is_user_logged_in() ) {
// Logout requested
if ( isset( $_GET['logout'] ) )
$_GET['action'] = 'logout';
// Check logout action
if ( isset( $_GET['action'] ) && 'logout' === $_GET['action'] )
bb_logout();
bb_safe_redirect( $re );
exit;
}
/** Handle login **************************************************************/
// Do we allow login by email address
$email_login = bb_get_option( 'email_login' );
// Get the user from the login details
if ( empty( $_POST['log'] ) )
$_POST['log'] = !empty( $_POST['user_login'] ) ? $_POST['user_login'] : '';
if ( empty( $_POST['pwd'] ) )
$_POST['pwd'] = !empty( $_POST['password'] ) ? $_POST['password'] : '';
if ( empty( $_POST['rememberme'] ) )
$_POST['rememberme'] = !empty( $_POST['remember'] ) ? 1 : '';
// Attempt to log the user in
if ( $user = bb_login( @$_POST['log'], @$_POST['pwd'], @$_POST['rememberme'] ) ) {
if ( !is_wp_error( $user ) ) {
// Users that were registered via another forum (shared user database) don't have
// any role. Initialize them with 'member' role so that they can post.
if (empty($user->capabilities))
bb_update_usermeta( $user->ID, $bbdb->prefix . 'capabilities', array('member' => true) );
bb_safe_redirect( $re );
exit;
} else {
$bb_login_error =& $user;
}
// No login so prepare the error
} else {
$bb_login_error = new WP_Error;
}
/** Handle errors *************************************************************/
// Get error data so we can provide feedback
$error_data = $bb_login_error->get_error_data();
// Does user actually exist
if ( isset( $error_data['unique'] ) && false === $error_data['unique'] )
$user_exists = true;
else
$user_exists = !empty( $_POST['log'] ) && (bool) bb_get_user( $_POST['log'], array( 'by' => 'login' ) );
// Check for errors on post method
if ( 'post' == strtolower( $_SERVER['REQUEST_METHOD'] ) ) {
// If the user doesn't exist then add that error
if ( empty( $user_exists ) ) {
if ( !empty( $_POST['log'] ) ) {
$bb_login_error->add( 'user_login', __( 'User does not exist.' ) );
} else {
$bb_login_error->add( 'user_login', $email_login ? __( 'Enter a username or email address.' ) : __( 'Enter a username.' ) );
}
}
// If the password was wrong then add that error
if ( !$bb_login_error->get_error_code() ) {
$bb_login_error->add( 'password', __( 'Incorrect password.' ) );
}
}
/**
* If trying to log in with email address, don't leak whether or not email
* address exists in the db. is_email() is not perfect. Usernames can be
* valid email addresses potentially.
*/
if ( !empty( $email_login ) && $bb_login_error->get_error_codes() && false !== is_email( @$_POST['log'] ) )
$bb_login_error = new WP_Error( 'user_login', __( 'Username and Password do not match.' ) );
/** Prepare for display *******************************************************/
// Sanitze variables for display
$remember_checked = @$_POST['rememberme'] ? ' checked="checked"' : '';
$user_login = esc_attr( sanitize_user( @$_POST['log'], true ) );
// Load the template
bb_load_template( 'login.php', array( 'user_exists', 'user_login', 'remember_checked', 'redirect_to', 're', 'bb_login_error' ) );
exit;
?>