Edit File by line

<?php

[0] Fix | Delete

/**

[1] Fix | Delete

* WordPress User Page

[2] Fix | Delete

[3] Fix | Delete

* Handles authentication, registering, resetting passwords, forgot password,

[4] Fix | Delete

* and other user handling.

[5] Fix | Delete

[6] Fix | Delete

* @package WordPress

[7] Fix | Delete

[8] Fix | Delete

[9] Fix | Delete

/** Make sure that the WordPress bootstrap has run before continuing. */

[10] Fix | Delete

require __DIR__ . '/wp-load.php';

[11] Fix | Delete

[12] Fix | Delete

// Redirect to HTTPS login if forced to use SSL.

[13] Fix | Delete

if ( force_ssl_admin() && ! is_ssl() ) {

[14] Fix | Delete

if ( str_starts_with( $_SERVER['REQUEST_URI'], 'http' ) ) {

[15] Fix | Delete

wp_safe_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );

[16] Fix | Delete

exit;

[17] Fix | Delete

} else {

[18] Fix | Delete

wp_safe_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );

[19] Fix | Delete

exit;

[20] Fix | Delete

}

[21] Fix | Delete

}

[22] Fix | Delete

[23] Fix | Delete

/**

[24] Fix | Delete

* Outputs the login page header.

[25] Fix | Delete

[26] Fix | Delete

* @since 2.1.0

[27] Fix | Delete

[28] Fix | Delete

* @global string $error Login error message set by deprecated pluggable wp_login() function

[29] Fix | Delete

* or plugins replacing it.

[30] Fix | Delete

* @global bool|string $interim_login Whether interim login modal is being displayed. String 'success'

[31] Fix | Delete

* upon successful login.

[32] Fix | Delete

* @global string $action The action that brought the visitor to the login page.

[33] Fix | Delete

[34] Fix | Delete

* @param string|null $title Optional. WordPress login page title to display in the `<title>` element.

[35] Fix | Delete

* Defaults to 'Log In'.

[36] Fix | Delete

* @param string $message Optional. Message to display in header. Default empty.

[37] Fix | Delete

* @param WP_Error|null $wp_error Optional. The error to pass. Defaults to a WP_Error instance.

[38] Fix | Delete

[39] Fix | Delete

function login_header( $title = null, $message = '', $wp_error = null ) {

[40] Fix | Delete

global $error, $interim_login, $action;

[41] Fix | Delete

[42] Fix | Delete

if ( null === $title ) {

[43] Fix | Delete

$title = __( 'Log In' );

[44] Fix | Delete

}

[45] Fix | Delete

[46] Fix | Delete

// Don't index any of these forms.

[47] Fix | Delete

add_filter( 'wp_robots', 'wp_robots_sensitive_page' );

[48] Fix | Delete

add_action( 'login_head', 'wp_strict_cross_origin_referrer' );

[49] Fix | Delete

[50] Fix | Delete

add_action( 'login_head', 'wp_login_viewport_meta' );

[51] Fix | Delete

[52] Fix | Delete

if ( ! is_wp_error( $wp_error ) ) {

[53] Fix | Delete

$wp_error = new WP_Error();

[54] Fix | Delete

}

[55] Fix | Delete

[56] Fix | Delete

// Shake it!

[57] Fix | Delete

$shake_error_codes = array( 'empty_password', 'empty_email', 'invalid_email', 'invalidcombo', 'empty_username', 'invalid_username', 'incorrect_password', 'retrieve_password_email_failure' );

[58] Fix | Delete

/**

[59] Fix | Delete

* Filters the error codes array for shaking the login form.

[60] Fix | Delete

[61] Fix | Delete

* @since 3.0.0

[62] Fix | Delete

[63] Fix | Delete

* @param string[] $shake_error_codes Error codes that shake the login form.

[64] Fix | Delete

[65] Fix | Delete

$shake_error_codes = apply_filters( 'shake_error_codes', $shake_error_codes );

[66] Fix | Delete

[67] Fix | Delete

if ( $shake_error_codes && $wp_error->has_errors() && in_array( $wp_error->get_error_code(), $shake_error_codes, true ) ) {

[68] Fix | Delete

add_action( 'login_footer', 'wp_shake_js', 12 );

[69] Fix | Delete

}

[70] Fix | Delete

[71] Fix | Delete

$login_title = get_bloginfo( 'name', 'display' );

[72] Fix | Delete

[73] Fix | Delete

/* translators: Login screen title. 1: Login screen name, 2: Network or site name. */

[74] Fix | Delete

$login_title = sprintf( __( '%1$s &lsaquo; %2$s — WordPress' ), $title, $login_title );

[75] Fix | Delete

[76] Fix | Delete

if ( wp_is_recovery_mode() ) {

[77] Fix | Delete

/* translators: %s: Login screen title. */

[78] Fix | Delete

$login_title = sprintf( __( 'Recovery Mode — %s' ), $login_title );

[79] Fix | Delete

}

[80] Fix | Delete

[81] Fix | Delete

/**

[82] Fix | Delete

* Filters the title tag content for login page.

[83] Fix | Delete

[84] Fix | Delete

* @since 4.9.0

[85] Fix | Delete

[86] Fix | Delete

* @param string $login_title The page title, with extra context added.

[87] Fix | Delete

* @param string $title The original page title.

[88] Fix | Delete

[89] Fix | Delete

$login_title = apply_filters( 'login_title', $login_title, $title );

[90] Fix | Delete

[91] Fix | Delete

?><!DOCTYPE html>

[92] Fix | Delete

[93] Fix | Delete

<head>

[94] Fix | Delete

[95] Fix | Delete

[96] Fix | Delete

<?php

[97] Fix | Delete

[98] Fix | Delete

wp_enqueue_style( 'login' );

[99] Fix | Delete

[100] Fix | Delete

[101] Fix | Delete

* Remove all stored post data on logging out.

[102] Fix | Delete

* This could be added by add_action('login_head'...) like wp_shake_js(),

[103] Fix | Delete

* but maybe better if it's not removable by plugins.

[104] Fix | Delete

[105] Fix | Delete

if ( 'loggedout' === $wp_error->get_error_code() ) {

[106] Fix | Delete

ob_start();

[107] Fix | Delete

[108] Fix | Delete

[109] Fix | Delete

<?php

[110] Fix | Delete

wp_print_inline_script_tag( wp_remove_surrounding_empty_script_tags( ob_get_clean() ) );

[111] Fix | Delete

}

[112] Fix | Delete

[113] Fix | Delete

/**

[114] Fix | Delete

* Enqueues scripts and styles for the login page.

[115] Fix | Delete

[116] Fix | Delete

* @since 3.1.0

[117] Fix | Delete

[118] Fix | Delete

do_action( 'login_enqueue_scripts' );

[119] Fix | Delete

[120] Fix | Delete

/**

[121] Fix | Delete

* Fires in the login page header after scripts are enqueued.

[122] Fix | Delete

[123] Fix | Delete

* @since 2.1.0

[124] Fix | Delete

[125] Fix | Delete

do_action( 'login_head' );

[126] Fix | Delete

[127] Fix | Delete

$login_header_url = __( 'https://wordpress.org/' );

[128] Fix | Delete

[129] Fix | Delete

/**

[130] Fix | Delete

* Filters link URL of the header logo above login form.

[131] Fix | Delete

[132] Fix | Delete

* @since 2.1.0

[133] Fix | Delete

[134] Fix | Delete

* @param string $login_header_url Login header logo URL.

[135] Fix | Delete

[136] Fix | Delete

$login_header_url = apply_filters( 'login_headerurl', $login_header_url );

[137] Fix | Delete

[138] Fix | Delete

$login_header_title = '';

[139] Fix | Delete

[140] Fix | Delete

/**

[141] Fix | Delete

* Filters the title attribute of the header logo above login form.

[142] Fix | Delete

[143] Fix | Delete

* @since 2.1.0

[144] Fix | Delete

* @deprecated 5.2.0 Use {@see 'login_headertext'} instead.

[145] Fix | Delete

[146] Fix | Delete

* @param string $login_header_title Login header logo title attribute.

[147] Fix | Delete

[148] Fix | Delete

$login_header_title = apply_filters_deprecated(

[149] Fix | Delete

'login_headertitle',

[150] Fix | Delete

array( $login_header_title ),

[151] Fix | Delete

'5.2.0',

[152] Fix | Delete

'login_headertext',

[153] Fix | Delete

__( 'Usage of the title attribute on the login logo is not recommended for accessibility reasons. Use the link text instead.' )

[154] Fix | Delete

);

[155] Fix | Delete

[156] Fix | Delete

$login_header_text = empty( $login_header_title ) ? __( 'Powered by WordPress' ) : $login_header_title;

[157] Fix | Delete

[158] Fix | Delete

/**

[159] Fix | Delete

* Filters the link text of the header logo above the login form.

[160] Fix | Delete

[161] Fix | Delete

* @since 5.2.0

[162] Fix | Delete

[163] Fix | Delete

* @param string $login_header_text The login header logo link text.

[164] Fix | Delete

[165] Fix | Delete

$login_header_text = apply_filters( 'login_headertext', $login_header_text );

[166] Fix | Delete

[167] Fix | Delete

$classes = array( 'login-action-' . $action, 'wp-core-ui' );

[168] Fix | Delete

[169] Fix | Delete

if ( is_rtl() ) {

[170] Fix | Delete

$classes[] = 'rtl';

[171] Fix | Delete

}

[172] Fix | Delete

[173] Fix | Delete

if ( $interim_login ) {

[174] Fix | Delete

$classes[] = 'interim-login';

[175] Fix | Delete

[176] Fix | Delete

[177] Fix | Delete

[178] Fix | Delete

<?php

[179] Fix | Delete

[180] Fix | Delete

if ( 'success' === $interim_login ) {

[181] Fix | Delete

$classes[] = 'interim-login-success';

[182] Fix | Delete

}

[183] Fix | Delete

}

[184] Fix | Delete

[185] Fix | Delete

$classes[] = ' locale-' . sanitize_html_class( strtolower( str_replace( '_', '-', get_locale() ) ) );

[186] Fix | Delete

[187] Fix | Delete

/**

[188] Fix | Delete

* Filters the login page body classes.

[189] Fix | Delete

[190] Fix | Delete

* @since 3.5.0

[191] Fix | Delete

[192] Fix | Delete

* @param string[] $classes An array of body classes.

[193] Fix | Delete

* @param string $action The action that brought the visitor to the login page.

[194] Fix | Delete

[195] Fix | Delete

$classes = apply_filters( 'login_body_class', $classes, $action );

[196] Fix | Delete

[197] Fix | Delete

[198] Fix | Delete

</head>

[199] Fix | Delete

[200] Fix | Delete

<?php

[201] Fix | Delete

wp_print_inline_script_tag( "document.body.className = document.body.className.replace('no-js','js');" );

[202] Fix | Delete

[203] Fix | Delete

[204] Fix | Delete

<?php

[205] Fix | Delete

/**

[206] Fix | Delete

* Fires in the login page header after the body tag is opened.

[207] Fix | Delete

[208] Fix | Delete

* @since 4.6.0

[209] Fix | Delete

[210] Fix | Delete

do_action( 'login_header' );

[211] Fix | Delete

[212] Fix | Delete

<?php

[213] Fix | Delete

if ( 'confirm_admin_email' !== $action && ! empty( $title ) ) :

[214] Fix | Delete

[215] Fix | Delete

[216] Fix | Delete

<?php

[217] Fix | Delete

endif;

[218] Fix | Delete

[219] Fix | Delete

[220] Fix | Delete

[221] Fix | Delete

<?php

[222] Fix | Delete

/**

[223] Fix | Delete

* Filters the message to display above the login form.

[224] Fix | Delete

[225] Fix | Delete

* @since 2.1.0

[226] Fix | Delete

[227] Fix | Delete

* @param string $message Login message text.

[228] Fix | Delete

[229] Fix | Delete

$message = apply_filters( 'login_message', $message );

[230] Fix | Delete

[231] Fix | Delete

if ( ! empty( $message ) ) {

[232] Fix | Delete

echo $message . "\n";

[233] Fix | Delete

}

[234] Fix | Delete

[235] Fix | Delete

// In case a plugin uses $error rather than the $wp_errors object.

[236] Fix | Delete

if ( ! empty( $error ) ) {

[237] Fix | Delete

$wp_error->add( 'error', $error );

[238] Fix | Delete

unset( $error );

[239] Fix | Delete

}

[240] Fix | Delete

[241] Fix | Delete

if ( $wp_error->has_errors() ) {

[242] Fix | Delete

$error_list = array();

[243] Fix | Delete

$messages = '';

[244] Fix | Delete

[245] Fix | Delete

foreach ( $wp_error->get_error_codes() as $code ) {

[246] Fix | Delete

$severity = $wp_error->get_error_data( $code );

[247] Fix | Delete

foreach ( $wp_error->get_error_messages( $code ) as $error_message ) {

[248] Fix | Delete

if ( 'message' === $severity ) {

[249] Fix | Delete

$messages .= '<p>' . $error_message . '</p>';

[250] Fix | Delete

} else {

[251] Fix | Delete

$error_list[] = $error_message;

[252] Fix | Delete

}

[253] Fix | Delete

}

[254] Fix | Delete

}

[255] Fix | Delete

[256] Fix | Delete

if ( ! empty( $error_list ) ) {

[257] Fix | Delete

$errors = '';

[258] Fix | Delete

[259] Fix | Delete

if ( count( $error_list ) > 1 ) {

[260] Fix | Delete

$errors .= '<ul class="login-error-list">';

[261] Fix | Delete

[262] Fix | Delete

foreach ( $error_list as $item ) {

[263] Fix | Delete

$errors .= '<li>' . $item . '</li>';

[264] Fix | Delete

}

[265] Fix | Delete

[266] Fix | Delete

$errors .= '</ul>';

[267] Fix | Delete

} else {

[268] Fix | Delete

$errors .= '<p>' . $error_list[0] . '</p>';

[269] Fix | Delete

}

[270] Fix | Delete

[271] Fix | Delete

/**

[272] Fix | Delete

* Filters the error messages displayed above the login form.

[273] Fix | Delete

[274] Fix | Delete

* @since 2.1.0

[275] Fix | Delete

[276] Fix | Delete

* @param string $errors Login error messages.

[277] Fix | Delete

[278] Fix | Delete

$errors = apply_filters( 'login_errors', $errors );

[279] Fix | Delete

[280] Fix | Delete

wp_admin_notice(

[281] Fix | Delete

$errors,

[282] Fix | Delete

array(

[283] Fix | Delete

'type' => 'error',

[284] Fix | Delete

'id' => 'login_error',

[285] Fix | Delete

'paragraph_wrap' => false,

[286] Fix | Delete

)

[287] Fix | Delete

);

[288] Fix | Delete

}

[289] Fix | Delete

[290] Fix | Delete

if ( ! empty( $messages ) ) {

[291] Fix | Delete

/**

[292] Fix | Delete

* Filters instructional messages displayed above the login form.

[293] Fix | Delete

[294] Fix | Delete

* @since 2.5.0

[295] Fix | Delete

[296] Fix | Delete

* @param string $messages Login messages.

[297] Fix | Delete

[298] Fix | Delete

$messages = apply_filters( 'login_messages', $messages );

[299] Fix | Delete

[300] Fix | Delete

wp_admin_notice(

[301] Fix | Delete

$messages,

[302] Fix | Delete

array(

[303] Fix | Delete

'type' => 'info',

[304] Fix | Delete

'id' => 'login-message',

[305] Fix | Delete

'additional_classes' => array( 'message' ),

[306] Fix | Delete

'paragraph_wrap' => false,

[307] Fix | Delete

)

[308] Fix | Delete

);

[309] Fix | Delete

}

[310] Fix | Delete

}

[311] Fix | Delete

} // End of login_header().

[312] Fix | Delete

[313] Fix | Delete

/**

[314] Fix | Delete

* Outputs the footer for the login page.

[315] Fix | Delete

[316] Fix | Delete

* @since 3.1.0

[317] Fix | Delete

[318] Fix | Delete

* @global bool|string $interim_login Whether interim login modal is being displayed. String 'success'

[319] Fix | Delete

* upon successful login.

[320] Fix | Delete

[321] Fix | Delete

* @param string $input_id Which input to auto-focus.

[322] Fix | Delete

[323] Fix | Delete

function login_footer( $input_id = '' ) {

[324] Fix | Delete

global $interim_login;

[325] Fix | Delete

[326] Fix | Delete

// Don't allow interim logins to navigate away from the page.

[327] Fix | Delete

if ( ! $interim_login ) {

[328] Fix | Delete

[329] Fix | Delete

[330] Fix | Delete

<?php

[331] Fix | Delete

$html_link = sprintf(

[332] Fix | Delete

'<a href="%s">%s</a>',

[333] Fix | Delete

esc_url( home_url( '/' ) ),

[334] Fix | Delete

sprintf(

[335] Fix | Delete

/* translators: %s: Site title. */

[336] Fix | Delete

_x( '← Go to %s', 'site' ),

[337] Fix | Delete

get_bloginfo( 'title', 'display' )

[338] Fix | Delete

)

[339] Fix | Delete

);

[340] Fix | Delete

/**

[341] Fix | Delete

* Filters the "Go to site" link displayed in the login page footer.

[342] Fix | Delete

[343] Fix | Delete

* @since 5.7.0

[344] Fix | Delete

[345] Fix | Delete

* @param string $link HTML link to the home URL of the current site.

[346] Fix | Delete

[347] Fix | Delete

echo apply_filters( 'login_site_html_link', $html_link );

[348] Fix | Delete

[349] Fix | Delete

</p>

[350] Fix | Delete

<?php

[351] Fix | Delete

[352] Fix | Delete

the_privacy_policy_link( '<div class="privacy-policy-page-link">', '</div>' );

[353] Fix | Delete

}

[354] Fix | Delete

[355] Fix | Delete

[356] Fix | Delete

</div><?php // End of <div id="login">. ?>

[357] Fix | Delete

[358] Fix | Delete

<?php

[359] Fix | Delete

if (

[360] Fix | Delete

! $interim_login &&

[361] Fix | Delete

/**

[362] Fix | Delete

* Filters whether to display the Language selector on the login screen.

[363] Fix | Delete

[364] Fix | Delete

* @since 5.9.0

[365] Fix | Delete

[366] Fix | Delete

* @param bool $display Whether to display the Language selector on the login screen.

[367] Fix | Delete

[368] Fix | Delete

apply_filters( 'login_display_language_dropdown', true )

[369] Fix | Delete

) {

[370] Fix | Delete

$languages = get_available_languages();

[371] Fix | Delete

[372] Fix | Delete

if ( ! empty( $languages ) ) {

[373] Fix | Delete

[374] Fix | Delete

[375] Fix | Delete

[376] Fix | Delete

[377] Fix | Delete

[378] Fix | Delete

[379] Fix | Delete

[380] Fix | Delete

<?php

[381] Fix | Delete

/* translators: Hidden accessibility text. */

[382] Fix | Delete

_e( 'Language' );

[383] Fix | Delete

[384] Fix | Delete

</span>

[385] Fix | Delete

</label>

[386] Fix | Delete

[387] Fix | Delete

<?php

[388] Fix | Delete

$args = array(

[389] Fix | Delete

'id' => 'language-switcher-locales',

[390] Fix | Delete

'name' => 'wp_lang',

[391] Fix | Delete

'selected' => determine_locale(),

[392] Fix | Delete

'show_available_translations' => false,

[393] Fix | Delete

'explicit_option_en_us' => true,

[394] Fix | Delete

'languages' => $languages,

[395] Fix | Delete

);

[396] Fix | Delete

[397] Fix | Delete

/**

[398] Fix | Delete

* Filters default arguments for the Languages select input on the login screen.

[399] Fix | Delete

[400] Fix | Delete

* The arguments get passed to the wp_dropdown_languages() function.

[401] Fix | Delete

[402] Fix | Delete

* @since 5.9.0

[403] Fix | Delete

[404] Fix | Delete

* @param array $args Arguments for the Languages select input on the login screen.

[405] Fix | Delete

[406] Fix | Delete

wp_dropdown_languages( apply_filters( 'login_language_dropdown_args', $args ) );

[407] Fix | Delete

[408] Fix | Delete

[409] Fix | Delete

<?php if ( $interim_login ) { ?>

[410] Fix | Delete

[411] Fix | Delete

<?php } ?>

[412] Fix | Delete

[413] Fix | Delete

<?php if ( isset( $_GET['redirect_to'] ) && '' !== $_GET['redirect_to'] ) { ?>

[414] Fix | Delete

[415] Fix | Delete

<?php } ?>

[416] Fix | Delete

[417] Fix | Delete

<?php if ( isset( $_GET['action'] ) && '' !== $_GET['action'] ) { ?>

[418] Fix | Delete

[419] Fix | Delete

<?php } ?>

[420] Fix | Delete

[421] Fix | Delete

[422] Fix | Delete

[423] Fix | Delete

</form>

[424] Fix | Delete

</div>

[425] Fix | Delete

<?php } ?>

[426] Fix | Delete

<?php } ?>

[427] Fix | Delete

[428] Fix | Delete

<?php

[429] Fix | Delete

[430] Fix | Delete

if ( ! empty( $input_id ) ) {

[431] Fix | Delete

ob_start();

[432] Fix | Delete

[433] Fix | Delete

[434] Fix | Delete

try{document.getElementById('<?php echo $input_id; ?>').focus();}catch(e){}

[435] Fix | Delete

if(typeof wpOnload==='function')wpOnload();

[436] Fix | Delete

</script>

[437] Fix | Delete

<?php

[438] Fix | Delete

wp_print_inline_script_tag( wp_remove_surrounding_empty_script_tags( ob_get_clean() ) );

[439] Fix | Delete

}

[440] Fix | Delete

[441] Fix | Delete

/**

[442] Fix | Delete

* Fires in the login page footer.

[443] Fix | Delete

[444] Fix | Delete

* @since 3.1.0

[445] Fix | Delete

[446] Fix | Delete

do_action( 'login_footer' );

[447] Fix | Delete

[448] Fix | Delete

[449] Fix | Delete

</body>

[450] Fix | Delete

</html>

[451] Fix | Delete

<?php

[452] Fix | Delete

}

[453] Fix | Delete

[454] Fix | Delete

/**

[455] Fix | Delete

* Outputs the JavaScript to handle the form shaking on the login page.

[456] Fix | Delete

[457] Fix | Delete

* @since 3.0.0

[458] Fix | Delete

[459] Fix | Delete

function wp_shake_js() {

[460] Fix | Delete

wp_print_inline_script_tag( "document.querySelector('form').classList.add('shake');" );

[461] Fix | Delete

}

[462] Fix | Delete

[463] Fix | Delete

/**

[464] Fix | Delete

* Outputs the viewport meta tag for the login page.

[465] Fix | Delete

[466] Fix | Delete

* @since 3.7.0

[467] Fix | Delete

[468] Fix | Delete

function wp_login_viewport_meta() {

[469] Fix | Delete

[470] Fix | Delete

[471] Fix | Delete

<?php

[472] Fix | Delete

}

[473] Fix | Delete

[474] Fix | Delete

[475] Fix | Delete

* Main part.

[476] Fix | Delete

[477] Fix | Delete

* Check the request and redirect or display a form based on the current action.

[478] Fix | Delete

[479] Fix | Delete

[480] Fix | Delete

$action = isset( $_REQUEST['action'] ) && is_string( $_REQUEST['action'] ) ? $_REQUEST['action'] : 'login';

[481] Fix | Delete

$errors = new WP_Error();

[482] Fix | Delete

[483] Fix | Delete

if ( isset( $_GET['key'] ) ) {

[484] Fix | Delete

$action = 'resetpass';

[485] Fix | Delete

}

[486] Fix | Delete

[487] Fix | Delete

if ( isset( $_GET['checkemail'] ) ) {

[488] Fix | Delete

$action = 'checkemail';

[489] Fix | Delete

}

[490] Fix | Delete

[491] Fix | Delete

$default_actions = array(

[492] Fix | Delete

'confirm_admin_email',

[493] Fix | Delete

'postpass',

[494] Fix | Delete

'logout',

[495] Fix | Delete

'lostpassword',

[496] Fix | Delete

'retrievepassword',

[497] Fix | Delete

'resetpass',

[498] Fix | Delete

'rp',

[499] Fix | Delete

12 3 4