[Summary view] [Print] [Text view]

   1  <?php
   2  // Load bbPress.
   3  require ('./bb-load.php');
   4  
   5  // Redirect to an SSL page if required.
   6  bb_ssl_redirect();
   7  
   8  // Get the referer.
   9  if ( isset( $_POST['redirect_to'] ) ) {
  10      $re = $_POST['redirect_to'];
  11  }
  12  if ( empty( $re ) && isset( $_GET['redirect_to'] ) ) {
  13      $re = $_GET['redirect_to'];
  14  }
  15  if ( empty( $re ) && isset( $_POST['re'] ) ) {
  16      $re = $_POST['re'];
  17  }
  18  if ( empty( $re ) && isset( $_GET['re'] ) ) {
  19      $re = $_GET['re'];
  20  }
  21  if ( empty( $re ) ) {
  22      $re = wp_get_referer();
  23  }
  24  
  25  // Grab the URL for comparison.
  26  $home_url = parse_url( bb_get_uri( null, null, BB_URI_CONTEXT_TEXT ) );
  27  $home_path = $home_url['path'];
  28  
  29  // Don't ever redirect to the register page or the password reset page.
  30  if ( !$re || false !== strpos( $re, $home_path . 'register.php' ) || false !== strpos( $re, $home_path . 'bb-reset-password.php' ) ) {
  31      $re = bb_get_uri( null, null, BB_URI_CONTEXT_HEADER );
  32  }
  33  
  34  // Don't cache this page at all.
  35  nocache_headers();
  36  
  37  // If this page was accessed using SSL, make sure the redirect is a full URL
  38  // so that we don't end up on an SSL page again (unless the whole site is
  39  // under SSL).
  40  if ( is_ssl() && 0 === strpos( $re, '/' ) ) {
  41      $re = bb_get_uri( $re , null, BB_URI_CONTEXT_HEADER );
  42  }
  43  
  44  // Logout requested.
  45  if ( isset( $_GET['logout'] ) ) {
  46      $_GET['action'] = 'logout';
  47  }
  48  if ( isset( $_GET['action'] ) && 'logout' === $_GET['action'] ) {
  49      bb_logout();
  50      bb_safe_redirect( $re );
  51      exit;
  52  }
  53  
  54  // User is already logged in.
  55  if ( bb_is_user_logged_in() ) {
  56      bb_safe_redirect( $re );
  57      exit;
  58  }
  59  
  60  // Get the user from the login details.
  61  if ( !empty( $_POST['user_login'] ) ) {
  62      $_POST['log'] = $_POST['user_login'];
  63  }
  64  if ( !empty( $_POST['password'] ) ) {
  65      $_POST['pwd'] = $_POST['password'];
  66  }
  67  if ( !empty( $_POST['remember'] ) ) {
  68      $_POST['rememberme'] = 1;
  69  }
  70  $user = bb_login( @$_POST['log'], @$_POST['pwd'], @$_POST['rememberme'] );
  71  
  72  // User logged in successfully.
  73  if ( $user && !is_wp_error( $user ) ) {
  74      bb_safe_redirect( $re );
  75      exit;
  76  }
  77  
  78  // Grab the error returned if there is one.
  79  if ( is_wp_error( $user ) ) {
  80      $bb_login_error =& $user;
  81  } else {
  82      $bb_login_error = new WP_Error;
  83  }
  84  
  85  // Whether we allow login by email address or not.
  86  $email_login = bb_get_option( 'email_login' );
  87  
  88  // Find out if the user actually exists.
  89  $error_data = $bb_login_error->get_error_data();
  90  if ( isset( $error_data['unique'] ) && false === $error_data['unique'] ) {
  91      $user_exists = true;
  92  } else {
  93      $user_exists = !empty( $_POST['log'] ) && (bool) bb_get_user( $_POST['log'], array( 'by' => 'login' ) );
  94  }
  95  unset( $error_data );
  96  
  97  if ( 'post' == strtolower( $_SERVER['REQUEST_METHOD'] ) ) {
  98      // If the user doesn't exist then add that error.
  99      if ( !$user_exists ) {
 100          if ( !empty( $_POST['log'] ) ) {
 101              $bb_login_error->add( 'user_login', __( 'User does not exist.' ) );
 102          } else {
 103              $bb_login_error->add( 'user_login', $email_login ? __( 'Enter a username or email address.' ) : __( 'Enter a username.' ) );
 104          }
 105      }
 106  
 107      // If the password was wrong then add that error.
 108      if ( !$bb_login_error->get_error_code() ) {
 109          $bb_login_error->add( 'password', __( 'Incorrect password.' ) );
 110      }
 111  }
 112  
 113  // If trying to log in with email address, don't leak whether or not email address exists in the db.
 114  // is_email() is not perfect, usernames can be valid email addresses potentially.
 115  if ( $email_login && $bb_login_error->get_error_codes() && false !== is_email( @$_POST['log'] ) ) {
 116      $bb_login_error = new WP_Error( 'user_login', __( 'Username and Password do not match.' ) );
 117  }
 118  
 119  // Sanitze variables for display.
 120  $user_login = esc_attr( sanitize_user( @$_POST['log'], true ) );
 121  $remember_checked = @$_POST['rememberme'] ? ' checked="checked"' : '';
 122  $re = esc_url( $re );
 123  $re = $redirect_to = esc_attr( $re );
 124  
 125  // Load the template.
 126  bb_load_template( 'login.php', array( 'user_exists', 'user_login', 'remember_checked', 'redirect_to', 're', 'bb_login_error' ) );
 127  exit;