├── .htaccess ├── index.php ├── license.txt ├── readme.html ├── wp-activate.php ├── wp-blog-header.php ├── wp-comments-post.php ├── wp-config-sample.php ├── wp-config.php ├── wp-cron.php ├── wp-links-opml.php ├── wp-load.php ├── wp-login.php ├── wp-mail.php ├── wp-settings.php ├── wp-signup.php ├── wp-trackback.php └── xmlrpc.php /.htaccess: -------------------------------------------------------------------------------- 1 | 2 | # BEGIN WordPress 3 | # The directives (lines) between "BEGIN WordPress" and "END WordPress" are 4 | # dynamically generated, and should only be modified via WordPress filters. 5 | # Any changes to the directives between these markers will be overwritten. 6 | 7 | RewriteEngine On 8 | RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] 9 | RewriteBase /wordpress-5.9.3/wordpress/ 10 | RewriteRule ^index\.php$ - [L] 11 | RewriteCond %{REQUEST_FILENAME} !-f 12 | RewriteCond %{REQUEST_FILENAME} !-d 13 | RewriteRule . /wordpress-5.9.3/wordpress/index.php [L] 14 | 15 | 16 | # END WordPress -------------------------------------------------------------------------------- /index.php: -------------------------------------------------------------------------------- 1 | 332 | Copyright (C) 333 | 334 | This program is free software; you can redistribute it and/or modify 335 | it under the terms of the GNU General Public License as published by 336 | the Free Software Foundation; either version 2 of the License, or 337 | (at your option) any later version. 338 | 339 | This program is distributed in the hope that it will be useful, 340 | but WITHOUT ANY WARRANTY; without even the implied warranty of 341 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 342 | GNU General Public License for more details. 343 | 344 | You should have received a copy of the GNU General Public License along 345 | with this program; if not, write to the Free Software Foundation, Inc., 346 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 347 | 348 | Also add information on how to contact you by electronic and paper mail. 349 | 350 | If the program is interactive, make it output a short notice like this 351 | when it starts in an interactive mode: 352 | 353 | Gnomovision version 69, Copyright (C) year name of author 354 | Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 355 | This is free software, and you are welcome to redistribute it 356 | under certain conditions; type `show c' for details. 357 | 358 | The hypothetical commands `show w' and `show c' should show the appropriate 359 | parts of the General Public License. Of course, the commands you use may 360 | be called something other than `show w' and `show c'; they could even be 361 | mouse-clicks or menu items--whatever suits your program. 362 | 363 | You should also get your employer (if you work as a programmer) or your 364 | school, if any, to sign a "copyright disclaimer" for the program, if 365 | necessary. Here is a sample; alter the names: 366 | 367 | Yoyodyne, Inc., hereby disclaims all copyright interest in the program 368 | `Gnomovision' (which makes passes at compilers) written by James Hacker. 369 | 370 | , 1 April 1989 371 | Ty Coon, President of Vice 372 | 373 | This General Public License does not permit incorporating your program into 374 | proprietary programs. If your program is a subroutine library, you may 375 | consider it more useful to permit linking proprietary applications with the 376 | library. If this is what you want to do, use the GNU Lesser General 377 | Public License instead of this License. 378 | 379 | WRITTEN OFFER 380 | 381 | The source code for any program binaries or compressed scripts that are 382 | included with WordPress can be freely obtained at the following URL: 383 | 384 | https://wordpress.org/download/source/ 385 | -------------------------------------------------------------------------------- /readme.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | WordPress › ReadMe 7 | 8 | 9 | 10 |

11 | WordPress 12 |

13 |

Semantic Personal Publishing Platform

14 | 15 |

First Things First

16 |

Welcome. WordPress is a very special project to me. Every developer and contributor adds something unique to the mix, and together we create something beautiful that I’m proud to be a part of. Thousands of hours have gone into WordPress, and we’re dedicated to making it better every day. Thank you for making it part of your world.

17 |

— Matt Mullenweg

18 | 19 |

Installation: Famous 5-minute install

20 |
    21 |
  1. Unzip the package in an empty directory and upload everything.
    2. 22 |
  2. Open wp-admin/install.php in your browser. It will take you through the process to set up a wp-config.php file with your database connection details. 23 |
      24 |
    1. If for some reason this doesn’t work, don’t worry. It doesn’t work on all web hosts. Open up wp-config-sample.php with a text editor like WordPad or similar and fill in your database connection details.
      2. 25 |
    2. Save the file as wp-config.php and upload it.
      3. 26 |
    3. Open wp-admin/install.php in your browser.
      4. 27 |
    28 |
    3. 29 |
  3. Once the configuration file is set up, the installer will set up the tables needed for your site. If there is an error, double check your wp-config.php file, and try again. If it fails again, please go to the WordPress support forums with as much data as you can gather.
    4. 30 |
  4. If you did not enter a password, note the password given to you. If you did not provide a username, it will be admin.
    5. 31 |
  5. The installer should then send you to the login page. Sign in with the username and password you chose during the installation. If a password was generated for you, you can then click on “Profile” to change the password.
    6. 32 |
33 | 34 |

Updating

35 |

Using the Automatic Updater

36 |
    37 |
  1. Open wp-admin/update-core.php in your browser and follow the instructions.
    2. 38 |
  2. You wanted more, perhaps? That’s it!
    3. 39 |
40 | 41 |

Updating Manually

42 |
    43 |
  1. Before you update anything, make sure you have backup copies of any files you may have modified such as index.php.
    2. 44 |
  2. Delete your old WordPress files, saving ones you’ve modified.
    3. 45 |
  3. Upload the new files.
    4. 46 |
  4. Point your browser to /wp-admin/upgrade.php.
    5. 47 |
48 | 49 |

Migrating from other systems

50 |

WordPress can import from a number of systems. First you need to get WordPress installed and working as described above, before using our import tools.

51 | 52 |

System Requirements

53 |
    54 |
  • PHP version 5.6.20 or greater.
    • 55 |
  • MySQL version 5.0 or greater.
    • 56 |
57 | 58 |

Recommendations

59 |
    60 |
  • PHP version 7.4 or greater.
    • 61 |
  • MySQL version 5.7 or greater OR MariaDB version 10.2 or greater.
    • 62 |
  • The mod_rewrite Apache module.
    • 63 |
  • HTTPS support.
    • 64 |
  • A link to wordpress.org on your site.
    • 65 |
66 | 67 |

Online Resources

68 |

If you have any questions that aren’t addressed in this document, please take advantage of WordPress’ numerous online resources:

69 |
70 |
The WordPress Codex
71 |
The Codex is the encyclopedia of all things WordPress. It is the most comprehensive source of information for WordPress available.
72 |
The WordPress Blog
73 |
This is where you’ll find the latest updates and news related to WordPress. Recent WordPress news appears in your administrative dashboard by default.
74 |
WordPress Planet
75 |
The WordPress Planet is a news aggregator that brings together posts from WordPress blogs around the web.
76 |
WordPress Support Forums
77 |
If you’ve looked everywhere and still can’t find an answer, the support forums are very active and have a large community ready to help. To help them help you be sure to use a descriptive thread title and describe your question in as much detail as possible.
78 |
WordPress IRC (Internet Relay Chat) Channel
79 |
There is an online chat channel that is used for discussion among people who use WordPress and occasionally support topics. The above wiki page should point you in the right direction. (irc.libera.chat #wordpress)
80 |
81 | 82 |

Final Notes

83 |
    84 |
  • If you have any suggestions, ideas, or comments, or if you (gasp!) found a bug, join us in the Support Forums.
    • 85 |
  • WordPress has a robust plugin API (Application Programming Interface) that makes extending the code easy. If you are a developer interested in utilizing this, see the Plugin Developer Handbook. You shouldn’t modify any of the core code.
    • 86 |
87 | 88 |

Share the Love

89 |

WordPress has no multi-million dollar marketing campaign or celebrity sponsors, but we do have something even better—you. If you enjoy WordPress please consider telling a friend, setting it up for someone less knowledgeable than yourself, or writing the author of a media article that overlooks us.

90 | 91 |

WordPress is the official continuation of b2/cafélog, which came from Michel V. The work has been continued by the WordPress developers. If you would like to support WordPress, please consider donating.

92 | 93 |

License

94 |

WordPress is free software, and is released under the terms of the GPL (GNU General Public License) version 2 or (at your option) any later version. See license.txt.

95 | 96 | 97 | 98 | -------------------------------------------------------------------------------- /wp-activate.php: -------------------------------------------------------------------------------- 1 | get_error_code() ) ) { 56 | status_header( 404 ); 57 | } elseif ( is_wp_error( $result ) ) { 58 | $error_code = $result->get_error_code(); 59 | 60 | if ( ! in_array( $error_code, $valid_error_codes, true ) ) { 61 | status_header( 400 ); 62 | } 63 | } 64 | 65 | nocache_headers(); 66 | 67 | if ( is_object( $wp_object_cache ) ) { 68 | $wp_object_cache->cache_enabled = false; 69 | } 70 | 71 | // Fix for page title. 72 | $wp_query->is_404 = false; 73 | 74 | /** 75 | * Fires before the Site Activation page is loaded. 76 | * 77 | * @since 3.0.0 78 | */ 79 | do_action( 'activate_header' ); 80 | 81 | /** 82 | * Adds an action hook specific to this page. 83 | * 84 | * Fires on {@see 'wp_head'}. 85 | * 86 | * @since MU (3.0.0) 87 | */ 88 | function do_activate_header() { 89 | /** 90 | * Fires before the Site Activation page is loaded. 91 | * 92 | * Fires on the {@see 'wp_head'} action. 93 | * 94 | * @since 3.0.0 95 | */ 96 | do_action( 'activate_wp_head' ); 97 | } 98 | add_action( 'wp_head', 'do_activate_header' ); 99 | 100 | /** 101 | * Loads styles specific to this page. 102 | * 103 | * @since MU (3.0.0) 104 | */ 105 | function wpmu_activate_stylesheet() { 106 | ?> 107 | 114 | 124 | 125 |
126 |
127 | 128 | 129 |

130 |
131 |

132 | 133 |
134 |

135 |

136 | 137 |

138 |
139 | 140 | get_error_code(), $valid_error_codes, true ) ) { 143 | $signup = $result->get_error_data(); 144 | ?> 145 |

146 | '; 148 | if ( '' === $signup->domain . $signup->path ) { 149 | printf( 150 | /* translators: 1: Login URL, 2: Username, 3: User email address, 4: Lost password URL. */ 151 | __( 'Your account has been activated. You may now log in to the site using your chosen username of “%2$s”. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can reset your password.' ), 152 | network_site_url( $blog_details->path . 'wp-login.php', 'login' ), 153 | $signup->user_login, 154 | $signup->user_email, 155 | wp_lostpassword_url() 156 | ); 157 | } else { 158 | printf( 159 | /* translators: 1: Site URL, 2: Username, 3: User email address, 4: Lost password URL. */ 160 | __( 'Your site at %1$s is active. You may now log in to your site using your chosen username of “%2$s”. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can reset your password.' ), 161 | sprintf( '%1$s%2$s', $signup->domain, $blog_details->path ), 162 | $signup->user_login, 163 | $signup->user_email, 164 | wp_lostpassword_url() 165 | ); 166 | } 167 | echo '

'; 168 | } elseif ( null === $result || is_wp_error( $result ) ) { 169 | ?> 170 |

171 | 172 |

get_error_message(); ?>

173 | 174 | 179 |

180 | 181 |
182 |

user_login; ?>

183 |

184 |
185 | 186 | 192 |

193 | View your site or Log in' ), $url, esc_url( $login_url ) ); 196 | ?> 197 |

198 | 199 |

200 | Log in or go back to the homepage.' ), 204 | network_site_url( $blog_details->path . 'wp-login.php', 'login' ), 205 | network_home_url( $blog_details->path ) 206 | ); 207 | ?> 208 |

209 | 214 |
215 |
216 | 220 | get_error_data(); 28 | if ( ! empty( $data ) ) { 29 | wp_die( 30 | '

' . $comment->get_error_message() . '

', 31 | __( 'Comment Submission Failure' ), 32 | array( 33 | 'response' => $data, 34 | 'back_link' => true, 35 | ) 36 | ); 37 | } else { 38 | exit; 39 | } 40 | } 41 | 42 | $user = wp_get_current_user(); 43 | $cookies_consent = ( isset( $_POST['wp-comment-cookies-consent'] ) ); 44 | 45 | /** 46 | * Perform other actions when comment cookies are set. 47 | * 48 | * @since 3.4.0 49 | * @since 4.9.6 The `$cookies_consent` parameter was added. 50 | * 51 | * @param WP_Comment $comment Comment object. 52 | * @param WP_User $user Comment author's user object. The user may not exist. 53 | * @param bool $cookies_consent Comment author's consent to store cookies. 54 | */ 55 | do_action( 'set_comment_cookies', $comment, $user, $cookies_consent ); 56 | 57 | $location = empty( $_POST['redirect_to'] ) ? get_comment_link( $comment ) : $_POST['redirect_to'] . '#comment-' . $comment->comment_ID; 58 | 59 | // If user didn't consent to cookies, add specific query arguments to display the awaiting moderation message. 60 | if ( ! $cookies_consent && 'unapproved' === wp_get_comment_status( $comment ) && ! empty( $comment->comment_author_email ) ) { 61 | $location = add_query_arg( 62 | array( 63 | 'unapproved' => $comment->comment_ID, 64 | 'moderation-hash' => wp_hash( $comment->comment_date_gmt ), 65 | ), 66 | $location 67 | ); 68 | } 69 | 70 | /** 71 | * Filters the location URI to send the commenter after posting. 72 | * 73 | * @since 2.0.5 74 | * 75 | * @param string $location The 'redirect_to' URI sent via $_POST. 76 | * @param WP_Comment $comment Comment object. 77 | */ 78 | $location = apply_filters( 'comment_post_redirect', $location, $comment ); 79 | 80 | wp_safe_redirect( $location ); 81 | exit; 82 | -------------------------------------------------------------------------------- /wp-config-sample.php: -------------------------------------------------------------------------------- 1 | ,#+h@ivCv#ZfJ5p*{Dw[k`n{(Wc' ); 52 | define( 'SECURE_AUTH_KEY', '?L|1i0? !)|k5CAd(g,mj9!j(o4VM3dE#X}$FE$Q.u.Y{!t/HeECJ-RlFsphJC`]' ); 53 | define( 'LOGGED_IN_KEY', '$I0vy0IrK2&yBXkkY#Uwx%SI:s,S8>|^_;Rsn~U.aq@uzm,+>ti,CgDHKDk}p:^]' ); 54 | define( 'NONCE_KEY', 'E .lgtzhD{D(u_A@Wz?=vk3/,1tg5j4S' ); 55 | define( 'AUTH_SALT', '7KZP8N{`atv/`?|:,)y9cgVG;&-;g,W`G.V#oN%fv%8V moe4utb;>AxrEl[cLlu}SbpQlAoqq8s9RU[G' ); 58 | define( 'NONCE_SALT', '!0SzhBCn7xo(7)1FtBZkIOFmk?lUgAtKvIUw>M&zT|%Z%n5Agw~j2Ku`2,]hoL,p' ); 59 | 60 | /**#@-*/ 61 | 62 | /** 63 | * WordPress database table prefix. 64 | * 65 | * You can have multiple installations in one database if you give each 66 | * a unique prefix. Only numbers, letters, and underscores please! 67 | */ 68 | $table_prefix = 'wp_'; 69 | 70 | /** 71 | * For developers: WordPress debugging mode. 72 | * 73 | * Change this to true to enable the display of notices during development. 74 | * It is strongly recommended that plugin and theme developers use WP_DEBUG 75 | * in their development environments. 76 | * 77 | * For information on other constants that can be used for debugging, 78 | * visit the documentation. 79 | * 80 | * @link https://wordpress.org/support/article/debugging-in-wordpress/ 81 | */ 82 | define( 'WP_DEBUG', true ); 83 | 84 | /* Add any custom values between this line and the "stop editing" line. */ 85 | 86 | 87 | 88 | /* That's all, stop editing! Happy publishing. */ 89 | 90 | /** Absolute path to the WordPress directory. */ 91 | if ( ! defined( 'ABSPATH' ) ) { 92 | define( 'ABSPATH', __DIR__ . '/' ); 93 | } 94 | 95 | /** Sets up WordPress vars and included files. */ 96 | require_once ABSPATH . 'wp-settings.php'; 97 | -------------------------------------------------------------------------------- /wp-cron.php: -------------------------------------------------------------------------------- 1 | =' ) ) { 23 | if ( ! headers_sent() ) { 24 | header( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' ); 25 | header( 'Cache-Control: no-cache, must-revalidate, max-age=0' ); 26 | } 27 | 28 | fastcgi_finish_request(); 29 | } 30 | 31 | if ( ! empty( $_POST ) || defined( 'DOING_AJAX' ) || defined( 'DOING_CRON' ) ) { 32 | die(); 33 | } 34 | 35 | /** 36 | * Tell WordPress we are doing the cron task. 37 | * 38 | * @var bool 39 | */ 40 | define( 'DOING_CRON', true ); 41 | 42 | if ( ! defined( 'ABSPATH' ) ) { 43 | /** Set up WordPress environment */ 44 | require_once __DIR__ . '/wp-load.php'; 45 | } 46 | 47 | /** 48 | * Retrieves the cron lock. 49 | * 50 | * Returns the uncached `doing_cron` transient. 51 | * 52 | * @ignore 53 | * @since 3.3.0 54 | * 55 | * @global wpdb $wpdb WordPress database abstraction object. 56 | * 57 | * @return string|false Value of the `doing_cron` transient, 0|false otherwise. 58 | */ 59 | function _get_cron_lock() { 60 | global $wpdb; 61 | 62 | $value = 0; 63 | if ( wp_using_ext_object_cache() ) { 64 | /* 65 | * Skip local cache and force re-fetch of doing_cron transient 66 | * in case another process updated the cache. 67 | */ 68 | $value = wp_cache_get( 'doing_cron', 'transient', true ); 69 | } else { 70 | $row = $wpdb->get_row( $wpdb->prepare( "SELECT option_value FROM $wpdb->options WHERE option_name = %s LIMIT 1", '_transient_doing_cron' ) ); 71 | if ( is_object( $row ) ) { 72 | $value = $row->option_value; 73 | } 74 | } 75 | 76 | return $value; 77 | } 78 | 79 | $crons = wp_get_ready_cron_jobs(); 80 | if ( empty( $crons ) ) { 81 | die(); 82 | } 83 | 84 | $gmt_time = microtime( true ); 85 | 86 | // The cron lock: a unix timestamp from when the cron was spawned. 87 | $doing_cron_transient = get_transient( 'doing_cron' ); 88 | 89 | // Use global $doing_wp_cron lock, otherwise use the GET lock. If no lock, try to grab a new lock. 90 | if ( empty( $doing_wp_cron ) ) { 91 | if ( empty( $_GET['doing_wp_cron'] ) ) { 92 | // Called from external script/job. Try setting a lock. 93 | if ( $doing_cron_transient && ( $doing_cron_transient + WP_CRON_LOCK_TIMEOUT > $gmt_time ) ) { 94 | return; 95 | } 96 | $doing_wp_cron = sprintf( '%.22F', microtime( true ) ); 97 | $doing_cron_transient = $doing_wp_cron; 98 | set_transient( 'doing_cron', $doing_wp_cron ); 99 | } else { 100 | $doing_wp_cron = $_GET['doing_wp_cron']; 101 | } 102 | } 103 | 104 | /* 105 | * The cron lock (a unix timestamp set when the cron was spawned), 106 | * must match $doing_wp_cron (the "key"). 107 | */ 108 | if ( $doing_cron_transient !== $doing_wp_cron ) { 109 | return; 110 | } 111 | 112 | foreach ( $crons as $timestamp => $cronhooks ) { 113 | if ( $timestamp > $gmt_time ) { 114 | break; 115 | } 116 | 117 | foreach ( $cronhooks as $hook => $keys ) { 118 | 119 | foreach ( $keys as $k => $v ) { 120 | 121 | $schedule = $v['schedule']; 122 | 123 | if ( $schedule ) { 124 | wp_reschedule_event( $timestamp, $schedule, $hook, $v['args'] ); 125 | } 126 | 127 | wp_unschedule_event( $timestamp, $hook, $v['args'] ); 128 | 129 | /** 130 | * Fires scheduled events. 131 | * 132 | * @ignore 133 | * @since 2.1.0 134 | * 135 | * @param string $hook Name of the hook that was scheduled to be fired. 136 | * @param array $args The arguments to be passed to the hook. 137 | */ 138 | do_action_ref_array( $hook, $v['args'] ); 139 | 140 | // If the hook ran too long and another cron process stole the lock, quit. 141 | if ( _get_cron_lock() !== $doing_wp_cron ) { 142 | return; 143 | } 144 | } 145 | } 146 | } 147 | 148 | if ( _get_cron_lock() === $doing_wp_cron ) { 149 | delete_transient( 'doing_cron' ); 150 | } 151 | 152 | die(); 153 | -------------------------------------------------------------------------------- /wp-links-opml.php: -------------------------------------------------------------------------------- 1 | \n"; 27 | ?> 28 | 29 | 30 | 31 | <?php 32 | /* translators: %s: Site title. */ 33 | printf( __( 'Links for %s' ), esc_attr( get_bloginfo( 'name', 'display' ) ) ); 34 | ?> 35 | 36 | GMT 37 | 45 | 46 | 47 | 'link_category', 52 | 'hierarchical' => 0, 53 | ) 54 | ); 55 | } else { 56 | $cats = get_categories( 57 | array( 58 | 'taxonomy' => 'link_category', 59 | 'hierarchical' => 0, 60 | 'include' => $link_cat, 61 | ) 62 | ); 63 | } 64 | 65 | foreach ( (array) $cats as $cat ) : 66 | /** This filter is documented in wp-includes/bookmark-template.php */ 67 | $catname = apply_filters( 'link_category', $cat->name ); 68 | 69 | ?> 70 | 71 | $cat->term_id ) ); 73 | foreach ( (array) $bookmarks as $bookmark ) : 74 | /** 75 | * Filters the OPML outline link title text. 76 | * 77 | * @since 2.2.0 78 | * 79 | * @param string $title The OPML outline title text. 80 | */ 81 | $title = apply_filters( 'link_title', $bookmark->link_name ); 82 | ?> 83 | 89 | 92 | 93 | 96 | 97 | 98 | -------------------------------------------------------------------------------- /wp-load.php: -------------------------------------------------------------------------------- 1 | ' . sprintf( 89 | /* translators: %s: wp-config.php */ 90 | __( "There doesn't seem to be a %s file. I need this before we can get started." ), 91 | 'wp-config.php' 92 | ) . '

'; 93 | $die .= '

' . sprintf( 94 | /* translators: %s: Documentation URL. */ 95 | __( "Need more help? We got it." ), 96 | __( 'https://wordpress.org/support/article/editing-wp-config-php/' ) 97 | ) . '

'; 98 | $die .= '

' . sprintf( 99 | /* translators: %s: wp-config.php */ 100 | __( "You can create a %s file through a web interface, but this doesn't work for all server setups. The safest way is to manually create the file." ), 101 | 'wp-config.php' 102 | ) . '

'; 103 | $die .= '

' . __( 'Create a Configuration File' ) . '

'; 104 | 105 | wp_die( $die, __( 'WordPress › Error' ) ); 106 | } 107 | -------------------------------------------------------------------------------- /wp-login.php: -------------------------------------------------------------------------------- 1 | ` element. 37 | * Default 'Log In'. 38 | * @param string $message Optional. Message to display in header. Default empty. 39 | * @param WP_Error $wp_error Optional. The error to pass. Default is a WP_Error instance. 40 | */ 41 | function login_header( $title = 'Log In', $message = '', $wp_error = null ) { 42 | global $error, $interim_login, $action; 43 | 44 | // Don't index any of these forms. 45 | add_filter( 'wp_robots', 'wp_robots_sensitive_page' ); 46 | add_action( 'login_head', 'wp_strict_cross_origin_referrer' ); 47 | 48 | add_action( 'login_head', 'wp_login_viewport_meta' ); 49 | 50 | if ( ! is_wp_error( $wp_error ) ) { 51 | $wp_error = new WP_Error(); 52 | } 53 | 54 | // Shake it! 55 | $shake_error_codes = array( 'empty_password', 'empty_email', 'invalid_email', 'invalidcombo', 'empty_username', 'invalid_username', 'incorrect_password', 'retrieve_password_email_failure' ); 56 | /** 57 | * Filters the error codes array for shaking the login form. 58 | * 59 | * @since 3.0.0 60 | * 61 | * @param string[] $shake_error_codes Error codes that shake the login form. 62 | */ 63 | $shake_error_codes = apply_filters( 'shake_error_codes', $shake_error_codes ); 64 | 65 | if ( $shake_error_codes && $wp_error->has_errors() && in_array( $wp_error->get_error_code(), $shake_error_codes, true ) ) { 66 | add_action( 'login_footer', 'wp_shake_js', 12 ); 67 | } 68 | 69 | $login_title = get_bloginfo( 'name', 'display' ); 70 | 71 | /* translators: Login screen title. 1: Login screen name, 2: Network or site name. */ 72 | $login_title = sprintf( __( '%1$s ‹ %2$s — WordPress' ), $title, $login_title ); 73 | 74 | if ( wp_is_recovery_mode() ) { 75 | /* translators: %s: Login screen title. */ 76 | $login_title = sprintf( __( 'Recovery Mode — %s' ), $login_title ); 77 | } 78 | 79 | /** 80 | * Filters the title tag content for login page. 81 | * 82 | * @since 4.9.0 83 | * 84 | * @param string $login_title The page title, with extra context added. 85 | * @param string $title The original page title. 86 | */ 87 | $login_title = apply_filters( 'login_title', $login_title, $title ); 88 | 89 | ?> 90 | > 91 | 92 | 93 | <?php echo $login_title; ?> 94 | get_error_code() ) { 104 | ?> 105 | 106 | 173 | 174 | 194 | 195 | 196 | 199 | 208 |
209 |

210 | add( 'error', $error ); 227 | unset( $error ); 228 | } 229 | 230 | if ( $wp_error->has_errors() ) { 231 | $errors = ''; 232 | $messages = ''; 233 | 234 | foreach ( $wp_error->get_error_codes() as $code ) { 235 | $severity = $wp_error->get_error_data( $code ); 236 | foreach ( $wp_error->get_error_messages( $code ) as $error_message ) { 237 | if ( 'message' === $severity ) { 238 | $messages .= ' ' . $error_message . "
\n"; 239 | } else { 240 | $errors .= ' ' . $error_message . "
\n"; 241 | } 242 | } 243 | } 244 | 245 | if ( ! empty( $errors ) ) { 246 | /** 247 | * Filters the error messages displayed above the login form. 248 | * 249 | * @since 2.1.0 250 | * 251 | * @param string $errors Login error message. 252 | */ 253 | echo '
' . apply_filters( 'login_errors', $errors ) . "
\n"; 254 | } 255 | 256 | if ( ! empty( $messages ) ) { 257 | /** 258 | * Filters instructional messages displayed above the login form. 259 | * 260 | * @since 2.5.0 261 | * 262 | * @param string $messages Login messages. 263 | */ 264 | echo '

' . apply_filters( 'login_messages', $messages ) . "

\n"; 265 | } 266 | } 267 | } // End of login_header(). 268 | 269 | /** 270 | * Outputs the footer for the login page. 271 | * 272 | * @since 3.1.0 273 | * 274 | * @global bool|string $interim_login Whether interim login modal is being displayed. String 'success' 275 | * upon successful login. 276 | * 277 | * @param string $input_id Which input to auto-focus. 278 | */ 279 | function login_footer( $input_id = '' ) { 280 | global $interim_login; 281 | 282 | // Don't allow interim logins to navigate away from the page. 283 | if ( ! $interim_login ) { 284 | ?> 285 |

286 | %s', 289 | esc_url( home_url( '/' ) ), 290 | sprintf( 291 | /* translators: %s: Site title. */ 292 | _x( '← Go to %s', 'site' ), 293 | get_bloginfo( 'title', 'display' ) 294 | ) 295 | ); 296 | /** 297 | * Filter the "Go to site" link displayed in the login page footer. 298 | * 299 | * @since 5.7.0 300 | * 301 | * @param string $link HTML link to the home URL of the current site. 302 | */ 303 | echo apply_filters( 'login_site_html_link', $html_link ); 304 | ?> 305 |

306 | ', '
' ); 309 | } 310 | 311 | ?> 312 | . ?> 313 | 314 | 330 |
331 |
332 | 333 | 337 | 338 | 'language-switcher-locales', 341 | 'name' => 'wp_lang', 342 | 'selected' => determine_locale(), 343 | 'show_available_translations' => false, 344 | 'explicit_option_en_us' => true, 345 | 'languages' => $languages, 346 | ); 347 | 348 | /** 349 | * Filters default arguments for the Languages select input on the login screen. 350 | * 351 | * @since 5.9.0 352 | * 353 | * @param array $args Arguments for the Languages select input on the login screen. 354 | */ 355 | wp_dropdown_languages( apply_filters( 'login_language_dropdown_args', $args ) ); 356 | ?> 357 | 358 | 359 | 360 | 361 | 362 | 363 | 364 | 365 | 366 | 367 | 368 | 369 | 370 | 371 | 372 |
373 |
374 | 375 | 376 | 380 | 384 | 395 |
396 | 397 | 398 | 408 | 411 | 421 | 422 | 0 ) { 576 | update_option( 'admin_email_lifespan', time() + $remind_interval ); 577 | } 578 | 579 | $redirect_to = add_query_arg( 'admin_email_remind_later', 1, $redirect_to ); 580 | wp_safe_redirect( $redirect_to ); 581 | exit; 582 | } 583 | 584 | if ( ! empty( $_POST['correct-admin-email'] ) ) { 585 | if ( ! check_admin_referer( 'confirm_admin_email', 'confirm_admin_email_nonce' ) ) { 586 | wp_safe_redirect( wp_login_url() ); 587 | exit; 588 | } 589 | 590 | /** 591 | * Filters the interval for redirecting the user to the admin email confirmation screen. 592 | * 593 | * If `0` (zero) is returned, the user will not be redirected. 594 | * 595 | * @since 5.3.0 596 | * 597 | * @param int $interval Interval time (in seconds). Default is 6 months. 598 | */ 599 | $admin_email_check_interval = (int) apply_filters( 'admin_email_check_interval', 6 * MONTH_IN_SECONDS ); 600 | 601 | if ( $admin_email_check_interval > 0 ) { 602 | update_option( 'admin_email_lifespan', time() + $admin_email_check_interval ); 603 | } 604 | 605 | wp_safe_redirect( $redirect_to ); 606 | exit; 607 | } 608 | 609 | login_header( __( 'Confirm your administration email' ), '', $errors ); 610 | 611 | /** 612 | * Fires before the admin email confirm form. 613 | * 614 | * @since 5.3.0 615 | * 616 | * @param WP_Error $errors A `WP_Error` object containing any errors generated by using invalid 617 | * credentials. Note that the error object may not contain any errors. 618 | */ 619 | do_action( 'admin_email_confirm', $errors ); 620 | 621 | ?> 622 | 623 |
624 | 635 | 636 | 637 |

638 | 639 |

640 |

641 | administration email for this website is still correct.' ); ?> 642 | %s', __( '(opens in a new tab)' ) ); 649 | 650 | printf( 651 | '%s%s', 652 | esc_url( $admin_email_help_url ), 653 | __( 'Why is this important?' ), 654 | $accessibility_text 655 | ); 656 | 657 | ?> 658 |

659 |

660 | ' . esc_html( $admin_email ) . '' 666 | ); 667 | 668 | ?> 669 |

670 |

671 | 672 |

673 | 674 |
675 |
676 | 682 | 683 | 684 |
685 | 0 ) : ?> 686 |
687 | 'confirm_admin_email', 693 | 'remind_me_later' => wp_create_nonce( 'remind_me_later_nonce' ), 694 | ), 695 | $remind_me_link 696 | ); 697 | 698 | ?> 699 | 700 |
701 | 702 |
703 |
704 | 705 | HashPassword( wp_unslash( $_POST['post_password'] ) ), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure ); 739 | 740 | wp_safe_redirect( wp_get_referer() ); 741 | exit; 742 | 743 | case 'logout': 744 | check_admin_referer( 'log-out' ); 745 | 746 | $user = wp_get_current_user(); 747 | 748 | wp_logout(); 749 | 750 | if ( ! empty( $_REQUEST['redirect_to'] ) ) { 751 | $redirect_to = $_REQUEST['redirect_to']; 752 | $requested_redirect_to = $redirect_to; 753 | } else { 754 | $redirect_to = add_query_arg( 755 | array( 756 | 'loggedout' => 'true', 757 | 'wp_lang' => get_user_locale( $user ), 758 | ), 759 | wp_login_url() 760 | ); 761 | 762 | $requested_redirect_to = ''; 763 | } 764 | 765 | /** 766 | * Filters the log out redirect URL. 767 | * 768 | * @since 4.2.0 769 | * 770 | * @param string $redirect_to The redirect destination URL. 771 | * @param string $requested_redirect_to The requested redirect destination URL passed as a parameter. 772 | * @param WP_User $user The WP_User object for the user that's logging out. 773 | */ 774 | $redirect_to = apply_filters( 'logout_redirect', $redirect_to, $requested_redirect_to, $user ); 775 | 776 | wp_safe_redirect( $redirect_to ); 777 | exit; 778 | 779 | case 'lostpassword': 780 | case 'retrievepassword': 781 | if ( $http_post ) { 782 | $errors = retrieve_password(); 783 | 784 | if ( ! is_wp_error( $errors ) ) { 785 | $redirect_to = ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : 'wp-login.php?checkemail=confirm'; 786 | wp_safe_redirect( $redirect_to ); 787 | exit; 788 | } 789 | } 790 | 791 | if ( isset( $_GET['error'] ) ) { 792 | if ( 'invalidkey' === $_GET['error'] ) { 793 | $errors->add( 'invalidkey', __( 'Error: Your password reset link appears to be invalid. Please request a new link below.' ) ); 794 | } elseif ( 'expiredkey' === $_GET['error'] ) { 795 | $errors->add( 'expiredkey', __( 'Error: Your password reset link has expired. Please request a new link below.' ) ); 796 | } 797 | } 798 | 799 | $lostpassword_redirect = ! empty( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : ''; 800 | /** 801 | * Filters the URL redirected to after submitting the lostpassword/retrievepassword form. 802 | * 803 | * @since 3.0.0 804 | * 805 | * @param string $lostpassword_redirect The redirect destination URL. 806 | */ 807 | $redirect_to = apply_filters( 'lostpassword_redirect', $lostpassword_redirect ); 808 | 809 | /** 810 | * Fires before the lost password form. 811 | * 812 | * @since 1.5.1 813 | * @since 5.1.0 Added the `$errors` parameter. 814 | * 815 | * @param WP_Error $errors A `WP_Error` object containing any errors generated by using invalid 816 | * credentials. Note that the error object may not contain any errors. 817 | */ 818 | do_action( 'lost_password', $errors ); 819 | 820 | login_header( __( 'Lost Password' ), '

' . __( 'Please enter your username or email address. You will receive an email message with instructions on how to reset your password.' ) . '

', $errors ); 821 | 822 | $user_login = ''; 823 | 824 | if ( isset( $_POST['user_login'] ) && is_string( $_POST['user_login'] ) ) { 825 | $user_login = wp_unslash( $_POST['user_login'] ); 826 | } 827 | 828 | ?> 829 | 830 |
831 |

832 | 833 | 834 |

835 | 845 | 846 |

847 | 848 |

849 |
850 | 851 |

852 | 853 | %s', esc_url( wp_registration_url() ), __( 'Register' ) ); 857 | 858 | echo esc_html( $login_link_separator ); 859 | 860 | /** This filter is documented in wp-includes/general-template.php */ 861 | echo apply_filters( 'register', $registration_url ); 862 | } 863 | 864 | ?> 865 |

866 | get_error_code() === 'expired_key' ) { 900 | wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=expiredkey' ) ); 901 | } else { 902 | wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=invalidkey' ) ); 903 | } 904 | 905 | exit; 906 | } 907 | 908 | $errors = new WP_Error(); 909 | 910 | if ( isset( $_POST['pass1'] ) && $_POST['pass1'] !== $_POST['pass2'] ) { 911 | $errors->add( 'password_reset_mismatch', __( 'Error: The passwords do not match.' ) ); 912 | } 913 | 914 | /** 915 | * Fires before the password reset procedure is validated. 916 | * 917 | * @since 3.5.0 918 | * 919 | * @param WP_Error $errors WP Error object. 920 | * @param WP_User|WP_Error $user WP_User object if the login and reset key match. WP_Error object otherwise. 921 | */ 922 | do_action( 'validate_password_reset', $errors, $user ); 923 | 924 | if ( ( ! $errors->has_errors() ) && isset( $_POST['pass1'] ) && ! empty( $_POST['pass1'] ) ) { 925 | reset_password( $user, $_POST['pass1'] ); 926 | setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true ); 927 | login_header( __( 'Password Reset' ), '

' . __( 'Your password has been reset.' ) . ' ' . __( 'Log in' ) . '

' ); 928 | login_footer(); 929 | exit; 930 | } 931 | 932 | wp_enqueue_script( 'utils' ); 933 | wp_enqueue_script( 'user-profile' ); 934 | 935 | login_header( __( 'Reset Password' ), '

' . __( 'Enter your new password below or generate one.' ) . '

', $errors ); 936 | 937 | ?> 938 |
939 | 940 | 941 |
942 |

943 | 944 |

945 | 946 |
947 | 948 | 949 | 952 |
953 |
954 |
955 | 956 | 957 |
958 |
959 | 960 |

961 | 962 | 963 |

964 | 965 |

966 |
967 | 968 | 980 | 981 |

982 | 983 | 984 |

985 |
986 | 987 |

988 | 989 | %s', esc_url( wp_registration_url() ), __( 'Register' ) ); 993 | 994 | echo esc_html( $login_link_separator ); 995 | 996 | /** This filter is documented in wp-includes/general-template.php */ 997 | echo apply_filters( 'register', $registration_url ); 998 | } 999 | 1000 | ?> 1001 |

1002 | ' . __( 'Register For This Site' ) . '

', $errors ); 1061 | 1062 | ?> 1063 |
1064 |

1065 | 1066 | 1067 |

1068 |

1069 | 1070 | 1071 |

1072 | 1082 |

1083 | 1084 |

1085 |
1086 | 1087 |

1088 | 1089 |

1090 |
1091 | 1092 |

1093 | 1094 | 1095 | 1096 |

1097 | add( 1108 | 'confirm', 1109 | sprintf( 1110 | /* translators: %s: Link to the login page. */ 1111 | __( 'Check your email for the confirmation link, then visit the login page.' ), 1112 | wp_login_url() 1113 | ), 1114 | 'message' 1115 | ); 1116 | } elseif ( 'registered' === $_GET['checkemail'] ) { 1117 | $errors->add( 1118 | 'registered', 1119 | sprintf( 1120 | /* translators: %s: Link to the login page. */ 1121 | __( 'Registration complete. Please check your email, then visit the login page.' ), 1122 | wp_login_url() 1123 | ), 1124 | 'message' 1125 | ); 1126 | } 1127 | 1128 | /** This action is documented in wp-login.php */ 1129 | $errors = apply_filters( 'wp_login_errors', $errors, $redirect_to ); 1130 | 1131 | login_header( __( 'Check your email' ), '', $errors ); 1132 | login_footer(); 1133 | break; 1134 | 1135 | case 'confirmaction': 1136 | if ( ! isset( $_GET['request_id'] ) ) { 1137 | wp_die( __( 'Missing request ID.' ) ); 1138 | } 1139 | 1140 | if ( ! isset( $_GET['confirm_key'] ) ) { 1141 | wp_die( __( 'Missing confirm key.' ) ); 1142 | } 1143 | 1144 | $request_id = (int) $_GET['request_id']; 1145 | $key = sanitize_text_field( wp_unslash( $_GET['confirm_key'] ) ); 1146 | $result = wp_validate_user_request_key( $request_id, $key ); 1147 | 1148 | if ( is_wp_error( $result ) ) { 1149 | wp_die( $result ); 1150 | } 1151 | 1152 | /** 1153 | * Fires an action hook when the account action has been confirmed by the user. 1154 | * 1155 | * Using this you can assume the user has agreed to perform the action by 1156 | * clicking on the link in the confirmation email. 1157 | * 1158 | * After firing this action hook the page will redirect to wp-login a callback 1159 | * redirects or exits first. 1160 | * 1161 | * @since 4.9.6 1162 | * 1163 | * @param int $request_id Request ID. 1164 | */ 1165 | do_action( 'user_request_action_confirmed', $request_id ); 1166 | 1167 | $message = _wp_privacy_account_request_confirmed_message( $request_id ); 1168 | 1169 | login_header( __( 'User action confirmed.' ), $message ); 1170 | login_footer(); 1171 | exit; 1172 | 1173 | case 'login': 1174 | default: 1175 | $secure_cookie = ''; 1176 | $customize_login = isset( $_REQUEST['customize-login'] ); 1177 | 1178 | if ( $customize_login ) { 1179 | wp_enqueue_script( 'customize-base' ); 1180 | } 1181 | 1182 | // If the user wants SSL but the session is not SSL, force a secure cookie. 1183 | if ( ! empty( $_POST['log'] ) && ! force_ssl_admin() ) { 1184 | $user_name = sanitize_user( wp_unslash( $_POST['log'] ) ); 1185 | $user = get_user_by( 'login', $user_name ); 1186 | 1187 | if ( ! $user && strpos( $user_name, '@' ) ) { 1188 | $user = get_user_by( 'email', $user_name ); 1189 | } 1190 | 1191 | if ( $user ) { 1192 | if ( get_user_option( 'use_ssl', $user->ID ) ) { 1193 | $secure_cookie = true; 1194 | force_ssl_admin( true ); 1195 | } 1196 | } 1197 | } 1198 | 1199 | if ( isset( $_REQUEST['redirect_to'] ) ) { 1200 | $redirect_to = $_REQUEST['redirect_to']; 1201 | // Redirect to HTTPS if user wants SSL. 1202 | if ( $secure_cookie && false !== strpos( $redirect_to, 'wp-admin' ) ) { 1203 | $redirect_to = preg_replace( '|^http://|', 'https://', $redirect_to ); 1204 | } 1205 | } else { 1206 | $redirect_to = admin_url(); 1207 | } 1208 | 1209 | $reauth = empty( $_REQUEST['reauth'] ) ? false : true; 1210 | 1211 | $user = wp_signon( array(), $secure_cookie ); 1212 | 1213 | if ( empty( $_COOKIE[ LOGGED_IN_COOKIE ] ) ) { 1214 | if ( headers_sent() ) { 1215 | $user = new WP_Error( 1216 | 'test_cookie', 1217 | sprintf( 1218 | /* translators: 1: Browser cookie documentation URL, 2: Support forums URL. */ 1219 | __( 'Error: Cookies are blocked due to unexpected output. For help, please see this documentation or try the support forums.' ), 1220 | __( 'https://wordpress.org/support/article/cookies/' ), 1221 | __( 'https://wordpress.org/support/forums/' ) 1222 | ) 1223 | ); 1224 | } elseif ( isset( $_POST['testcookie'] ) && empty( $_COOKIE[ TEST_COOKIE ] ) ) { 1225 | // If cookies are disabled, we can't log in even with a valid user and password. 1226 | $user = new WP_Error( 1227 | 'test_cookie', 1228 | sprintf( 1229 | /* translators: %s: Browser cookie documentation URL. */ 1230 | __( 'Error: Cookies are blocked or not supported by your browser. You must enable cookies to use WordPress.' ), 1231 | __( 'https://wordpress.org/support/article/cookies/#enable-cookies-in-your-browser' ) 1232 | ) 1233 | ); 1234 | } 1235 | } 1236 | 1237 | $requested_redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : ''; 1238 | /** 1239 | * Filters the login redirect URL. 1240 | * 1241 | * @since 3.0.0 1242 | * 1243 | * @param string $redirect_to The redirect destination URL. 1244 | * @param string $requested_redirect_to The requested redirect destination URL passed as a parameter. 1245 | * @param WP_User|WP_Error $user WP_User object if login was successful, WP_Error object otherwise. 1246 | */ 1247 | $redirect_to = apply_filters( 'login_redirect', $redirect_to, $requested_redirect_to, $user ); 1248 | 1249 | if ( ! is_wp_error( $user ) && ! $reauth ) { 1250 | if ( $interim_login ) { 1251 | $message = '

' . __( 'You have logged in successfully.' ) . '

'; 1252 | $interim_login = 'success'; 1253 | login_header( '', $message ); 1254 | 1255 | ?> 1256 | 1257 | 1264 | 1265 | 1269 | 1270 | exists() && $user->has_cap( 'manage_options' ) ) { 1277 | $admin_email_lifespan = (int) get_option( 'admin_email_lifespan' ); 1278 | 1279 | // If `0` (or anything "falsey" as it is cast to int) is returned, the user will not be redirected 1280 | // to the admin email confirmation screen. 1281 | /** This filter is documented in wp-login.php */ 1282 | $admin_email_check_interval = (int) apply_filters( 'admin_email_check_interval', 6 * MONTH_IN_SECONDS ); 1283 | 1284 | if ( $admin_email_check_interval > 0 && time() > $admin_email_lifespan ) { 1285 | $redirect_to = add_query_arg( 1286 | array( 1287 | 'action' => 'confirm_admin_email', 1288 | 'wp_lang' => get_user_locale( $user ), 1289 | ), 1290 | wp_login_url( $redirect_to ) 1291 | ); 1292 | } 1293 | } 1294 | 1295 | if ( ( empty( $redirect_to ) || 'wp-admin/' === $redirect_to || admin_url() === $redirect_to ) ) { 1296 | // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile. 1297 | if ( is_multisite() && ! get_active_blog_for_user( $user->ID ) && ! is_super_admin( $user->ID ) ) { 1298 | $redirect_to = user_admin_url(); 1299 | } elseif ( is_multisite() && ! $user->has_cap( 'read' ) ) { 1300 | $redirect_to = get_dashboard_url( $user->ID ); 1301 | } elseif ( ! $user->has_cap( 'edit_posts' ) ) { 1302 | $redirect_to = $user->has_cap( 'read' ) ? admin_url( 'profile.php' ) : home_url(); 1303 | } 1304 | 1305 | wp_redirect( $redirect_to ); 1306 | exit; 1307 | } 1308 | 1309 | wp_safe_redirect( $redirect_to ); 1310 | exit; 1311 | } 1312 | 1313 | $errors = $user; 1314 | // Clear errors if loggedout is set. 1315 | if ( ! empty( $_GET['loggedout'] ) || $reauth ) { 1316 | $errors = new WP_Error(); 1317 | } 1318 | 1319 | if ( empty( $_POST ) && $errors->get_error_codes() === array( 'empty_username', 'empty_password' ) ) { 1320 | $errors = new WP_Error( '', '' ); 1321 | } 1322 | 1323 | if ( $interim_login ) { 1324 | if ( ! $errors->has_errors() ) { 1325 | $errors->add( 'expired', __( 'Your session has expired. Please log in to continue where you left off.' ), 'message' ); 1326 | } 1327 | } else { 1328 | // Some parts of this script use the main login form to display a message. 1329 | if ( isset( $_GET['loggedout'] ) && $_GET['loggedout'] ) { 1330 | $errors->add( 'loggedout', __( 'You are now logged out.' ), 'message' ); 1331 | } elseif ( isset( $_GET['registration'] ) && 'disabled' === $_GET['registration'] ) { 1332 | $errors->add( 'registerdisabled', __( 'Error: User registration is currently not allowed.' ) ); 1333 | } elseif ( strpos( $redirect_to, 'about.php?updated' ) ) { 1334 | $errors->add( 'updated', __( 'You have successfully updated WordPress! Please log back in to see what’s new.' ), 'message' ); 1335 | } elseif ( WP_Recovery_Mode_Link_Service::LOGIN_ACTION_ENTERED === $action ) { 1336 | $errors->add( 'enter_recovery_mode', __( 'Recovery Mode Initialized. Please log in to continue.' ), 'message' ); 1337 | } elseif ( isset( $_GET['redirect_to'] ) && false !== strpos( $_GET['redirect_to'], 'wp-admin/authorize-application.php' ) ) { 1338 | $query_component = wp_parse_url( $_GET['redirect_to'], PHP_URL_QUERY ); 1339 | $query = array(); 1340 | if ( $query_component ) { 1341 | parse_str( $query_component, $query ); 1342 | } 1343 | 1344 | if ( ! empty( $query['app_name'] ) ) { 1345 | /* translators: 1: Website name, 2: Application name. */ 1346 | $message = sprintf( 'Please log in to %1$s to authorize %2$s to connect to your account.', get_bloginfo( 'name', 'display' ), '' . esc_html( $query['app_name'] ) . '' ); 1347 | } else { 1348 | /* translators: %s: Website name. */ 1349 | $message = sprintf( 'Please log in to %s to proceed with authorization.', get_bloginfo( 'name', 'display' ) ); 1350 | } 1351 | 1352 | $errors->add( 'authorize_application', $message, 'message' ); 1353 | } 1354 | } 1355 | 1356 | /** 1357 | * Filters the login page errors. 1358 | * 1359 | * @since 3.6.0 1360 | * 1361 | * @param WP_Error $errors WP Error object. 1362 | * @param string $redirect_to Redirect destination URL. 1363 | */ 1364 | $errors = apply_filters( 'wp_login_errors', $errors, $redirect_to ); 1365 | 1366 | // Clear any stale cookies. 1367 | if ( $reauth ) { 1368 | wp_clear_auth_cookie(); 1369 | } 1370 | 1371 | login_header( __( 'Log In' ), '', $errors ); 1372 | 1373 | if ( isset( $_POST['log'] ) ) { 1374 | $user_login = ( 'incorrect_password' === $errors->get_error_code() || 'empty_password' === $errors->get_error_code() ) ? esc_attr( wp_unslash( $_POST['log'] ) ) : ''; 1375 | } 1376 | 1377 | $rememberme = ! empty( $_POST['rememberme'] ); 1378 | 1379 | if ( $errors->has_errors() ) { 1380 | $aria_describedby_error = ' aria-describedby="login_error"'; 1381 | } else { 1382 | $aria_describedby_error = ''; 1383 | } 1384 | 1385 | wp_enqueue_script( 'user-profile' ); 1386 | ?> 1387 | 1388 |
1389 |

1390 | 1391 | class="input" value="" size="20" autocapitalize="off" /> 1392 |

1393 | 1394 |
1395 | 1396 |
1397 | class="input password-input" value="" size="20" /> 1398 | 1401 |
1402 |
1403 | 1413 |

/>

1414 |

1415 | 1416 | 1420 | 1421 | 1424 | 1425 | 1430 | 1431 | 1435 | 1436 |

1437 |
1438 | 1439 | 1443 |

1444 | %s', esc_url( wp_registration_url() ), __( 'Register' ) ); 1448 | 1449 | /** This filter is documented in wp-includes/general-template.php */ 1450 | echo apply_filters( 'register', $registration_url ); 1451 | 1452 | echo esc_html( $login_link_separator ); 1453 | } 1454 | 1455 | ?> 1456 | 1457 |

1458 | get_error_code() === 'invalid_username' ) { 1471 | $login_script .= 'd.value = "";'; 1472 | } 1473 | } 1474 | 1475 | $login_script .= 'd.focus(); d.select();'; 1476 | $login_script .= '} catch( er ) {}'; 1477 | $login_script .= '}, 200);'; 1478 | $login_script .= "}\n"; // End of wp_attempt_focus(). 1479 | 1480 | /** 1481 | * Filters whether to print the call to `wp_attempt_focus()` on the login screen. 1482 | * 1483 | * @since 4.8.0 1484 | * 1485 | * @param bool $print Whether to print the function call. Default true. 1486 | */ 1487 | if ( apply_filters( 'enable_login_autofocus', true ) && ! $error ) { 1488 | $login_script .= "wp_attempt_focus();\n"; 1489 | } 1490 | 1491 | // Run `wpOnload()` if defined. 1492 | $login_script .= "if ( typeof wpOnload === 'function' ) { wpOnload() }"; 1493 | 1494 | ?> 1495 | 1498 | 1502 | 1515 | Writing 6 | * 7 | * @package WordPress 8 | */ 9 | 10 | /** Make sure that the WordPress bootstrap has run before continuing. */ 11 | require __DIR__ . '/wp-load.php'; 12 | 13 | /** This filter is documented in wp-admin/options.php */ 14 | if ( ! apply_filters( 'enable_post_by_email_configuration', true ) ) { 15 | wp_die( __( 'This action has been disabled by the administrator.' ), 403 ); 16 | } 17 | 18 | $mailserver_url = get_option( 'mailserver_url' ); 19 | 20 | if ( 'mail.example.com' === $mailserver_url || empty( $mailserver_url ) ) { 21 | wp_die( __( 'This action has been disabled by the administrator.' ), 403 ); 22 | } 23 | 24 | /** 25 | * Fires to allow a plugin to do a complete takeover of Post by Email. 26 | * 27 | * @since 2.9.0 28 | */ 29 | do_action( 'wp-mail.php' ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores 30 | 31 | /** Get the POP3 class with which to access the mailbox. */ 32 | require_once ABSPATH . WPINC . '/class-pop3.php'; 33 | 34 | /** Only check at this interval for new messages. */ 35 | if ( ! defined( 'WP_MAIL_INTERVAL' ) ) { 36 | define( 'WP_MAIL_INTERVAL', 5 * MINUTE_IN_SECONDS ); 37 | } 38 | 39 | $last_checked = get_transient( 'mailserver_last_checked' ); 40 | 41 | if ( $last_checked ) { 42 | wp_die( __( 'Slow down cowboy, no need to check for new mails so often!' ) ); 43 | } 44 | 45 | set_transient( 'mailserver_last_checked', true, WP_MAIL_INTERVAL ); 46 | 47 | $time_difference = get_option( 'gmt_offset' ) * HOUR_IN_SECONDS; 48 | 49 | $phone_delim = '::'; 50 | 51 | $pop3 = new POP3(); 52 | 53 | if ( ! $pop3->connect( get_option( 'mailserver_url' ), get_option( 'mailserver_port' ) ) || ! $pop3->user( get_option( 'mailserver_login' ) ) ) { 54 | wp_die( esc_html( $pop3->ERROR ) ); 55 | } 56 | 57 | $count = $pop3->pass( get_option( 'mailserver_pass' ) ); 58 | 59 | if ( false === $count ) { 60 | wp_die( esc_html( $pop3->ERROR ) ); 61 | } 62 | 63 | if ( 0 === $count ) { 64 | $pop3->quit(); 65 | wp_die( __( 'There doesn’t seem to be any new mail.' ) ); 66 | } 67 | 68 | for ( $i = 1; $i <= $count; $i++ ) { 69 | 70 | $message = $pop3->get( $i ); 71 | 72 | $bodysignal = false; 73 | $boundary = ''; 74 | $charset = ''; 75 | $content = ''; 76 | $content_type = ''; 77 | $content_transfer_encoding = ''; 78 | $post_author = 1; 79 | $author_found = false; 80 | $post_date = null; 81 | $post_date_gmt = null; 82 | 83 | foreach ( $message as $line ) { 84 | // Body signal. 85 | if ( strlen( $line ) < 3 ) { 86 | $bodysignal = true; 87 | } 88 | if ( $bodysignal ) { 89 | $content .= $line; 90 | } else { 91 | if ( preg_match( '/Content-Type: /i', $line ) ) { 92 | $content_type = trim( $line ); 93 | $content_type = substr( $content_type, 14, strlen( $content_type ) - 14 ); 94 | $content_type = explode( ';', $content_type ); 95 | if ( ! empty( $content_type[1] ) ) { 96 | $charset = explode( '=', $content_type[1] ); 97 | $charset = ( ! empty( $charset[1] ) ) ? trim( $charset[1] ) : ''; 98 | } 99 | $content_type = $content_type[0]; 100 | } 101 | if ( preg_match( '/Content-Transfer-Encoding: /i', $line ) ) { 102 | $content_transfer_encoding = trim( $line ); 103 | $content_transfer_encoding = substr( $content_transfer_encoding, 27, strlen( $content_transfer_encoding ) - 27 ); 104 | $content_transfer_encoding = explode( ';', $content_transfer_encoding ); 105 | $content_transfer_encoding = $content_transfer_encoding[0]; 106 | } 107 | if ( ( 'multipart/alternative' === $content_type ) && ( false !== strpos( $line, 'boundary="' ) ) && ( '' === $boundary ) ) { 108 | $boundary = trim( $line ); 109 | $boundary = explode( '"', $boundary ); 110 | $boundary = $boundary[1]; 111 | } 112 | if ( preg_match( '/Subject: /i', $line ) ) { 113 | $subject = trim( $line ); 114 | $subject = substr( $subject, 9, strlen( $subject ) - 9 ); 115 | // Captures any text in the subject before $phone_delim as the subject. 116 | if ( function_exists( 'iconv_mime_decode' ) ) { 117 | $subject = iconv_mime_decode( $subject, 2, get_option( 'blog_charset' ) ); 118 | } else { 119 | $subject = wp_iso_descrambler( $subject ); 120 | } 121 | $subject = explode( $phone_delim, $subject ); 122 | $subject = $subject[0]; 123 | } 124 | 125 | /* 126 | * Set the author using the email address (From or Reply-To, the last used) 127 | * otherwise use the site admin. 128 | */ 129 | if ( ! $author_found && preg_match( '/^(From|Reply-To): /', $line ) ) { 130 | if ( preg_match( '|[a-z0-9_.-]+@[a-z0-9_.-]+(?!.*<)|i', $line, $matches ) ) { 131 | $author = $matches[0]; 132 | } else { 133 | $author = trim( $line ); 134 | } 135 | $author = sanitize_email( $author ); 136 | if ( is_email( $author ) ) { 137 | /* translators: %s: Post author email address. */ 138 | echo '

' . sprintf( __( 'Author is %s' ), $author ) . '

'; 139 | $userdata = get_user_by( 'email', $author ); 140 | if ( ! empty( $userdata ) ) { 141 | $post_author = $userdata->ID; 142 | $author_found = true; 143 | } 144 | } 145 | } 146 | 147 | if ( preg_match( '/Date: /i', $line ) ) { // Of the form '20 Mar 2002 20:32:37 +0100'. 148 | $ddate = str_replace( 'Date: ', '', trim( $line ) ); 149 | // Remove parenthesised timezone string if it exists, as this confuses strtotime(). 150 | $ddate = preg_replace( '!\s*\(.+\)\s*$!', '', $ddate ); 151 | $ddate_timestamp = strtotime( $ddate ); 152 | $post_date = gmdate( 'Y-m-d H:i:s', $ddate_timestamp + $time_difference ); 153 | $post_date_gmt = gmdate( 'Y-m-d H:i:s', $ddate_timestamp ); 154 | } 155 | } 156 | } 157 | 158 | // Set $post_status based on $author_found and on author's publish_posts capability. 159 | if ( $author_found ) { 160 | $user = new WP_User( $post_author ); 161 | $post_status = ( $user->has_cap( 'publish_posts' ) ) ? 'publish' : 'pending'; 162 | } else { 163 | // Author not found in DB, set status to pending. Author already set to admin. 164 | $post_status = 'pending'; 165 | } 166 | 167 | $subject = trim( $subject ); 168 | 169 | if ( 'multipart/alternative' === $content_type ) { 170 | $content = explode( '--' . $boundary, $content ); 171 | $content = $content[2]; 172 | 173 | // Match case-insensitive content-transfer-encoding. 174 | if ( preg_match( '/Content-Transfer-Encoding: quoted-printable/i', $content, $delim ) ) { 175 | $content = explode( $delim[0], $content ); 176 | $content = $content[1]; 177 | } 178 | $content = strip_tags( $content, '


' ); 179 | } 180 | $content = trim( $content ); 181 | 182 | /** 183 | * Filters the original content of the email. 184 | * 185 | * Give Post-By-Email extending plugins full access to the content, either 186 | * the raw content, or the content of the last quoted-printable section. 187 | * 188 | * @since 2.8.0 189 | * 190 | * @param string $content The original email content. 191 | */ 192 | $content = apply_filters( 'wp_mail_original_content', $content ); 193 | 194 | if ( false !== stripos( $content_transfer_encoding, 'quoted-printable' ) ) { 195 | $content = quoted_printable_decode( $content ); 196 | } 197 | 198 | if ( function_exists( 'iconv' ) && ! empty( $charset ) ) { 199 | $content = iconv( $charset, get_option( 'blog_charset' ), $content ); 200 | } 201 | 202 | // Captures any text in the body after $phone_delim as the body. 203 | $content = explode( $phone_delim, $content ); 204 | $content = empty( $content[1] ) ? $content[0] : $content[1]; 205 | 206 | $content = trim( $content ); 207 | 208 | /** 209 | * Filters the content of the post submitted by email before saving. 210 | * 211 | * @since 1.2.0 212 | * 213 | * @param string $content The email content. 214 | */ 215 | $post_content = apply_filters( 'phone_content', $content ); 216 | 217 | $post_title = xmlrpc_getposttitle( $content ); 218 | 219 | if ( '' === trim( $post_title ) ) { 220 | $post_title = $subject; 221 | } 222 | 223 | $post_category = array( get_option( 'default_email_category' ) ); 224 | 225 | $post_data = compact( 'post_content', 'post_title', 'post_date', 'post_date_gmt', 'post_author', 'post_category', 'post_status' ); 226 | $post_data = wp_slash( $post_data ); 227 | 228 | $post_ID = wp_insert_post( $post_data ); 229 | if ( is_wp_error( $post_ID ) ) { 230 | echo "\n" . $post_ID->get_error_message(); 231 | } 232 | 233 | // We couldn't post, for whatever reason. Better move forward to the next email. 234 | if ( empty( $post_ID ) ) { 235 | continue; 236 | } 237 | 238 | /** 239 | * Fires after a post submitted by email is published. 240 | * 241 | * @since 1.2.0 242 | * 243 | * @param int $post_ID The post ID. 244 | */ 245 | do_action( 'publish_phone', $post_ID ); 246 | 247 | echo "\n

" . __( 'Author:' ) . ' ' . esc_html( $post_author ) . '

'; 248 | echo "\n

" . __( 'Posted title:' ) . ' ' . esc_html( $post_title ) . '

'; 249 | 250 | if ( ! $pop3->delete( $i ) ) { 251 | echo '

' . sprintf( 252 | /* translators: %s: POP3 error. */ 253 | __( 'Oops: %s' ), 254 | esc_html( $pop3->ERROR ) 255 | ) . '

'; 256 | $pop3->reset(); 257 | exit; 258 | } else { 259 | echo '

' . sprintf( 260 | /* translators: %s: The message ID. */ 261 | __( 'Mission complete. Message %s deleted.' ), 262 | '' . $i . '' 263 | ) . '

'; 264 | } 265 | } 266 | 267 | $pop3->quit(); 268 | -------------------------------------------------------------------------------- /wp-settings.php: -------------------------------------------------------------------------------- 1 | initialize(); 413 | } 414 | 415 | // Load active plugins. 416 | foreach ( wp_get_active_and_valid_plugins() as $plugin ) { 417 | wp_register_plugin_realpath( $plugin ); 418 | include_once $plugin; 419 | 420 | /** 421 | * Fires once a single activated plugin has loaded. 422 | * 423 | * @since 5.1.0 424 | * 425 | * @param string $plugin Full path to the plugin's main file. 426 | */ 427 | do_action( 'plugin_loaded', $plugin ); 428 | } 429 | unset( $plugin ); 430 | 431 | // Load pluggable functions. 432 | require ABSPATH . WPINC . '/pluggable.php'; 433 | require ABSPATH . WPINC . '/pluggable-deprecated.php'; 434 | 435 | // Set internal encoding. 436 | wp_set_internal_encoding(); 437 | 438 | // Run wp_cache_postload() if object cache is enabled and the function exists. 439 | if ( WP_CACHE && function_exists( 'wp_cache_postload' ) ) { 440 | wp_cache_postload(); 441 | } 442 | 443 | /** 444 | * Fires once activated plugins have loaded. 445 | * 446 | * Pluggable functions are also available at this point in the loading order. 447 | * 448 | * @since 1.5.0 449 | */ 450 | do_action( 'plugins_loaded' ); 451 | 452 | // Define constants which affect functionality if not already defined. 453 | wp_functionality_constants(); 454 | 455 | // Add magic quotes and set up $_REQUEST ( $_GET + $_POST ). 456 | wp_magic_quotes(); 457 | 458 | /** 459 | * Fires when comment cookies are sanitized. 460 | * 461 | * @since 2.0.11 462 | */ 463 | do_action( 'sanitize_comment_cookies' ); 464 | 465 | /** 466 | * WordPress Query object 467 | * 468 | * @global WP_Query $wp_the_query WordPress Query object. 469 | * @since 2.0.0 470 | */ 471 | $GLOBALS['wp_the_query'] = new WP_Query(); 472 | 473 | /** 474 | * Holds the reference to @see $wp_the_query 475 | * Use this global for WordPress queries 476 | * 477 | * @global WP_Query $wp_query WordPress Query object. 478 | * @since 1.5.0 479 | */ 480 | $GLOBALS['wp_query'] = $GLOBALS['wp_the_query']; 481 | 482 | /** 483 | * Holds the WordPress Rewrite object for creating pretty URLs 484 | * 485 | * @global WP_Rewrite $wp_rewrite WordPress rewrite component. 486 | * @since 1.5.0 487 | */ 488 | $GLOBALS['wp_rewrite'] = new WP_Rewrite(); 489 | 490 | /** 491 | * WordPress Object 492 | * 493 | * @global WP $wp Current WordPress environment instance. 494 | * @since 2.0.0 495 | */ 496 | $GLOBALS['wp'] = new WP(); 497 | 498 | /** 499 | * WordPress Widget Factory Object 500 | * 501 | * @global WP_Widget_Factory $wp_widget_factory 502 | * @since 2.8.0 503 | */ 504 | $GLOBALS['wp_widget_factory'] = new WP_Widget_Factory(); 505 | 506 | /** 507 | * WordPress User Roles 508 | * 509 | * @global WP_Roles $wp_roles WordPress role management object. 510 | * @since 2.0.0 511 | */ 512 | $GLOBALS['wp_roles'] = new WP_Roles(); 513 | 514 | /** 515 | * Fires before the theme is loaded. 516 | * 517 | * @since 2.6.0 518 | */ 519 | do_action( 'setup_theme' ); 520 | 521 | // Define the template related constants. 522 | wp_templating_constants(); 523 | 524 | // Load the default text localization domain. 525 | load_default_textdomain(); 526 | 527 | $locale = get_locale(); 528 | $locale_file = WP_LANG_DIR . "/$locale.php"; 529 | if ( ( 0 === validate_file( $locale ) ) && is_readable( $locale_file ) ) { 530 | require $locale_file; 531 | } 532 | unset( $locale_file ); 533 | 534 | /** 535 | * WordPress Locale object for loading locale domain date and various strings. 536 | * 537 | * @global WP_Locale $wp_locale WordPress date and time locale object. 538 | * @since 2.1.0 539 | */ 540 | $GLOBALS['wp_locale'] = new WP_Locale(); 541 | 542 | /** 543 | * WordPress Locale Switcher object for switching locales. 544 | * 545 | * @since 4.7.0 546 | * 547 | * @global WP_Locale_Switcher $wp_locale_switcher WordPress locale switcher object. 548 | */ 549 | $GLOBALS['wp_locale_switcher'] = new WP_Locale_Switcher(); 550 | $GLOBALS['wp_locale_switcher']->init(); 551 | 552 | // Load the functions for the active theme, for both parent and child theme if applicable. 553 | foreach ( wp_get_active_and_valid_themes() as $theme ) { 554 | if ( file_exists( $theme . '/functions.php' ) ) { 555 | include $theme . '/functions.php'; 556 | } 557 | } 558 | unset( $theme ); 559 | 560 | /** 561 | * Fires after the theme is loaded. 562 | * 563 | * @since 3.0.0 564 | */ 565 | do_action( 'after_setup_theme' ); 566 | 567 | // Create an instance of WP_Site_Health so that Cron events may fire. 568 | if ( ! class_exists( 'WP_Site_Health' ) ) { 569 | require_once ABSPATH . 'wp-admin/includes/class-wp-site-health.php'; 570 | } 571 | WP_Site_Health::get_instance(); 572 | 573 | // Set up current user. 574 | $GLOBALS['wp']->init(); 575 | 576 | /** 577 | * Fires after WordPress has finished loading but before any headers are sent. 578 | * 579 | * Most of WP is loaded at this stage, and the user is authenticated. WP continues 580 | * to load on the {@see 'init'} hook that follows (e.g. widgets), and many plugins instantiate 581 | * themselves on it for all sorts of reasons (e.g. they need a user, a taxonomy, etc.). 582 | * 583 | * If you wish to plug an action once WP is loaded, use the {@see 'wp_loaded'} hook below. 584 | * 585 | * @since 1.5.0 586 | */ 587 | do_action( 'init' ); 588 | 589 | // Check site status. 590 | if ( is_multisite() ) { 591 | $file = ms_site_check(); 592 | if ( true !== $file ) { 593 | require $file; 594 | die(); 595 | } 596 | unset( $file ); 597 | } 598 | 599 | /** 600 | * This hook is fired once WP, all plugins, and the theme are fully loaded and instantiated. 601 | * 602 | * Ajax requests should use wp-admin/admin-ajax.php. admin-ajax.php can handle requests for 603 | * users not logged in. 604 | * 605 | * @link https://codex.wordpress.org/AJAX_in_Plugins 606 | * 607 | * @since 3.0.0 608 | */ 609 | do_action( 'wp_loaded' ); 610 | -------------------------------------------------------------------------------- /wp-signup.php: -------------------------------------------------------------------------------- 1 | is_404 = false; 44 | 45 | /** 46 | * Fires before the Site Sign-up page is loaded. 47 | * 48 | * @since 4.4.0 49 | */ 50 | do_action( 'before_signup_header' ); 51 | 52 | /** 53 | * Prints styles for front-end Multisite Sign-up pages. 54 | * 55 | * @since MU (3.0.0) 56 | */ 57 | function wpmu_signup_stylesheet() { 58 | ?> 59 | 75 | 88 |
89 |
90 | ' . __( 'Site Name:' ) . ''; 109 | } else { 110 | echo ''; 111 | } 112 | 113 | $errmsg = $errors->get_error_message( 'blogname' ); 114 | if ( $errmsg ) { 115 | ?> 116 |

117 | ' . $current_network->domain . $current_network->path . '
'; 122 | } else { 123 | $site_domain = preg_replace( '|^www\.|', '', $current_network->domain ); 124 | echo '.' . esc_html( $site_domain ) . '
'; 125 | } 126 | 127 | if ( ! is_user_logged_in() ) { 128 | if ( ! is_subdomain_install() ) { 129 | $site = $current_network->domain . $current_network->path . __( 'sitename' ); 130 | } else { 131 | $site = __( 'domain' ) . '.' . $site_domain . $current_network->path; 132 | } 133 | 134 | printf( 135 | '

(%s) %s

', 136 | /* translators: %s: Site address. */ 137 | sprintf( __( 'Your address will be %s.' ), $site ), 138 | __( 'Must be at least 4 characters, letters and numbers only. It cannot be changed, so choose carefully!' ) 139 | ); 140 | } 141 | 142 | // Site Title. 143 | ?> 144 | 145 | get_error_message( 'blog_title' ); 147 | if ( $errmsg ) { 148 | ?> 149 |

150 | '; 153 | ?> 154 | 155 | 161 |

162 | 163 | 'WPLANG', 179 | 'id' => 'site-language', 180 | 'selected' => $lang, 181 | 'languages' => $languages, 182 | 'show_available_translations' => false, 183 | ) 184 | ); 185 | ?> 186 |

187 | 198 | 199 |
200 |

201 | 202 | 203 |
204 | 208 | 212 |

213 |
214 | 215 | ' . __( 'Username:' ) . ''; 259 | $errmsg = $errors->get_error_message( 'user_name' ); 260 | if ( $errmsg ) { 261 | echo '

' . $errmsg . '

'; 262 | } 263 | echo '
'; 264 | _e( '(Must be at least 4 characters, letters and numbers only.)' ); 265 | ?> 266 | 267 | 268 | get_error_message( 'user_email' ); 270 | if ( $errmsg ) { 271 | ?> 272 |

273 | 274 |
275 | get_error_message( 'generic' ); 277 | if ( $errmsg ) { 278 | echo '

' . $errmsg . '

'; 279 | } 280 | /** 281 | * Fires at the end of the new user account registration form. 282 | * 283 | * @since 3.0.0 284 | * 285 | * @param WP_Error $errors A WP_Error object containing 'user_name' or 'user_email' errors. 286 | */ 287 | do_action( 'signup_extra_fields', $errors ); 288 | } 289 | 290 | /** 291 | * Validates user sign-up name and email. 292 | * 293 | * @since MU (3.0.0) 294 | * 295 | * @return array Contains username, email, and error messages. 296 | * See wpmu_validate_user_signup() for details. 297 | */ 298 | function validate_user_form() { 299 | return wpmu_validate_user_signup( $_POST['user_name'], $_POST['user_email'] ); 300 | } 301 | 302 | /** 303 | * Shows a form for returning users to sign up for another site. 304 | * 305 | * @since MU (3.0.0) 306 | * 307 | * @param string $blogname The new site name 308 | * @param string $blog_title The new site title. 309 | * @param WP_Error|string $errors A WP_Error object containing existing errors. Defaults to empty string. 310 | */ 311 | function signup_another_blog( $blogname = '', $blog_title = '', $errors = '' ) { 312 | $current_user = wp_get_current_user(); 313 | 314 | if ( ! is_wp_error( $errors ) ) { 315 | $errors = new WP_Error(); 316 | } 317 | 318 | $signup_defaults = array( 319 | 'blogname' => $blogname, 320 | 'blog_title' => $blog_title, 321 | 'errors' => $errors, 322 | ); 323 | 324 | /** 325 | * Filters the default site sign-up variables. 326 | * 327 | * @since 3.0.0 328 | * 329 | * @param array $signup_defaults { 330 | * An array of default site sign-up variables. 331 | * 332 | * @type string $blogname The site blogname. 333 | * @type string $blog_title The site title. 334 | * @type WP_Error $errors A WP_Error object possibly containing 'blogname' or 'blog_title' errors. 335 | * } 336 | */ 337 | $filtered_results = apply_filters( 'signup_another_blog_init', $signup_defaults ); 338 | 339 | $blogname = $filtered_results['blogname']; 340 | $blog_title = $filtered_results['blog_title']; 341 | $errors = $filtered_results['errors']; 342 | 343 | /* translators: %s: Network title. */ 344 | echo '

' . sprintf( __( 'Get another %s site in seconds' ), get_network()->site_name ) . '

'; 345 | 346 | if ( $errors->has_errors() ) { 347 | echo '

' . __( 'There was a problem, please correct the form below and try again.' ) . '

'; 348 | } 349 | ?> 350 |

351 | add another site to your account. There is no limit to the number of sites you can have, so create to your heart’s content, but write responsibly!' ), 355 | $current_user->display_name 356 | ); 357 | ?> 358 |

359 | 360 | ID ); 362 | if ( ! empty( $blogs ) ) { 363 | ?> 364 | 365 |

366 |
    367 | userblog_id ); 370 | echo '
  • ' . $home_url . '
    • '; 371 | } 372 | ?> 373 |
374 | 375 | 376 |

377 |
378 | 379 | 390 | 391 |

392 |
393 | has_errors() ) { 427 | signup_another_blog( $blogname, $blog_title, $errors ); 428 | return false; 429 | } 430 | 431 | $public = (int) $_POST['blog_public']; 432 | 433 | $blog_meta_defaults = array( 434 | 'lang_id' => 1, 435 | 'public' => $public, 436 | ); 437 | 438 | // Handle the language setting for the new site. 439 | if ( ! empty( $_POST['WPLANG'] ) ) { 440 | 441 | $languages = signup_get_available_languages(); 442 | 443 | if ( in_array( $_POST['WPLANG'], $languages, true ) ) { 444 | $language = wp_unslash( sanitize_text_field( $_POST['WPLANG'] ) ); 445 | 446 | if ( $language ) { 447 | $blog_meta_defaults['WPLANG'] = $language; 448 | } 449 | } 450 | } 451 | 452 | /** 453 | * Filters the new site meta variables. 454 | * 455 | * Use the {@see 'add_signup_meta'} filter instead. 456 | * 457 | * @since MU (3.0.0) 458 | * @deprecated 3.0.0 Use the {@see 'add_signup_meta'} filter instead. 459 | * 460 | * @param array $blog_meta_defaults An array of default blog meta variables. 461 | */ 462 | $meta_defaults = apply_filters_deprecated( 'signup_create_blog_meta', array( $blog_meta_defaults ), '3.0.0', 'add_signup_meta' ); 463 | 464 | /** 465 | * Filters the new default site meta variables. 466 | * 467 | * @since 3.0.0 468 | * 469 | * @param array $meta { 470 | * An array of default site meta variables. 471 | * 472 | * @type int $lang_id The language ID. 473 | * @type int $blog_public Whether search engines should be discouraged from indexing the site. 1 for true, 0 for false. 474 | * } 475 | */ 476 | $meta = apply_filters( 'add_signup_meta', $meta_defaults ); 477 | 478 | $blog_id = wpmu_create_blog( $domain, $path, $blog_title, $current_user->ID, $meta, get_current_network_id() ); 479 | 480 | if ( is_wp_error( $blog_id ) ) { 481 | return false; 482 | } 483 | 484 | confirm_another_blog_signup( $domain, $path, $blog_title, $current_user->user_login, $current_user->user_email, $meta, $blog_id ); 485 | return true; 486 | } 487 | 488 | /** 489 | * Shows a message confirming that the new site has been created. 490 | * 491 | * @since MU (3.0.0) 492 | * @since 4.4.0 Added the `$blog_id` parameter. 493 | * 494 | * @param string $domain The domain URL. 495 | * @param string $path The site root path. 496 | * @param string $blog_title The site title. 497 | * @param string $user_name The username. 498 | * @param string $user_email The user's email address. 499 | * @param array $meta Any additional meta from the {@see 'add_signup_meta'} filter in validate_blog_signup(). 500 | * @param int $blog_id The site ID. 501 | */ 502 | function confirm_another_blog_signup( $domain, $path, $blog_title, $user_name, $user_email = '', $meta = array(), $blog_id = 0 ) { 503 | 504 | if ( $blog_id ) { 505 | switch_to_blog( $blog_id ); 506 | $home_url = home_url( '/' ); 507 | $login_url = wp_login_url(); 508 | restore_current_blog(); 509 | } else { 510 | $home_url = 'http://' . $domain . $path; 511 | $login_url = 'http://' . $domain . $path . 'wp-login.php'; 512 | } 513 | 514 | $site = sprintf( 515 | '%2$s', 516 | esc_url( $home_url ), 517 | $blog_title 518 | ); 519 | 520 | ?> 521 |

522 | 526 |

527 |

528 | Log in as “%3$s” using your existing password.' ), 532 | sprintf( 533 | '%s', 534 | esc_url( $home_url ), 535 | untrailingslashit( $domain . $path ) 536 | ), 537 | esc_url( $login_url ), 538 | $user_name 539 | ); 540 | ?> 541 |

542 | $user_name, 574 | 'user_email' => $user_email, 575 | 'errors' => $errors, 576 | ); 577 | 578 | /** 579 | * Filters the default user variables used on the user sign-up form. 580 | * 581 | * @since 3.0.0 582 | * 583 | * @param array $signup_user_defaults { 584 | * An array of default user variables. 585 | * 586 | * @type string $user_name The user username. 587 | * @type string $user_email The user email address. 588 | * @type WP_Error $errors A WP_Error object with possible errors relevant to the sign-up user. 589 | * } 590 | */ 591 | $filtered_results = apply_filters( 'signup_user_init', $signup_user_defaults ); 592 | $user_name = $filtered_results['user_name']; 593 | $user_email = $filtered_results['user_email']; 594 | $errors = $filtered_results['errors']; 595 | 596 | ?> 597 | 598 |

599 | site_name ); 602 | ?> 603 |

604 |
605 | 606 | 610 | 611 | 612 |

613 | 614 | 615 | 616 | 617 | 618 | /> 619 | 620 |
621 | /> 622 | 623 | 624 |

625 | 626 |

627 |
628 | has_errors() ) { 645 | signup_user( $user_name, $user_email, $errors ); 646 | return false; 647 | } 648 | 649 | if ( 'blog' === $_POST['signup_for'] ) { 650 | signup_blog( $user_name, $user_email ); 651 | return false; 652 | } 653 | 654 | /** This filter is documented in wp-signup.php */ 655 | wpmu_signup_user( $user_name, $user_email, apply_filters( 'add_signup_meta', array() ) ); 656 | 657 | confirm_user_signup( $user_name, $user_email ); 658 | return true; 659 | } 660 | 661 | /** 662 | * Shows a message confirming that the new user has been registered and is awaiting activation. 663 | * 664 | * @since MU (3.0.0) 665 | * 666 | * @param string $user_name The username. 667 | * @param string $user_email The user's email address. 668 | */ 669 | function confirm_user_signup( $user_name, $user_email ) { 670 | ?> 671 |

672 | 676 |

677 |

you must activate it.' ); ?>

678 |

679 | ' . $user_email . '' ); 682 | ?> 683 |

684 |

685 | $user_name, 708 | 'user_email' => $user_email, 709 | 'blogname' => $blogname, 710 | 'blog_title' => $blog_title, 711 | 'errors' => $errors, 712 | ); 713 | 714 | /** 715 | * Filters the default site creation variables for the site sign-up form. 716 | * 717 | * @since 3.0.0 718 | * 719 | * @param array $signup_blog_defaults { 720 | * An array of default site creation variables. 721 | * 722 | * @type string $user_name The user username. 723 | * @type string $user_email The user email address. 724 | * @type string $blogname The blogname. 725 | * @type string $blog_title The title of the site. 726 | * @type WP_Error $errors A WP_Error object with possible errors relevant to new site creation variables. 727 | * } 728 | */ 729 | $filtered_results = apply_filters( 'signup_blog_init', $signup_blog_defaults ); 730 | 731 | $user_name = $filtered_results['user_name']; 732 | $user_email = $filtered_results['user_email']; 733 | $blogname = $filtered_results['blogname']; 734 | $blog_title = $filtered_results['blog_title']; 735 | $errors = $filtered_results['errors']; 736 | 737 | if ( empty( $blogname ) ) { 738 | $blogname = $user_name; 739 | } 740 | ?> 741 |
742 | 743 | 744 | 745 | 749 | 750 |

751 |
752 | has_errors() ) { 770 | signup_user( $user_name, $user_email, $user_errors ); 771 | return false; 772 | } 773 | 774 | $result = wpmu_validate_blog_signup( $_POST['blogname'], $_POST['blog_title'] ); 775 | $domain = $result['domain']; 776 | $path = $result['path']; 777 | $blogname = $result['blogname']; 778 | $blog_title = $result['blog_title']; 779 | $errors = $result['errors']; 780 | 781 | if ( $errors->has_errors() ) { 782 | signup_blog( $user_name, $user_email, $blogname, $blog_title, $errors ); 783 | return false; 784 | } 785 | 786 | $public = (int) $_POST['blog_public']; 787 | $signup_meta = array( 788 | 'lang_id' => 1, 789 | 'public' => $public, 790 | ); 791 | 792 | // Handle the language setting for the new site. 793 | if ( ! empty( $_POST['WPLANG'] ) ) { 794 | 795 | $languages = signup_get_available_languages(); 796 | 797 | if ( in_array( $_POST['WPLANG'], $languages, true ) ) { 798 | $language = wp_unslash( sanitize_text_field( $_POST['WPLANG'] ) ); 799 | 800 | if ( $language ) { 801 | $signup_meta['WPLANG'] = $language; 802 | } 803 | } 804 | } 805 | 806 | /** This filter is documented in wp-signup.php */ 807 | $meta = apply_filters( 'add_signup_meta', $signup_meta ); 808 | 809 | wpmu_signup_blog( $domain, $path, $blog_title, $user_name, $user_email, $meta ); 810 | confirm_blog_signup( $domain, $path, $blog_title, $user_name, $user_email, $meta ); 811 | return true; 812 | } 813 | 814 | /** 815 | * Shows a message confirming that the new site has been registered and is awaiting activation. 816 | * 817 | * @since MU (3.0.0) 818 | * 819 | * @param string $domain The domain or subdomain of the site. 820 | * @param string $path The path of the site. 821 | * @param string $blog_title The title of the new site. 822 | * @param string $user_name The user's username. 823 | * @param string $user_email The user's email address. 824 | * @param array $meta Any additional meta from the {@see 'add_signup_meta'} filter in validate_blog_signup(). 825 | */ 826 | function confirm_blog_signup( $domain, $path, $blog_title, $user_name = '', $user_email = '', $meta = array() ) { 827 | ?> 828 |

829 | {$blog_title}" ) 832 | ?> 833 |

834 | 835 |

you must activate it.' ); ?>

836 |

837 | ' . $user_email . '' ); 840 | ?> 841 |

842 |

843 |

844 |

845 | 846 |

    847 |

    • 848 |

    • 849 |
  • 850 | 854 |
    • 855 |
856 |

857 | '; 912 | _e( 'Greetings Network Administrator!' ); 913 | echo ' '; 914 | 915 | switch ( $active_signup ) { 916 | case 'none': 917 | _e( 'The network currently disallows registrations.' ); 918 | break; 919 | case 'blog': 920 | _e( 'The network currently allows site registrations.' ); 921 | break; 922 | case 'user': 923 | _e( 'The network currently allows user registrations.' ); 924 | break; 925 | default: 926 | _e( 'The network currently allows both site and user registrations.' ); 927 | break; 928 | } 929 | 930 | echo ' '; 931 | 932 | /* translators: %s: URL to Network Settings screen. */ 933 | printf( __( 'To change or disable registration go to your Options page.' ), esc_url( network_admin_url( 'settings.php' ) ) ); 934 | echo '
'; 935 | } 936 | 937 | $newblogname = isset( $_GET['new'] ) ? strtolower( preg_replace( '/^-|-$|[^-a-zA-Z0-9]/', '', $_GET['new'] ) ) : null; 938 | 939 | $current_user = wp_get_current_user(); 940 | if ( 'none' === $active_signup ) { 941 | _e( 'Registration has been disabled.' ); 942 | } elseif ( 'blog' === $active_signup && ! is_user_logged_in() ) { 943 | $login_url = wp_login_url( network_site_url( 'wp-signup.php' ) ); 944 | /* translators: %s: Login URL. */ 945 | printf( __( 'You must first log in, and then you can create a new site.' ), $login_url ); 946 | } else { 947 | $stage = isset( $_POST['stage'] ) ? $_POST['stage'] : 'default'; 948 | switch ( $stage ) { 949 | case 'validate-user-signup': 950 | if ( 'all' === $active_signup 951 | || ( 'blog' === $_POST['signup_for'] && 'blog' === $active_signup ) 952 | || ( 'user' === $_POST['signup_for'] && 'user' === $active_signup ) 953 | ) { 954 | validate_user_signup(); 955 | } else { 956 | _e( 'User registration has been disabled.' ); 957 | } 958 | break; 959 | case 'validate-blog-signup': 960 | if ( 'all' === $active_signup || 'blog' === $active_signup ) { 961 | validate_blog_signup(); 962 | } else { 963 | _e( 'Site registration has been disabled.' ); 964 | } 965 | break; 966 | case 'gimmeanotherblog': 967 | validate_another_blog_signup(); 968 | break; 969 | case 'default': 970 | default: 971 | $user_email = isset( $_POST['user_email'] ) ? $_POST['user_email'] : ''; 972 | /** 973 | * Fires when the site sign-up form is sent. 974 | * 975 | * @since 3.0.0 976 | */ 977 | do_action( 'preprocess_signup_form' ); 978 | if ( is_user_logged_in() && ( 'all' === $active_signup || 'blog' === $active_signup ) ) { 979 | signup_another_blog( $newblogname ); 980 | } elseif ( ! is_user_logged_in() && ( 'all' === $active_signup || 'user' === $active_signup ) ) { 981 | signup_user( $newblogname, $user_email ); 982 | } elseif ( ! is_user_logged_in() && ( 'blog' === $active_signup ) ) { 983 | _e( 'Sorry, new registrations are not allowed at this time.' ); 984 | } else { 985 | _e( 'You are logged in already. No need to register again!' ); 986 | } 987 | 988 | if ( $newblogname ) { 989 | $newblog = get_blogaddress_by_name( $newblogname ); 990 | 991 | if ( 'blog' === $active_signup || 'all' === $active_signup ) { 992 | printf( 993 | /* translators: %s: Site address. */ 994 | '

' . __( 'The site you were looking for, %s, does not exist, but you can create it now!' ) . '

', 995 | '' . $newblog . '' 996 | ); 997 | } else { 998 | printf( 999 | /* translators: %s: Site address. */ 1000 | '

' . __( 'The site you were looking for, %s, does not exist.' ) . '

', 1001 | '' . $newblog . '' 1002 | ); 1003 | } 1004 | } 1005 | break; 1006 | } 1007 | } 1008 | ?> 1009 |
1010 |
1011 | 1019 | 1020 | '1' ) ); 14 | } 15 | 16 | /** 17 | * Response to a trackback. 18 | * 19 | * Responds with an error or success XML message. 20 | * 21 | * @since 0.71 22 | * 23 | * @param int|bool $error Whether there was an error. 24 | * Default '0'. Accepts '0' or '1', true or false. 25 | * @param string $error_message Error message if an error occurred. 26 | */ 27 | function trackback_response( $error = 0, $error_message = '' ) { 28 | header( 'Content-Type: text/xml; charset=' . get_option( 'blog_charset' ) ); 29 | if ( $error ) { 30 | echo '\n"; 31 | echo "\n"; 32 | echo "1\n"; 33 | echo "$error_message\n"; 34 | echo ''; 35 | die(); 36 | } else { 37 | echo '\n"; 38 | echo "\n"; 39 | echo "0\n"; 40 | echo ''; 41 | } 42 | } 43 | 44 | // Trackback is done by a POST. 45 | $request_array = 'HTTP_POST_VARS'; 46 | 47 | if ( ! isset( $_GET['tb_id'] ) || ! $_GET['tb_id'] ) { 48 | $tb_id = explode( '/', $_SERVER['REQUEST_URI'] ); 49 | $tb_id = (int) $tb_id[ count( $tb_id ) - 1 ]; 50 | } 51 | 52 | $tb_url = isset( $_POST['url'] ) ? $_POST['url'] : ''; 53 | $charset = isset( $_POST['charset'] ) ? $_POST['charset'] : ''; 54 | 55 | // These three are stripslashed here so they can be properly escaped after mb_convert_encoding(). 56 | $title = isset( $_POST['title'] ) ? wp_unslash( $_POST['title'] ) : ''; 57 | $excerpt = isset( $_POST['excerpt'] ) ? wp_unslash( $_POST['excerpt'] ) : ''; 58 | $blog_name = isset( $_POST['blog_name'] ) ? wp_unslash( $_POST['blog_name'] ) : ''; 59 | 60 | if ( $charset ) { 61 | $charset = str_replace( array( ',', ' ' ), '', strtoupper( trim( $charset ) ) ); 62 | } else { 63 | $charset = 'ASCII, UTF-8, ISO-8859-1, JIS, EUC-JP, SJIS'; 64 | } 65 | 66 | // No valid uses for UTF-7. 67 | if ( false !== strpos( $charset, 'UTF-7' ) ) { 68 | die; 69 | } 70 | 71 | // For international trackbacks. 72 | if ( function_exists( 'mb_convert_encoding' ) ) { 73 | $title = mb_convert_encoding( $title, get_option( 'blog_charset' ), $charset ); 74 | $excerpt = mb_convert_encoding( $excerpt, get_option( 'blog_charset' ), $charset ); 75 | $blog_name = mb_convert_encoding( $blog_name, get_option( 'blog_charset' ), $charset ); 76 | } 77 | 78 | // Now that mb_convert_encoding() has been given a swing, we need to escape these three. 79 | $title = wp_slash( $title ); 80 | $excerpt = wp_slash( $excerpt ); 81 | $blog_name = wp_slash( $blog_name ); 82 | 83 | if ( is_single() || is_page() ) { 84 | $tb_id = $posts[0]->ID; 85 | } 86 | 87 | if ( ! isset( $tb_id ) || ! (int) $tb_id ) { 88 | trackback_response( 1, __( 'I really need an ID for this to work.' ) ); 89 | } 90 | 91 | if ( empty( $title ) && empty( $tb_url ) && empty( $blog_name ) ) { 92 | // If it doesn't look like a trackback at all. 93 | wp_redirect( get_permalink( $tb_id ) ); 94 | exit; 95 | } 96 | 97 | if ( ! empty( $tb_url ) && ! empty( $title ) ) { 98 | /** 99 | * Fires before the trackback is added to a post. 100 | * 101 | * @since 4.7.0 102 | * 103 | * @param int $tb_id Post ID related to the trackback. 104 | * @param string $tb_url Trackback URL. 105 | * @param string $charset Character Set. 106 | * @param string $title Trackback Title. 107 | * @param string $excerpt Trackback Excerpt. 108 | * @param string $blog_name Blog Name. 109 | */ 110 | do_action( 'pre_trackback_post', $tb_id, $tb_url, $charset, $title, $excerpt, $blog_name ); 111 | 112 | header( 'Content-Type: text/xml; charset=' . get_option( 'blog_charset' ) ); 113 | 114 | if ( ! pings_open( $tb_id ) ) { 115 | trackback_response( 1, __( 'Sorry, trackbacks are closed for this item.' ) ); 116 | } 117 | 118 | $title = wp_html_excerpt( $title, 250, '…' ); 119 | $excerpt = wp_html_excerpt( $excerpt, 252, '…' ); 120 | 121 | $comment_post_ID = (int) $tb_id; 122 | $comment_author = $blog_name; 123 | $comment_author_email = ''; 124 | $comment_author_url = $tb_url; 125 | $comment_content = "$title\n\n$excerpt"; 126 | $comment_type = 'trackback'; 127 | 128 | $dupe = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", $comment_post_ID, $comment_author_url ) ); 129 | if ( $dupe ) { 130 | trackback_response( 1, __( 'We already have a ping from that URL for this post.' ) ); 131 | } 132 | 133 | $commentdata = compact( 'comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type' ); 134 | 135 | $result = wp_new_comment( $commentdata ); 136 | 137 | if ( is_wp_error( $result ) ) { 138 | trackback_response( 1, $result->get_error_message() ); 139 | } 140 | 141 | $trackback_id = $wpdb->insert_id; 142 | 143 | /** 144 | * Fires after a trackback is added to a post. 145 | * 146 | * @since 1.2.0 147 | * 148 | * @param int $trackback_id Trackback ID. 149 | */ 150 | do_action( 'trackback_post', $trackback_id ); 151 | trackback_response( 0 ); 152 | } 153 | -------------------------------------------------------------------------------- /xmlrpc.php: -------------------------------------------------------------------------------- 1 | '; 36 | ?> 37 | 38 | 39 | WordPress 40 | https://wordpress.org/ 41 | 42 | 43 | 44 | 45 | 46 | 47 | 57 | 58 | 59 | 60 | serve_request(); 88 | 89 | exit; 90 | 91 | /** 92 | * logIO() - Writes logging info to a file. 93 | * 94 | * @deprecated 3.4.0 Use error_log() 95 | * @see error_log() 96 | * 97 | * @param string $io Whether input or output 98 | * @param string $msg Information describing logging reason. 99 | */ 100 | function logIO( $io, $msg ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.FunctionNameInvalid 101 | _deprecated_function( __FUNCTION__, '3.4.0', 'error_log()' ); 102 | if ( ! empty( $GLOBALS['xmlrpc_logging'] ) ) { 103 | error_log( $io . ' - ' . $msg ); 104 | } 105 | } 106 | --------------------------------------------------------------------------------