Edit File by line
/home/barbar84/public_h.../wp-inclu...
File: user.php
<?php
[0] Fix | Delete
/**
[1] Fix | Delete
* Core User API
[2] Fix | Delete
*
[3] Fix | Delete
* @package WordPress
[4] Fix | Delete
* @subpackage Users
[5] Fix | Delete
*/
[6] Fix | Delete
[7] Fix | Delete
/**
[8] Fix | Delete
* Authenticates and logs a user in with 'remember' capability.
[9] Fix | Delete
*
[10] Fix | Delete
* The credentials is an array that has 'user_login', 'user_password', and
[11] Fix | Delete
* 'remember' indices. If the credentials is not given, then the log in form
[12] Fix | Delete
* will be assumed and used if set.
[13] Fix | Delete
*
[14] Fix | Delete
* The various authentication cookies will be set by this function and will be
[15] Fix | Delete
* set for a longer period depending on if the 'remember' credential is set to
[16] Fix | Delete
* true.
[17] Fix | Delete
*
[18] Fix | Delete
* Note: wp_signon() doesn't handle setting the current user. This means that if the
[19] Fix | Delete
* function is called before the {@see 'init'} hook is fired, is_user_logged_in() will
[20] Fix | Delete
* evaluate as false until that point. If is_user_logged_in() is needed in conjunction
[21] Fix | Delete
* with wp_signon(), wp_set_current_user() should be called explicitly.
[22] Fix | Delete
*
[23] Fix | Delete
* @since 2.5.0
[24] Fix | Delete
*
[25] Fix | Delete
* @global string $auth_secure_cookie
[26] Fix | Delete
*
[27] Fix | Delete
* @param array $credentials Optional. User info in order to sign on.
[28] Fix | Delete
* @param string|bool $secure_cookie Optional. Whether to use secure cookie.
[29] Fix | Delete
* @return WP_User|WP_Error WP_User on success, WP_Error on failure.
[30] Fix | Delete
*/
[31] Fix | Delete
function wp_signon( $credentials = array(), $secure_cookie = '' ) {
[32] Fix | Delete
if ( empty( $credentials ) ) {
[33] Fix | Delete
$credentials = array(); // Back-compat for plugins passing an empty string.
[34] Fix | Delete
[35] Fix | Delete
if ( ! empty( $_POST['log'] ) ) {
[36] Fix | Delete
$credentials['user_login'] = wp_unslash( $_POST['log'] );
[37] Fix | Delete
}
[38] Fix | Delete
if ( ! empty( $_POST['pwd'] ) ) {
[39] Fix | Delete
$credentials['user_password'] = $_POST['pwd'];
[40] Fix | Delete
}
[41] Fix | Delete
if ( ! empty( $_POST['rememberme'] ) ) {
[42] Fix | Delete
$credentials['remember'] = $_POST['rememberme'];
[43] Fix | Delete
}
[44] Fix | Delete
}
[45] Fix | Delete
[46] Fix | Delete
if ( ! empty( $credentials['remember'] ) ) {
[47] Fix | Delete
$credentials['remember'] = true;
[48] Fix | Delete
} else {
[49] Fix | Delete
$credentials['remember'] = false;
[50] Fix | Delete
}
[51] Fix | Delete
[52] Fix | Delete
/**
[53] Fix | Delete
* Fires before the user is authenticated.
[54] Fix | Delete
*
[55] Fix | Delete
* The variables passed to the callbacks are passed by reference,
[56] Fix | Delete
* and can be modified by callback functions.
[57] Fix | Delete
*
[58] Fix | Delete
* @since 1.5.1
[59] Fix | Delete
*
[60] Fix | Delete
* @todo Decide whether to deprecate the wp_authenticate action.
[61] Fix | Delete
*
[62] Fix | Delete
* @param string $user_login Username (passed by reference).
[63] Fix | Delete
* @param string $user_password User password (passed by reference).
[64] Fix | Delete
*/
[65] Fix | Delete
do_action_ref_array( 'wp_authenticate', array( &$credentials['user_login'], &$credentials['user_password'] ) );
[66] Fix | Delete
[67] Fix | Delete
if ( '' === $secure_cookie ) {
[68] Fix | Delete
$secure_cookie = is_ssl();
[69] Fix | Delete
}
[70] Fix | Delete
[71] Fix | Delete
/**
[72] Fix | Delete
* Filters whether to use a secure sign-on cookie.
[73] Fix | Delete
*
[74] Fix | Delete
* @since 3.1.0
[75] Fix | Delete
*
[76] Fix | Delete
* @param bool $secure_cookie Whether to use a secure sign-on cookie.
[77] Fix | Delete
* @param array $credentials {
[78] Fix | Delete
* Array of entered sign-on data.
[79] Fix | Delete
*
[80] Fix | Delete
* @type string $user_login Username.
[81] Fix | Delete
* @type string $user_password Password entered.
[82] Fix | Delete
* @type bool $remember Whether to 'remember' the user. Increases the time
[83] Fix | Delete
* that the cookie will be kept. Default false.
[84] Fix | Delete
* }
[85] Fix | Delete
*/
[86] Fix | Delete
$secure_cookie = apply_filters( 'secure_signon_cookie', $secure_cookie, $credentials );
[87] Fix | Delete
[88] Fix | Delete
global $auth_secure_cookie; // XXX ugly hack to pass this to wp_authenticate_cookie().
[89] Fix | Delete
$auth_secure_cookie = $secure_cookie;
[90] Fix | Delete
[91] Fix | Delete
add_filter( 'authenticate', 'wp_authenticate_cookie', 30, 3 );
[92] Fix | Delete
[93] Fix | Delete
$user = wp_authenticate( $credentials['user_login'], $credentials['user_password'] );
[94] Fix | Delete
[95] Fix | Delete
if ( is_wp_error( $user ) ) {
[96] Fix | Delete
return $user;
[97] Fix | Delete
}
[98] Fix | Delete
[99] Fix | Delete
wp_set_auth_cookie( $user->ID, $credentials['remember'], $secure_cookie );
[100] Fix | Delete
/**
[101] Fix | Delete
* Fires after the user has successfully logged in.
[102] Fix | Delete
*
[103] Fix | Delete
* @since 1.5.0
[104] Fix | Delete
*
[105] Fix | Delete
* @param string $user_login Username.
[106] Fix | Delete
* @param WP_User $user WP_User object of the logged-in user.
[107] Fix | Delete
*/
[108] Fix | Delete
do_action( 'wp_login', $user->user_login, $user );
[109] Fix | Delete
return $user;
[110] Fix | Delete
}
[111] Fix | Delete
[112] Fix | Delete
/**
[113] Fix | Delete
* Authenticate a user, confirming the username and password are valid.
[114] Fix | Delete
*
[115] Fix | Delete
* @since 2.8.0
[116] Fix | Delete
*
[117] Fix | Delete
* @param WP_User|WP_Error|null $user WP_User or WP_Error object from a previous callback. Default null.
[118] Fix | Delete
* @param string $username Username for authentication.
[119] Fix | Delete
* @param string $password Password for authentication.
[120] Fix | Delete
* @return WP_User|WP_Error WP_User on success, WP_Error on failure.
[121] Fix | Delete
*/
[122] Fix | Delete
function wp_authenticate_username_password( $user, $username, $password ) {
[123] Fix | Delete
if ( $user instanceof WP_User ) {
[124] Fix | Delete
return $user;
[125] Fix | Delete
}
[126] Fix | Delete
[127] Fix | Delete
if ( empty( $username ) || empty( $password ) ) {
[128] Fix | Delete
if ( is_wp_error( $user ) ) {
[129] Fix | Delete
return $user;
[130] Fix | Delete
}
[131] Fix | Delete
[132] Fix | Delete
$error = new WP_Error();
[133] Fix | Delete
[134] Fix | Delete
if ( empty( $username ) ) {
[135] Fix | Delete
$error->add( 'empty_username', __( '<strong>Error</strong>: The username field is empty.' ) );
[136] Fix | Delete
}
[137] Fix | Delete
[138] Fix | Delete
if ( empty( $password ) ) {
[139] Fix | Delete
$error->add( 'empty_password', __( '<strong>Error</strong>: The password field is empty.' ) );
[140] Fix | Delete
}
[141] Fix | Delete
[142] Fix | Delete
return $error;
[143] Fix | Delete
}
[144] Fix | Delete
[145] Fix | Delete
$user = get_user_by( 'login', $username );
[146] Fix | Delete
[147] Fix | Delete
if ( ! $user ) {
[148] Fix | Delete
return new WP_Error(
[149] Fix | Delete
'invalid_username',
[150] Fix | Delete
__( 'Unknown username. Check again or try your email address.' )
[151] Fix | Delete
);
[152] Fix | Delete
}
[153] Fix | Delete
[154] Fix | Delete
/**
[155] Fix | Delete
* Filters whether the given user can be authenticated with the provided $password.
[156] Fix | Delete
*
[157] Fix | Delete
* @since 2.5.0
[158] Fix | Delete
*
[159] Fix | Delete
* @param WP_User|WP_Error $user WP_User or WP_Error object if a previous
[160] Fix | Delete
* callback failed authentication.
[161] Fix | Delete
* @param string $password Password to check against the user.
[162] Fix | Delete
*/
[163] Fix | Delete
$user = apply_filters( 'wp_authenticate_user', $user, $password );
[164] Fix | Delete
if ( is_wp_error( $user ) ) {
[165] Fix | Delete
return $user;
[166] Fix | Delete
}
[167] Fix | Delete
[168] Fix | Delete
if ( ! wp_check_password( $password, $user->user_pass, $user->ID ) ) {
[169] Fix | Delete
return new WP_Error(
[170] Fix | Delete
'incorrect_password',
[171] Fix | Delete
sprintf(
[172] Fix | Delete
/* translators: %s: User name. */
[173] Fix | Delete
__( '<strong>Error</strong>: The password you entered for the username %s is incorrect.' ),
[174] Fix | Delete
'<strong>' . $username . '</strong>'
[175] Fix | Delete
) .
[176] Fix | Delete
' <a href="' . wp_lostpassword_url() . '">' .
[177] Fix | Delete
__( 'Lost your password?' ) .
[178] Fix | Delete
'</a>'
[179] Fix | Delete
);
[180] Fix | Delete
}
[181] Fix | Delete
[182] Fix | Delete
return $user;
[183] Fix | Delete
}
[184] Fix | Delete
[185] Fix | Delete
/**
[186] Fix | Delete
* Authenticates a user using the email and password.
[187] Fix | Delete
*
[188] Fix | Delete
* @since 4.5.0
[189] Fix | Delete
*
[190] Fix | Delete
* @param WP_User|WP_Error|null $user WP_User or WP_Error object if a previous
[191] Fix | Delete
* callback failed authentication.
[192] Fix | Delete
* @param string $email Email address for authentication.
[193] Fix | Delete
* @param string $password Password for authentication.
[194] Fix | Delete
* @return WP_User|WP_Error WP_User on success, WP_Error on failure.
[195] Fix | Delete
*/
[196] Fix | Delete
function wp_authenticate_email_password( $user, $email, $password ) {
[197] Fix | Delete
if ( $user instanceof WP_User ) {
[198] Fix | Delete
return $user;
[199] Fix | Delete
}
[200] Fix | Delete
[201] Fix | Delete
if ( empty( $email ) || empty( $password ) ) {
[202] Fix | Delete
if ( is_wp_error( $user ) ) {
[203] Fix | Delete
return $user;
[204] Fix | Delete
}
[205] Fix | Delete
[206] Fix | Delete
$error = new WP_Error();
[207] Fix | Delete
[208] Fix | Delete
if ( empty( $email ) ) {
[209] Fix | Delete
// Uses 'empty_username' for back-compat with wp_signon().
[210] Fix | Delete
$error->add( 'empty_username', __( '<strong>Error</strong>: The email field is empty.' ) );
[211] Fix | Delete
}
[212] Fix | Delete
[213] Fix | Delete
if ( empty( $password ) ) {
[214] Fix | Delete
$error->add( 'empty_password', __( '<strong>Error</strong>: The password field is empty.' ) );
[215] Fix | Delete
}
[216] Fix | Delete
[217] Fix | Delete
return $error;
[218] Fix | Delete
}
[219] Fix | Delete
[220] Fix | Delete
if ( ! is_email( $email ) ) {
[221] Fix | Delete
return $user;
[222] Fix | Delete
}
[223] Fix | Delete
[224] Fix | Delete
$user = get_user_by( 'email', $email );
[225] Fix | Delete
[226] Fix | Delete
if ( ! $user ) {
[227] Fix | Delete
return new WP_Error(
[228] Fix | Delete
'invalid_email',
[229] Fix | Delete
__( 'Unknown email address. Check again or try your username.' )
[230] Fix | Delete
);
[231] Fix | Delete
}
[232] Fix | Delete
[233] Fix | Delete
/** This filter is documented in wp-includes/user.php */
[234] Fix | Delete
$user = apply_filters( 'wp_authenticate_user', $user, $password );
[235] Fix | Delete
[236] Fix | Delete
if ( is_wp_error( $user ) ) {
[237] Fix | Delete
return $user;
[238] Fix | Delete
}
[239] Fix | Delete
[240] Fix | Delete
if ( ! wp_check_password( $password, $user->user_pass, $user->ID ) ) {
[241] Fix | Delete
return new WP_Error(
[242] Fix | Delete
'incorrect_password',
[243] Fix | Delete
sprintf(
[244] Fix | Delete
/* translators: %s: Email address. */
[245] Fix | Delete
__( '<strong>Error</strong>: The password you entered for the email address %s is incorrect.' ),
[246] Fix | Delete
'<strong>' . $email . '</strong>'
[247] Fix | Delete
) .
[248] Fix | Delete
' <a href="' . wp_lostpassword_url() . '">' .
[249] Fix | Delete
__( 'Lost your password?' ) .
[250] Fix | Delete
'</a>'
[251] Fix | Delete
);
[252] Fix | Delete
}
[253] Fix | Delete
[254] Fix | Delete
return $user;
[255] Fix | Delete
}
[256] Fix | Delete
[257] Fix | Delete
/**
[258] Fix | Delete
* Authenticate the user using the WordPress auth cookie.
[259] Fix | Delete
*
[260] Fix | Delete
* @since 2.8.0
[261] Fix | Delete
*
[262] Fix | Delete
* @global string $auth_secure_cookie
[263] Fix | Delete
*
[264] Fix | Delete
* @param WP_User|WP_Error|null $user WP_User or WP_Error object from a previous callback. Default null.
[265] Fix | Delete
* @param string $username Username. If not empty, cancels the cookie authentication.
[266] Fix | Delete
* @param string $password Password. If not empty, cancels the cookie authentication.
[267] Fix | Delete
* @return WP_User|WP_Error WP_User on success, WP_Error on failure.
[268] Fix | Delete
*/
[269] Fix | Delete
function wp_authenticate_cookie( $user, $username, $password ) {
[270] Fix | Delete
if ( $user instanceof WP_User ) {
[271] Fix | Delete
return $user;
[272] Fix | Delete
}
[273] Fix | Delete
[274] Fix | Delete
if ( empty( $username ) && empty( $password ) ) {
[275] Fix | Delete
$user_id = wp_validate_auth_cookie();
[276] Fix | Delete
if ( $user_id ) {
[277] Fix | Delete
return new WP_User( $user_id );
[278] Fix | Delete
}
[279] Fix | Delete
[280] Fix | Delete
global $auth_secure_cookie;
[281] Fix | Delete
[282] Fix | Delete
if ( $auth_secure_cookie ) {
[283] Fix | Delete
$auth_cookie = SECURE_AUTH_COOKIE;
[284] Fix | Delete
} else {
[285] Fix | Delete
$auth_cookie = AUTH_COOKIE;
[286] Fix | Delete
}
[287] Fix | Delete
[288] Fix | Delete
if ( ! empty( $_COOKIE[ $auth_cookie ] ) ) {
[289] Fix | Delete
return new WP_Error( 'expired_session', __( 'Please log in again.' ) );
[290] Fix | Delete
}
[291] Fix | Delete
[292] Fix | Delete
// If the cookie is not set, be silent.
[293] Fix | Delete
}
[294] Fix | Delete
[295] Fix | Delete
return $user;
[296] Fix | Delete
}
[297] Fix | Delete
[298] Fix | Delete
/**
[299] Fix | Delete
* Authenticates the user using an application password.
[300] Fix | Delete
*
[301] Fix | Delete
* @since 5.6.0
[302] Fix | Delete
*
[303] Fix | Delete
* @param WP_User|WP_Error|null $input_user WP_User or WP_Error object if a previous
[304] Fix | Delete
* callback failed authentication.
[305] Fix | Delete
* @param string $username Username for authentication.
[306] Fix | Delete
* @param string $password Password for authentication.
[307] Fix | Delete
* @return WP_User|WP_Error|null WP_User on success, WP_Error on failure, null if
[308] Fix | Delete
* null is passed in and this isn't an API request.
[309] Fix | Delete
*/
[310] Fix | Delete
function wp_authenticate_application_password( $input_user, $username, $password ) {
[311] Fix | Delete
if ( $input_user instanceof WP_User ) {
[312] Fix | Delete
return $input_user;
[313] Fix | Delete
}
[314] Fix | Delete
[315] Fix | Delete
if ( ! WP_Application_Passwords::is_in_use() ) {
[316] Fix | Delete
return $input_user;
[317] Fix | Delete
}
[318] Fix | Delete
[319] Fix | Delete
$is_api_request = ( ( defined( 'XMLRPC_REQUEST' ) && XMLRPC_REQUEST ) || ( defined( 'REST_REQUEST' ) && REST_REQUEST ) );
[320] Fix | Delete
[321] Fix | Delete
/**
[322] Fix | Delete
* Filters whether this is an API request that Application Passwords can be used on.
[323] Fix | Delete
*
[324] Fix | Delete
* By default, Application Passwords is available for the REST API and XML-RPC.
[325] Fix | Delete
*
[326] Fix | Delete
* @since 5.6.0
[327] Fix | Delete
*
[328] Fix | Delete
* @param bool $is_api_request If this is an acceptable API request.
[329] Fix | Delete
*/
[330] Fix | Delete
$is_api_request = apply_filters( 'application_password_is_api_request', $is_api_request );
[331] Fix | Delete
[332] Fix | Delete
if ( ! $is_api_request ) {
[333] Fix | Delete
return $input_user;
[334] Fix | Delete
}
[335] Fix | Delete
[336] Fix | Delete
$error = null;
[337] Fix | Delete
$user = get_user_by( 'login', $username );
[338] Fix | Delete
[339] Fix | Delete
if ( ! $user && is_email( $username ) ) {
[340] Fix | Delete
$user = get_user_by( 'email', $username );
[341] Fix | Delete
}
[342] Fix | Delete
[343] Fix | Delete
// If the login name is invalid, short circuit.
[344] Fix | Delete
if ( ! $user ) {
[345] Fix | Delete
if ( is_email( $username ) ) {
[346] Fix | Delete
$error = new WP_Error(
[347] Fix | Delete
'invalid_email',
[348] Fix | Delete
__( 'Unknown email address. Check again or try your username.' )
[349] Fix | Delete
);
[350] Fix | Delete
} else {
[351] Fix | Delete
$error = new WP_Error(
[352] Fix | Delete
'invalid_username',
[353] Fix | Delete
__( 'Unknown username. Check again or try your email address.' )
[354] Fix | Delete
);
[355] Fix | Delete
}
[356] Fix | Delete
} elseif ( ! wp_is_application_passwords_available() ) {
[357] Fix | Delete
$error = new WP_Error(
[358] Fix | Delete
'application_passwords_disabled',
[359] Fix | Delete
__( 'Application passwords are not available.' )
[360] Fix | Delete
);
[361] Fix | Delete
} elseif ( ! wp_is_application_passwords_available_for_user( $user ) ) {
[362] Fix | Delete
$error = new WP_Error(
[363] Fix | Delete
'application_passwords_disabled_for_user',
[364] Fix | Delete
__( 'Application passwords are not available for your account. Please contact the site administrator for assistance.' )
[365] Fix | Delete
);
[366] Fix | Delete
}
[367] Fix | Delete
[368] Fix | Delete
if ( $error ) {
[369] Fix | Delete
/**
[370] Fix | Delete
* Fires when an application password failed to authenticate the user.
[371] Fix | Delete
*
[372] Fix | Delete
* @since 5.6.0
[373] Fix | Delete
*
[374] Fix | Delete
* @param WP_Error $error The authentication error.
[375] Fix | Delete
*/
[376] Fix | Delete
do_action( 'application_password_failed_authentication', $error );
[377] Fix | Delete
[378] Fix | Delete
return $error;
[379] Fix | Delete
}
[380] Fix | Delete
[381] Fix | Delete
/*
[382] Fix | Delete
* Strip out anything non-alphanumeric. This is so passwords can be used with
[383] Fix | Delete
* or without spaces to indicate the groupings for readability.
[384] Fix | Delete
*
[385] Fix | Delete
* Generated application passwords are exclusively alphanumeric.
[386] Fix | Delete
*/
[387] Fix | Delete
$password = preg_replace( '/[^a-z\d]/i', '', $password );
[388] Fix | Delete
[389] Fix | Delete
$hashed_passwords = WP_Application_Passwords::get_user_application_passwords( $user->ID );
[390] Fix | Delete
[391] Fix | Delete
foreach ( $hashed_passwords as $key => $item ) {
[392] Fix | Delete
if ( ! wp_check_password( $password, $item['password'], $user->ID ) ) {
[393] Fix | Delete
continue;
[394] Fix | Delete
}
[395] Fix | Delete
[396] Fix | Delete
$error = new WP_Error();
[397] Fix | Delete
[398] Fix | Delete
/**
[399] Fix | Delete
* Fires when an application password has been successfully checked as valid.
[400] Fix | Delete
*
[401] Fix | Delete
* This allows for plugins to add additional constraints to prevent an application password from being used.
[402] Fix | Delete
*
[403] Fix | Delete
* @since 5.6.0
[404] Fix | Delete
*
[405] Fix | Delete
* @param WP_Error $error The error object.
[406] Fix | Delete
* @param WP_User $user The user authenticating.
[407] Fix | Delete
* @param array $item The details about the application password.
[408] Fix | Delete
* @param string $password The raw supplied password.
[409] Fix | Delete
*/
[410] Fix | Delete
do_action( 'wp_authenticate_application_password_errors', $error, $user, $item, $password );
[411] Fix | Delete
[412] Fix | Delete
if ( is_wp_error( $error ) && $error->has_errors() ) {
[413] Fix | Delete
/** This action is documented in wp-includes/user.php */
[414] Fix | Delete
do_action( 'application_password_failed_authentication', $error );
[415] Fix | Delete
[416] Fix | Delete
return $error;
[417] Fix | Delete
}
[418] Fix | Delete
[419] Fix | Delete
WP_Application_Passwords::record_application_password_usage( $user->ID, $item['uuid'] );
[420] Fix | Delete
[421] Fix | Delete
/**
[422] Fix | Delete
* Fires after an application password was used for authentication.
[423] Fix | Delete
*
[424] Fix | Delete
* @since 5.6.0
[425] Fix | Delete
*
[426] Fix | Delete
* @param WP_User $user The user who was authenticated.
[427] Fix | Delete
* @param array $item The application password used.
[428] Fix | Delete
*/
[429] Fix | Delete
do_action( 'application_password_did_authenticate', $user, $item );
[430] Fix | Delete
[431] Fix | Delete
return $user;
[432] Fix | Delete
}
[433] Fix | Delete
[434] Fix | Delete
$error = new WP_Error(
[435] Fix | Delete
'incorrect_password',
[436] Fix | Delete
__( 'The provided password is an invalid application password.' )
[437] Fix | Delete
);
[438] Fix | Delete
[439] Fix | Delete
/** This action is documented in wp-includes/user.php */
[440] Fix | Delete
do_action( 'application_password_failed_authentication', $error );
[441] Fix | Delete
[442] Fix | Delete
return $error;
[443] Fix | Delete
}
[444] Fix | Delete
[445] Fix | Delete
/**
[446] Fix | Delete
* Validates the application password credentials passed via Basic Authentication.
[447] Fix | Delete
*
[448] Fix | Delete
* @since 5.6.0
[449] Fix | Delete
*
[450] Fix | Delete
* @param int|false $input_user User ID if one has been determined, false otherwise.
[451] Fix | Delete
* @return int|false The authenticated user ID if successful, false otherwise.
[452] Fix | Delete
*/
[453] Fix | Delete
function wp_validate_application_password( $input_user ) {
[454] Fix | Delete
// Don't authenticate twice.
[455] Fix | Delete
if ( ! empty( $input_user ) ) {
[456] Fix | Delete
return $input_user;
[457] Fix | Delete
}
[458] Fix | Delete
[459] Fix | Delete
if ( ! wp_is_application_passwords_available() ) {
[460] Fix | Delete
return $input_user;
[461] Fix | Delete
}
[462] Fix | Delete
[463] Fix | Delete
// Both $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] must be set in order to attempt authentication.
[464] Fix | Delete
if ( ! isset( $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ) ) {
[465] Fix | Delete
return $input_user;
[466] Fix | Delete
}
[467] Fix | Delete
[468] Fix | Delete
$authenticated = wp_authenticate_application_password( null, $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] );
[469] Fix | Delete
[470] Fix | Delete
if ( $authenticated instanceof WP_User ) {
[471] Fix | Delete
return $authenticated->ID;
[472] Fix | Delete
}
[473] Fix | Delete
[474] Fix | Delete
// If it wasn't a user what got returned, just pass on what we had received originally.
[475] Fix | Delete
return $input_user;
[476] Fix | Delete
}
[477] Fix | Delete
[478] Fix | Delete
/**
[479] Fix | Delete
* For Multisite blogs, check if the authenticated user has been marked as a
[480] Fix | Delete
* spammer, or if the user's primary blog has been marked as spam.
[481] Fix | Delete
*
[482] Fix | Delete
* @since 3.7.0
[483] Fix | Delete
*
[484] Fix | Delete
* @param WP_User|WP_Error|null $user WP_User or WP_Error object from a previous callback. Default null.
[485] Fix | Delete
* @return WP_User|WP_Error WP_User on success, WP_Error if the user is considered a spammer.
[486] Fix | Delete
*/
[487] Fix | Delete
function wp_authenticate_spam_check( $user ) {
[488] Fix | Delete
if ( $user instanceof WP_User && is_multisite() ) {
[489] Fix | Delete
/**
[490] Fix | Delete
* Filters whether the user has been marked as a spammer.
[491] Fix | Delete
*
[492] Fix | Delete
* @since 3.7.0
[493] Fix | Delete
*
[494] Fix | Delete
* @param bool $spammed Whether the user is considered a spammer.
[495] Fix | Delete
* @param WP_User $user User to check against.
[496] Fix | Delete
*/
[497] Fix | Delete
$spammed = apply_filters( 'check_is_user_spammed', is_user_spammy( $user ), $user );
[498] Fix | Delete
[499] Fix | Delete
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function