` element. * Defaults to 'Log In'. * @param string $message Optional. Message to display in header. Default empty. * @param WP_Error|null $wp_error Optional. The error to pass. Defaults to a WP_Error instance. */ function login_header($title = null, $message = '', $wp_error = null) { global $error, $interim_login, $action; if (null === $title) { $title = __('Log In'); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- PCP error. This is a default WordPress translation string } // Don't index any of these forms. add_filter('wp_robots', 'wp_robots_sensitive_page'); add_action('login_head', 'wp_strict_cross_origin_referrer'); add_action('login_head', 'wp_login_viewport_meta'); if (!is_wp_error($wp_error)) { $wp_error = new WP_Error(); } // Shake it! $shake_error_codes = array('empty_password', 'empty_email', 'invalid_email', 'invalidcombo', 'empty_username', 'invalid_username', 'incorrect_password', 'retrieve_password_email_failure'); /** * Filters the error codes array for shaking the login form. * * @since 3.0.0 * * @param string[] $shake_error_codes Error codes that shake the login form. */ $shake_error_codes = apply_filters('shake_error_codes', $shake_error_codes); if ($shake_error_codes && $wp_error->has_errors() && in_array($wp_error->get_error_code(), $shake_error_codes, true)) { add_action('login_footer', 'wp_shake_js', 12); } $login_title = get_bloginfo('name', 'display'); /* translators: Login screen title. 1: Login screen name, 2: Network or site name. */ $login_title = sprintf(__('%1$s ‹ %2$s — WordPress'), $title, $login_title); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- PCP error. This is a default WordPress translation string if (wp_is_recovery_mode()) { /* translators: %s: Login screen title. */ $login_title = sprintf(__('Recovery Mode — %s'), $login_title); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- PCP error. This is a default WordPress translation string } /** * Filters the title tag content for login page. * * @since 4.9.0 * * @param string $login_title The page title, with extra context added. * @param string $title The original page title. */ $login_title = apply_filters('login_title', $login_title, $title); ?><!DOCTYPE html> <html <?php language_attributes(); ?>> <head> <meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" /> <title><?php echo esc_html($login

configs->get_value('aiowps_login_page_slug'); $custom_login_url = home_url('/' . ltrim($login_slug, '/') . '/'); // Redirect to HTTPS login if forced to use SSL. if (force_ssl_admin() && !is_ssl()) { $request_uri = isset($_SERVER['REQUEST_URI']) ? sanitize_text_field(wp_unslash($_SERVER['REQUEST_URI'])) : ''; if (0 === strpos($request_uri, 'http')) { wp_safe_redirect(set_url_scheme($request_uri, 'https')); exit; } else { wp_safe_redirect('https://' . isset($_SERVER['HTTP_HOST']) ? sanitize_text_field(wp_unslash($_SERVER['HTTP_HOST'])) : '' . $request_uri); exit; } } /** * Outputs the login page header. * * @since 2.1.0 * * @global string $error Login error message set by deprecated pluggable wp_login() function * or plugins replacing it. * @global bool|string $interim_login Whether interim login modal is being displayed. String 'success' * upon successful login. * @global string $action The action that brought the visitor to the login page. * * @param string|null $title Optional. WordPress login page title to display in the `` element. * Defaults to 'Log In'. * @param string $message Optional. Message to display in header. Default empty. * @param WP_Error|null $wp_error Optional. The error to pass. Defaults to a WP_Error instance. */ function login_header($title = null, $message = '', $wp_error = null) { global $error, $interim_login, $action; if (null === $title) { $title = __('Log In'); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- PCP error. This is a default WordPress translation string } // Don't index any of these forms. add_filter('wp_robots', 'wp_robots_sensitive_page'); add_action('login_head', 'wp_strict_cross_origin_referrer'); add_action('login_head', 'wp_login_viewport_meta'); if (!is_wp_error($wp_error)) { $wp_error = new WP_Error(); } // Shake it! $shake_error_codes = array('empty_password', 'empty_email', 'invalid_email', 'invalidcombo', 'empty_username', 'invalid_username', 'incorrect_password', 'retrieve_password_email_failure'); /** * Filters the error codes array for shaking the login form. * * @since 3.0.0 * * @param string[] $shake_error_codes Error codes that shake the login form. */ $shake_error_codes = apply_filters('shake_error_codes', $shake_error_codes); if ($shake_error_codes && $wp_error->has_errors() && in_array($wp_error->get_error_code(), $shake_error_codes, true)) { add_action('login_footer', 'wp_shake_js', 12); } $login_title = get_bloginfo('name', 'display'); /* translators: Login screen title. 1: Login screen name, 2: Network or site name. */ $login_title = sprintf(__('%1$s ‹ %2$s — WordPress'), $title, $login_title); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- PCP error. This is a default WordPress translation string if (wp_is_recovery_mode()) { /* translators: %s: Login screen title. */ $login_title = sprintf(__('Recovery Mode — %s'), $login_title); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- PCP error. This is a default WordPress translation string } /** * Filters the title tag content for login page. * * @since 4.9.0 * * @param string $login_title The page title, with extra context added. * @param string $title The original page title. */ $login_title = apply_filters('login_title', $login_title, $title); ?><!DOCTYPE html> <html <?php language_attributes(); ?>> <head> <meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" /> <title><?php echo esc_html($login_title); ?> get_error_code()) { ob_start(); ?>

add('error', $error); unset($error); } if ($wp_error->has_errors()) { $error_list = array(); $messages = ''; foreach ($wp_error->get_error_codes() as $code) { $severity = $wp_error->get_error_data($code); foreach ($wp_error->get_error_messages($code) as $error_message) { if ('message' === $severity) { $messages .= '

' . $error_message . '

'; } else { $error_list[] = $error_message; } } } if (!empty($error_list)) { $errors = ''; if (count($error_list) > 1) { $errors .= ''; } else { $errors .= '

' . $error_list[0] . '

'; } /** * Filters the error messages displayed above the login form. * * @since 2.1.0 * * @param string $errors Login error messages. */ $errors = apply_filters('login_errors', $errors); wp_admin_notice( $errors, array( 'type' => 'error', 'id' => 'login_error', 'paragraph_wrap' => false, ) ); } if (!empty($messages)) { /** * Filters instructional messages displayed above the login form. * * @since 2.5.0 * * @param string $messages Login messages. */ $messages = apply_filters('login_messages', $messages); wp_admin_notice( $messages, array( 'type' => 'info', 'id' => 'login-message', 'additional_classes' => array('message'), 'paragraph_wrap' => false, ) ); } } } // End of login_header(). /** * Outputs the footer for the login page. * * @since 3.1.0 * * @global bool|string $interim_login Whether interim login modal is being displayed. String 'success' * upon successful login. * * @param string $input_id Which input to auto-focus. */ function login_footer($input_id = '') { global $interim_login, $aio_wp_security; // Don't allow interim logins to navigate away from the page. if (!$interim_login) { ?>

%s', esc_url(home_url('/')), sprintf( /* translators: %s: Site title. */ _x('← Go to %s', 'site'), get_bloginfo('title', 'display') ) ); /** * Filters the "Go to site" link displayed in the login page footer. * * @since 5.7.0 * * @param string $link HTML link to the home URL of the current site. */ echo apply_filters('login_site_html_link', $html_link); ?>

', '

'); } ?> . ?>

0) { update_option('admin_email_lifespan', time() + $remind_interval); } $redirect_to = add_query_arg('admin_email_remind_later', 1, $redirect_to); wp_safe_redirect($redirect_to); exit; } if (!empty($_POST['correct-admin-email'])) { if (!check_admin_referer('confirm_admin_email', 'confirm_admin_email_nonce')) { wp_safe_redirect($custom_login_url); exit; } /** * Filters the interval for redirecting the user to the admin email confirmation screen. * * If `0` (zero) is returned, the user will not be redirected. * * @since 5.3.0 * * @param int $interval Interval time (in seconds). Default is 6 months. */ $admin_email_check_interval = (int) apply_filters('admin_email_check_interval', 6 * MONTH_IN_SECONDS); if ($admin_email_check_interval > 0) { update_option('admin_email_lifespan', time() + $admin_email_check_interval); } wp_safe_redirect($redirect_to); exit; } login_header(__('Confirm your administration email'), '', $errors); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- PCP error. This is a default WordPress translation string /** * Fires before the admin email confirm form. * * @since 5.3.0 * * @param WP_Error $errors A `WP_Error` object containing any errors generated by using invalid * credentials. Note that the error object may not contain any errors. */ do_action('admin_email_confirm', $errors); ?>

administration email for this website is still correct.'); ?> %s', /* translators: Hidden accessibility text. */ __('(opens in a new tab)') // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- PCP error. This is a default WordPress translation string ); printf( '%s%s', esc_url($admin_email_help_url), __('Why is this important?'), // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- PCP error. This is a default WordPress translation string wp_kses_post($accessibility_text) ); ?>

' . esc_html($admin_email) . '' ); ?>

'confirm_admin_email', 'remind_me_later' => wp_create_nonce('remind_me_later_nonce'), ), $remind_me_link ); ?>

HashPassword(wp_unslash($_POST['post_password'])), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure); wp_safe_redirect(wp_get_referer()); exit; case 'logout': check_admin_referer('log-out'); $user = wp_get_current_user(); wp_logout(); if (!empty($_REQUEST['redirect_to']) && is_string($_REQUEST['redirect_to'])) { $redirect_to = sanitize_url(wp_unslash($_REQUEST['redirect_to'])); $requested_redirect_to = $redirect_to; } else { $redirect_to = add_query_arg( array( 'loggedout' => 'true', 'wp_lang' => get_user_locale($user), ), $custom_login_url ); $requested_redirect_to = ''; } /** * Filters the log out redirect URL. * * @since 4.2.0 * * @param string $redirect_to The redirect destination URL. * @param string $requested_redirect_to The requested redirect destination URL passed as a parameter. * @param WP_User $user The WP_User object for the user that's logging out. */ $redirect_to = apply_filters('logout_redirect', $redirect_to, $requested_redirect_to, $user); wp_safe_redirect($redirect_to); exit; case 'lostpassword': case 'retrievepassword': if ($http_post) { $errors = retrieve_password(); if (!is_wp_error($errors)) { $redirect_to = !empty($_REQUEST['redirect_to']) ? sanitize_url(wp_unslash($_REQUEST['redirect_to'])) : 'wp-login.php?checkemail=confirm'; wp_safe_redirect($redirect_to); exit; } } if (isset($_GET['error'])) { if ('invalidkey' === $_GET['error']) { $errors->add('invalidkey', __('Your password reset link appears to be invalid. Please request a new link below.')); // phpcs:ignore UpdraftPlus.Translation.MultipleSentence.MultipleSentenceInsideTranslationFunction -- This is a WordPress translation. } elseif ('expiredkey' === $_GET['error']) { $errors->add('expiredkey', __('Your password reset link has expired. Please request a new link below.')); // phpcs:ignore UpdraftPlus.Translation.MultipleSentence.MultipleSentenceInsideTranslationFunction -- This is a WordPress translation. } } $lostpassword_redirect = !empty($_REQUEST['redirect_to']) ? sanitize_url(wp_unslash($_REQUEST['redirect_to'])) : ''; /** * Filters the URL redirected to after submitting the lostpassword/retrievepassword form. * * @since 3.0.0 * * @param string $lostpassword_redirect The redirect destination URL. */ $redirect_to = apply_filters('lostpassword_redirect', $lostpassword_redirect); /** * Fires before the lost password form. * * @since 1.5.1 * @since 5.1.0 Added the `$errors` parameter. * * @param WP_Error $errors A `WP_Error` object containing any errors generated by using invalid * credentials. Note that the error object may not contain any errors. */ do_action('lost_password', $errors); login_header( __('Lost Password'), // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- PCP error. This is a default WordPress translation string wp_get_admin_notice( __('Please enter your username or email address. You will receive an email message with instructions on how to reset your password.'), // phpcs:ignore UpdraftPlus.Translation.MultipleSentence.MultipleSentenceInsideTranslationFunction -- This is a WordPress translation. array( 'type' => 'info', 'additional_classes' => array('message'), ) ), $errors ); $user_login = ''; if (isset($_POST['user_login']) && is_string($_POST['user_login'])) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Sanitized below. $user_login = wp_unslash($_POST['user_login']); // Remove slashes first if (is_email($user_login)) { // Sanitize as an email address $user_login = sanitize_email($user_login); } else { // Sanitize as a username $user_login = sanitize_user($user_login, true); } } ?>

get_error_code() === 'expired_key') { wp_redirect(site_url('wp-login.php?action=lostpassword&error=expiredkey')); } else { wp_redirect(site_url('wp-login.php?action=lostpassword&error=invalidkey')); } exit; } $errors = new WP_Error(); // Check if password is one or all empty spaces. if (!empty($_POST['pass1'])) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- PCP warning. Not recommended to sanitize password. $_POST['pass1'] = trim($_POST['pass1']); if (empty($_POST['pass1'])) { $errors->add('password_reset_empty_space', __('The password cannot be a space or all spaces.')); // phpcs:ignore UpdraftPlus.Translation.MultipleSentence.MultipleSentenceInsideTranslationFunction -- This is a WordPress translation. } } // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- PCP warning. Not recommended to sanitize password. // Check if password fields do not match. if (!empty($_POST['pass1']) && trim($_POST['pass2']) !== $_POST['pass1']) { $errors->add('password_reset_mismatch', __('Error: The passwords do not match.')); // phpcs:ignore UpdraftPlus.Translation.MultipleSentence.MultipleSentenceInsideTranslationFunction -- This is a WordPress translation. } /** * Fires before the password reset procedure is validated. * * @since 3.5.0 * * @param WP_Error $errors WP Error object. * @param WP_User|WP_Error $user WP_User object if the login and reset key match. WP_Error object otherwise. */ do_action('validate_password_reset', $errors, $user); if ((!$errors->has_errors()) && isset($_POST['pass1']) && !empty($_POST['pass1'])) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- PCP warning. Not recommended to sanitize password. reset_password($user, $_POST['pass1']); setcookie($rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true); login_header( __('Password Reset'), // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- PCP error. This is a default WordPress translation string wp_get_admin_notice( __('Your password has been reset.') . ' ' . __('Log in') . '', // phpcs:ignore UpdraftPlus.Translation.MultipleSentence.MultipleSentenceInsideTranslationFunction -- This is a WordPress translation. array( 'type' => 'info', 'additional_classes' => array('message', 'reset-pass'), ) ) ); login_footer(); exit; } wp_enqueue_script('utils'); wp_enqueue_script('user-profile'); login_header( __('Reset Password'), // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- PCP error. This is a default WordPress translation string wp_get_admin_notice( __('Enter your new password below or generate one.'), // phpcs:ignore UpdraftPlus.Translation.MultipleSentence.MultipleSentenceInsideTranslationFunction -- This is a WordPress translation. array( 'type' => 'info', 'additional_classes' => array('message', 'reset-pass'), ) ), $errors ); ?>

'info', 'additional_classes' => array('message', 'register'), ) ), $errors ); ?>

%s', esc_url(wp_lostpassword_url()), __('Lost your password?')); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- PCP error. This is a default WordPress translation string /*This filter is documented in wp-login.php */ echo apply_filters('lost_password_html_link', $html_link); ?>

add( 'confirm', sprintf( /* translators: %s: Link to the login page. */ __('Check your email for the confirmation link, then visit the login page.'), // phpcs:ignore UpdraftPlus.Translation.MultipleSentence.MultipleSentenceInsideTranslationFunction -- This is a WordPress translation. $custom_login_url ), 'message' ); } elseif ('registered' === $_GET['checkemail']) { $errors->add( 'registered', sprintf( /* translators: %s: Link to the login page. */ __('Registration complete. Please check your email, then visit the login page.'), // phpcs:ignore UpdraftPlus.Translation.MultipleSentence.MultipleSentenceInsideTranslationFunction -- This is a WordPress translation. $custom_login_url ), 'message' ); } /* This action is documented in wp-login.php */ $errors = apply_filters('wp_login_errors', $errors, $redirect_to); login_header(__('Check your email'), '', $errors); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- PCP error. This is a default WordPress translation string login_footer(); break; case 'confirmaction': if (!isset($_GET['request_id'])) { wp_die(__('Missing request ID.')); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- PCP error. This is a default WordPress translation string } if (!isset($_GET['confirm_key'])) { wp_die(__('Missing confirm key.')); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- PCP error. This is a default WordPress translation string } $request_id = (int) $_GET['request_id']; $key = sanitize_text_field(wp_unslash($_GET['confirm_key'])); $result = wp_validate_user_request_key($request_id, $key); if (is_wp_error($result)) { // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- WP_Error is an object and cannot be escaped. wp_die($result); } /** * Fires an action hook when the account action has been confirmed by the user. * * Using this you can assume the user has agreed to perform the action by * clicking on the link in the confirmation email. * * After firing this action hook the page will redirect to wp-login a callback * redirects or exits first. * * @since 4.9.6 * * @param int $request_id Request ID. */ do_action('user_request_action_confirmed', $request_id); $message = _wp_privacy_account_request_confirmed_message($request_id); login_header(__('User action confirmed.'), $message); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- PCP error. This is a default WordPress translation string login_footer(); exit; case 'login': default: $secure_cookie = ''; $customize_login = isset($_REQUEST['customize-login']); if ($customize_login) { wp_enqueue_script('customize-base'); } // If the user wants SSL but the session is not SSL, force a secure cookie. if (!empty($_POST['log']) && !force_ssl_admin()) { $user_name = sanitize_user(wp_unslash($_POST['log'])); $user = get_user_by('login', $user_name); if (!$user && strpos($user_name, '@')) { $user = get_user_by('email', $user_name); } if ($user) { if (get_user_option('use_ssl', $user->ID)) { $secure_cookie = true; force_ssl_admin(true); } } } if (isset($_REQUEST['redirect_to']) && is_string($_REQUEST['redirect_to'])) { $redirect_to = sanitize_url(wp_unslash($_REQUEST['redirect_to'])); // Redirect to HTTPS if user wants SSL. if ($secure_cookie && str_contains($redirect_to, 'wp-admin')) { $redirect_to = preg_replace('|^http://|', 'https://', $redirect_to); } } else { $redirect_to = admin_url(); } $reauth = empty($_REQUEST['reauth']) ? false : true; $user = wp_signon(array(), $secure_cookie); if (empty($_COOKIE[LOGGED_IN_COOKIE])) { if (headers_sent()) { $user = new WP_Error( 'test_cookie', sprintf( /* translators: 1: Browser cookie documentation URL, 2: Support forums URL. */ __('Error: Cookies are blocked due to unexpected output. For help, please see this documentation or try the support forums.'), // phpcs:ignore UpdraftPlus.Translation.MultipleSentence.MultipleSentenceInsideTranslationFunction -- This is a WordPress translation. esc_url(__('https://wordpress.org/support/article/cookies/')), // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- PCP error. This is a default WordPress translation string esc_url(__('https://wordpress.org/support/forums/')) // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- PCP error. This is a default WordPress translation string ) ); } elseif (isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE])) { // If cookies are disabled, the user can't log in even with a valid username and password. $user = new WP_Error( 'test_cookie', sprintf( /* translators: %s: Browser cookie documentation URL. */ __('%1$s: Cookies are blocked or not supported by your browser. You must %2$s to use WordPress.'), // phpcs:ignore UpdraftPlus.Translation.MultipleSentence.MultipleSentenceInsideTranslationFunction -- This is a WordPress translation. '' . __('ERROR') . '', // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- PCP error. This is a default WordPress translation string '' . __('enable cookies') . '' // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- PCP error. This is a default WordPress translation string ) ); } } $requested_redirect_to = isset($_REQUEST['redirect_to']) && is_string($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : ''; /** * Filters the login redirect URL. * * @since 3.0.0 * * @param string $redirect_to The redirect destination URL. * @param string $requested_redirect_to The requested redirect destination URL passed as a parameter. * @param WP_User|WP_Error $user WP_User object if login was successful, WP_Error object otherwise. */ $redirect_to = apply_filters('login_redirect', $redirect_to, $requested_redirect_to, $user); if (!is_wp_error($user) && !$reauth) { if ($interim_login) { $message = '

' . __('You have logged in successfully.') . '

'; // phpcs:ignore UpdraftPlus.Translation.MultipleSentence.MultipleSentenceInsideTranslationFunction -- This is a WordPress translation. $interim_login = 'success'; login_header('', $message); ?> exists() && $user->has_cap('manage_options')) { $admin_email_lifespan = (int) get_option('admin_email_lifespan'); /* * If `0` (or anything "falsey" as it is cast to int) is returned, the user will not be redirected * to the admin email confirmation screen. */ /*This filter is documented in wp-login.php */ $admin_email_check_interval = (int) apply_filters('admin_email_check_interval', 6 * MONTH_IN_SECONDS); if ($admin_email_check_interval > 0 && time() > $admin_email_lifespan) { $redirect_to = add_query_arg( array( 'action' => 'confirm_admin_email', 'wp_lang' => get_user_locale($user), ), wp_login_url($redirect_to) ); } } if ((empty($redirect_to) || 'wp-admin/' === $redirect_to || admin_url() === $redirect_to)) { // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile. if (is_multisite() && !get_active_blog_for_user($user->ID) && !is_super_admin($user->ID)) { $redirect_to = user_admin_url(); } elseif (is_multisite() && !$user->has_cap('read')) { $redirect_to = get_dashboard_url($user->ID); } elseif (!$user->has_cap('edit_posts')) { $redirect_to = $user->has_cap('read') ? admin_url('profile.php') : home_url(); } wp_redirect($redirect_to); exit; } wp_safe_redirect($redirect_to); exit; } $errors = $user; // Clear errors if loggedout is set. if (!empty($_GET['loggedout']) || $reauth) { $errors = new WP_Error(); } if (empty($_POST) && $errors->get_error_codes() === array('empty_username', 'empty_password')) { $errors = new WP_Error('', ''); } if ($interim_login) { if (!$errors->has_errors()) { $errors->add('expired', __('Your session has expired. Please log in to continue where you left off.'), 'message'); // phpcs:ignore UpdraftPlus.Translation.MultipleSentence.MultipleSentenceInsideTranslationFunction -- ignore this to use WordPress translation } } else { // Some parts of this script use the main login form to display a message. if (isset($_GET['loggedout']) && $_GET['loggedout']) { $errors->add('loggedout', __('You are now logged out.'), 'message'); // phpcs:ignore UpdraftPlus.Translation.MultipleSentence.MultipleSentenceInsideTranslationFunction -- This is a WordPress translation. } elseif (isset($_GET['registration']) && 'disabled' === $_GET['registration']) { $errors->add('registerdisabled', __('Error: User registration is currently not allowed.')); // phpcs:ignore UpdraftPlus.Translation.MultipleSentence.MultipleSentenceInsideTranslationFunction -- This is a WordPress translation. } elseif (str_contains($redirect_to, 'about.php?updated')) { $errors->add('updated', __('You have successfully updated WordPress! Please log back in to see what’s new.'), 'message'); // phpcs:ignore UpdraftPlus.Translation.MultipleSentence.MultipleSentenceInsideTranslationFunction -- This is a WordPress translation. } elseif (WP_Recovery_Mode_Link_Service::LOGIN_ACTION_ENTERED === $action) { $errors->add('enter_recovery_mode', __('Recovery Mode Initialized.') . ' ' . __('Please log in to continue.'), 'message'); // phpcs:ignore UpdraftPlus.Translation.MultipleSentence.MultipleSentenceInsideTranslationFunction -- This is a WordPress translation. } elseif (isset($_GET['redirect_to']) && false !== strpos(sanitize_url(wp_unslash($_GET['redirect_to'])), 'wp-admin/authorize-application.php')) { $query_component = wp_parse_url(sanitize_url(wp_unslash($_GET['redirect_to'])), PHP_URL_QUERY); $query = array(); if ($query_component) { parse_str($query_component, $query); } if (!empty($query['app_name'])) { /* translators: 1: Website name, 2: Application name. */ $message = sprintf('Please log in to %1$s to authorize %2$s to connect to your account.', get_bloginfo('name', 'display'), '' . esc_html($query['app_name']) . ''); } else { /* translators: %s: Website name. */ $message = sprintf('Please log in to %s to proceed with authorization.', get_bloginfo('name', 'display')); } $errors->add('authorize_application', $message, 'message'); } } /** * Filters the login page errors. * * @since 3.6.0 * * @param WP_Error $errors WP Error object. * @param string $redirect_to Redirect destination URL. */ $errors = apply_filters('wp_login_errors', $errors, $redirect_to); // Clear any stale cookies. if ($reauth) { wp_clear_auth_cookie(); } login_header(__('Log In'), '', $errors); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- PCP error. This is a default WordPress translation string if (isset($_POST['log'])) { $user_login = ('incorrect_password' === $errors->get_error_code() || 'empty_password' === $errors->get_error_code()) ? esc_attr(sanitize_text_field(wp_unslash($_POST['log']))) : ''; } $rememberme = !empty($_POST['rememberme']); $aria_describedby = ''; $has_errors = $errors->has_errors(); if ($has_errors) { $aria_describedby = ' aria-describedby="login_error"'; } if ($has_errors && 'message' === $errors->get_error_data()) { $aria_describedby = ' aria-describedby="login-message"'; } wp_enqueue_script('user-profile'); //aiowps - this check is necessary because otherwise if variables are undefined we get a warning! if (empty($user_login)) { $user_login = ''; } if (empty($error)) { $error = ''; } ?>

%s', esc_url(wp_registration_url()), __('Register')); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- PCP error. This is a default WordPress translation string /*This filter is documented in wp-includes/general-template.php */ echo wp_kses_post(apply_filters('register', $registration_url)); echo esc_html($login_link_separator); } $html_link = sprintf('%s', esc_url(wp_lostpassword_url()), __('Lost your password?')); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- PCP error. This is a default WordPress translation string /** * Filters the link that allows the user to reset the lost password. * * @since 6.1.0 * * @param string $html_link HTML link to the lost password form. */ echo wp_kses_post(apply_filters('lost_password_html_link', $html_link)); ?>

get_error_code() === 'invalid_username') { $login_script .= 'd.value = "";'; } } $login_script .= 'd.focus(); d.select();'; $login_script .= '} catch(er) {}'; $login_script .= '}, 200);'; $login_script .= "}\n"; // End of wp_attempt_focus(). /** * Filters whether to print the call to `wp_attempt_focus()` on the login screen. * * @since 4.8.0 * * @param bool $print Whether to print the function call. Default true. */ if (apply_filters('enable_login_autofocus', true) && !$error) { $login_script .= "wp_attempt_focus();\n"; } // Run `wpOnload()` if defined. $login_script .= "if (typeof wpOnload === 'function') { wpOnload() }"; wp_print_inline_script_tag($login_script); if ($interim_login) { ob_start(); ?>