WordPress.org

Making WordPress.org

Changeset 9224


Ignore:
Timestamp:
10/23/2019 06:09:31 AM (2 years ago)
Author:
dd32
Message:

Login: Add a link expired template, and redirect expierd links to that url.

See #4739.

Location:
sites/trunk
Files:
9 edited
1 copied

Legend:

Unmodified
Added
Removed
  • sites/trunk/common/includes/wporg-sso/wp-plugin.php

    r9182 r9224  
    2020            'checkemail'   => '/checkemail',
    2121            'loggedout'    => '/loggedout',
    22             'lostpassword' => '/lostpassword',
     22            'lostpassword' => '/lostpassword(/(?P<user>[^/]+))?',
     23            'linkexpired'  => '/linkexpired(/(?P<reason>register|lostpassword)/(?P<user>[^/]+))?',
    2324            'oauth'        => '/oauth',
    2425        );
     
    154155
    155156                // Primary registration route.
    156                 $this->valid_sso_paths['register']         = '/register';
     157                $this->valid_sso_paths['register']         = '/register(/(?P<user>[^/]+))?';
    157158            }
    158159
  • sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/js/registration.js

    r4952 r9224  
    3636                } );
    3737            } );
     38
     39            // If the form has data in it upon load, immediately trigger the validation.
     40            if ( $loginForm.find('#user_login').val() ) {
     41                $loginForm.find('#user_login').blur();
     42            }
    3843        } );
    3944} )( jQuery );
  • sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/linkexpired.php

    r9223 r9224  
    11<?php
    22/**
    3  * The logged out Template
     3 * The expired link Template
    44 *
    55 * @package wporg-login
    66 */
    77
     8$reason = WP_WPOrg_SSO::$matched_route_params['reason'] ?? false;
     9$user   = WP_WPOrg_SSO::$matched_route_params['user'] ?? false;
     10
    811get_header();
    912?>
    1013
    11 <p class="center"><?php _e( 'You are now logged out.', 'wporg' ); ?></p>
     14<h2 class="center"><?php _e( 'Link Expired', 'wporg' ); ?></h2>
     15
     16<p class="center"><?php _e( "The link you've followed has expired.", 'wporg' ); ?></p>
     17
     18<?php
     19if ( 'register' == $reason && $user ) {
     20        echo '<p class="center"><a href="' . esc_url( home_url( '/register/' . urlencode( $user ) ) ) . '">' .
     21            sprintf(
     22                /* translators: %s: An account name. */
     23                __( 'Start over, and register %s.', 'wporg' ),
     24                '<code>' . esc_html( $register_user ) . '</code>'
     25            ) .
     26            '</a></p>';
     27} elseif ( 'lostpassword' == $reason && $user ) {
     28    echo '<p class="center"><a href="' . esc_url( home_url( '/lostpassword/'  . urlencode( $user ) ) ) . '">' .
     29            __( 'Reset your password.', 'wporg' ) .
     30            '</a></p>';
     31}
     32?>
    1233
    1334<p id="nav">
  • sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/lostpassword.php

    r6660 r9224  
    55 * @package wporg-login
    66 */
     7
     8$user = WP_WPOrg_SSO::$matched_route_params['user'] ?? false;
    79
    810get_header();
     
    1315    <p>
    1416        <label for="user_login"><?php _e( 'Username or Email', 'wporg' ); ?>
    15         <input type="text" name="user_login" id="user_login" value="" size="20"></label>
     17        <input type="text" name="user_login" id="user_login" value="<?php echo esc_attr( $user ); ?>" size="20"></label>
    1618    </p>
    1719    <input type="hidden" name="redirect_to" value="/checkemail/">
  • sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/pending-create.php

    r9167 r9224  
    1111$pending_user = wporg_get_pending_user( $activation_user );
    1212if ( ! $pending_user ) {
    13     // TODO: add a handler for "Link is expired". The pending user record has been purged.
    14     // See Line 33 below for the second case where this is needed.
     13    wp_safe_redirect( home_url( '/linkexpired/register/' . urlencode( $activation_user ) ) );
     14    exit;
    1515}
    1616
    1717$can_access = false;
    1818if ( $pending_user && $pending_user['user_activation_key'] && ! $pending_user['created'] ) {
    19     $expiration_duration = WEEK_IN_SECONDS; // Time that the user has to confirm the account.
     19    $expiration_duration = 2 * WEEK_IN_SECONDS; // Time that the user has to confirm the account.
    2020
    2121    list( $user_request_time, $hashed_activation_key ) = explode( ':', $pending_user['user_activation_key'], 2 );
     
    2727        $can_access = true;
    2828    } elseif ( $hash_is_correct ) {
    29         // TODO: Add a handler for "Link is expired".
    30         // For now, ignore the expiry date on the email links.
    31         // This URL is invalidated once the user is created anyway.
    32         $can_access = true;
     29        wp_safe_redirect( home_url( '/linkexpired/register/' . urlencode( $activation_user ) ) );
     30        exit;
    3331    }
    3432} elseif ( $pending_user && $pending_user['created'] ) {
  • sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/pending-profile.php

    r9146 r9224  
    2929    die();
    3030} elseif ( ! $can_access ) {
    31     wp_safe_redirect( '/' );
     31    wp_safe_redirect( home_url( '/linkexpired/' ) );
    3232    die();
    3333}
  • sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/register-confirm.php

    r9082 r9224  
    11<?php
    22/**
    3  * The post-register profile-fields Template
     3 * An old registration flow template, just redirects to a expired link template now.
    44 *
    55 * @package wporg-login
    66 */
    77
    8     //      'register-confirm' => '/register/confirm/(?P<confirm_user>[^/]+)/(?P<confirm_key>[^/]+)',
     8$confirm_user = isset( WP_WPOrg_SSO::$matched_route_params['confirm_user'] ) ? WP_WPOrg_SSO::$matched_route_params['confirm_user'] : false;
    99
    10 $confirm_user = isset( WP_WPOrg_SSO::$matched_route_params['confirm_user'] ) ? WP_WPOrg_SSO::$matched_route_params['confirm_user'] : false;
    11 $confirm_key  = isset( WP_WPOrg_SSO::$matched_route_params['confirm_key'] ) ? WP_WPOrg_SSO::$matched_route_params['confirm_key'] : false;
    12 
    13 $can_access = true;
    14 if (
    15     $confirm_user && $confirm_key &&
    16     ( $user = get_user_by( 'login', $confirm_user ) ) &&
    17     $user->exists()
    18 ) {
    19     wp_set_current_user( $user->ID );
    20 
    21     $user_activation_key = $user->user_activation_key;
    22     if ( ! $user_activation_key ) {
    23         // The activation key may not be in the cached user object, so we'll fetch it manually.
    24         $user_activation_key = $wpdb->get_var( $wpdb->prepare( "SELECT user_activation_key FROM {$wpdb->users} WHERE ID = %d", $user->ID ) );
    25     }
    26 
    27     list( $reset_time, $hashed_activation_key ) = explode( ':', $user_activation_key, 2 );
    28 
    29     if ( empty( $wp_hasher ) ) {
    30         require_once ABSPATH . WPINC . '/class-phpass.php';
    31         $wp_hasher = new PasswordHash( 8, true );
    32     }
    33     $can_access = $wp_hasher->CheckPassword( $confirm_key, $hashed_activation_key );
    34 
    35     // Keys are only valid for 7 days (or until used)
    36     $can_access = $can_access && ( $reset_time + ( 7*DAY_IN_SECONDS ) > time() );
    37 }
    38 
    39 if ( ! $can_access ) {
    40     wp_set_current_user( 0 );
    41     wp_safe_redirect( "/" );
    42     die();
    43 } elseif ( !empty( $_POST['user_pass'] ) ) {
    44     $user_pass = wp_unslash( $_POST['user_pass'] );
    45 
    46     wporg_login_save_profile_fields();
    47 
    48     add_filter( 'send_password_change_email', '__return_false' );
    49     if ( wp_update_user( wp_slash( array(
    50         'ID' => $user->ID,
    51         'user_pass' => $user_pass,
    52     ) ) ) ) {
    53         $wpdb->update( $wpdb->users, array( 'user_activation_key' => '' ), array( 'ID' => $user->ID ) );
    54         wp_set_auth_cookie( $user->ID, true );
    55         wp_safe_redirect( 'https://wordpress.org/support/' );
    56         die();
    57     }
    58 }
    59 
    60 wp_enqueue_script( 'zxcvbn' );
    61 wp_enqueue_script( 'user-profile' );
    62 wp_enqueue_script( 'wporg-registration' );
    63 
    64 get_header();
    65 ?>
    66 
    67 <p class="intro">
    68 <?php _e( 'Set your password and complete your WordPress.org Profile information.', 'wporg' ); ?>
    69 </p>
    70 
    71 <form name="registerform" id="registerform" action="" method="post">
    72 
    73         <div class="user-pass1-wrap">
    74         <p>
    75             <label for="pass1"><?php _e( 'Password', 'wporg' ); ?></label>
    76         </p>
    77 
    78         <div class="wp-pwd">
    79             <span class="password-input-wrapper">
    80                 <input type="password" data-reveal="1" data-pw="<?php echo esc_attr( wp_generate_password( 16 ) ); ?>" name="user_pass" id="pass1" class="input" size="20" value="" autocomplete="off" aria-describedby="pass-strength-result" />
    81             </span>
    82             <div id="pass-strength-result" class="hide-if-no-js" aria-live="polite"><?php _e( 'Strength indicator', 'wporg' ); ?></div>
    83         </div>
    84     </div>
    85 
    86 <!--    <p class="description indicator-hint"><?php _e( 'Hint: The password should be at least twelve characters long. To make it stronger, use upper and lower case letters, numbers, and symbols like ! " ? $ % ^ &amp; ).', 'wporg' ); ?></p> -->
    87 
    88     <?php include __DIR__ . '/partials/register-profilefields.php'; ?>
    89 
    90     <p class="login-submit">
    91         <input type="submit" name="wp-submit" id="wp-submit" class="button button-primary" value="<?php esc_attr_e( 'Create Account', 'wporg' ); ?>" />
    92     </p>
    93 
    94 </form>
    95 
    96 <p id="nav">
    97     <a href="https://wordpress.org/"><?php _e( 'WordPress.org', 'wporg' ); ?></a>
    98 </p>
    99 
    100 <?php get_footer();
     10wp_safe_redirect( home_url( '/linkexpired/lostpassword/' . urlencode( $confirm_user ) ) );
     11exit;
  • sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/register-profile.php

    r6493 r9224  
    11<?php
    22/**
    3  * The post-register profile-fields Template
     3 * An old registration flow template, just redirects to a expired link template now.
    44 *
    55 * @package wporg-login
     
    77
    88$profile_user = isset( WP_WPOrg_SSO::$matched_route_params['profile_user'] ) ? WP_WPOrg_SSO::$matched_route_params['profile_user'] : false;
    9 $profile_nonce  = isset( WP_WPOrg_SSO::$matched_route_params['profile_nonce'] ) ? WP_WPOrg_SSO::$matched_route_params['profile_nonce'] : false;
    109
    11 $can_access = false;
    12 if (
    13     $profile_user && $profile_nonce &&
    14     ( $user = get_user_by( 'login', $profile_user ) ) &&
    15     $user->exists()
    16 ) {
    17     wp_set_current_user( $user->ID );
    18     $can_access = wp_verify_nonce( $profile_nonce, 'login-register-profile-edit' );
    19 }
    20 
    21 if ( ! $can_access ) {
    22     wp_set_current_user( 0 );
    23     wp_safe_redirect( '/' );
    24     die();
    25 }
    26 
    27 wporg_login_save_profile_fields();
    28 
    29 wp_enqueue_script( 'wporg-registration' );
    30 
    31 get_header();
    32 ?>
    33 <div class="message info">
    34     <p><?php
    35         printf(
    36             /* translators: %s Email address */
    37             __( 'Please check your email %s for a confirmation link to set your password.', 'wporg' ),
    38             '<code>' . esc_html( wp_get_current_user()->user_email ) . '</code>'
    39         );
    40     ?></p>
    41 </div>
    42 
    43 <p class="intro">
    44 <?php _e( 'Complete your WordPress.org Profile information.', 'wporg' ); ?>
    45 </p>
    46 
    47 <form name="registerform" id="registerform" action="" method="post">
    48 
    49     <?php include __DIR__ . '/partials/register-profilefields.php'; ?>
    50 
    51     <p class="login-submit">
    52         <input type="submit" name="wp-submit" id="wp-submit" class="button button-primary" value="<?php esc_attr_e( 'Save Profile Information', 'wporg' ); ?>" />
    53     </p>
    54 
    55 </form>
    56 
    57 <p id="nav">
    58     <a href="https://wordpress.org/"><?php _e( 'WordPress.org', 'wporg' ); ?></a>
    59 </p>
    60 
    61 <?php get_footer(); ?>
     10wp_safe_redirect( home_url( '/linkexpired/lostpassword/' . urlencode( $profile_user ) ) );
     11exit;
  • sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/register.php

    r9167 r9224  
    77
    88$user_login = isset( $_POST['user_login'] ) ? wp_unslash( $_POST['user_login'] ) : '';
     9if ( ! $user_login && !empty( WP_WPOrg_SSO::$matched_route_params['user'] ) ) {
     10    $user_login = WP_WPOrg_SSO::$matched_route_params['user'];
     11}
    912$user_email = isset( $_POST['user_email'] ) ? wp_unslash( $_POST['user_email'] ) : '';
    1013$user_mailinglist = isset( $_POST['user_mailinglist'] ) && 'true' == $_POST['user_mailinglist'];
  • sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/stylesheets/login.css

    r9153 r9224  
    346346body.route-register-confirm #login form p,
    347347body.route-pending-profile #login form p,
    348 body.route-pending-create #login form p {
     348body.route-pending-create #login form p,
     349body.route-linkexpired h2,
     350body.route-linkexpired p {
    349351    margin-bottom: 16px;
    350352}
     
    379381body.route-register-confirm #login .message,
    380382body.route-pending-profile #login .message,
    381 body.route-pending-create #login .message {
     383body.route-pending-create #login .message,
     384body.route-linkexpired #login .message {
    382385    margin-left: -24px;
    383386    padding-left: 24px;
     
    390393body.route-register-confirm #login .message p,
    391394body.route-pending-profile #login .message p,
    392 body.route-pending-create #login .message p {
     395body.route-pending-create #login .message p,
     396body.route-linkexpired #login .message p {
    393397    margin: 0;
    394398}
     
    411415body.route-register-confirm #login .message.error,
    412416body.route-pending-profile #login .message.error,
    413 body.route-pending-create #login .message.error {
     417body.route-pending-create #login .message.error,
     418body.route-linkexpired #login .message.error {
    414419    margin-bottom: 30px !important;
    415420    color: #23282d;
     
    428433body.rtl.route-register-confirm #login .message.error,
    429434body.rtl.route-pending-profile #login .message.error,
    430 body.rtl.route-pending-create #login .message.error {
     435body.rtl.route-pending-create #login .message.error,
     436body.rtl.route-linkexpired #login .message.error {
    431437    border-right-color: #dc3232;
    432438}
Note: See TracChangeset for help on using the changeset viewer.