Error and cannot log in to admin on wp-admin page
-
On my blog http://www.datingblog.youcangettheguy.com, when I try to go to the wp-admin page to log in, I get this error:
Warning: Cannot modify header information – headers already sent by (output started at /home/g3tthguy/public_html/datingblog/wp-includes/wp-db.php:1) in /home/g3tthguy/public_html/datingblog/wp-includes/pluggable.php on line 866
This is my pluggable.php file:
<?php
/**
* These functions can be replaced via plugins. If plugins do not redefine these
* functions, then these will be used instead.
*
* @package WordPress
*/if ( !function_exists(‘wp_set_current_user’) ) :
/**
* Changes the current user by ID or name.
*
* Set $id to null and specify a name if you do not know a user’s ID.
*
* Some WordPress functionality is based on the current user and not based on
* the signed in user. Therefore, it opens the ability to edit and perform
* actions on users who aren’t signed in.
*
* @since 2.0.3
* @global object $current_user The current user object which holds the user data.
* @uses do_action() Calls ‘set_current_user’ hook after setting the current user.
*
* @param int $id User ID
* @param string $name User’s username
* @return WP_User Current user User object
*/
function wp_set_current_user($id, $name = ”) {
global $current_user;if ( isset($current_user) && ($id == $current_user->ID) )
return $current_user;$current_user = new WP_User($id, $name);
setup_userdata($current_user->ID);
do_action(‘set_current_user’);
return $current_user;
}
endif;if ( !function_exists(‘wp_get_current_user’) ) :
/**
* Retrieve the current user object.
*
* @since 2.0.3
*
* @return WP_User Current user WP_User object
*/
function wp_get_current_user() {
global $current_user;get_currentuserinfo();
return $current_user;
}
endif;if ( !function_exists(‘get_currentuserinfo’) ) :
/**
* Populate global variables with information about the currently logged in user.
*
* Will set the current user, if the current user is not set. The current user
* will be set to the logged in person. If no user is logged in, then it will
* set the current user to 0, which is invalid and won’t have any permissions.
*
* @since 0.71
* @uses $current_user Checks if the current user is set
* @uses wp_validate_auth_cookie() Retrieves current logged in user.
*
* @return bool|null False on XMLRPC Request and invalid auth cookie. Null when current user set
*/
function get_currentuserinfo() {
global $current_user;if ( defined(‘XMLRPC_REQUEST’) && XMLRPC_REQUEST )
return false;if ( ! empty($current_user) )
return;if ( ! $user = wp_validate_auth_cookie() ) {
if ( is_blog_admin() || is_network_admin() || empty($_COOKIE[LOGGED_IN_COOKIE]) || !$user = wp_validate_auth_cookie($_COOKIE[LOGGED_IN_COOKIE], ‘logged_in’) ) {
wp_set_current_user(0);
return false;
}
}wp_set_current_user($user);
}
endif;if ( !function_exists(‘get_userdata’) ) :
/**
* Retrieve user info by user ID.
*
* @since 0.71
*
* @param int $user_id User ID
* @return bool|object False on failure, WP_User object on success
*/
function get_userdata( $user_id ) {
return get_user_by( ‘id’, $user_id );
}
endif;if ( !function_exists(‘get_user_by’) ) :
/**
* Retrieve user info by a given field
*
* @since 2.8.0
*
* @param string $field The field to retrieve the user with. id | slug | email | login
* @param int|string $value A value for $field. A user ID, slug, email address, or login name.
* @return bool|object False on failure, WP_User object on success
*/
function get_user_by( $field, $value ) {
$userdata = WP_User::get_data_by( $field, $value );if ( !$userdata )
return false;$user = new WP_User;
$user->init( $userdata );return $user;
}
endif;if ( !function_exists(‘cache_users’) ) :
/**
* Retrieve info for user lists to prevent multiple queries by get_userdata()
*
* @since 3.0.0
*
* @param array $user_ids User ID numbers list
*/
function cache_users( $user_ids ) {
global $wpdb;$clean = array();
foreach ( $user_ids as $id ) {
$id = (int) $id;
if ( !wp_cache_get( $id, ‘users’ ) ) {
$clean[] = $id;
}
}if ( empty( $clean ) )
return;$list = implode( ‘,’, $clean );
$users = $wpdb->get_results( “SELECT * FROM $wpdb->users WHERE ID IN ($list)” );
$ids = array();
foreach ( $users as $user ) {
update_user_caches( $user );
$ids[] = $user->ID;
}
update_meta_cache( ‘user’, $ids );
}
endif;if ( !function_exists( ‘wp_mail’ ) ) :
/**
* Send mail, similar to PHP’s mail
*
* A true return value does not automatically mean that the user received the
* email successfully. It just only means that the method used was able to
* process the request without any errors.
*
* Using the two ‘wp_mail_from’ and ‘wp_mail_from_name’ hooks allow from
* creating a from address like ‘Name <(email visible only to moderators and staff)>’ when both are set. If
* just ‘wp_mail_from’ is set, then just the email address will be used with no
* name.
*
* The default content type is ‘text/plain’ which does not allow using HTML.
* However, you can set the content type of the email by using the
* ‘wp_mail_content_type’ filter.
*
* The default charset is based on the charset used on the blog. The charset can
* be set using the ‘wp_mail_charset’ filter.
*
* @since 1.2.1
* @uses apply_filters() Calls ‘wp_mail’ hook on an array of all of the parameters.
* @uses apply_filters() Calls ‘wp_mail_from’ hook to get the from email address.
* @uses apply_filters() Calls ‘wp_mail_from_name’ hook to get the from address name.
* @uses apply_filters() Calls ‘wp_mail_content_type’ hook to get the email content type.
* @uses apply_filters() Calls ‘wp_mail_charset’ hook to get the email charset
* @uses do_action_ref_array() Calls ‘phpmailer_init’ hook on the reference to
* phpmailer object.
* @uses PHPMailer
*
* @param string|array $to Array or comma-separated list of email addresses to send message.
* @param string $subject Email subject
* @param string $message Message contents
* @param string|array $headers Optional. Additional headers.
* @param string|array $attachments Optional. Files to attach.
* @return bool Whether the email contents were sent successfully.
*/
function wp_mail( $to, $subject, $message, $headers = ”, $attachments = array() ) {
// Compact the input, apply the filters, and extract them back out
extract( apply_filters( ‘wp_mail’, compact( ‘to’, ‘subject’, ‘message’, ‘headers’, ‘attachments’ ) ) );if ( !is_array($attachments) )
$attachments = explode( “n”, str_replace( “rn”, “n”, $attachments ) );global $phpmailer;
// (Re)create it, if it’s gone missing
if ( !is_object( $phpmailer ) || !is_a( $phpmailer, ‘PHPMailer’ ) ) {
require_once ABSPATH . WPINC . ‘/class-phpmailer.php’;
require_once ABSPATH . WPINC . ‘/class-smtp.php’;
$phpmailer = new PHPMailer( true );
}// Headers
if ( empty( $headers ) ) {
$headers = array();
} else {
if ( !is_array( $headers ) ) {
// Explode the headers out, so this function can take both
// string headers and an array of headers.
$tempheaders = explode( “n”, str_replace( “rn”, “n”, $headers ) );
} else {
$tempheaders = $headers;
}
$headers = array();
$cc = array();
$bcc = array();// If it’s actually got contents
if ( !empty( $tempheaders ) ) {
// Iterate through the raw headers
foreach ( (array) $tempheaders as $header ) {
if ( strpos($header, ‘:’) === false ) {
if ( false !== stripos( $header, ‘boundary=’ ) ) {
$parts = preg_split(‘/boundary=/i’, trim( $header ) );
$boundary = trim( str_replace( array( “‘”, ‘”‘ ), ”, $parts[1] ) );
}
continue;
}
// Explode them out
list( $name, $content ) = explode( ‘:’, trim( $header ), 2 );// Cleanup crew
$name = trim( $name );
$content = trim( $content );switch ( strtolower( $name ) ) {
// Mainly for legacy — process a From: header if it’s there
case ‘from’:
if ( strpos($content, ‘<‘ ) !== false ) {
// So… making my life hard again?
$from_name = substr( $content, 0, strpos( $content, ‘<‘ ) – 1 );
$from_name = str_replace( ‘”‘, ”, $from_name );
$from_name = trim( $from_name );$from_email = substr( $content, strpos( $content, ‘<‘ ) + 1 );
$from_email = str_replace( ‘>’, ”, $from_email );
$from_email = trim( $from_email );
} else {
$from_email = trim( $content );
}
break;
case ‘content-type’:
if ( strpos( $content, ‘;’ ) !== false ) {
list( $type, $charset ) = explode( ‘;’, $content );
$content_type = trim( $type );
if ( false !== stripos( $charset, ‘charset=’ ) ) {
$charset = trim( str_replace( array( ‘charset=’, ‘”‘ ), ”, $charset ) );
} elseif ( false !== stripos( $charset, ‘boundary=’ ) ) {
$boundary = trim( str_replace( array( ‘BOUNDARY=’, ‘boundary=’, ‘”‘ ), ”, $charset ) );
$charset = ”;
}
} else {
$content_type = trim( $content );
}
break;
case ‘cc’:
$cc = array_merge( (array) $cc, explode( ‘,’, $content ) );
break;
case ‘bcc’:
$bcc = array_merge( (array) $bcc, explode( ‘,’, $content ) );
break;
default:
// Add it to our grand headers array
$headers[trim( $name )] = trim( $content );
break;
}
}
}
}// Empty out the values that may be set
$phpmailer->ClearAddresses();
$phpmailer->ClearAllRecipients();
$phpmailer->ClearAttachments();
$phpmailer->ClearBCCs();
$phpmailer->ClearCCs();
$phpmailer->ClearCustomHeaders();
$phpmailer->ClearReplyTos();// From email and name
// If we don’t have a name from the input headers
if ( !isset( $from_name ) )
$from_name = ‘WordPress’;/* If we don’t have an email from the input headers default to wordpress@$sitename
* Some hosts will block outgoing mail from this address if it doesn’t exist but
* there’s no easy alternative. Defaulting to admin_email might appear to be another
* option but some hosts may refuse to relay mail from an unknown domain. See
* http://trac.wordpress.org/ticket/5007.
*/if ( !isset( $from_email ) ) {
// Get the site domain and get rid of www.
$sitename = strtolower( $_SERVER[‘SERVER_NAME’] );
if ( substr( $sitename, 0, 4 ) == ‘www.’ ) {
$sitename = substr( $sitename, 4 );
}$from_email = ‘wordpress@’ . $sitename;
}// Plugin authors can override the potentially troublesome default
$phpmailer->From = apply_filters( ‘wp_mail_from’ , $from_email );
$phpmailer->FromName = apply_filters( ‘wp_mail_from_name’, $from_name );// Set destination addresses
if ( !is_array( $to ) )
$to = explode( ‘,’, $to );foreach ( (array) $to as $recipient ) {
try {
// Break $recipient into name and address parts if in the format “Foo <(email visible only to moderators and staff)>”
$recipient_name = ”;
if( preg_match( ‘/(.*)<(.+)>/’, $recipient, $matches ) ) {
if ( count( $matches ) == 3 ) {
$recipient_name = $matches[1];
$recipient = $matches[2];
}
}
$phpmailer->AddAddress( $recipient, $recipient_name);
} catch ( phpmailerException $e ) {
continue;
}
}// Set mail’s subject and body
$phpmailer->Subject = $subject;
$phpmailer->Body = $message;// Add any CC and BCC recipients
if ( !empty( $cc ) ) {
foreach ( (array) $cc as $recipient ) {
try {
// Break $recipient into name and address parts if in the format “Foo <(email visible only to moderators and staff)>”
$recipient_name = ”;
if( preg_match( ‘/(.*)<(.+)>/’, $recipient, $matches ) ) {
if ( count( $matches ) == 3 ) {
$recipient_name = $matches[1];
$recipient = $matches[2];
}
}
$phpmailer->AddCc( $recipient, $recipient_name );
} catch ( phpmailerException $e ) {
continue;
}
}
}if ( !empty( $bcc ) ) {
foreach ( (array) $bcc as $recipient) {
try {
// Break $recipient into name and address parts if in the format “Foo <(email visible only to moderators and staff)>”
$recipient_name = ”;
if( preg_match( ‘/(.*)<(.+)>/’, $recipient, $matches ) ) {
if ( count( $matches ) == 3 ) {
$recipient_name = $matches[1];
$recipient = $matches[2];
}
}
$phpmailer->AddBcc( $recipient, $recipient_name );
} catch ( phpmailerException $e ) {
continue;
}
}
}// Set to use PHP’s mail()
$phpmailer->IsMail();// Set Content-Type and charset
// If we don’t have a content-type from the input headers
if ( !isset( $content_type ) )
$content_type = ‘text/plain’;$content_type = apply_filters( ‘wp_mail_content_type’, $content_type );
$phpmailer->ContentType = $content_type;
// Set whether it’s plaintext, depending on $content_type
if ( ‘text/html’ == $content_type )
$phpmailer->IsHTML( true );// If we don’t have a charset from the input headers
if ( !isset( $charset ) )
$charset = get_bloginfo( ‘charset’ );// Set the content-type and charset
$phpmailer->CharSet = apply_filters( ‘wp_mail_charset’, $charset );// Set custom headers
if ( !empty( $headers ) ) {
foreach( (array) $headers as $name => $content ) {
$phpmailer->AddCustomHeader( sprintf( ‘%1$s: %2$s’, $name, $content ) );
}if ( false !== stripos( $content_type, ‘multipart’ ) && ! empty($boundary) )
$phpmailer->AddCustomHeader( sprintf( “Content-Type: %s;nt boundary=”%s””, $content_type, $boundary ) );
}if ( !empty( $attachments ) ) {
foreach ( $attachments as $attachment ) {
try {
$phpmailer->AddAttachment($attachment);
} catch ( phpmailerException $e ) {
continue;
}
}
}do_action_ref_array( ‘phpmailer_init’, array( &$phpmailer ) );
// Send!
try {
$phpmailer->Send();
} catch ( phpmailerException $e ) {
return false;
}return true;
}
endif;if ( !function_exists(‘wp_authenticate’) ) :
/**
* Checks a user’s login information and logs them in if it checks out.
*
* @since 2.5.0
*
* @param string $username User’s username
* @param string $password User’s password
* @return WP_Error|WP_User WP_User object if login successful, otherwise WP_Error object.
*/
function wp_authenticate($username, $password) {
$username = sanitize_user($username);
$password = trim($password);$user = apply_filters(‘authenticate’, null, $username, $password);
if ( $user == null ) {
// TODO what should the error message be? (Or would these even happen?)
// Only needed if all authentication handlers fail to return anything.
$user = new WP_Error(‘authentication_failed’, __(‘ERROR: Invalid username or incorrect password.’));
}$ignore_codes = array(’empty_username’, ’empty_password’);
if (is_wp_error($user) && !in_array($user->get_error_code(), $ignore_codes) ) {
do_action(‘wp_login_failed’, $username);
}return $user;
}
endif;if ( !function_exists(‘wp_logout’) ) :
/**
* Log the current user out.
*
* @since 2.5.0
*/
function wp_logout() {
wp_clear_auth_cookie();
do_action(‘wp_logout’);
}
endif;if ( !function_exists(‘wp_validate_auth_cookie’) ) :
/**
* Validates authentication cookie.
*
* The checks include making sure that the authentication cookie is set and
* pulling in the contents (if $cookie is not used).
*
* Makes sure the cookie is not expired. Verifies the hash in cookie is what is
* should be and compares the two.
*
* @since 2.5
*
* @param string $cookie Optional. If used, will validate contents instead of cookie’s
* @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in
* @return bool|int False if invalid cookie, User ID if valid.
*/
function wp_validate_auth_cookie($cookie = ”, $scheme = ”) {
if ( ! $cookie_elements = wp_parse_auth_cookie($cookie, $scheme) ) {
do_action(‘auth_cookie_malformed’, $cookie, $scheme);
return false;
}extract($cookie_elements, EXTR_OVERWRITE);
$expired = $expiration;
// Allow a grace period for POST and AJAX requests
if ( defined(‘DOING_AJAX’) || ‘POST’ == $_SERVER[‘REQUEST_METHOD’] )
$expired += 3600;// Quick check to see if an honest cookie has expired
if ( $expired < time() ) {
do_action(‘auth_cookie_expired’, $cookie_elements);
return false;
}$user = get_user_by(‘login’, $username);
if ( ! $user ) {
do_action(‘auth_cookie_bad_username’, $cookie_elements);
return false;
}$pass_frag = substr($user->user_pass, 8, 4);
$key = wp_hash($username . $pass_frag . ‘|’ . $expiration, $scheme);
$hash = hash_hmac(‘md5’, $username . ‘|’ . $expiration, $key);if ( $hmac != $hash ) {
do_action(‘auth_cookie_bad_hash’, $cookie_elements);
return false;
}if ( $expiration < time() ) // AJAX/POST grace period set above
$GLOBALS[‘login_grace_period’] = 1;do_action(‘auth_cookie_valid’, $cookie_elements, $user);
return $user->ID;
}
endif;if ( !function_exists(‘wp_generate_auth_cookie’) ) :
/**
* Generate authentication cookie contents.
*
* @since 2.5
* @uses apply_filters() Calls ‘auth_cookie’ hook on $cookie contents, User ID
* and expiration of cookie.
*
* @param int $user_id User ID
* @param int $expiration Cookie expiration in seconds
* @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in
* @return string Authentication cookie contents
*/
function wp_generate_auth_cookie($user_id, $expiration, $scheme = ‘auth’) {
$user = get_userdata($user_id);$pass_frag = substr($user->user_pass, 8, 4);
$key = wp_hash($user->user_login . $pass_frag . ‘|’ . $expiration, $scheme);
$hash = hash_hmac(‘md5’, $user->user_login . ‘|’ . $expiration, $key);$cookie = $user->user_login . ‘|’ . $expiration . ‘|’ . $hash;
return apply_filters(‘auth_cookie’, $cookie, $user_id, $expiration, $scheme);
}
endif;if ( !function_exists(‘wp_parse_auth_cookie’) ) :
/**
* Parse a cookie into its components
*
* @since 2.7
*
* @param string $cookie
* @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in
* @return array Authentication cookie components
*/
function wp_parse_auth_cookie($cookie = ”, $scheme = ”) {
if ( empty($cookie) ) {
switch ($scheme){
case ‘auth’:
$cookie_name = AUTH_COOKIE;
break;
case ‘secure_auth’:
$cookie_name = SECURE_AUTH_COOKIE;
break;
case “logged_in”:
$cookie_name = LOGGED_IN_COOKIE;
break;
default:
if ( is_ssl() ) {
$cookie_name = SECURE_AUTH_COOKIE;
$scheme = ‘secure_auth’;
} else {
$cookie_name = AUTH_COOKIE;
$scheme = ‘auth’;
}
}if ( empty($_COOKIE[$cookie_name]) )
return false;
$cookie = $_COOKIE[$cookie_name];
}$cookie_elements = explode(‘|’, $cookie);
if ( count($cookie_elements) != 3 )
return false;list($username, $expiration, $hmac) = $cookie_elements;
return compact(‘username’, ‘expiration’, ‘hmac’, ‘scheme’);
}
endif;if ( !function_exists(‘wp_set_auth_cookie’) ) :
/**
* Sets the authentication cookies based User ID.
*
* The $remember parameter increases the time that the cookie will be kept. The
* default the cookie is kept without remembering is two days. When $remember is
* set, the cookies will be kept for 14 days or two weeks.
*
* @since 2.5
*
* @param int $user_id User ID
* @param bool $remember Whether to remember the user
*/
function wp_set_auth_cookie($user_id, $remember = false, $secure = ”) {
if ( $remember ) {
$expiration = $expire = time() + apply_filters(‘auth_cookie_expiration’, 1209600, $user_id, $remember);
} else {
$expiration = time() + apply_filters(‘auth_cookie_expiration’, 172800, $user_id, $remember);
$expire = 0;
}if ( ” === $secure )
$secure = is_ssl();$secure = apply_filters(‘secure_auth_cookie’, $secure, $user_id);
$secure_logged_in_cookie = apply_filters(‘secure_logged_in_cookie’, false, $user_id, $secure);if ( $secure ) {
$auth_cookie_name = SECURE_AUTH_COOKIE;
$scheme = ‘secure_auth’;
} else {
$auth_cookie_name = AUTH_COOKIE;
$scheme = ‘auth’;
}$auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme);
$logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, ‘logged_in’);do_action(‘set_auth_cookie’, $auth_cookie, $expire, $expiration, $user_id, $scheme);
do_action(‘set_logged_in_cookie’, $logged_in_cookie, $expire, $expiration, $user_id, ‘logged_in’);setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
if ( COOKIEPATH != SITECOOKIEPATH )
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
}
endif;if ( !function_exists(‘wp_clear_auth_cookie’) ) :
/**
* Removes all of the cookies associated with authentication.
*
* @since 2.5
*/
function wp_clear_auth_cookie() {
do_action(‘clear_auth_cookie’);setcookie(AUTH_COOKIE, ‘ ‘, time() – 31536000, ADMIN_COOKIE_PATH, COOKIE_DOMAIN);
setcookie(SECURE_AUTH_COOKIE, ‘ ‘, time() – 31536000, ADMIN_COOKIE_PATH, COOKIE_DOMAIN);
setcookie(AUTH_COOKIE, ‘ ‘, time() – 31536000, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN);
setcookie(SECURE_AUTH_COOKIE, ‘ ‘, time() – 31536000, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN);
setcookie(LOGGED_IN_COOKIE, ‘ ‘, time() – 31536000, COOKIEPATH, COOKIE_DOMAIN);
setcookie(LOGGED_IN_COOKIE, ‘ ‘, time() – 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);// Old cookies
setcookie(AUTH_COOKIE, ‘ ‘, time() – 31536000, COOKIEPATH, COOKIE_DOMAIN);
setcookie(AUTH_COOKIE, ‘ ‘, time() – 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
setcookie(SECURE_AUTH_COOKIE, ‘ ‘, time() – 31536000, COOKIEPATH, COOKIE_DOMAIN);
setcookie(SECURE_AUTH_COOKIE, ‘ ‘, time() – 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);// Even older cookies
setcookie(USER_COOKIE, ‘ ‘, time() – 31536000, COOKIEPATH, COOKIE_DOMAIN);
setcookie(PASS_COOKIE, ‘ ‘, time() – 31536000, COOKIEPATH, COOKIE_DOMAIN);
setcookie(USER_COOKIE, ‘ ‘, time() – 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
setcookie(PASS_COOKIE, ‘ ‘, time() – 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
}
endif;if ( !function_exists(‘is_user_logged_in’) ) :
/**
* Checks if the current visitor is a logged in user.
*
* @since 2.0.0
*
* @return bool True if user is logged in, false if not logged in.
*/
function is_user_logged_in() {
$user = wp_get_current_user();if ( empty( $user->ID ) )
return false;return true;
}
endif;if ( !function_exists(‘auth_redirect’) ) :
/**
* Checks if a user is logged in, if not it redirects them to the login page.
*
* @since 1.5
*/
function auth_redirect() {
// Checks if a user is logged in, if not redirects them to the login page$secure = ( is_ssl() || force_ssl_admin() );
$secure = apply_filters(‘secure_auth_redirect’, $secure);
// If https is required and request is http, redirect
if ( $secure && !is_ssl() && false !== strpos($_SERVER[‘REQUEST_URI’], ‘wp-admin’) ) {
if ( 0 === strpos($_SERVER[‘REQUEST_URI’], ‘http’) ) {
wp_redirect(preg_replace(‘|^http://|’, ‘https://’, $_SERVER[‘REQUEST_URI’]));
exit();
} else {
wp_redirect(‘https://’ . $_SERVER[‘HTTP_HOST’] . $_SERVER[‘REQUEST_URI’]);
exit();
}
}if ( is_user_admin() )
$scheme = ‘logged_in’;
else
$scheme = apply_filters( ‘auth_redirect_scheme’, ” );if ( $user_id = wp_validate_auth_cookie( ”, $scheme) ) {
do_action(‘auth_redirect’, $user_id);// If the user wants ssl but the session is not ssl, redirect.
if ( !$secure && get_user_option(‘use_ssl’, $user_id) && false !== strpos($_SERVER[‘REQUEST_URI’], ‘wp-admin’) ) {
if ( 0 === strpos($_SERVER[‘REQUEST_URI’], ‘http’) ) {
wp_redirect(preg_replace(‘|^http://|’, ‘https://’, $_SERVER[‘REQUEST_URI’]));
exit();
} else {
wp_redirect(‘https://’ . $_SERVER[‘HTTP_HOST’] . $_SERVER[‘REQUEST_URI’]);
exit();
}
}return; // The cookie is good so we’re done
}// The cookie is no good so force login
nocache_headers();if ( is_ssl() )
$proto = ‘https://’;
else
$proto = ‘http://’;$redirect = ( strpos($_SERVER[‘REQUEST_URI’], ‘/options.php’) && wp_get_referer() ) ? wp_get_referer() : $proto . $_SERVER[‘HTTP_HOST’] . $_SERVER[‘REQUEST_URI’];
$login_url = wp_login_url($redirect, true);
wp_redirect($login_url);
exit();
}
endif;if ( !function_exists(‘check_admin_referer’) ) :
/**
* Makes sure that a user was referred from another admin page.
*
* To avoid security exploits.
*
* @since 1.2.0
* @uses do_action() Calls ‘check_admin_referer’ on $action.
*
* @param string $action Action nonce
* @param string $query_arg where to look for nonce in $_REQUEST (since 2.5)
*/
function check_admin_referer($action = -1, $query_arg = ‘_wpnonce’) {
if ( -1 == $action )
_doing_it_wrong( __FUNCTION__, __( ‘You should specify a nonce action to be verified by using the first parameter.’ ), ‘3.2’ );$adminurl = strtolower(admin_url());
$referer = strtolower(wp_get_referer());
$result = isset($_REQUEST[$query_arg]) ? wp_verify_nonce($_REQUEST[$query_arg], $action) : false;
if ( !$result && !(-1 == $action && strpos($referer, $adminurl) === 0) ) {
wp_nonce_ays($action);
die();
}
do_action(‘check_admin_referer’, $action, $result);
return $result;
}endif;if ( !function_exists(‘check_ajax_referer’) ) :
/**
* Verifies the AJAX request to prevent processing requests external of the blog.
*
* @since 2.0.3
*
* @param string $action Action nonce
* @param string $query_arg where to look for nonce in $_REQUEST (since 2.5)
*/
function check_ajax_referer( $action = -1, $query_arg = false, $die = true ) {
if ( $query_arg )
$nonce = $_REQUEST[$query_arg];
else
$nonce = isset($_REQUEST[‘_ajax_nonce’]) ? $_REQUEST[‘_ajax_nonce’] : $_REQUEST[‘_wpnonce’];$result = wp_verify_nonce( $nonce, $action );
if ( $die && false == $result )
die(‘-1’);do_action(‘check_ajax_referer’, $action, $result);
return $result;
}
endif;if ( !function_exists(‘wp_redirect’) ) :
/**
* Redirects to another page.
*
* @since 1.5.1
* @uses apply_filters() Calls ‘wp_redirect’ hook on $location and $status.
*
* @param string $location The path to redirect to
* @param int $status Status code to use
* @return bool False if $location is not set
*/
function wp_redirect($location, $status = 302) {
global $is_IIS;$location = apply_filters(‘wp_redirect’, $location, $status);
$status = apply_filters(‘wp_redirect_status’, $status, $location);if ( !$location ) // allows the wp_redirect filter to cancel a redirect
return false;$location = wp_sanitize_redirect($location);
if ( !$is_IIS && php_sapi_name() != ‘cgi-fcgi’ )
status_header($status); // This causes problems on IIS and some FastCGI setupsheader(“Location: $location”, true, $status);
}
endif;if ( !function_exists(‘wp_sanitize_redirect’) ) :
/**
* Sanitizes a URL for use in a redirect.
*
* @since 2.3
*
* @return string redirect-sanitized URL
**/
function wp_sanitize_redirect($location) {
$location = preg_replace(‘|[^a-z0-9-~+_.?#=&;,/:%!]|i’, ”, $location);
$location = wp_kses_no_null($location);// remove %0d and %0a from location
$strip = array(‘%0d’, ‘%0a’, ‘%0D’, ‘%0A’);
$location = _deep_replace($strip, $location);
return $location;
}
endif;if ( !function_exists(‘wp_safe_redirect’) ) :
/**
* Performs a safe (local) redirect, using wp_redirect().
*
* Checks whether the $location is using an allowed host, if it has an absolute
* path. A plugin can therefore set or remove allowed host(s) to or from the
* list.
*
* If the host is not allowed, then the redirect is to wp-admin on the siteurl
* instead. This prevents malicious redirects which redirect to another host,
* but only used in a few places.
*
* @since 2.3
* @uses wp_validate_redirect() To validate the redirect is to an allowed host.
*
* @return void Does not return anything
**/
function wp_safe_redirect($location, $status = 302) {// Need to look at the URL the way it will end up in wp_redirect()
$location = wp_sanitize_redirect($location);$location = wp_validate_redirect($location, admin_url());
wp_redirect($location, $status);
}
endif;if ( !function_exists(‘wp_validate_redirect’) ) :
/**
* Validates a URL for use in a redirect.
*
* Checks whether the $location is using an allowed host, if it has an absolute
* path. A plugin can therefore set or remove allowed host(s) to or from the
* list.
*
* If the host is not allowed, then the redirect is to $default supplied
*
* @since 2.8.1
* @uses apply_filters() Calls ‘allowed_redirect_hosts’ on an array containing
* WordPress host string and $location host string.
*
* @param string $location The redirect to validate
* @param string $default The value to return is $location is not allowed
* @return string redirect-sanitized URL
**/
function wp_validate_redirect($location, $default = ”) {
// browsers will assume ‘http’ is your protocol, and will obey a redirect to a URL starting with ‘//’
if ( substr($location, 0, 2) == ‘//’ )
$location = ‘http:’ . $location;// In php 5 parse_url may fail if the URL query part contains http://, bug #38143
$test = ( $cut = strpos($location, ‘?’) ) ? substr( $location, 0, $cut ) : $location;$lp = parse_url($test);
// Give up if malformed URL
if ( false === $lp )
return $default;// Allow only http and https schemes. No data:, etc.
if ( isset($lp[‘scheme’]) && !(‘http’ == $lp[‘scheme’] || ‘https’ == $lp[‘scheme’]) )
return $default;// Reject if scheme is set but host is not. This catches urls like https:host.com for which parse_url does not set the host field.
if ( isset($lp[‘scheme’]) && !isset($lp[‘host’]) )
return $default;$wpp = parse_url(home_url());
$allowed_hosts = (array) apply_filters(‘allowed_redirect_hosts’, array($wpp[‘host’]), isset($lp[‘host’]) ? $lp[‘host’] : ”);
if ( isset($lp[‘host’]) && ( !in_array($lp[‘host’], $allowed_hosts) && $lp[‘host’] != strtolower($wpp[‘host’])) )
$location = $default;return $location;
}
endif;if ( ! function_exists(‘wp_notify_postauthor’) ) :
/**
* Notify an author of a comment/trackback/pingback to one of their posts.
*
* @since 1.0.0
*
* @param int $comment_id Comment ID
* @param string $comment_type Optional. The comment type either ‘comment’ (default), ‘trackback’, or ‘pingback’
* @return bool False if user email does not exist. True on completion.
*/
function wp_notify_postauthor( $comment_id, $comment_type = ” ) {
$comment = get_comment( $comment_id );
$post = get_post( $comment->comment_post_ID );
$author = get_userdata( $post->post_author );// The comment was left by the author
if ( $comment->user_id == $post->post_author )
return false;// The author moderated a comment on his own post
if ( $post->post_author == get_current_user_id() )
return false;// If there’s no email to send the comment to
if ( ” == $author->user_email )
return false;$comment_author_domain = @gethostbyaddr($comment->comment_author_IP);
// The blogname option is escaped with esc_html on the way into the database in sanitize_option
// we want to reverse this for the plain text arena of emails.
$blogname = wp_specialchars_decode(get_option(‘blogname’), ENT_QUOTES);if ( empty( $comment_type ) ) $comment_type = ‘comment’;
if (‘comment’ == $comment_type) {
$notify_message = sprintf( __( ‘New comment on your post “%s”‘ ), $post->post_title ) . “rn”;
/* translators: 1: comment author, 2: author IP, 3: author domain */
$notify_message .= sprintf( __(‘Author : %1$s (IP: %2$s , %3$s)’), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . “rn”;
$notify_message .= sprintf( __(‘E-mail : %s’), $comment->comment_author_email ) . “rn”;
$notify_message .= sprintf( __(‘URL : %s’), $comment->comment_author_url ) . “rn”;
$notify_message .= sprintf( __(‘Whois : http://whois.arin.net/rest/ip/%s’), $comment->comment_author_IP ) . “rn”;
$notify_message .= __(‘Comment: ‘) . “rn” . $comment->comment_content . “rnrn”;
$notify_message .= __(‘You can see all comments on this post here: ‘) . “rn”;
/* translators: 1: blog name, 2: post title */
$subject = sprintf( __(‘[%1$s] Comment: “%2$s”‘), $blogname, $post->post_title );
} elseif (‘trackback’ == $comment_type) {
$notify_message = sprintf( __( ‘New trackback on your post “%s”‘ ), $post->post_title ) . “rn”;
/* translators: 1: website name, 2: author IP, 3: author domain */
$notify_message .= sprintf( __(‘Website: %1$s (IP: %2$s , %3$s)’), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . “rn”;
$notify_message .= sprintf( __(‘URL : %s’), $comment->comment_author_url ) . “rn”;
$notify_message .= __(‘Excerpt: ‘) . “rn” . $comment->comment_content . “rnrn”;
$notify_message .= __(‘You can see all trackbacks on this post here: ‘) . “rn”;
/* translators: 1: blog name, 2: post title */
$subject = sprintf( __(‘[%1$s] Trackback: “%2$s”‘), $blogname, $post->post_title );
} elseif (‘pingback’ == $comment_type) {
$notify_message = sprintf( __( ‘New pingback on your post “%s”‘ ), $post->post_title ) . “rn”;
/* translators: 1: comment author, 2: author IP, 3: author domain */
$notify_message .= sprintf( __(‘Website: %1$s (IP: %2$s , %3$s)’), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . “rn”;
$notify_message .= sprintf( __(‘URL : %s’), $comment->comment_author_url ) . “rn”;
$notify_message .= __(‘Excerpt: ‘) . “rn” . sprintf(‘[…] %s […]’, $comment->comment_content ) . “rnrn”;
$notify_message .= __(‘You can see all pingbacks on this post here: ‘) . “rn”;
/* translators: 1: blog name, 2: post title */
$subject = sprintf( __(‘[%1$s] Pingback: “%2$s”‘), $blogname, $post->post_title );
}
$notify_message .= get_permalink($comment->comment_post_ID) . “#commentsrnrn”;
$notify_message .= sprintf( __(‘Permalink: %s’), get_permalink( $comment->comment_post_ID ) . ‘#comment-‘ . $comment_id ) . “rn”;
if ( EMPTY_TRASH_DAYS )
$notify_message .= sprintf( __(‘Trash it: %s’), admin_url(“comment.php?action=trash&c=$comment_id”) ) . “rn”;
else
$notify_message .= sprintf( __(‘Delete it: %s’), admin_url(“comment.php?action=delete&c=$comment_id”) ) . “rn”;
$notify_message .= sprintf( __(‘Spam it: %s’), admin_url(“comment.php?action=spam&c=$comment_id”) ) . “rn”;$wp_email = ‘wordpress@’ . preg_replace(‘#^www.#’, ”, strtolower($_SERVER[‘SERVER_NAME’]));
if ( ” == $comment->comment_author ) {
$from = “From: ”$blogname” <$wp_email>”;
if ( ” != $comment->comment_author_email )
$reply_to = “Reply-To: $comment->comment_author_email”;
} else {
$from = “From: ”$comment->comment_author” <$wp_email>”;
if ( ” != $comment->comment_author_email )
$reply_to = “Reply-To: ”$comment->comment_author_email” <$comment->comment_author_email>”;
}$message_headers = “$fromn”
. “Content-Type: text/plain; charset=”” . get_option(‘blog_charset’) . “”n”;if ( isset($reply_to) )
$message_headers .= $reply_to . “n”;$notify_message = apply_filters(‘comment_notification_text’, $notify_message, $comment_id);
$subject = apply_filters(‘comment_notification_subject’, $subject, $comment_id);
$message_headers = apply_filters(‘comment_notification_headers’, $message_headers, $comment_id);@wp_mail( $author->user_email, $subject, $notify_message, $message_headers );
return true;
}
endif;if ( !function_exists(‘wp_notify_moderator’) ) :
/**
* Notifies the moderator of the blog about a new comment that is awaiting approval.
*
* @since 1.0
* @uses $wpdb
*
* @param int $comment_id Comment ID
* @return bool Always returns true
*/
function wp_notify_moderator($comment_id) {
global $wpdb;if ( 0 == get_option( ‘moderation_notify’ ) )
return true;$comment = get_comment($comment_id);
$post = get_post($comment->comment_post_ID);
$user = get_userdata( $post->post_author );
// Send to the administration and to the post author if the author can modify the comment.
$email_to = array( get_option(‘admin_email’) );
if ( user_can($user->ID, ‘edit_comment’, $comment_id) && !empty($user->user_email) && ( get_option(‘admin_email’) != $user->user_email) )
$email_to[] = $user->user_email;$comment_author_domain = @gethostbyaddr($comment->comment_author_IP);
$comments_waiting = $wpdb->get_var(“SELECT count(comment_ID) FROM $wpdb->comments WHERE comment_approved = ‘0’”);// The blogname option is escaped with esc_html on the way into the database in sanitize_option
// we want to reverse this for the plain text arena of emails.
$blogname = wp_specialchars_decode(get_option(‘blogname’), ENT_QUOTES);switch ($comment->comment_type)
{
case ‘trackback’:
$notify_message = sprintf( __(‘A new trackback on the post “%s” is waiting for your approval’), $post->post_title ) . “rn”;
$notify_message .= get_permalink($comment->comment_post_ID) . “rnrn”;
$notify_message .= sprintf( __(‘Website : %1$s (IP: %2$s , %3$s)’), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . “rn”;
$notify_message .= sprintf( __(‘URL : %s’), $comment->comment_author_url ) . “rn”;
$notify_message .= __(‘Trackback excerpt: ‘) . “rn” . $comment->comment_content . “rnrn”;
break;
case ‘pingback’:
$notify_message = sprintf( __(‘A new pingback on the post “%s” is waiting for your approval’), $post->post_title ) . “rn”;
$notify_message .= get_permalink($comment->comment_post_ID) . “rnrn”;
$notify_message .= sprintf( __(‘Website : %1$s (IP: %2$s , %3$s)’), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . “rn”;
$notify_message .= sprintf( __(‘URL : %s’), $comment->comment_author_url ) . “rn”;
$notify_message .= __(‘Pingback excerpt: ‘) . “rn” . $comment->comment_content . “rnrn”;
break;
default: //Comments
$notify_message = sprintf( __(‘A new comment on the post “%s” is waiting for your approval’), $post->post_title ) . “rn”;
$notify_message .= get_permalink($comment->comment_post_ID) . “rnrn”;
$notify_message .= sprintf( __(‘Author : %1$s (IP: %2$s , %3$s)’), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . “rn”;
$notify_message .= sprintf( __(‘E-mail : %s’), $comment->comment_author_email ) . “rn”;
$notify_message .= sprintf( __(‘URL : %s’), $comment->comment_author_url ) . “rn”;
$notify_message .= sprintf( __(‘Whois : http://whois.arin.net/rest/ip/%s’), $comment->comment_author_IP ) . “rn”;
$notify_message .= __(‘Comment: ‘) . “rn” . $comment->comment_content . “rnrn”;
break;
}$notify_message .= sprintf( __(‘Approve it: %s’), admin_url(“comment.php?action=approve&c=$comment_id”) ) . “rn”;
if ( EMPTY_TRASH_DAYS )
$notify_message .= sprintf( __(‘Trash it: %s’), admin_url(“comment.php?action=trash&c=$comment_id”) ) . “rn”;
else
$notify_message .= sprintf( __(‘Delete it: %s’), admin_url(“comment.php?action=delete&c=$comment_id”) ) . “rn”;
$notify_message .= sprintf( __(‘Spam it: %s’), admin_url(“comment.php?action=spam&c=$comment_id”) ) . “rn”;$notify_message .= sprintf( _n(‘Currently %s comment is waiting for approval. Please visit the moderation panel:’,
‘Currently %s comments are waiting for approval. Please visit the moderation panel:’, $comments_waiting), number_format_i18n($comments_waiting) ) . “rn”;
$notify_message .= admin_url(“edit-comments.php?comment_status=moderated”) . “rn”;$subject = sprintf( __(‘[%1$s] Please moderate: “%2$s”‘), $blogname, $post->post_title );
$message_headers = ”;$notify_message = apply_filters(‘comment_moderation_text’, $notify_message, $comment_id);
$subject = apply_filters(‘comment_moderation_subject’, $subject, $comment_id);
$message_headers = apply_filters(‘comment_moderation_headers’, $message_headers);foreach ( $email_to as $email )
@wp_mail($email, $subject, $notify_message, $message_headers);return true;
}
endif;if ( !function_exists(‘wp_password_change_notification’) ) :
/**
* Notify the blog admin of a user changing password, normally via email.
*
* @since 2.7
*
* @param object $user User Object
*/
function wp_password_change_notification(&$user) {
// send a copy of password change notification to the admin
// but check to see if it’s the admin whose password we’re changing, and skip this
if ( $user->user_email != get_option(‘admin_email’) ) {
$message = sprintf(__(‘Password Lost and Changed for user: %s’), $user->user_login) . “rn”;
// The blogname option is escaped with esc_html on the way into the database in sanitize_option
// we want to reverse this for the plain text arena of emails.
$blogname = wp_specialchars_decode(get_option(‘blogname’), ENT_QUOTES);
wp_mail(get_option(‘admin_email’), sprintf(__(‘[%s] Password Lost/Changed’), $blogname), $message);
}
}
endif;if ( !function_exists(‘wp_new_user_notification’) ) :
/**
* Notify the blog admin of a new user, normally via email.
*
* @since 2.0
*
* @param int $user_id User ID
* @param string $plaintext_pass Optional. The user’s plaintext password
*/
function wp_new_user_notification($user_id, $plaintext_pass = ”) {
$user = new WP_User($user_id);$user_login = stripslashes($user->user_login);
$user_email = stripslashes($user->user_email);// The blogname option is escaped with esc_html on the way into the database in sanitize_option
// we want to reverse this for the plain text arena of emails.
$blogname = wp_specialchars_decode(get_option(‘blogname’), ENT_QUOTES);$message = sprintf(__(‘New user registration on your site %s:’), $blogname) . “rnrn”;
$message .= sprintf(__(‘Username: %s’), $user_login) . “rnrn”;
$message .= sprintf(__(‘E-mail: %s’), $user_email) . “rn”;@wp_mail(get_option(‘admin_email’), sprintf(__(‘[%s] New User Registration’), $blogname), $message);
if ( empty($plaintext_pass) )
return;$message = sprintf(__(‘Username: %s’), $user_login) . “rn”;
$message .= sprintf(__(‘Password: %s’), $plaintext_pass) . “rn”;
$message .= wp_login_url() . “rn”;wp_mail($user_email, sprintf(__(‘[%s] Your username and password’), $blogname), $message);
}
endif;if ( !function_exists(‘wp_nonce_tick’) ) :
/**
* Get the time-dependent variable for nonce creation.
*
* A nonce has a lifespan of two ticks. Nonces in their second tick may be
* updated, e.g. by autosave.
*
* @since 2.5
*
* @return int
*/
function wp_nonce_tick() {
$nonce_life = apply_filters(‘nonce_life’, 86400);return ceil(time() / ( $nonce_life / 2 ));
}
endif;if ( !function_exists(‘wp_verify_nonce’) ) :
/**
* Verify that correct nonce was used with time limit.
*
* The user is given an amount of time to use the token, so therefore, since the
* UID and $action remain the same, the independent variable is the time.
*
* @since 2.0.3
*
* @param string $nonce Nonce that was used in the form to verify
* @param string|int $action Should give context to what is taking place and be the same when nonce was created.
* @return bool Whether the nonce check passed or failed.
*/
function wp_verify_nonce($nonce, $action = -1) {
$user = wp_get_current_user();
$uid = (int) $user->ID;$i = wp_nonce_tick();
// Nonce generated 0-12 hours ago
if ( substr(wp_hash($i . $action . $uid, ‘nonce’), -12, 10) == $nonce )
return 1;
// Nonce generated 12-24 hours ago
if ( substr(wp_hash(($i – 1) . $action . $uid, ‘nonce’), -12, 10) == $nonce )
return 2;
// Invalid nonce
return false;
}
endif;if ( !function_exists(‘wp_create_nonce’) ) :
/**
* Creates a random, one time use token.
*
* @since 2.0.3
*
* @param string|int $action Scalar value to add context to the nonce.
* @return string The one use form token
*/
function wp_create_nonce($action = -1) {
$user = wp_get_current_user();
$uid = (int) $user->ID;$i = wp_nonce_tick();
return substr(wp_hash($i . $action . $uid, ‘nonce’), -12, 10);
}
endif;if ( !function_exists(‘wp_salt’) ) :
/**
* Get salt to add to hashes to help prevent attacks.
*
* The secret key is located in two places: the database in case the secret key
* isn’t defined in the second place, which is in the wp-config.php file. If you
* are going to set the secret key, then you must do so in the wp-config.php
* file.
*
* The secret key in the database is randomly generated and will be appended to
* the secret key that is in wp-config.php file in some instances. It is
* important to have the secret key defined or changed in wp-config.php.
*
* If you have installed WordPress 2.5 or later, then you will have the
* SECRET_KEY defined in the wp-config.php already. You will want to change the
* value in it because hackers will know what it is. If you have upgraded to
* WordPress 2.5 or later version from a version before WordPress 2.5, then you
* should add the constant to your wp-config.php file.
*
* Below is an example of how the SECRET_KEY constant is defined with a value.
* You must not copy the below example and paste into your wp-config.php. If you
* need an example, then you can have a
* {@link https://api.wordpress.org/secret-key/1.1/ secret key created} for you.
*
*
* define('SECRET_KEY', 'mAry1HadA15|/|b17w55w1t3asSn09w');
*
*
* Salting passwords helps against tools which has stored hashed values of
* common dictionary strings. The added values makes it harder to crack if given
* salt string is not weak.
*
* @since 2.5
* @link https://api.wordpress.org/secret-key/1.1/ Create a Secret Key for wp-config.php
*
* @param string $scheme Authentication scheme
* @return string Salt value
*/
function wp_salt($scheme = ‘auth’) {
global $wp_default_secret_key;
$secret_key = ”;
if ( defined(‘SECRET_KEY’) && (” != SECRET_KEY) && ( $wp_default_secret_key != SECRET_KEY) )
$secret_key = SECRET_KEY;if ( ‘auth’ == $scheme ) {
if ( defined(‘AUTH_KEY’) && (” != AUTH_KEY) && ( $wp_default_secret_key != AUTH_KEY) )
$secret_key = AUTH_KEY;if ( defined(‘AUTH_SALT’) && (” != AUTH_SALT) && ( $wp_default_secret_key != AUTH_SALT) ) {
$salt = AUTH_SALT;
} elseif ( defined(‘SECRET_SALT’) && (” != SECRET_SALT) && ( $wp_default_secret_key != SECRET_SALT) ) {
$salt = SECRET_SALT;
} else {
$salt = get_site_option(‘auth_salt’);
if ( empty($salt) ) {
$salt = wp_generate_password( 64, true, true );
update_site_option(‘auth_salt’, $salt);
}
}
} elseif ( ‘secure_auth’ == $scheme ) {
if ( defined(‘SECURE_AUTH_KEY’) && (” != SECURE_AUTH_KEY) && ( $wp_default_secret_key != SECURE_AUTH_KEY) )
$secret_key = SECURE_AUTH_KEY;if ( defined(‘SECURE_AUTH_SALT’) && (” != SECURE_AUTH_SALT) && ( $wp_default_secret_key != SECURE_AUTH_SALT) ) {
$salt = SECURE_AUTH_SALT;
} else {
$salt = get_site_option(‘secure_auth_salt’);
if ( empty($salt) ) {
$salt = wp_generate_password( 64, true, true );
update_site_option(‘secure_auth_salt’, $salt);
}
}
} elseif ( ‘logged_in’ == $scheme ) {
if ( defined(‘LOGGED_IN_KEY’) && (” != LOGGED_IN_KEY) && ( $wp_default_secret_key != LOGGED_IN_KEY) )
$secret_key = LOGGED_IN_KEY;if ( defined(‘LOGGED_IN_SALT’) && (” != LOGGED_IN_SALT) && ( $wp_default_secret_key != LOGGED_IN_SALT) ) {
$salt = LOGGED_IN_SALT;
} else {
$salt = get_site_option(‘logged_in_salt’);
if ( empty($salt) ) {
$salt = wp_generate_password( 64, true, true );
update_site_option(‘logged_in_salt’, $salt);
}
}
} elseif ( ‘nonce’ == $scheme ) {
if ( defined(‘NONCE_KEY’) && (” != NONCE_KEY) && ( $wp_default_secret_key != NONCE_KEY) )
$secret_key = NONCE_KEY;if ( defined(‘NONCE_SALT’) && (” != NONCE_SALT) && ( $wp_default_secret_key != NONCE_SALT) ) {
$salt = NONCE_SALT;
} else {
$salt = get_site_option(‘nonce_salt’);
if ( empty($salt) ) {
$salt = wp_generate_password( 64, true, true );
update_site_option(‘nonce_salt’, $salt);
}
}
} else {
// ensure each auth scheme has its own unique salt
$salt = hash_hmac(‘md5’, $scheme, $secret_key);
}return apply_filters(‘salt’, $secret_key . $salt, $scheme);
}
endif;if ( !function_exists(‘wp_hash’) ) :
/**
* Get hash of given string.
*
* @since 2.0.3
* @uses wp_salt() Get WordPress salt
*
* @param string $data Plain text to hash
* @return string Hash of $data
*/
function wp_hash($data, $scheme = ‘auth’) {
$salt = wp_salt($scheme);return hash_hmac(‘md5’, $data, $salt);
}
endif;if ( !function_exists(‘wp_hash_password’) ) :
/**
* Create a hash (encrypt) of a plain text password.
*
* For integration with other applications, this function can be overwritten to
* instead use the other package password checking algorithm.
*
* @since 2.5
* @global object $wp_hasher PHPass object
* @uses PasswordHash::HashPassword
*
* @param string $password Plain text user password to hash
* @return string The hash string of the password
*/
function wp_hash_password($password) {
global $wp_hasher;if ( empty($wp_hasher) ) {
require_once( ABSPATH . ‘wp-includes/class-phpass.php’);
// By default, use the portable hash from phpass
$wp_hasher = new PasswordHash(8, TRUE);
}return $wp_hasher->HashPassword($password);
}
endif;if ( !function_exists(‘wp_check_password’) ) :
/**
* Checks the plaintext password against the encrypted Password.
*
* Maintains compatibility between old version and the new cookie authentication
* protocol using PHPass library. The $hash parameter is the encrypted password
* and the function compares the plain text password when encrypted similarly
* against the already encrypted password to see if they match.
*
* For integration with other applications, this function can be overwritten to
* instead use the other package password checking algorithm.
*
* @since 2.5
* @global object $wp_hasher PHPass object used for checking the password
* against the $hash + $password
* @uses PasswordHash::CheckPassword
*
* @param string $password Plaintext user’s password
* @param string $hash Hash of the user’s password to check against.
* @return bool False, if the $password does not match the hashed password
*/
function wp_check_password($password, $hash, $user_id = ”) {
global $wp_hasher;// If the hash is still md5…
if ( strlen($hash) <= 32 ) {
$check = ( $hash == md5($password) );
if ( $check && $user_id ) {
// Rehash using new hash.
wp_set_password($password, $user_id);
$hash = wp_hash_password($password);
}return apply_filters(‘check_password’, $check, $password, $hash, $user_id);
}// If the stored hash is longer than an MD5, presume the
// new style phpass portable hash.
if ( empty($wp_hasher) ) {
require_once( ABSPATH . ‘wp-includes/class-phpass.php’);
// By default, use the portable hash from phpass
$wp_hasher = new PasswordHash(8, TRUE);
}$check = $wp_hasher->CheckPassword($password, $hash);
return apply_filters(‘check_password’, $check, $password, $hash, $user_id);
}
endif;if ( !function_exists(‘wp_generate_password’) ) :
/**
* Generates a random password drawn from the defined set of characters.
*
* @since 2.5
*
* @param int $length The length of password to generate
* @param bool $special_chars Whether to include standard special characters. Default true.
* @param bool $extra_special_chars Whether to include other special characters. Used when
* generating secret keys and salts. Default false.
* @return string The random password
**/
function wp_generate_password( $length = 12, $special_chars = true, $extra_special_chars = false ) {
$chars = ‘abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789’;
if ( $special_chars )
$chars .= ‘!@#$%^&*()’;
if ( $extra_special_chars )
$chars .= ‘-_ []{}<>~`+=,.;:/?|’;$password = ”;
for ( $i = 0; $i < $length; $i++ ) {
$password .= substr($chars, wp_rand(0, strlen($chars) – 1), 1);
}// random_password filter was previously in random_password function which was deprecated
return apply_filters(‘random_password’, $password);
}
endif;if ( !function_exists(‘wp_rand’) ) :
/**
* Generates a random number
*
* @since 2.6.2
*
* @param int $min Lower limit for the generated number (optional, default is 0)
* @param int $max Upper limit for the generated number (optional, default is 4294967295)
* @return int A random number between min and max
*/
function wp_rand( $min = 0, $max = 0 ) {
global $rnd_value;// Reset $rnd_value after 14 uses
// 32(md5) + 40(sha1) + 40(sha1) / 8 = 14 random numbers from $rnd_value
if ( strlen($rnd_value) < 8 ) {
if ( defined( ‘WP_SETUP_CONFIG’ ) )
static $seed = ”;
else
$seed = get_transient(‘random_seed’);
$rnd_value = md5( uniqid(microtime() . mt_rand(), true ) . $seed );
$rnd_value .= sha1($rnd_value);
$rnd_value .= sha1($rnd_value . $seed);
$seed = md5($seed . $rnd_value);
if ( ! defined( ‘WP_SETUP_CONFIG’ ) )
set_transient(‘random_seed’, $seed);
}// Take the first 8 digits for our value
$value = substr($rnd_value, 0, 8);// Strip the first eight, leaving the remainder for the next call to wp_rand().
$rnd_value = substr($rnd_value, 8);$value = abs(hexdec($value));
// Reduce the value to be within the min – max range
// 4294967295 = 0xffffffff = max random number
if ( $max != 0 )
$value = $min + (($max – $min + 1) * ($value / (4294967295 + 1)));return abs(intval($value));
}
endif;if ( !function_exists(‘wp_set_password’) ) :
/**
* Updates the user’s password with a new encrypted one.
*
* For integration with other applications, this function can be overwritten to
* instead use the other package password checking algorithm.
*
* @since 2.5
* @uses $wpdb WordPress database object for queries
* @uses wp_hash_password() Used to encrypt the user’s password before passing to the database
*
* @param string $password The plaintext new user password
* @param int $user_id User ID
*/
function wp_set_password( $password, $user_id ) {
global $wpdb;$hash = wp_hash_password($password);
$wpdb->update($wpdb->users, array(‘user_pass’ => $hash, ‘user_activation_key’ => ”), array(‘ID’ => $user_id) );wp_cache_delete($user_id, ‘users’);
}
endif;if ( !function_exists( ‘get_avatar’ ) ) :
/**
* Retrieve the avatar for a user who provided a user ID or email address.
*
* @since 2.5
* @param int|string|object $id_or_email A user ID, email address, or comment object
* @param int $size Size of the avatar image
* @param string $default URL to a default image to use if no avatar is available
* @param string $alt Alternate text to use in image tag. Defaults to blank
* @return string <img> tag for the user’s avatar
*/
function get_avatar( $id_or_email, $size = ’96’, $default = ”, $alt = false ) {
if ( ! get_option(‘show_avatars’) )
return false;if ( false === $alt)
$safe_alt = ”;
else
$safe_alt = esc_attr( $alt );if ( !is_numeric($size) )
$size = ’96’;$email = ”;
if ( is_numeric($id_or_email) ) {
$id = (int) $id_or_email;
$user = get_userdata($id);
if ( $user )
$email = $user->user_email;
} elseif ( is_object($id_or_email) ) {
// No avatar for pingbacks or trackbacks
$allowed_comment_types = apply_filters( ‘get_avatar_comment_types’, array( ‘comment’ ) );
if ( ! empty( $id_or_email->comment_type ) && ! in_array( $id_or_email->comment_type, (array) $allowed_comment_types ) )
return false;if ( !empty($id_or_email->user_id) ) {
$id = (int) $id_or_email->user_id;
$user = get_userdata($id);
if ( $user)
$email = $user->user_email;
} elseif ( !empty($id_or_email->comment_author_email) ) {
$email = $id_or_email->comment_author_email;
}
} else {
$email = $id_or_email;
}if ( empty($default) ) {
$avatar_default = get_option(‘avatar_default’);
if ( empty($avatar_default) )
$default = ‘mystery’;
else
$default = $avatar_default;
}if ( !empty($email) )
$email_hash = md5( strtolower( $email ) );if ( is_ssl() ) {
$host = ‘https://secure.gravatar.com’;
} else {
if ( !empty($email) )
$host = sprintf( “http://%d.gravatar.com”, ( hexdec( $email_hash[0] ) % 2 ) ); -
You did not specify a blog address or reason for posting when you created this topic.
This support forum is for blogs hosted at WordPress.com. If your question is about a self-hosted WordPress blog then you’ll find help at the WordPress.org forums.
If you don’t understand the difference between WordPress.com and WordPress.org, you may find this information helpful.
If you forgot to include a link to your blog, you can reply and include it below. It’ll help people to answer your question.
This is an automated message.
-
This is the wordpress.com support forum. The link your provide is not to a wordpress.com blog. We provide support only to members of the wordpress.com community who are asking for help with wordpress.com blogs. Those with wordpress.org software must post to http://wordpress.org/support/ as we cannot answer their questions here.
- The topic ‘Error and cannot log in to admin on wp-admin page’ is closed to new replies.
WordPress.com Forums 