Allowing more hooks into authentication - Hat tip: http://dev.webadmin.ufl.edu/~dwc/2005/03/02/authentication-plugins/

git-svn-id: http://svn.automattic.com/wordpress/trunk@2425 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/profile.php

@@ -51,16 +51,20 @@ case 'update':
 		return false;
 	}
 
-	if ($_POST["pass1"] == "") {
-		if ($_POST["pass2"] != "")
+	$pass1 = $_POST["pass1"];
+	$pass2 = $_POST["pass2"];
+	do_action('check_passwords', array($user_login, &$pass1, &$pass2));
+
+	if ( '' == $pass1 ) {
+		if ( '' == $pass2 )
 			die (__("<strong>ERROR</strong>: you typed your new password only once. Go back to type it twice."));
 		$updatepassword = "";
 	} else {
-		if ($_POST["pass2"] == "")
+		if ('' == $pass2)
 			die (__("<strong>ERROR</strong>: you typed your new password only once. Go back to type it twice."));
-		if ($_POST["pass1"] != $_POST["pass2"])
+		if ( $pass1 != $pass2 )
 			die (__("<strong>ERROR</strong>: you typed two different passwords. Go back to correct that."));
-		$newuser_pass = $_POST["pass1"];
+		$newuser_pass = $pass1;
 		$updatepassword = "user_pass=MD5('$newuser_pass'), ";
 		wp_clearcookie();
 		wp_setcookie($user_login, $newuser_pass);
@@ -69,7 +73,7 @@ case 'update':
 	$newuser_firstname = wp_specialchars($_POST['newuser_firstname']);
 	$newuser_lastname = wp_specialchars($_POST['newuser_lastname']);
 	$newuser_nickname = $_POST['newuser_nickname'];
-    $newuser_nicename = sanitize_title($newuser_nickname);
+	$newuser_nicename = sanitize_title($newuser_nickname);
 	$newuser_icq = wp_specialchars($_POST['newuser_icq']);
 	$newuser_aim = wp_specialchars($_POST['newuser_aim']);
 	$newuser_msn = wp_specialchars($_POST['newuser_msn']);
@@ -225,12 +229,17 @@ if (isset($updated)) { ?>
       <th scope="row"><?php _e('Profile:') ?></th>
       <td><textarea name="user_description" rows="5" id="textarea2" style="width: 99%; "><?php echo $profiledata->user_description ?></textarea></td>
     </tr>
+<?php
+$show_password_fields = apply_filters('show_password_fields', true);
+if ( $show_password_fields ) :
+?>
     <tr>
       <th scope="row"><?php _e('New <strong>Password</strong> (Leave blank to stay the same.)') ?></th>
       <td><input type="password" name="pass1" size="16" value="" />
       	<br />
         <input type="password" name="pass2" size="16" value="" /></td>
     </tr>
+<?php endif; ?>
   </table>
   <p class="submit">
     <input type="submit" value="<?php _e('Update Profile &raquo;') ?>" name="submit" />

wp-admin/user-edit.php

@@ -34,20 +34,24 @@ if (empty($_POST["new_nickname"])) {
 	return false;
 }
 
-if ($_POST['pass1'] == '') {
-	if ($_POST['pass2'] != '')
+$new_user_login  = wp_specialchars($_POST['new_user_login']);
+$pass1 = $_POST['pass1'];
+$pass2 = $_POST['pass2'];
+do_action('check_passwords', array($new_user_login, &$pass1, &$pass2));
+
+if ( '' == $pass1 ) {
+	if ( '' == $pass2 )
 		die (__("<strong>ERROR</strong>: you typed your new password only once. Go back to type it twice."));
 	$updatepassword = '';
 } else {
-	if ($_POST['pass2'] == "")
+	if ( '' == $pass2)
 		die (__("<strong>ERROR</strong>: you typed your new password only once. Go back to type it twice."));
-	if ($_POST['pass1'] != $_POST['pass2'])
+	if ( $pass1 != $pass2 )
 		die (__("<strong>ERROR</strong>: you typed two different passwords. Go back to correct that."));
-	$new_pass = $_POST["pass1"];
+	$new_pass = $pass1;
 	$updatepassword = "user_pass=MD5('$new_pass'), ";
 }
 
-$new_user_login  = wp_specialchars($_POST['new_user_login']);
 $new_firstname   = wp_specialchars($_POST['new_firstname']);
 $new_lastname    = wp_specialchars($_POST['new_lastname']);
 $new_nickname    = $_POST['new_nickname'];
@@ -180,12 +184,17 @@ if ($edituser->user_level >= $user_level) die( __('You do not have permission to
 			</select>
 		</td>
 	</tr>
+<?php
+$show_password_fields = apply_filters('show_password_fields', true);
+if ( $show_password_fields ) :
+?>
 	<tr>
 		<th scope="row"><?php _e('New <strong>Password</strong> (Leave blank to stay the same.)') ?></th>
 		<td><input type="password" name="pass1" size="16" value="" />
 			<br />
 			<input type="password" name="pass2" size="16" value="" /></td>
 	</tr>
+<?php endif; ?>
 </table>
   <p class="submit">
 	<input type="hidden" name="action" value="update" />

wp-admin/users.php

@@ -33,26 +33,24 @@ case 'adduser':
 	$user_uri       = wp_specialchars($_POST['uri']);
 		
 	/* checking login has been typed */
-	if ($user_login == '') {
+	if ($user_login == '')
 		die (__('<strong>ERROR</strong>: Please enter a login.'));
-	}
 
 	/* checking the password has been typed twice */
-	if ($pass1 == '' || $pass2 == '') {
+	do_action('check_passwords', array($user_login, &$pass1, &$pass2));
+	if ($pass1 == '' || $pass2 == '')
 		die (__('<strong>ERROR</strong>: Please enter your password twice.'));
-	}
 
 	/* checking the password has been typed twice the same */
-	if ($pass1 != $pass2)	{
+	if ($pass1 != $pass2)
 		die (__('<strong>ERROR</strong>: Please type the same password in the two password fields.'));
-	}
+
 	$user_nickname = $user_login;
 
 	/* checking the login isn't already used by another user */
 	$loginthere = $wpdb->get_var("SELECT user_login FROM $wpdb->users WHERE user_login = '$user_login'");
-    if ($loginthere) {
+    if ($loginthere)
 		die (__('<strong>ERROR</strong>: This login is already registered, please choose another one.'));
-	}
 
 	/* checking e-mail address */
 	if (empty($_POST["email"])) {
@@ -75,16 +73,14 @@ case 'adduser':
 	VALUES 
 		('$user_login', MD5('$pass1'), '$user_nickname', '$user_email', '$user_ip', '$user_domain', '$user_browser', '$now', '$new_users_can_blog', 'nickname', '$user_firstname', '$user_lastname', '$user_nicename', '$user_uri')");
 	
-	if ($result == false) {
+	if ($result == false)
 		die (__('<strong>ERROR</strong>: Couldn&#8217;t register you!'));
-	}
 
 	$stars = '';
-	for ($i = 0; $i < strlen($pass1); $i = $i + 1) {
+	for ($i = 0; $i < strlen($pass1); $i = $i + 1)
 		$stars .= '*';
-	}
 
-    $user_login = stripslashes($user_login);
+	$user_login = stripslashes($user_login);
 	$message  = 'New user registration on your blog ' . get_settings('blogname') . ":\r\n\r\n";
 	$message .= "Login: $user_login\r\n\r\nE-mail: $user_email";
 
@@ -308,12 +304,17 @@ echo "\n<tr $style>
       <th scope="row"><?php _e('Website') ?></th>
       <td><input name="uri" type="text" id="uri" /></td>
     </tr>
+<?php
+$show_password_fields = apply_filters('show_password_fields', true);
+if ( $show_password_fields ) :
+?>
     <tr>
       <th scope="row"><?php _e('Password (twice)') ?> </th>
       <td><input name="pass1" type="password" id="pass1" />
       <br />
       <input name="pass2" type="password" id="pass2" /></td>
     </tr>
+<?php endif; ?>
   </table>
   <p class="submit">
     <input name="adduser" type="submit" id="adduser" value="<?php _e('Add User') ?> &raquo;" />

wp-login.php

@@ -33,8 +33,8 @@ case 'logout':
 break;
 
 case 'lostpassword':
-
-	?>
+do_action('lost_password');
+?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
@@ -95,6 +95,8 @@ case 'retrievepassword':
 	if (!$user_email || $user_email != $_POST['email'])
 		die(sprintf(__('Sorry, that user does not seem to exist in our database. Perhaps you have the wrong username or e-mail address? <a href="%s">Try again</a>.'), 'wp-login.php?action=lostpassword'));
 
+	do_action('retreive_password', $user_login);
+
 	// Generate something random for a password... md5'ing current time with a rand salt
 	$key = substr( md5( uniqid( microtime() ) ), 0, 50);
 	// now insert the new pass md5'd into the db
@@ -106,8 +108,6 @@ case 'retrievepassword':
 
 	$m = wp_mail($user_email, sprintf(__("[%s] Password Reset"), get_settings('blogname')), $message);
 
-	do_action('retreive_password', $user_login);
-
 	if ($m == false) {
 		 echo '<p>' . __('The e-mail could not be sent.') . "<br />\n";
          echo  __('Possible reason: your host may have disabled the mail() function...') . "</p>";
@@ -128,6 +128,8 @@ case 'resetpass' :
 	if ( !$user )
 		die( __('Sorry, that key does not appear to be valid.') );
 
+	do_action('password_reset');
+
 	$new_pass = substr( md5( uniqid( microtime() ) ), 0, 7);
  	$wpdb->query("UPDATE $wpdb->users SET user_pass = MD5('$new_pass'), user_activation_key = '' WHERE user_login = '$user->user_login'");
 	$message  = __('Login') . ": $user->user_login\r\n";
@@ -136,8 +138,6 @@ case 'resetpass' :
 
 	$m = wp_mail($user->user_email, sprintf(__("[%s] Your new password"), get_settings('blogname')), $message);
 
-	do_action('password_reset');
-
 	if ($m == false) {
 		 echo '<p>' . __('The e-mail could not be sent.') . "<br />\n";
          echo  __('Possible reason: your host may have disabled the mail() function...') . "</p>";
@@ -172,6 +172,8 @@ default:
 		}
 	}
 
+	do_action('wp_authenticate', array(&$user_login, &$user_pass));
+
 	if ($user_login && $user_pass) {
 		$user = get_userdatabylogin($user_login);
 		if ( 0 == $user->user_level )