IBA Verklaart
Doe niet zomaar een update van WordPress, er gaan dan dingen stuk! |
IBA Verklaart is de weblog die te vinden is op https://iba.a-eskwadraat.nl. De blog draait op WordPress en maakt gebruik van een aantal plugins: onder andere HTTP Authentication en WP QuickLaTeX. Er is een aantal hacks toegepast om alles naar behoren te laten werken. In het bijzonder zijn alle 'ik ben mijn wachtwoord vergeten'-links weggehaald omdat WordPress geen idee heeft van wachtwoorden, authenticatie verloopt via intercept_form_submit (IPA). Configuratie van intercept_form_submit is te vinden in /etc/httpd/conf.d/sites-available/ibaweblog op vm-www-dmz.
Diff
Hieronder de wijzigingen t.o.v. een vanilla WordPress + plugins. Let op dat de regelnummers niet meer kloppen, deze diff is vrij oud. Zorg dat je eerst alle onderstaande wijzigingen doorvoert voordat je de nieuwe code in /srv/http/ibaweblog plempt.
--- ./wordpress/wp-content/plugins/http-authentication/http-authentication.php 2012-06-25 02:19:07.000000000 +0200 +++ /srv/http/ibaweblog/wp-content/plugins/http-authentication/http-authentication.php 2015-03-10 21:19:17.932667913 +0100 @@ -24,8 +24,8 @@ class HTTPAuthenticationPlugin { } add_action('login_head', array($this, 'add_login_css')); - add_action('login_footer', array($this, 'add_login_link')); - add_action('check_passwords', array($this, 'generate_password'), 10, 3); + // add_action('login_footer', array($this, 'add_login_link')); + // add_action('check_passwords', array($this, 'generate_password'), 10, 3); add_action('wp_logout', array($this, 'logout')); add_filter('login_url', array($this, 'bypass_reauth')); add_filter('show_password_fields', array($this, 'allow_wp_auth')); @@ -182,7 +182,8 @@ p#http-authentication-link a { } if (! $username) { - return new WP_Error('empty_username', '<strong>ERROR</strong>: No user found in server variables.'); + //return new WP_Error('empty_username', '<strong>ERROR</strong>: No user found in server variables.'); + return new WP_Error(); } // Create new users automatically, if configured --- ./wordpress/wp-includes/pluggable.php 2014-12-01 04:21:22.000000000 +0100 +++ /srv/http/ibaweblog/wp-includes/pluggable.php 2015-03-09 14:39:17.000000000 +0100 @@ -593,7 +593,7 @@ function wp_logout() { * * @since 1.5.0 */ - do_action( 'wp_logout' ); + // do_action( 'wp_logout' ); } endif; --- ./wordpress/wp-includes/user.php 2014-12-16 23:19:22.000000000 +0100 +++ /srv/http/ibaweblog/wp-includes/user.php 2015-03-09 15:23:31.000000000 +0100 @@ -112,6 +112,9 @@ function wp_signon( $credentials = array * @return WP_User|WP_Error WP_User on success, WP_Error on failure. */ function wp_authenticate_username_password($user, $username, $password) { + $lostpassword_url = 'mailto:[email protected]?subject=Wachtwoord%20vergeten&body=Lieve%20sysop,%0D%0Aik%20ben%20een%20domme%20koe'; + $lostpassword_url = $lostpassword_url . '%20en%20ik%20ben%20mijn%20wachtwoord%20vergeten.%20Kunnen%20jullie%20mij%20helpen%3F'; + if ( is_a( $user, 'WP_User' ) ) { return $user; } @@ -134,7 +137,7 @@ function wp_authenticate_username_passwo $user = get_user_by('login', $username); if ( !$user ) - return new WP_Error( 'invalid_username', sprintf( __( '<strong>ERROR</strong>: Invalid username. <a href="%s">Lost your password</a>?' ), wp_lostpassword_url() ) ); + return new WP_Error( 'invalid_username', sprintf( __( '<strong>ERROR</strong>: Invalid username. <a href="%s">Lost your password</a>?' ), $lostpassword_url ) ); /** * Filter whether the given user can be authenticated with the provided $password. @@ -150,8 +153,9 @@ function wp_authenticate_username_passwo return $user; if ( !wp_check_password($password, $user->user_pass, $user->ID) ) + $lostpassword_url = $lostpassword_url . '%0D%0A%0D%0ALiefs,%20' . $username; return new WP_Error( 'incorrect_password', sprintf( __( '<strong>ERROR</strong>: The password you entered for the username <strong>%1$s</strong> is incorrect. <a href="%2$s">Lost your password</a>?' ), - $username, wp_lostpassword_url() ) ); + $username, $lostpassword_url ) ); return $user; } --- ./wordpress/wp-login.php 2014-12-16 23:19:22.000000000 +0100 +++ /srv/http/ibaweblog/wp-login.php 2015-03-09 14:48:07.000000000 +0100 @@ -416,7 +416,7 @@ if ( isset($_GET['key']) ) $action = 'resetpass'; // validate action so as to default to the login screen -if ( !in_array( $action, array( 'postpass', 'logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login' ), true ) && false === has_filter( 'login_form_' . $action ) ) +if ( !in_array( $action, array( 'postpass', 'logout', 'register', 'login' ), true ) && false === has_filter( 'login_form_' . $action ) ) $action = 'login'; nocache_headers(); @@ -736,7 +736,6 @@ case 'register' : <p id="nav"> <a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log in' ); ?></a> | -<a href="<?php echo esc_url( wp_lostpassword_url() ); ?>" title="<?php esc_attr_e( 'Password Lost and Found' ) ?>"><?php _e( 'Lost your password?' ); ?></a> </p> <?php @@ -913,7 +912,6 @@ default: echo apply_filters( 'register', $registration_url ) . ' | '; endif; ?> - <a href="<?php echo esc_url( wp_lostpassword_url() ); ?>" title="<?php esc_attr_e( 'Password Lost and Found' ); ?>"><?php _e( 'Lost your password?' ); ?></a> <?php endif; ?> </p> <?php } ?>