The blog of Matthew A. Smith and Michael Chappell, on topics from A to Z

Super Custom Login Page

This WordPress plugin is based of of BM Custom Login and allows you to change the appearance of the login page (as did the original plugin), in addition to customizing the link and the link title.

This is currently a proof of concept that was hacked together in about an hour. It works, but there is no protection against malicious use built into the plugin (other than what is provided by WordPress). The main concern is that the plugin will accept any string for the URL or URL title without sanitizing it first. This could cause serious issues if not used properly!

Use at your own risk!

I will be updating this shortly with further features and improving the security, so for now there is no download available.

If you want to see it in action, you can see it at the development site.

If you have some suggestions on how to improve it (at the moment, I'm very interested in the security aspect), please leave a comment!

PLAIN TEXT
PHP:
  1. <?php
  2. /*
  3. Plugin Name: Super Custom Login Page
  4. Plugin URI: http://digivation.net/wordpress/super-custom-login-page/
  5. Description: Based on <a href="http://www.binarymoon.co.uk/projects/bm-custom-login/">BM Custom Login, you can display custom images on the wordpress login screen and modify the header link. Customize away!
  6. Author: Matthew Smith
  7. Version: 0.01b
  8. Author URI: http://digivation.net/
  9. */
  10.  
  11. /*
  12.     Functions
  13. */
  14.  
  15. // the original BM function, renamed
  16. function sc_login_stylesheet() {
  17.     echo '<link rel="stylesheet" type="text/css" href="' . get_settings('siteurl') . '/wp-content/plugins/super-custom-login/custom-login.css" />';
  18. }
  19.  
  20. // all new stuff from here down :)
  21.  
  22. // change login link
  23. function sc_login_link($args=null) {
  24.  
  25.     $sc_customlink = get_option('sc_login_url');    // get url
  26.    
  27.     return $sc_customlink// return the url
  28. }
  29.  
  30. // change login link title
  31. function sc_login_linktitle($args=null) {
  32.  
  33.     $sc_custom_linktitle = get_option('sc_login_urltitle')// get the title
  34.    
  35.     return $sc_custom_linktitle; // return linktitle
  36. }
  37.  
  38. // uninstall function
  39. function sc_login_remove() {
  40.     // remove title & url options
  41.     delete_option('sc_login_url');
  42.     delete_option('sc_login_urltitle');
  43. }
  44.  
  45. // setup function
  46. function sc_login_setup() {
  47.     // add options (set to default WP values)
  48.     add_option('sc_login_url','http://wordpress.org/','The custom URL');
  49.     add_option('sc_login_urltitle','Powered by Wordpress','The custom URL title');
  50. }
  51.  
  52. /*
  53.     Admin Area Stuff
  54. */
  55.  
  56. // the admin menu
  57. function sc_admin_menu() {
  58.     // lets print some HTML!
  59.     if( current_user_can('manage_options') ) {
  60.     ?>
  61.         <div class="wrap">
  62.             <h2>Custom Login Page Options</h2> <?php
  63.             if( $_REQUEST['submit'] ) {
  64.                 sc_update_options(); // update options and...
  65.             }
  66.             sc_print_admincontent(); // print other stuff
  67.             sc_print_form(); // print our form
  68.     ?>  </div> <?php   
  69.         } else {
  70.             wp_die(__('You do not have permission to access this page.'));
  71.         }
  72. }
  73.  
  74. // print messages
  75. function sc_print_admincontent() {
  76. }
  77.  
  78. function sc_print_form() {
  79.     // get current options
  80.     $sc_current_url = get_option('sc_login_url');
  81.     $sc_current_title = get_option('sc_login_urltitle');
  82.     ?>
  83.     <form method="post">
  84.     <table class="optiontable">
  85.     <tr valign="top">
  86.     <th scope="row"><label for="custom_url">Custom URL:</label></th>
  87.     <td><input name="custom_url" type="text" value="<?php print $sc_current_url ?/>" size="40" /><br />
  88.     Enter the URL you would like the logo to point to (defaults to http://wordpress.org).
  89.     </td>
  90.     </tr>
  91.    
  92.     <tr valign="top">
  93.     <th scope="row"><label for="custom_title">Custom URL Title:</label></th>
  94.     <td><input name="custom_title" type="text" value="<?php print $sc_current_title ?/>" size="40" />
  95.     <br />
  96.     Enter a title for the URL (defaults to "Powered by Wordpress").</td>
  97.     </tr>
  98.     </table>
  99.     <p class="submit"><input type="submit" name="submit" value="Update Options &raquo;" /></p>
  100.     </form><?php
  101. }
  102.  
  103. function sc_update_options() {
  104.     $done = false;
  105.    
  106.     // quick & dirty security check
  107.     if( current_user_can('manage_options') ) {
  108.  
  109.         // validate input TODO
  110.        
  111.         // do the updating!
  112.         if( $_REQUEST['custom_url'] ) {
  113.             update_option( 'sc_login_url',url_shorten( $_REQUEST['custom_url'] ) );
  114.             $done = true;
  115.         }
  116.        
  117.         if( $_REQUEST['custom_title'] ) {
  118.             update_option( 'sc_login_urltitle',$_REQUEST['custom_title'] );
  119.             $done = true;
  120.         }
  121.     } else {
  122.         wp_die(__('You do not have permission to access this page.'));
  123.     } // can current user manage options?
  124.    
  125.     if( $done ) { ?>
  126.         <div id="message" class="updated fade">
  127.             <p>Options saved.</p>
  128.         </div><?php
  129.     } else {?>
  130.         <div id="message" class="error fade">
  131.             <p>Error updating options!</p>
  132.         </div><?php
  133.     }
  134. }
  135.  
  136. // create admin menu, under "Presentation"
  137. function sc_admin_menu_setup() {
  138.     add_theme_page(
  139.                         'Login Page Options',   // page title, doesn't do anything
  140.                         'Customize Login Page'// menu title
  141.                         'manage_options',   // permissions
  142.                         __FILE__,   // file
  143.                         'sc_admin_menu' // the function
  144.                     );
  145.                        
  146. }
  147.  
  148. /*
  149.     Hooks
  150. */
  151.  
  152. add_action('login_head','sc_login_stylesheet');
  153. add_action('admin_menu','sc_admin_menu_setup');
  154. add_filter('login_headerurl','sc_login_link');
  155. add_filter('login_headertitle','sc_login_linktitle');
  156.  
  157. register_activation_hook(__FILE__,'sc_login_setup');
  158. register_deactivation_hook(__FILE__,'sc_login_remove');
  159.  
  160. ?>

1 response so far »

  • 1 Matthew Smith // Jul 24, 2008 at 6:49 am

    I haven’t tested this with the latest version of Wordpress, but I plan on looking into it soon.

Leave a Comment

If you wish, you may log in before commenting.