Customizer: Gravefully handle cookie expipration. Prompt for log in in the preview. Props ocean90, koopersmith, nacin. fixes #20876

git-svn-id: https://develop.svn.wordpress.org/trunk@21031 602fd350-edb4-49c9-b593-d223f7449a82

wp-login.php

@@ -39,7 +39,7 @@ if ( force_ssl_admin() && !is_ssl() ) {
  * @param WP_Error $wp_error Optional. WordPress Error Object
  */
 function login_header($title = 'Log In', $message = '', $wp_error = '') {
-	global $error, $interim_login, $current_site;
+	global $error, $interim_login, $current_site, $customize_login;
 
 	// Don't index any of these forms
 	add_action( 'login_head', 'wp_no_robots' );
@@ -68,6 +68,9 @@ function login_header($title = 'Log In', $message = '', $wp_error = '') {
 		<meta name="viewport" content="width=320; initial-scale=0.9; maximum-scale=1.0; user-scalable=0;" /><?php
 	}
 
+	if ( $customize_login )
+		wp_enqueue_script( 'customize-base' );
+
 	do_action( 'login_enqueue_scripts' );
 	do_action( 'login_head' );
 
@@ -82,6 +85,10 @@ function login_header($title = 'Log In', $message = '', $wp_error = '') {
 	$login_header_url   = apply_filters( 'login_headerurl',   $login_header_url   );
 	$login_header_title = apply_filters( 'login_headertitle', $login_header_title );
 
+	// Don't allow interim logins to navigate away from the page.
+	if ( $interim_login )
+		$login_header_url = '#';
+
 	?>
 	</head>
 	<body class="login<?php if ( wp_is_mobile() ) echo ' mobile'; ?>">
@@ -126,8 +133,13 @@ function login_header($title = 'Log In', $message = '', $wp_error = '') {
  * @param string $input_id Which input to auto-focus
  */
 function login_footer($input_id = '') {
-	?>
+	global $interim_login;
+
+	// Don't allow interim logins to navigate away from the page.
+	if ( ! $interim_login ): ?>
 	<p id="backtoblog"><a href="<?php echo esc_url( home_url( '/' ) ); ?>" title="<?php esc_attr_e( 'Are you lost?' ); ?>"><?php printf( __( '&larr; Back to %s' ), get_bloginfo( 'title', 'display' ) ); ?></a></p>
+	<?php endif; ?>
+
 	</div>
 
 	<?php if ( !empty($input_id) ) : ?>
@@ -555,6 +567,7 @@ case 'login' :
 default:
 	$secure_cookie = '';
 	$interim_login = isset($_REQUEST['interim-login']);
+	$customize_login = isset( $_REQUEST['customize-login'] );
 
 	// If the user wants ssl but the session is not ssl, force a secure cookie.
 	if ( !empty($_POST['log']) && !force_ssl_admin() ) {
@@ -591,11 +604,22 @@ default:
 	if ( !is_wp_error($user) && !$reauth ) {
 		if ( $interim_login ) {
 			$message = '<p class="message">' . __('You have logged in successfully.') . '</p>';
-			login_header( '', $message ); ?>
-			<script type="text/javascript">setTimeout( function(){window.close()}, 8000);</script>
-			<p class="alignright">
-			<input type="button" class="button-primary" value="<?php esc_attr_e('Close'); ?>" onclick="window.close()" /></p>
-			</div></body></html>
+			login_header( '', $message );
+
+			if ( ! $customize_login ) : ?>
+				<script type="text/javascript">setTimeout( function(){window.close()}, 8000);</script>
+				<p class="alignright">
+				<input type="button" class="button-primary" value="<?php esc_attr_e('Close'); ?>" onclick="window.close()" /></p>
+<?php		endif;
+
+			?></div><?php
+
+			do_action('login_footer');
+
+			if ( $customize_login ) : ?>
+				<script type="text/javascript">setTimeout( function(){ new wp.customize.Messenger({ url: '<?php echo wp_customize_url(); ?>', channel: 'login' }).send('login') }, 1000 );</script>
+<?php		endif; ?>
+			</body></html>
 <?php		exit;
 		}
 
@@ -666,6 +690,9 @@ default:
 <?php	} else { ?>
 		<input type="hidden" name="redirect_to" value="<?php echo esc_attr($redirect_to); ?>" />
 <?php 	} ?>
+<?php   if ( $customize_login ) : ?>
+		<input type="hidden" name="customize-login" value="1" />
+<?php   endif; ?>
 		<input type="hidden" name="testcookie" value="1" />
 	</p>
 </form>