Ticket #5401: password-generation.patch
| File password-generation.patch, 4.3 KB (added by pishmishy, 4 years ago) |
|---|
-
wp-login.php
110 110 do_action('retreive_password', $user_login); // Misspelled and deprecated 111 111 do_action('retrieve_password', $user_login); 112 112 113 // Generate something random for a password... md5'ing current time with a rand salt113 // Generate something random for a key... 114 114 $key = substr( md5( uniqid( microtime() ) ), 0, 8); 115 // Now insert the new pass md5'dinto the db115 // Now insert the new md5 key into the db 116 116 $wpdb->query("UPDATE $wpdb->users SET user_activation_key = '$key' WHERE user_login = '$user_login'"); 117 117 $message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n"; 118 118 $message .= get_option('siteurl') . "\r\n\r\n"; … … 182 182 183 183 do_action('password_reset'); 184 184 185 // Generate something random for a password... md5'ing current time with a rand salt186 $new_pass = substr( md5( uniqid( microtime() ) ), 0, 7);185 // Generate something random for a password... 186 $new_pass = wp_generate_password(); 187 187 $wpdb->query("UPDATE $wpdb->users SET user_pass = MD5('$new_pass'), user_activation_key = '' WHERE user_login = '$user->user_login'"); 188 188 wp_cache_delete($user->ID, 'users'); 189 189 wp_cache_delete($user->user_login, 'userlogins'); … … 241 241 $errors = apply_filters( 'registration_errors', $errors ); 242 242 243 243 if ( empty( $errors ) ) { 244 $user_pass = substr( md5( uniqid( microtime() ) ), 0, 7);244 $user_pass = wp_generate_password(); 245 245 246 246 $user_id = wp_create_user( $user_login, $user_pass, $user_email ); 247 247 if ( !$user_id ) -
wp-includes/pluggable.php
700 700 } 701 701 endif; 702 702 703 if ( !function_exists('wp_generate_password') ) : 704 /** 705 * Generates a random password drawn from the defined set of characters 706 * @return string the password 707 **/ 708 function wp_generate_password() { 709 $chars = "abcdefghifjklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; 710 $length = 7; 711 $password = ""; 712 for($i=0;$i<$length;$i++){ 713 $password .= substr($chars,mt_rand(0,strlen($chars)-1),1); 714 } 715 return $password; 716 } 717 endif; 703 718 ?> -
wp-admin/includes/upgrade.php
35 35 // being shared among blogs. Just set the role in that case. 36 36 $user_id = username_exists($user_name); 37 37 if ( !$user_id ) { 38 $random_password = substr(md5(uniqid(microtime())), 0, 6);38 $random_password = wp_generate_password(); 39 39 $user_id = wp_create_user($user_name, $random_password, $user_email); 40 40 } else { 41 41 $random_password = __('User already exists. Password inherited.'); -
wp-admin/options-writing.php
59 59 60 60 <fieldset class="options"> 61 61 <legend><?php _e('Post via e-mail') ?></legend> 62 <p><?php printf(__('To post to WordPress by e-mail you must set up a secret e-mail account with POP3 access. Any mail received at this address will be posted, so it’s a good idea to keep this address very secret. Here are three random strings you could use: <code>%s</code>, <code>%s</code>, <code>%s</code>.'), substr(md5(uniqid(microtime())),0,5), substr(md5(uniqid(microtime())),0,5), substr(md5(uniqid(microtime())),0,5)) ?></p>62 <p><?php printf(__('To post to WordPress by e-mail you must set up a secret e-mail account with POP3 access. Any mail received at this address will be posted, so it’s a good idea to keep this address very secret. Here are three random strings you could use: <code>%s</code>, <code>%s</code>, <code>%s</code>.'), wp_generate_password(), wp_generate_password(), wp_generate_password()) ?></p> 63 63 64 64 <table width="100%" cellspacing="2" cellpadding="5" class="optiontable editform"> 65 65 <tr valign="top"> … … 121 121 </form> 122 122 </div> 123 123 124 <?php include('./admin-footer.php') ?> 125 No newline at end of file 124 <?php include('./admin-footer.php') ?>
