Changeset 7555

Timestamp:

03/27/08 22:44:47 (4 years ago)

Author:

ryan

Message:

Rehash old md5 hashes inside of wp_check_password() to make hashing more pluggable.

File:

• trunk/wp-includes/pluggable.php (modified) (3 diffs)

trunk/wp-includes/pluggable.php

@@ -432 +432 @@
     }
 
-    if ( !wp_check_password($password, $user->user_pass) ) {
+    if ( !wp_check_password($password, $user->user_pass, $user->ID) ) {
         do_action( 'wp_login_failed', $username );
         return new WP_Error('incorrect_password', __('<strong>ERROR</strong>: Incorrect password.'));
     }
-
-    // If using old md5 password, rehash.
-    if ( strlen($user->user_pass) <= 32 )
-        wp_set_password($password, $user->ID);
 
     return new WP_User($user->ID);
@@ -1135 +1131 @@
  * @return bool False, if the $password does not match the hashed password
  */
-function wp_check_password($password, $hash) {
+function wp_check_password($password, $hash, $user_id = '') {
     global $wp_hasher;
 
-    if ( strlen($hash) <= 32 )
-        return ( $hash == md5($password) );
+    // If the hash is still md5...
+    if ( strlen($hash) <= 32 ) {
+        $check = ( $hash == md5($password) );
+        if ( $check && $user_id ) {
+            // Rehash using new hash.
+            wp_set_password($password, $user_id);
+            $hash = wp_hash_password($password);
+        }
+
+        return apply_filters('check_password', $check, $password, $hash, $user_id);
+    }
 
     // If the stored hash is longer than an MD5, presume the
@@ -1151 +1156 @@
     $check = $wp_hasher->CheckPassword($password, $hash);
 
-    return apply_filters('check_password', $check, $password, $hash);
+    return apply_filters('check_password', $check, $password, $hash, $user_id);
 }
 endif;