Ticket #19821: 19732.diff
File 19732.diff, 2.3 KB (added by , 13 years ago) |
---|
-
wp-includes/pluggable.php
506 506 * @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in 507 507 * @return bool|int False if invalid cookie, User ID if valid. 508 508 */ 509 function wp_validate_auth_cookie( $cookie = '', $scheme = '') {510 if ( ! $cookie_elements = wp_parse_auth_cookie( $cookie, $scheme) ) {511 do_action( 'auth_cookie_malformed', $cookie, $scheme);509 function wp_validate_auth_cookie( $cookie = '', $scheme = '' ) { 510 if ( ! $cookie_elements = wp_parse_auth_cookie( $cookie, $scheme ) ) { 511 do_action( 'auth_cookie_malformed', $cookie, $scheme ); 512 512 return false; 513 513 } 514 514 515 extract( $cookie_elements, EXTR_OVERWRITE);515 extract( $cookie_elements, EXTR_OVERWRITE ); 516 516 517 517 $expired = $expiration; 518 518 … … 522 522 523 523 // Quick check to see if an honest cookie has expired 524 524 if ( $expired < time() ) { 525 do_action( 'auth_cookie_expired', $cookie_elements);525 do_action( 'auth_cookie_expired', $cookie_elements ); 526 526 return false; 527 527 } 528 528 529 $user = get_user_by( 'login', $username);529 $user = get_user_by( 'login', $username ); 530 530 if ( ! $user ) { 531 do_action( 'auth_cookie_bad_username', $cookie_elements);531 do_action( 'auth_cookie_bad_username', $cookie_elements ); 532 532 return false; 533 533 } 534 534 535 $pass_frag = substr( $user->user_pass, 8, 4);535 $pass_frag = substr( $user->user_pass, 8, 4 ); 536 536 537 $key = wp_hash( $username . $pass_frag . '|' . $expiration, $scheme);538 $hash = hash_hmac( 'md5', $username . '|' . $expiration, $key);537 $key = wp_hash( $username . $pass_frag . '|' . $expiration, $scheme ); 538 $hash = hash_hmac( 'md5', $username . '|' . $expiration, $key ); 539 539 540 540 if ( $hmac != $hash ) { 541 do_action( 'auth_cookie_bad_hash', $cookie_elements);541 do_action( 'auth_cookie_bad_hash', $cookie_elements ); 542 542 return false; 543 543 } 544 545 $user = apply_filters( 'validate_auth_cookie', $user ); 546 if ( $user === false ) { 547 do_action( 'auth_cookie_invalid', $cookie_elements ); 548 return false; 549 } 544 550 545 551 if ( $expiration < time() ) // AJAX/POST grace period set above 546 552 $GLOBALS['login_grace_period'] = 1; 547 553 548 do_action( 'auth_cookie_valid', $cookie_elements, $user);554 do_action( 'auth_cookie_valid', $cookie_elements, $user ); 549 555 550 556 return $user->ID; 551 557 }