WordPress.org

Make WordPress Core


Ignore:
Timestamp:
10/06/2013 11:28:42 AM (6 years ago)
Author:
nacin
Message:

Hash password reset keys in the database.

All existing, unused password reset keys are now considered "expired" and the user will be told they should try again.

Introduces a password_reset_key_expired filter to allow plugins to introduce a grace period.

fixes #24783.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/user.php

    r25615 r25696  
    15881588 * Retrieves a user row based on password reset key and login
    15891589 *
     1590 * A key is considered 'expired' if it exactly matches the value of the
     1591 * user_activation_key field, rather than being matched after going through the
     1592 * hashing process. This field is now hashed; old values are no longer accepted
     1593 * but have a different WP_Error code so good user feedback can be provided.
     1594 *
    15901595 * @uses $wpdb WordPress Database object
    15911596 *
    1592  * @param string $key Hash to validate sending user's password
    1593  * @param string $login The user login
    1594  * @return object|WP_Error User's database row on success, error object for invalid keys
    1595  */
    1596 function check_password_reset_key( $key, $login ) {
    1597     global $wpdb;
    1598 
    1599     $key = preg_replace( '/[^a-z0-9]/i', '', $key );
    1600 
    1601     if ( empty( $key ) || ! is_string( $key ) )
    1602         return new WP_Error( 'invalid_key', __( 'Invalid key' ) );
    1603 
    1604     if ( empty( $login ) || ! is_string( $login ) )
    1605         return new WP_Error( 'invalid_key', __( 'Invalid key' ) );
    1606 
    1607     $user = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->users WHERE user_activation_key = %s AND user_login = %s", $key, $login ) );
    1608 
    1609     if ( empty( $user ) )
    1610         return new WP_Error( 'invalid_key', __( 'Invalid key' ) );
    1611 
    1612     return $user;
     1597 * @param string $key       Hash to validate sending user's password.
     1598 * @param string $login     The user login.
     1599 * @return WP_User|WP_Error WP_User object on success, WP_Error object for invalid or expired keys.
     1600 */
     1601function check_password_reset_key($key, $login) {
     1602    global $wpdb, $wp_hasher;
     1603
     1604    $key = preg_replace('/[^a-z0-9]/i', '', $key);
     1605
     1606    if ( empty( $key ) || !is_string( $key ) )
     1607        return new WP_Error('invalid_key', __('Invalid key'));
     1608
     1609    if ( empty($login) || !is_string($login) )
     1610        return new WP_Error('invalid_key', __('Invalid key'));
     1611
     1612    $row = $wpdb->get_row( $wpdb->prepare( "SELECT ID, user_activation_key FROM $wpdb->users WHERE user_login = %s", $login ) );
     1613    if ( ! $row )
     1614        return new WP_Error('invalid_key', __('Invalid key'));
     1615
     1616    if ( empty( $wp_hasher ) ) {
     1617        require_once ABSPATH . 'wp-includes/class-phpass.php';
     1618        $wp_hasher = new PasswordHash( 8, true );
     1619    }
     1620
     1621    if ( $wp_hasher->CheckPassword( $key, $row->user_activation_key ) )
     1622        return get_userdata( $row->ID );
     1623
     1624    if ( $key === $row->user_activation_key ) {
     1625        $return = new WP_Error( 'expired_key', __( 'Invalid key' ) );
     1626        $user_id = $row->ID;
     1627
     1628        /**
     1629         * Filter the return value of check_password_reset_key() when an
     1630         * old-style key is used (plain-text key was stored in the database).
     1631         *
     1632         * @since 3.7.0
     1633         *
     1634         * @param WP_Error $return  A WP_Error object denoting an expired key.
     1635         *                          Return a WP_User object to validate the key.
     1636         * @param int      $user_id The matched user ID.
     1637         */
     1638        return apply_filters( 'password_reset_key_expired', $return, $user_id );
     1639    }
     1640
     1641    return new WP_Error( 'invalid_key', __( 'Invalid key' ) );
    16131642}
    16141643
Note: See TracChangeset for help on using the changeset viewer.