Changeset 458

Timestamp:

10/20/2003 08:53:13 PM (22 years ago)

Author:

emc3

Message:

Cookies are now unique, based on siteurl, allowing multiple installs under a single domain name.

Location:

trunk

Files:

• b2-include/b2functions.php (modified) (1 diff)
• b2-include/b2template.functions.php (modified) (5 diffs)
• b2comments.php (modified) (2 diffs)
• b2comments.post.php (modified) (1 diff)
• b2commentspopup.php (modified) (1 diff)
• b2login.php (modified) (4 diffs)
• wp-admin/b2profile.php (modified) (2 diffs)
• wp-admin/b2verifauth.php (modified) (2 diffs)
• wp-admin/linkmanager.php (modified) (4 diffs)
• wp-pass.php (modified) (1 diff)
• wp-settings.php (modified) (1 diff)

trunk/b2-include/b2functions.php

@@ -381 +381 @@
 
 function get_currentuserinfo() { // a bit like get_userdata(), on steroids
-    global $HTTP_COOKIE_VARS, $user_login, $userdata, $user_level, $user_ID, $user_nickname, $user_email, $user_url, $user_pass_md5;
+    global $HTTP_COOKIE_VARS, $user_login, $userdata, $user_level, $user_ID, $user_nickname, $user_email, $user_url, $user_pass_md5, $cookiehash;
     // *** retrieving user's data from cookies and db - no spoofing
-    $user_login = $HTTP_COOKIE_VARS['wordpressuser'];
+    $user_login = $HTTP_COOKIE_VARS['wordpressuser_'.$cookiehash];
     $userdata = get_userdatabylogin($user_login);
     $user_level = $userdata->user_level;

trunk/b2-include/b2template.functions.php

@@ -599 +599 @@
 function get_the_content($more_link_text='(more...)', $stripteaser=0, $more_file='') {
     global $id, $post, $more, $c, $withcomments, $page, $pages, $multipage, $numpages;
-    global $HTTP_SERVER_VARS, $HTTP_COOKIE_VARS, $preview;
+    global $HTTP_SERVER_VARS, $HTTP_COOKIE_VARS, $preview, $cookiehash;
     global $querystring_start, $querystring_equal, $querystring_separator;
     global $pagenow;
@@ -605 +605 @@
     
     if (!empty($post->post_password)) { // if there's a password
-        if ($HTTP_COOKIE_VARS['wp-postpass'] != $post->post_password) {  // and it doesn't match the cookie
+        if ($HTTP_COOKIE_VARS['wp-postpass_'.$cookiehash] != $post->post_password) {  // and it doesn't match the cookie
             $output = get_the_password_form();
             return $output;
@@ -693 +693 @@
 function get_the_excerpt($fakeit = false) {
     global $id, $post;
-    global $HTTP_SERVER_VARS, $HTTP_COOKIE_VARS, $preview;
+    global $HTTP_SERVER_VARS, $HTTP_COOKIE_VARS, $preview, $cookiehash;
     $output = '';
     $output = stripslashes($post->post_excerpt);
     if (!empty($post->post_password)) { // if there's a password
-        if ($HTTP_COOKIE_VARS['wp-postpass'] != $post->post_password) {  // and it doesn't match the cookie
+        if ($HTTP_COOKIE_VARS['wp-postpass_'.$cookiehash] != $post->post_password) {  // and it doesn't match the cookie
             $output = "There is no excerpt because this is a protected post.";
             return $output;
@@ -1174 +1174 @@
 
 function comments_popup_link($zero='No Comments', $one='1 Comment', $more='% Comments', $CSSclass='', $none='Comments Off') {
-    global $id, $b2commentspopupfile, $b2commentsjavascript, $post, $wpdb, $tablecomments, $HTTP_COOKIE_VARS;
+    global $id, $b2commentspopupfile, $b2commentsjavascript, $post, $wpdb, $tablecomments, $HTTP_COOKIE_VARS, $cookiehash;
     global $querystring_start, $querystring_equal, $querystring_separator, $siteurl;
     $number = $wpdb->get_var("SELECT COUNT(*) FROM $tablecomments WHERE comment_post_ID = $id");
@@ -1182 +1182 @@
     } else {
         if (!empty($post->post_password)) { // if there's a password
-            if ($HTTP_COOKIE_VARS['wp-postpass'] != $post->post_password) {  // and it doesn't match the cookie
+            if ($HTTP_COOKIE_VARS['wp-postpass_'.$cookiehash] != $post->post_password) {  // and it doesn't match the cookie
                 echo("Enter your password to view comments");
                 return;

trunk/b2comments.php

@@ -5 +5 @@
 
         if (!empty($post->post_password)) { // if there's a password
-            if ($HTTP_COOKIE_VARS['wp-postpass'] != $post->post_password) {  // and it doesn't match the cookie
+            if ($HTTP_COOKIE_VARS['wp-postpass_'.$cookiehash] != $post->post_password) {  // and it doesn't match the cookie
                 echo("<p>Enter your password to view comments.<p>");
                 return;
@@ -11 +11 @@
         }
 
-        $comment_author = trim($HTTP_COOKIE_VARS["comment_author"]);
-        $comment_author_email = trim($HTTP_COOKIE_VARS["comment_author_email"]);
-        $comment_author_url = trim($HTTP_COOKIE_VARS["comment_author_url"]);
+        $comment_author = trim($HTTP_COOKIE_VARS["comment_author_".$cookiehash]);
+        $comment_author_email = trim($HTTP_COOKIE_VARS["comment_author_email_".$cookiehash]);
+        $comment_author_url = trim($HTTP_COOKIE_VARS["comment_author_url_".$cookiehash]);
 
     $comments = $wpdb->get_results("SELECT * FROM $tablecomments WHERE comment_post_ID = $id ORDER BY comment_date");

trunk/b2comments.post.php

@@ -119 +119 @@
         $url = ' '; // this to make sure a cookie is set for 'no url'
 
-    setcookie('comment_author', $author, time()+30000000);
-    setcookie('comment_author_email', $email, time()+30000000);
-    setcookie('comment_author_url', $url, time()+30000000);
+    setcookie('comment_author_'.$cookiehash, $author, time()+30000000);
+    setcookie('comment_author_email_'.$cookiehash, $email, time()+30000000);
+    setcookie('comment_author_url_'.$cookiehash, $url, time()+30000000);
 
     header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');

trunk/b2commentspopup.php

@@ -32 +32 @@
 $comments = $wpdb->get_results("SELECT * FROM $tablecomments WHERE comment_post_ID = $id ORDER BY comment_date");
 $commentstatus = $wpdb->get_row("SELECT comment_status, post_password FROM $tableposts WHERE ID = $id");
-if (!empty($commentstatus->post_password) && $HTTP_COOKIE_VARS['wp-postpass'] != $commentstatus->post_password) {  // and it doesn't match the cookie
+if (!empty($commentstatus->post_password) && $HTTP_COOKIE_VARS['wp-postpass_'.$cookiehash] != $commentstatus->post_password) {  // and it doesn't match the cookie
     echo("<li>".get_the_password_form()."</li></ol>");
 }

trunk/b2login.php

@@ -45 +45 @@
 case 'logout':
 
-    setcookie('wordpressuser');
-    setcookie('wordpresspass');
+    setcookie('wordpressuser_'.$cookiehash);
+    setcookie('wordpresspass_'.$cookiehash);
     header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
     header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
@@ -123 +123 @@
         $user_login = $log;
         $user_pass = $pwd;
-        setcookie('wordpressuser', $user_login, time()+31536000);
+        setcookie('wordpressuser_'.$cookiehash, $user_login, time()+31536000);
         if ($pass_is_md5) {
-            setcookie('wordpresspass', $user_pass, time()+31536000);
-        } else {
-            setcookie('wordpresspass', md5($user_pass), time()+31536000);
-        }
-        if (empty($HTTP_COOKIE_VARS['wordpressblogid'])) {
-            setcookie('wordpressblogid', 1,time()+31536000);
+            setcookie('wordpresspass_'.$cookiehash, $user_pass, time()+31536000);
+        } else {
+            setcookie('wordpresspass_'.$cookiehash, md5($user_pass), time()+31536000);
+        }
+        if (empty($HTTP_COOKIE_VARS['wordpressblogid_'.$cookiehash])) {
+            setcookie('wordpressblogid_'.$cookiehash, 1,time()+31536000);
         }
         header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
@@ -232 +232 @@
 default:
 
-    if((!empty($HTTP_COOKIE_VARS['wordpressuser'])) && (!empty($HTTP_COOKIE_VARS['wordpresspass']))) {
-        $user_login = $HTTP_COOKIE_VARS['wordpressuser'];
-        $user_pass_md5 = $HTTP_COOKIE_VARS['wordpresspass'];
+    if((!empty($HTTP_COOKIE_VARS['wordpressuser_'.$cookiehash])) && (!empty($HTTP_COOKIE_VARS['wordpresspass_'.$cookiehash]))) {
+        $user_login = $HTTP_COOKIE_VARS['wordpressuser_'.$cookiehash];
+        $user_pass_md5 = $HTTP_COOKIE_VARS['wordpresspass_'.$cookiehash];
     }
 
@@ -250 +250 @@
 
     if ( !(checklogin()) ) {
-        if (!empty($HTTP_COOKIE_VARS['wordpressuser'])) {
+        if (!empty($HTTP_COOKIE_VARS['wordpressuser_'.$cookiehash])) {
             $error="Error: wrong login/password"; //, or your session has expired.";
         }

trunk/wp-admin/b2profile.php

@@ -80 +80 @@
         $newuser_pass = $HTTP_POST_VARS["pass1"];
         $updatepassword = "user_pass='$newuser_pass', ";
-        setcookie("wordpresspass",md5($newuser_pass),time()+31536000);
+        setcookie("wordpresspass_".$cookiehash,md5($newuser_pass),time()+31536000);
     }
 
@@ -116 +116 @@
 
     $profiledata = get_userdata($user);
-    if ($HTTP_COOKIE_VARS['wordpressuser'] == $profiledata->user_login)
+    if ($HTTP_COOKIE_VARS['wordpressuser_'.$cookiehash] == $profiledata->user_login)
         header ('Location: b2profile.php');
     

trunk/wp-admin/b2verifauth.php

@@ -5 +5 @@
 /* checking login & pass in the database */
 function veriflog() {
-    global $HTTP_COOKIE_VARS;
+    global $HTTP_COOKIE_VARS,$cookiehash;
     global $tableusers, $wpdb;
 
-    if (!empty($HTTP_COOKIE_VARS["wordpressuser"])) {
-        $user_login = $HTTP_COOKIE_VARS["wordpressuser"];
-        $user_pass_md5 = $HTTP_COOKIE_VARS["wordpresspass"];
+    if (!empty($HTTP_COOKIE_VARS["wordpressuser_".$cookiehash])) {
+        $user_login = $HTTP_COOKIE_VARS["wordpressuser_".$cookiehash];
+        $user_pass_md5 = $HTTP_COOKIE_VARS["wordpresspass_".$cookiehash];
     } else {
         return false;
@@ -39 +39 @@
         header('Cache-Control: no-cache, must-revalidate');
         header('Pragma: no-cache');
-        if (!empty($HTTP_COOKIE_VARS["wordpressuser"])) {
+        if (!empty($HTTP_COOKIE_VARS["wordpressuser_".$cookiehash])) {
             $error="<strong>Error</strong>: wrong login or password";
         }

trunk/wp-admin/linkmanager.php

@@ -85 +85 @@
 }
 
-$links_show_cat_id = $HTTP_COOKIE_VARS["links_show_cat_id"];
-$links_show_order = $HTTP_COOKIE_VARS["links_show_order"];
+$links_show_cat_id = $HTTP_COOKIE_VARS["links_show_cat_id_".$cookiehash];
+$links_show_order = $HTTP_COOKIE_VARS["links_show_order_".$cookiehash];
 
 if ($action2 != '')
@@ -264 +264 @@
              " WHERE link_id=$link_id");
     } // end if save
-    setcookie('links_show_cat_id', $links_show_cat_id, time()+600);
+    setcookie('links_show_cat_id_'.$cookiehash, $links_show_cat_id, time()+600);
     header('Location: '.$this_file);
     break;
@@ -289 +289 @@
     }
     $links_show_cat_id = $cat_id;
-    setcookie("links_show_cat_id", $links_show_cat_id, time()+600);
+    setcookie("links_show_cat_id_".$cookiehash, $links_show_cat_id, time()+600);
     header('Location: '.$this_file);
     break;
@@ -442 +442 @@
     $links_show_order = $order_by;
 
-    setcookie('links_show_cat_id', $links_show_cat_id, time()+600);
-    setcookie('links_show_order', $links_show_order, time()+600);
+    setcookie('links_show_cat_id_'.$cookiehash, $links_show_cat_id, time()+600);
+    setcookie('links_show_order_'.$cookiehash, $links_show_order, time()+600);
     $standalone=0;
     include_once ("./b2header.php");

trunk/wp-pass.php

@@ -6 +6 @@
   -- Matt
 */
-
-setcookie('wp-postpass', $HTTP_POST_VARS['post_password'], time()+60*60*24*30);
+include_once('wp-config.php');
+setcookie('wp-postpass_'.$cookiehash, $HTTP_POST_VARS['post_password'], time()+60*60*24*30);
 header('Location: ' . $HTTP_SERVER_VARS['HTTP_REFERER']);
 

trunk/wp-settings.php

@@ -63 +63 @@
     $querystring_separator = '&';
     //}
+    // Used to guarantee unique cookies
+    $cookiehash = md5($siteurl);
+
 } //end !$_wp_installing
 ?>