Changeset 6350
- Timestamp:
- 12/02/2007 05:14:11 AM (17 years ago)
- Location:
- trunk
- Files:
-
- 1 added
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/pluggable.php
r6346 r6350 308 308 309 309 $login = get_userdatabylogin($username); 310 //$login = $wpdb->get_row("SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$username'"); 311 312 if (!$login) { 310 311 if ( !$login || ($login->user_login != $username) ) { 313 312 $error = __('<strong>ERROR</strong>: Invalid username.'); 314 313 return false; 314 } 315 316 // If the password is already_md5, it has been double hashed. 317 // Otherwise, it is plain text. 318 if ( !$already_md5 ) { 319 if ( wp_check_password($password, $login->user_pass) ) { 320 // If using old md5 password, rehash. 321 if ( strlen($login->user_pass) <= 32 ) { 322 $hash = wp_hash_password($password); 323 $wpdb->query("UPDATE $wpdb->users SET user_pass = '$hash', user_activation_key = '' WHERE ID = '$login->ID'"); 324 wp_cache_delete($login->ID, 'users'); 325 } 326 327 return true; 328 } 315 329 } else { 316 // If the password is already_md5, it has been double hashed. 317 // Otherwise, it is plain text. 318 if ( ($already_md5 && md5($login->user_pass) == $password) || ($login->user_login == $username && $login->user_pass == md5($password)) ) { 330 if ( md5($login->user_pass) == $password ) 319 331 return true; 320 } else { 321 $error = __('<strong>ERROR</strong>: Incorrect password.'); 322 return false; 323 } 324 } 332 } 333 334 $error = __('<strong>ERROR</strong>: Incorrect password.'); 335 return false; 325 336 } 326 337 endif; … … 474 485 if ( !function_exists('wp_setcookie') ) : 475 486 function wp_setcookie($username, $password, $already_md5 = false, $home = '', $siteurl = '', $remember = false) { 476 if ( !$already_md5 ) 477 $password = md5( md5($password) ); // Double hash the password in the cookie. 487 $user = get_userdatabylogin($username); 488 if ( !$already_md5) { 489 $password = md5($user->user_pass); // Double hash the password in the cookie. 490 } 478 491 479 492 if ( empty($home) ) … … 701 714 endif; 702 715 716 if ( !function_exists('wp_hash_password') ) : 717 function wp_hash_password($password) { 718 global $wp_hasher; 719 720 if ( empty($wp_hasher) ) { 721 require_once( ABSPATH . 'wp-includes/class-phpass.php'); 722 // By default, use the portable hash from phpass 723 $wp_hasher = new PasswordHash(8, TRUE); 724 } 725 726 return $wp_hasher->HashPassword($password); 727 } 728 endif; 729 730 if ( !function_exists('wp_check_password') ) : 731 function wp_check_password($password, $hash) { 732 global $wp_hasher; 733 734 if ( strlen($hash) <= 32 ) 735 return ( $hash == md5($password) ); 736 737 // If the stored hash is longer than an MD5, presume the 738 // new style phpass portable hash. 739 if ( empty($wp_hasher) ) { 740 require_once( ABSPATH . 'wp-includes/class-phpass.php'); 741 // By default, use the portable hash from phpass 742 $wp_hasher = new PasswordHash(8, TRUE); 743 } 744 745 return $wp_hasher->CheckPassword($password, $hash); 746 } 747 endif; 748 703 749 ?> -
trunk/wp-includes/registration.php
r6346 r6350 55 55 } else { 56 56 $update = false; 57 // Password is not hashed when creating new user.58 $user_pass = md5($user_pass);57 // Hash the password 58 $user_pass = wp_hash_password($user_pass); 59 59 } 60 60 … … 157 157 if ( ! empty($userdata['user_pass']) ) { 158 158 $plaintext_pass = $userdata['user_pass']; 159 $userdata['user_pass'] = md5($userdata['user_pass']);159 $userdata['user_pass'] = wp_hash_password($userdata['user_pass']); 160 160 } 161 161 -
trunk/wp-includes/user.php
r6346 r6350 17 17 function user_pass_ok($user_login,$user_pass) { 18 18 $userdata = get_userdatabylogin($user_login); 19 20 return (md5($user_pass) == $userdata->user_pass); 19 return wp_check_password($user_pass, $userdata->user_pass); 21 20 } 22 21 -
trunk/wp-login.php
r6345 r6350 185 185 // Generate something random for a password... md5'ing current time with a rand salt 186 186 $new_pass = substr( md5( uniqid( microtime() ) ), 0, 7); 187 $wpdb->query("UPDATE $wpdb->users SET user_pass = MD5('$new_pass'), user_activation_key = '' WHERE user_login = '$user->user_login'"); 187 $new_hash = wp_hash_password($new_pass); 188 $wpdb->query("UPDATE $wpdb->users SET user_pass = '$new_hash', user_activation_key = '' WHERE ID = '$user->ID'"); 188 189 wp_cache_delete($user->ID, 'users'); 189 wp_cache_delete($user->user_login, 'userlogins');190 190 $message = sprintf(__('Username: %s'), $user->user_login) . "\r\n"; 191 191 $message .= sprintf(__('Password: %s'), $new_pass) . "\r\n";
Note: See TracChangeset
for help on using the changeset viewer.