Changeset 6350 for trunk/wp-includes/pluggable.php
- Timestamp:
- 12/02/2007 05:14:11 AM (17 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/pluggable.php
r6346 r6350 308 308 309 309 $login = get_userdatabylogin($username); 310 //$login = $wpdb->get_row("SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$username'"); 311 312 if (!$login) { 310 311 if ( !$login || ($login->user_login != $username) ) { 313 312 $error = __('<strong>ERROR</strong>: Invalid username.'); 314 313 return false; 314 } 315 316 // If the password is already_md5, it has been double hashed. 317 // Otherwise, it is plain text. 318 if ( !$already_md5 ) { 319 if ( wp_check_password($password, $login->user_pass) ) { 320 // If using old md5 password, rehash. 321 if ( strlen($login->user_pass) <= 32 ) { 322 $hash = wp_hash_password($password); 323 $wpdb->query("UPDATE $wpdb->users SET user_pass = '$hash', user_activation_key = '' WHERE ID = '$login->ID'"); 324 wp_cache_delete($login->ID, 'users'); 325 } 326 327 return true; 328 } 315 329 } else { 316 // If the password is already_md5, it has been double hashed. 317 // Otherwise, it is plain text. 318 if ( ($already_md5 && md5($login->user_pass) == $password) || ($login->user_login == $username && $login->user_pass == md5($password)) ) { 330 if ( md5($login->user_pass) == $password ) 319 331 return true; 320 } else { 321 $error = __('<strong>ERROR</strong>: Incorrect password.'); 322 return false; 323 } 324 } 332 } 333 334 $error = __('<strong>ERROR</strong>: Incorrect password.'); 335 return false; 325 336 } 326 337 endif; … … 474 485 if ( !function_exists('wp_setcookie') ) : 475 486 function wp_setcookie($username, $password, $already_md5 = false, $home = '', $siteurl = '', $remember = false) { 476 if ( !$already_md5 ) 477 $password = md5( md5($password) ); // Double hash the password in the cookie. 487 $user = get_userdatabylogin($username); 488 if ( !$already_md5) { 489 $password = md5($user->user_pass); // Double hash the password in the cookie. 490 } 478 491 479 492 if ( empty($home) ) … … 701 714 endif; 702 715 716 if ( !function_exists('wp_hash_password') ) : 717 function wp_hash_password($password) { 718 global $wp_hasher; 719 720 if ( empty($wp_hasher) ) { 721 require_once( ABSPATH . 'wp-includes/class-phpass.php'); 722 // By default, use the portable hash from phpass 723 $wp_hasher = new PasswordHash(8, TRUE); 724 } 725 726 return $wp_hasher->HashPassword($password); 727 } 728 endif; 729 730 if ( !function_exists('wp_check_password') ) : 731 function wp_check_password($password, $hash) { 732 global $wp_hasher; 733 734 if ( strlen($hash) <= 32 ) 735 return ( $hash == md5($password) ); 736 737 // If the stored hash is longer than an MD5, presume the 738 // new style phpass portable hash. 739 if ( empty($wp_hasher) ) { 740 require_once( ABSPATH . 'wp-includes/class-phpass.php'); 741 // By default, use the portable hash from phpass 742 $wp_hasher = new PasswordHash(8, TRUE); 743 } 744 745 return $wp_hasher->CheckPassword($password, $hash); 746 } 747 endif; 748 703 749 ?>
Note: See TracChangeset
for help on using the changeset viewer.