WordPress.org

Make WordPress Core

Changeset 6385


Ignore:
Timestamp:
12/15/07 05:31:16 (7 years ago)
Author:
ryan
Message:

Pluggable random password generator from pishmishy. fixes #5401

Location:
trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/schema.php

    r6363 r6385  
    225225 
    226226    // 2.0.3 
    227     add_option('secret', md5(uniqid(microtime()))); 
     227    add_option('secret', wp_generate_password()); 
    228228 
    229229    // 2.1 
  • trunk/wp-admin/includes/upgrade.php

    r6363 r6385  
    3636    $user_id = username_exists($user_name); 
    3737    if ( !$user_id ) { 
    38         $random_password = substr(md5(uniqid(microtime())), 0, 6); 
     38        $random_password = wp_generate_password(); 
    3939        $user_id = wp_create_user($user_name, $random_password, $user_email); 
    4040    } else { 
  • trunk/wp-admin/options-writing.php

    r6026 r6385  
    6060<fieldset class="options"> 
    6161<legend><?php _e('Post via e-mail') ?></legend> 
    62 <p><?php printf(__('To post to WordPress by e-mail you must set up a secret e-mail account with POP3 access. Any mail received at this address will be posted, so it&#8217;s a good idea to keep this address very secret. Here are three random strings you could use: <code>%s</code>, <code>%s</code>, <code>%s</code>.'), substr(md5(uniqid(microtime())),0,5), substr(md5(uniqid(microtime())),0,5), substr(md5(uniqid(microtime())),0,5)) ?></p> 
     62<p><?php printf(__('To post to WordPress by e-mail you must set up a secret e-mail account with POP3 access. Any mail received at this address will be posted, so it&#8217;s a good idea to keep this address very secret. Here are three random strings you could use: <code>%s</code>, <code>%s</code>, <code>%s</code>.'), wp_generate_password(), wp_generate_password(), wp_generate_password()) ?></p> 
    6363 
    6464<table width="100%" cellspacing="2" cellpadding="5" class="optiontable editform"> 
  • trunk/wp-includes/pluggable.php

    r6364 r6385  
    745745endif; 
    746746 
     747if ( !function_exists('wp_generate_password') ) : 
     748/** 
     749 * Generates a random password drawn from the defined set of characters 
     750 * @return string the password 
     751 **/ 
     752function wp_generate_password() { 
     753    $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; 
     754    $length = 7; 
     755    $password = ''; 
     756    for ( $i = 0; $i < $length; $i++ ) 
     757        $password .= substr($chars, mt_rand(0, 61), 1); 
     758    return $password; 
     759} 
     760endif; 
    747761?> 
  • trunk/wp-login.php

    r6364 r6385  
    111111                do_action('retrieve_password', $user_login); 
    112112 
    113                 // Generate something random for a password... md5'ing current time with a rand salt 
     113                // Generate something random for a key... 
    114114                $key = substr( md5( uniqid( microtime() ) ), 0, 8); 
    115                 // Now insert the new pass md5'd into the db 
     115                // Now insert the new md5 key into the db 
    116116                $wpdb->query("UPDATE $wpdb->users SET user_activation_key = '$key' WHERE user_login = '$user_login'"); 
    117117                $message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n"; 
     
    183183    do_action('password_reset'); 
    184184 
    185     // Generate something random for a password... md5'ing current time with a rand salt 
    186     $new_pass = substr( md5( uniqid( microtime() ) ), 0, 7); 
     185    // Generate something random for a password... 
     186    $new_pass = wp_generate_password(); 
    187187    $new_hash = wp_hash_password($new_pass);  
    188188    $wpdb->query("UPDATE $wpdb->users SET user_pass = '$new_hash', user_activation_key = '' WHERE ID = '$user->ID'"); 
     
    242242 
    243243        if ( empty( $errors ) ) { 
    244             $user_pass = substr( md5( uniqid( microtime() ) ), 0, 7); 
     244            $user_pass = wp_generate_password(); 
    245245 
    246246            $user_id = wp_create_user( $user_login, $user_pass, $user_email ); 
Note: See TracChangeset for help on using the changeset viewer.