WordPress.org

Make WordPress Core

Changeset 6385


Ignore:
Timestamp:
12/15/2007 05:31:16 AM (10 years ago)
Author:
ryan
Message:

Pluggable random password generator from pishmishy. fixes #5401

Location:
trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/schema.php

    r6363 r6385  
    225225
    226226    // 2.0.3
    227     add_option('secret', md5(uniqid(microtime())));
     227    add_option('secret', wp_generate_password());
    228228
    229229    // 2.1
  • trunk/wp-admin/includes/upgrade.php

    r6363 r6385  
    3636    $user_id = username_exists($user_name);
    3737    if ( !$user_id ) {
    38         $random_password = substr(md5(uniqid(microtime())), 0, 6);
     38        $random_password = wp_generate_password();
    3939        $user_id = wp_create_user($user_name, $random_password, $user_email);
    4040    } else {
  • trunk/wp-admin/options-writing.php

    r6026 r6385  
    6060<fieldset class="options">
    6161<legend><?php _e('Post via e-mail') ?></legend>
    62 <p><?php printf(__('To post to WordPress by e-mail you must set up a secret e-mail account with POP3 access. Any mail received at this address will be posted, so it&#8217;s a good idea to keep this address very secret. Here are three random strings you could use: <code>%s</code>, <code>%s</code>, <code>%s</code>.'), substr(md5(uniqid(microtime())),0,5), substr(md5(uniqid(microtime())),0,5), substr(md5(uniqid(microtime())),0,5)) ?></p>
     62<p><?php printf(__('To post to WordPress by e-mail you must set up a secret e-mail account with POP3 access. Any mail received at this address will be posted, so it&#8217;s a good idea to keep this address very secret. Here are three random strings you could use: <code>%s</code>, <code>%s</code>, <code>%s</code>.'), wp_generate_password(), wp_generate_password(), wp_generate_password()) ?></p>
    6363
    6464<table width="100%" cellspacing="2" cellpadding="5" class="optiontable editform">
  • trunk/wp-includes/pluggable.php

    r6364 r6385  
    745745endif;
    746746
     747if ( !function_exists('wp_generate_password') ) :
     748/**
     749 * Generates a random password drawn from the defined set of characters
     750 * @return string the password
     751 **/
     752function wp_generate_password() {
     753    $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
     754    $length = 7;
     755    $password = '';
     756    for ( $i = 0; $i < $length; $i++ )
     757        $password .= substr($chars, mt_rand(0, 61), 1);
     758    return $password;
     759}
     760endif;
    747761?>
  • trunk/wp-login.php

    r6364 r6385  
    111111                do_action('retrieve_password', $user_login);
    112112
    113                 // Generate something random for a password... md5'ing current time with a rand salt
     113                // Generate something random for a key...
    114114                $key = substr( md5( uniqid( microtime() ) ), 0, 8);
    115                 // Now insert the new pass md5'd into the db
     115                // Now insert the new md5 key into the db
    116116                $wpdb->query("UPDATE $wpdb->users SET user_activation_key = '$key' WHERE user_login = '$user_login'");
    117117                $message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n";
     
    183183    do_action('password_reset');
    184184
    185     // Generate something random for a password... md5'ing current time with a rand salt
    186     $new_pass = substr( md5( uniqid( microtime() ) ), 0, 7);
     185    // Generate something random for a password...
     186    $new_pass = wp_generate_password();
    187187    $new_hash = wp_hash_password($new_pass);
    188188    $wpdb->query("UPDATE $wpdb->users SET user_pass = '$new_hash', user_activation_key = '' WHERE ID = '$user->ID'");
     
    242242
    243243        if ( empty( $errors ) ) {
    244             $user_pass = substr( md5( uniqid( microtime() ) ), 0, 7);
     244            $user_pass = wp_generate_password();
    245245
    246246            $user_id = wp_create_user( $user_login, $user_pass, $user_email );
Note: See TracChangeset for help on using the changeset viewer.