WordPress.org

Make WordPress Core


Ignore:
Timestamp:
03/27/2008 10:44:47 PM (12 years ago)
Author:
ryan
Message:

Rehash old md5 hashes inside of wp_check_password() to make hashing more pluggable.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/pluggable.php

    r7461 r7555  
    432432    }
    433433
    434     if ( !wp_check_password($password, $user->user_pass) ) {
     434    if ( !wp_check_password($password, $user->user_pass, $user->ID) ) {
    435435        do_action( 'wp_login_failed', $username );
    436436        return new WP_Error('incorrect_password', __('<strong>ERROR</strong>: Incorrect password.'));
    437437    }
    438 
    439     // If using old md5 password, rehash.
    440     if ( strlen($user->user_pass) <= 32 )
    441         wp_set_password($password, $user->ID);
    442438
    443439    return new WP_User($user->ID);
     
    11351131 * @return bool False, if the $password does not match the hashed password
    11361132 */
    1137 function wp_check_password($password, $hash) {
     1133function wp_check_password($password, $hash, $user_id = '') {
    11381134    global $wp_hasher;
    11391135
    1140     if ( strlen($hash) <= 32 )
    1141         return ( $hash == md5($password) );
     1136    // If the hash is still md5...
     1137    if ( strlen($hash) <= 32 ) {
     1138        $check = ( $hash == md5($password) );
     1139        if ( $check && $user_id ) {
     1140            // Rehash using new hash.
     1141            wp_set_password($password, $user_id);
     1142            $hash = wp_hash_password($password);
     1143        }
     1144
     1145        return apply_filters('check_password', $check, $password, $hash, $user_id);
     1146    }
    11421147
    11431148    // If the stored hash is longer than an MD5, presume the
     
    11511156    $check = $wp_hasher->CheckPassword($password, $hash);
    11521157
    1153     return apply_filters('check_password', $check, $password, $hash);
     1158    return apply_filters('check_password', $check, $password, $hash, $user_id);
    11541159}
    11551160endif;
Note: See TracChangeset for help on using the changeset viewer.