Changeset 8069 for trunk/wp-includes/pluggable.php
- Timestamp:
- 06/11/2008 05:25:55 PM (17 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/pluggable.php
r8058 r8069 101 101 102 102 if ( ! $user = wp_validate_auth_cookie() ) { 103 wp_set_current_user(0); 104 return false; 103 if ( empty($_COOKIE[LOGGED_IN_COOKIE]) || !$user = wp_validate_auth_cookie($_COOKIE[LOGGED_IN_COOKIE], 'logged_in') ) { 104 wp_set_current_user(0); 105 return false; 106 } 105 107 } 106 108 … … 466 468 * 467 469 * @param string $cookie Optional. If used, will validate contents instead of cookie's 470 * @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in 468 471 * @return bool|int False if invalid cookie, User ID if valid. 469 472 */ 470 function wp_validate_auth_cookie($cookie = '' ) {473 function wp_validate_auth_cookie($cookie = '', $scheme = 'auth') { 471 474 if ( empty($cookie) ) { 472 if ( is_ssl() ) 475 if ( is_ssl() ) { 473 476 $cookie_name = SECURE_AUTH_COOKIE; 474 else 477 $scheme = 'secure_auth'; 478 } else { 475 479 $cookie_name = AUTH_COOKIE; 480 $scheme = 'auth'; 481 } 476 482 477 483 if ( empty($_COOKIE[$cookie_name]) ) … … 496 502 return false; 497 503 498 $key = wp_hash($username . '|' . $expiration );504 $key = wp_hash($username . '|' . $expiration, $scheme); 499 505 $hash = hash_hmac('md5', $username . '|' . $expiration, $key); 500 506 … … 520 526 * @param int $user_id User ID 521 527 * @param int $expiration Cookie expiration in seconds 522 * @param bool $secure Whether the cookie is for https delivery only or not. Not used by default. For plugin use.528 * @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in 523 529 * @return string Authentication cookie contents 524 530 */ 525 function wp_generate_auth_cookie($user_id, $expiration, $s ecure = false) {531 function wp_generate_auth_cookie($user_id, $expiration, $scheme = 'auth') { 526 532 $user = get_userdata($user_id); 527 533 528 $key = wp_hash($user->user_login . '|' . $expiration );534 $key = wp_hash($user->user_login . '|' . $expiration, $scheme); 529 535 $hash = hash_hmac('md5', $user->user_login . '|' . $expiration, $key); 530 536 531 537 $cookie = $user->user_login . '|' . $expiration . '|' . $hash; 532 538 533 return apply_filters('auth_cookie', $cookie, $user_id, $expiration, $s ecure);539 return apply_filters('auth_cookie', $cookie, $user_id, $expiration, $scheme); 534 540 } 535 541 endif; … … 549 555 * @param bool $remember Whether to remember the user or not 550 556 */ 551 function wp_set_auth_cookie($user_id, $remember = false ) {557 function wp_set_auth_cookie($user_id, $remember = false, $secure = '') { 552 558 if ( $remember ) { 553 559 $expiration = $expire = time() + 1209600; … … 557 563 } 558 564 559 if ( is_ssl() ) { 560 $secure = true; 561 $cookie_name = SECURE_AUTH_COOKIE; 565 if ( '' === $secure ) 566 $secure = is_ssl() ? true : false; 567 568 if ( $secure ) { 569 $auth_cookie_name = SECURE_AUTH_COOKIE; 570 $scheme = 'secure_auth'; 562 571 } else { 563 $secure = false; 564 $cookie_name = AUTH_COOKIE; 565 } 566 567 $cookie = wp_generate_auth_cookie($user_id, $expiration, $secure); 568 569 do_action('set_auth_cookie', $cookie, $expire, $secure); 570 571 setcookie($cookie_name, $cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure); 572 $auth_cookie_name = AUTH_COOKIE; 573 $scheme = 'auth'; 574 } 575 576 $auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme); 577 $logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in'); 578 579 do_action('set_auth_cookie', $auth_cookie, $expire, $scheme); 580 do_action('set_auth_cookie', $logged_in_cookie, $expire, 'logged_in'); 581 582 setcookie($auth_cookie_name, $auth_cookie, $expire, SITECOOKIEPATH . 'wp-admin', COOKIE_DOMAIN, $secure); 583 setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN); 572 584 if ( COOKIEPATH != SITECOOKIEPATH ) 573 setcookie( $cookie_name, $cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure);585 setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN); 574 586 } 575 587 endif; … … 582 594 */ 583 595 function wp_clear_auth_cookie() { 584 setcookie(AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); 585 setcookie(AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN); 586 setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); 587 setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN); 596 setcookie(AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH . 'wp-admin', COOKIE_DOMAIN); 597 setcookie(AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH . 'wp-admin', COOKIE_DOMAIN); 598 setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH . 'wp-admin', COOKIE_DOMAIN); 599 setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH . 'wp-admin', COOKIE_DOMAIN); 600 setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); 601 setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN); 588 602 589 603 // Old cookies … … 622 636 // Checks if a user is logged in, if not redirects them to the login page 623 637 624 if ( is_ssl() || (defined('FORCE_SSL_LOGIN') && FORCE_SSL_LOGIN) )638 if ( is_ssl() || force_ssl_admin() ) 625 639 $secure = true; 626 640 else … … 629 643 // If https is required and request is http, redirect 630 644 if ( $secure && !is_ssl() ) { 631 if ( false !== strpos($_SERVER['REQUEST_URI'], 'http') ) {632 wp_redirect( str_replace('http://', 'https://', $_SERVER['REQUEST_URI']));645 if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) { 646 wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI'])); 633 647 exit(); 634 648 } else { … … 644 658 nocache_headers(); 645 659 646 $login_url = site_url( 'wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']), 'forceable' ); 660 if ( is_ssl() ) 661 $proto = 'https://'; 662 else 663 $proto = 'http://'; 664 665 $login_url = site_url( 'wp-login.php?redirect_to=' . urlencode($proto . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']), 'login' ); 647 666 648 667 wp_redirect($login_url); … … 972 991 $message = sprintf(__('Username: %s'), $user_login) . "\r\n"; 973 992 $message .= sprintf(__('Password: %s'), $plaintext_pass) . "\r\n"; 974 $message .= site_url("wp-login.php", ' forceable') . "\r\n";993 $message .= site_url("wp-login.php", 'login') . "\r\n"; 975 994 976 995 wp_mail($user_email, sprintf(__('[%s] Your username and password'), get_option('blogname')), $message); … … 1079 1098 * @return string Salt value from either 'SECRET_KEY' or 'secret' option 1080 1099 */ 1081 function wp_salt( ) {1100 function wp_salt($scheme = 'auth') { 1082 1101 global $wp_default_secret_key; 1083 1102 $secret_key = ''; … … 1085 1104 $secret_key = SECRET_KEY; 1086 1105 1087 if ( defined('SECRET_SALT') ) { 1088 $salt = SECRET_SALT; 1089 } else { 1090 $salt = get_option('secret'); 1091 if ( empty($salt) ) { 1092 $salt = wp_generate_password(); 1093 update_option('secret', $salt); 1106 if ( 'auth' == $scheme ) { 1107 if ( defined('AUTH_KEY') && ('' != AUTH_KEY) && ( $wp_default_secret_key != AUTH_KEY) ) 1108 $secret_key = AUTH_KEY; 1109 1110 if ( defined('AUTH_SALT') ) { 1111 $salt = AUTH_SALT; 1112 } elseif ( defined('SECRET_SALT') ) { 1113 $salt = SECRET_SALT; 1114 } else { 1115 $salt = get_option('auth_salt'); 1116 if ( empty($salt) ) { 1117 $salt = wp_generate_password(); 1118 update_option('auth_salt', $salt); 1119 } 1094 1120 } 1095 } 1096 1097 return apply_filters('salt', $secret_key . $salt); 1121 } elseif ( 'secure_auth' == $scheme ) { 1122 if ( defined('SECURE_AUTH_KEY') && ('' != SECURE_AUTH_KEY) && ( $wp_default_secret_key != SECURE_AUTH_KEY) ) 1123 $secret_key = SECURE_AUTH_KEY; 1124 1125 if ( defined('SECURE_AUTH_SALT') ) { 1126 $salt = SECRET_AUTH_SALT; 1127 } else { 1128 $salt = get_option('secure_auth_salt'); 1129 if ( empty($salt) ) { 1130 $salt = wp_generate_password(); 1131 update_option('secure_auth_salt', $salt); 1132 } 1133 } 1134 } elseif ( 'logged_in' == $scheme ) { 1135 if ( defined('LOGGED_IN_KEY') && ('' != LOGGED_IN_KEY) && ( $wp_default_secret_key != LOGGED_IN_KEY) ) 1136 $secret_key = LOGGED_IN_KEY; 1137 1138 if ( defined('LOGGED_IN_SALT') ) { 1139 $salt = LOGGED_IN_SALT; 1140 } else { 1141 $salt = get_option('logged_in_salt'); 1142 if ( empty($salt) ) { 1143 $salt = wp_generate_password(); 1144 update_option('logged_in_salt', $salt); 1145 } 1146 } 1147 } 1148 1149 return apply_filters('salt', $secret_key . $salt, $scheme); 1098 1150 } 1099 1151 endif; … … 1109 1161 * @return string Hash of $data 1110 1162 */ 1111 function wp_hash($data ) {1112 $salt = wp_salt( );1163 function wp_hash($data, $scheme = 'auth') { 1164 $salt = wp_salt($scheme); 1113 1165 1114 1166 return hash_hmac('md5', $data, $salt);
Note: See TracChangeset
for help on using the changeset viewer.