Make WordPress Core


Ignore:
Timestamp:
06/11/2008 05:25:55 PM (17 years ago)
Author:
ryan
Message:

Introduce logged_in cookie. Deliver auth cookies only to wp-admin. see #7001

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/user.php

    r7742 r8069  
    11<?php
    22
    3 function wp_signon( $credentials = '' ) {
     3function wp_signon( $credentials = '', $secure_cookie = '' ) {
    44    if ( empty($credentials) ) {
    55        if ( ! empty($_POST['log']) )
     
    2222    do_action_ref_array('wp_authenticate', array(&$credentials['user_login'], &$credentials['user_password']));
    2323
     24    if ( '' === $secure_cookie )
     25        $secure_cookie = is_ssl() ? true : false;
     26   
    2427    // If no credential info provided, check cookie.
    2528    if ( empty($credentials['user_login']) && empty($credentials['user_password']) ) {
     
    2831                return new WP_User($user);
    2932
    30             if ( !empty($_COOKIE[AUTH_COOKIE]) )
     33            if ( $secure_cookie )
     34                $auth_cookie = SECURE_AUTH_COOKIE;
     35            else
     36                $auth_cookie = AUTH_COOKIE;
     37
     38            if ( !empty($_COOKIE[$auth_cookie]) )
    3139                return new WP_Error('expired_session', __('Please log in again.'));
    3240
     
    4957        return $user;
    5058
    51     wp_set_auth_cookie($user->ID, $credentials['remember']);
     59    wp_set_auth_cookie($user->ID, $credentials['remember'], $secure_cookie);
    5260    do_action('wp_login', $credentials['user_login']);
    5361    return $user;
Note: See TracChangeset for help on using the changeset viewer.