Changeset 850
- Timestamp:
- 02/09/2004 09:56:57 AM (21 years ago)
- Location:
- trunk
- Files:
-
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/auth.php
r601 r850 3 3 require_once('../wp-config.php'); 4 4 5 /* checking login & pass in the database */5 /* Checking login & pass in the database */ 6 6 function veriflog() { 7 7 global $HTTP_COOKIE_VARS,$cookiehash; … … 32 32 } 33 33 } 34 //if ( $user_login!="" && $user_pass!="" && $id_session!="" && $adresse_ip==$REMOTE_ADDR) { 35 // if ( !(veriflog()) AND !(verifcookielog()) ) { 36 if (!(veriflog())) { 37 header('Expires: Wed, 11 Jan 1984 05:00:00 GMT'); 38 header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); 39 header('Cache-Control: no-cache, must-revalidate'); 40 header('Pragma: no-cache'); 41 if (!empty($HTTP_COOKIE_VARS["wordpressuser_".$cookiehash])) { 42 $error="<strong>Error</strong>: wrong login or password"; 43 } 44 $redir = "Location: $siteurl/wp-login.php?redirect_to=" . urlencode($HTTP_SERVER_VARS["REQUEST_URI"]); 45 header($redir); 46 exit(); 34 35 if ( !veriflog() ) { 36 header('Expires: Wed, 11 Jan 1984 05:00:00 GMT'); 37 header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); 38 header('Cache-Control: no-cache, must-revalidate'); 39 header('Pragma: no-cache'); 40 if (!empty($HTTP_COOKIE_VARS["wordpressuser_".$cookiehash])) { 41 $error="<strong>Error</strong>: wrong login or password."; 47 42 } 48 //} 43 $redir = "Location: $siteurl/wp-login.php?redirect_to=" . urlencode($HTTP_SERVER_VARS["REQUEST_URI"]); 44 header($redir); 45 exit(); 46 } 47 49 48 ?> -
trunk/wp-admin/profile.php
r818 r850 76 76 die ("<strong>ERROR</strong>: you typed two different passwords. Go back to correct that."); 77 77 $newuser_pass = $HTTP_POST_VARS["pass1"]; 78 $updatepassword = "user_pass= '$newuser_pass', ";78 $updatepassword = "user_pass=MD5('$newuser_pass'), "; 79 79 setcookie("wordpresspass_".$cookiehash,md5($newuser_pass),time()+31536000); 80 80 } … … 345 345 346 346 /* </Profile | My Profile> */ 347 include('admin-footer.php') ?> 347 include('admin-footer.php'); 348 ?> -
trunk/wp-admin/upgrade-functions.php
r821 r850 680 680 maybe_add_column($tableusers, 'user_status', "ALTER TABLE `$tableusers` ADD `user_status` INT DEFAULT '0' NOT NULL ;"); 681 681 $wpdb->query("ALTER TABLE `$tableposts` CHANGE `comment_status` `comment_status` ENUM( 'open', 'closed', 'registered_only' ) DEFAULT 'open' NOT NULL"); 682 682 683 // Convert passwords to MD5 and update table appropiately 684 $query = 'DESCRIBE wp_users user_pass'; 685 $res = $wpdb->get_results($query); 686 if ($res[0]['Type'] != 'varchar(32)') { 687 $wpdb->query('ALTER TABLE wp_users MODIFY user_pass varchar(64) not null'); 688 } 689 690 $query = 'SELECT ID, user_pass from wp_users'; 691 foreach ($wpdb->get_results($query) as $row) { 692 if (!preg_match('/^[A-Fa-f0-9]{32}$/', $row->user_pass)) { 693 $wpdb->query('UPDATE wp_users SET user_pass = MD5(\''.$row->user_pass.'\') WHERE ID = \''.$row->ID.'\''); 694 } 695 } 683 696 } 684 697 -
trunk/wp-admin/users.php
r783 r850 74 74 (user_login, user_pass, user_nickname, user_email, user_ip, user_domain, user_browser, dateYMDhour, user_level, user_idmode, user_firstname, user_lastname) 75 75 VALUES 76 ('$user_login', '$pass1', '$user_nickname', '$user_email', '$user_ip', '$user_domain', '$user_browser', '$now', '$new_users_can_blog', 'nickname', '$user_firstname', '$user_lastname')");76 ('$user_login', MD5('$pass1'), '$user_nickname', '$user_email', '$user_ip', '$user_domain', '$user_browser', '$now', '$new_users_can_blog', 'nickname', '$user_firstname', '$user_lastname')"); 77 77 78 78 if ($result == false) { -
trunk/wp-login.php
r820 r850 60 60 61 61 if(!empty($HTTP_POST_VARS)) { 62 $log = $HTTP_POST_VARS[ "log"];63 $pwd = $HTTP_POST_VARS[ "pwd"];64 $redirect_to = $HTTP_POST_VARS[ "redirect_to"];62 $log = $HTTP_POST_VARS['log']; 63 $pwd = $HTTP_POST_VARS['pwd']; 64 $redirect_to = $HTTP_POST_VARS['redirect_to']; 65 65 } 66 66 … … 75 75 global $tableusers, $pass_is_md5; 76 76 $user_login = &$log; 77 $pwd = md5($pwd); 77 78 $password = &$pwd; 78 79 if (!$user_login) { 79 $error ="<strong>ERROR</strong>: the login field is empty";80 $error = '<strong>Error</strong>: the login field is empty.'; 80 81 return false; 81 82 } 82 83 83 84 if (!$password) { 84 $error="<strong>ERROR</strong>: the password field is empty"; 85 return false; 86 } 87 88 if ('md5:' == substr($password, 0, 4)) { 89 $pass_is_md5 = 1; 90 $password = substr($password, 4, strlen($password)); 91 $query = "SELECT ID, user_login, user_pass FROM $tableusers WHERE user_login = '$user_login' AND MD5(user_pass) = '$password'"; 92 } else { 93 $pass_is_md5 = 0; 94 $query = "SELECT ID, user_login, user_pass FROM $tableusers WHERE user_login = '$user_login' AND user_pass = '$password'"; 95 } 85 $error = '<strong>Error</strong>: the password field is empty.'; 86 return false; 87 } 88 89 $query = "SELECT ID, user_login, user_pass FROM $tableusers WHERE user_login = '$user_login' AND user_pass = '$password'"; 90 96 91 $login = $wpdb->get_row($query); 97 92 98 93 if (!$login) { 99 $error = '< b>ERROR</b>: wrong login or password';94 $error = '<strong>Error</strong>: wrong login or password.'; 100 95 $pwd = ''; 101 96 return false; 102 97 } else { 103 98 $user_ID = $login->ID; 104 if (($pass_is_md5 == 0 && $login->user_login == $user_login && $login->user_pass == $password) || ($pass_is_md5 == 1 && $login->user_login == $user_login && md5($login->user_pass) == $password)) {99 if (($pass_is_md5 == 0 && $login->user_login == $user_login && $login->user_pass == $password) || ($pass_is_md5 == 1 && $login->user_login == $user_login && $login->user_pass == md5($password))) { 105 100 return true; 106 101 } else { 107 $error = '< b>ERROR</b>: wrong login or password';102 $error = '<strong>Error</strong>: wrong login or password.'; 108 103 $pwd = ''; 109 104 return false; … … 127 122 $user_pass = $pwd; 128 123 setcookie('wordpressuser_'.$cookiehash, $user_login, time()+31536000); 129 if ($pass_is_md5) { 130 setcookie('wordpresspass_'.$cookiehash, $user_pass, time()+31536000); 131 } else { 132 setcookie('wordpresspass_'.$cookiehash, md5($user_pass), time()+31536000); 133 } 124 setcookie('wordpresspass_'.$cookiehash, md5($user_pass), time()+31536000); 134 125 if (empty($HTTP_COOKIE_VARS['wordpressblogid_'.$cookiehash])) { 135 126 setcookie('wordpressblogid_'.$cookiehash, 1,time()+31536000); … … 228 219 echo "<p>The email was sent successfully to $user_login's email address.<br /> 229 220 <a href='wp-login.php' title='Check your email first, of course'>Click here to login!</a></p>"; 221 // send a copy of password change notification to the admin 222 mail($admin_email, "[$blogname] Password Lost/Change", "Password Lost and Changed for user: $user_login"); 230 223 die(); 231 224 } -
trunk/wp-register.php
r642 r850 93 93 (user_login, user_pass, user_nickname, user_email, user_ip, user_domain, user_browser, dateYMDhour, user_level, user_idmode) 94 94 VALUES 95 ('$user_login', '$pass1', '$user_nickname', '$user_email', '$user_ip', '$user_domain', '$user_browser', '$now', '$new_users_can_blog', 'nickname')");95 ('$user_login', MD5('$pass1'), '$user_nickname', '$user_email', '$user_ip', '$user_domain', '$user_browser', '$now', '$new_users_can_blog', 'nickname')"); 96 96 97 97 if ($result == false) {
Note: See TracChangeset
for help on using the changeset viewer.