Some cookie validation hooks. fixes #7440

git-svn-id: http://svn.automattic.com/wordpress/trunk@8696 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-includes/pluggable.php

@@ -485,25 +485,12 @@ if ( !function_exists('wp_validate_auth_cookie') ) :
  * @return bool|int False if invalid cookie, User ID if valid.
  */
 function wp_validate_auth_cookie($cookie = '', $scheme = 'auth') {
-	if ( empty($cookie) ) {
+	if ( ! $cookie_elements = wp_parse_auth_cookie($cookie, $scheme) ) {
-		if ( is_ssl() ) {
+		do_action('auth_cookie_malformed', $cookie, $scheme);
-			$cookie_name = SECURE_AUTH_COOKIE;
+		return false;
-			$scheme = 'secure_auth';
-		} else {
-			$cookie_name = AUTH_COOKIE;
-			$scheme = 'auth';
 	}
 
-		if ( empty($_COOKIE[$cookie_name]) )
+	extract($cookie_elements, EXTR_OVERWRITE);
-			return false;
-		$cookie = $_COOKIE[$cookie_name];
-	}
-
-	$cookie_elements = explode('|', $cookie);
-	if ( count($cookie_elements) != 3 )
-		return false;
-
-	list($username, $expiration, $hmac) = $cookie_elements;
 
 	$expired = $expiration;
 
@@ -512,18 +499,26 @@ function wp_validate_auth_cookie($cookie = '', $scheme = 'auth') {
 		$expired += 3600;
 
 	// Quick check to see if an honest cookie has expired
-	if ( $expired < time() )
+	if ( $expired < time() ) {
+		do_action('auth_cookie_expired', $cookie_elements);
 		return false;
+	}
 
 	$key = wp_hash($username . '|' . $expiration, $scheme);
 	$hash = hash_hmac('md5', $username . '|' . $expiration, $key);
 
-	if ( $hmac != $hash )
+	if ( $hmac != $hash ) {
+		do_action('auth_cookie_bad_hash', $cookie_elements);
 		return false;
+	}
 
 	$user = get_userdatabylogin($username);
-	if ( ! $user )
+	if ( ! $user ) {
+		do_action('auth_cookie_bad_username', $cookie_elements);
 		return false;
+	}
+
+	do_action('auth_cookie_valid', $cookie_elements, $user);
 
 	return $user->ID;
 }
@@ -554,6 +549,41 @@ function wp_generate_auth_cookie($user_id, $expiration, $scheme = 'auth') {
 }
 endif;
 
+if ( !function_exists('wp_parse_auth_cookie') ) :
+/**
+ * Parse a cookie into its components
+ *
+ * @since 2.7
+ *
+ * @param string $cookie
+ * @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in
+ * @return array Authentication cookie components
+ */
+function wp_parse_auth_cookie($cookie = '', $scheme = 'auth') {
+	if ( empty($cookie) ) {
+		if ( is_ssl() ) {
+			$cookie_name = SECURE_AUTH_COOKIE;
+			$scheme = 'secure_auth';
+		} else {
+			$cookie_name = AUTH_COOKIE;
+			$scheme = 'auth';
+		}
+
+		if ( empty($_COOKIE[$cookie_name]) )
+			return false;
+		$cookie = $_COOKIE[$cookie_name];
+	}
+
+	$cookie_elements = explode('|', $cookie);
+	if ( count($cookie_elements) != 3 )
+		return false;
+
+	list($username, $expiration, $hmac) = $cookie_elements;
+
+	return compact('username', 'expiration', 'hmac', 'scheme');
+}
+endif;
+
 if ( !function_exists('wp_set_auth_cookie') ) :
 /**
  * Sets the authentication cookies based User ID.
@@ -607,6 +637,8 @@ if ( !function_exists('wp_clear_auth_cookie') ) :
  * @since 2.5
  */
 function wp_clear_auth_cookie() {
+	do_action('clear_auth_cookie');
+
 	setcookie(AUTH_COOKIE, ' ', time() - 31536000, ADMIN_COOKIE_PATH, COOKIE_DOMAIN);
 	setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, ADMIN_COOKIE_PATH, COOKIE_DOMAIN);
 	setcookie(AUTH_COOKIE, ' ', time() - 31536000, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN);