wp_setcookie() and wp_clearcookie(). Set cookies for both siteurl and home if they are not the same. Update cookies whenever home or siteurl change.

git-svn-id: http://svn.automattic.com/wordpress/trunk@2107 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/options.php

@@ -27,7 +27,7 @@ if ($user_level < 6)
 switch($action) {
 
 case 'update':
-    $any_changed = 0;
+	$any_changed = 0;
     
 	if (!$_POST['page_options']) {
 		foreach ($_POST as $key => $value) {
@@ -40,6 +40,10 @@ case 'update':
 
     $options = $wpdb->get_results("SELECT $wpdb->options.option_id, option_name, option_type, option_value, option_admin_level FROM $wpdb->options WHERE option_name IN ($option_names)");
 
+		// Save for later.
+		$old_siteurl = get_settings('siteurl');
+		$old_home = get_settings('home');
+
 // HACK
 // Options that if not there have 0 value but need to be something like "closed"
     $nonbools = array('default_ping_status', 'default_comment_status');
@@ -56,8 +60,10 @@ case 'update':
                         $new_val = 0;
                 }
                 if( in_array($option->option_name, $nonbools) && $new_val == '0' ) $new_val = 'closed';
-                if ($new_val !== $old_val)
+                if ($new_val !== $old_val) {
                     $result = $wpdb->query("UPDATE $wpdb->options SET option_value = '$new_val' WHERE option_name = '$option->option_name'");
+										$any_changed++;
+								}
             }
         }
         unset($cache_settings); // so they will be re-read
@@ -65,14 +71,22 @@ case 'update':
     } // end if options
     
     if ($any_changed) {
-        $message = sprintf(__('%d setting(s) saved... '), $any_changed);
+			// If siteurl or home changed, reset cookies.
+			if ( get_settings('siteurl') != $old_siteurl || get_settings('home') != $old_home ) {
+				// Get currently logged in user and password.
+				get_currentuserinfo();
+				// Clear cookies for old paths.
+				wp_clearcookie();
+				// Set cookies for new paths.
+				wp_setcookie($user_login, $user_pass_md5, true, get_settings('home'), get_settings('siteurl'));
+			}
+
+			//$message = sprintf(__('%d setting(s) saved... '), $any_changed);
     }
     
-		//$referred = str_replace('?updated=true' , '', $_SERVER['HTTP_REFERER']);
 		$referred = remove_query_arg('updated' , $_SERVER['HTTP_REFERER']);
-		//$goback = str_replace('?updated=true', '', $_SERVER['HTTP_REFERER']) . '?updated=true';
 		$goback = add_query_arg('updated', 'true', $_SERVER['HTTP_REFERER']);
-	$goback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $goback);
+		$goback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $goback);
     header('Location: ' . $goback);
     break;
 

wp-admin/profile.php

@@ -62,8 +62,8 @@ case 'update':
 			die (__("<strong>ERROR</strong>: you typed two different passwords. Go back to correct that."));
 		$newuser_pass = $_POST["pass1"];
 		$updatepassword = "user_pass=MD5('$newuser_pass'), ";
-		setcookie('wordpresspass_' . COOKIEHASH, " ", time() - 31536000, COOKIEPATH);
-		setcookie('wordpresspass_' . COOKIEHASH, md5(md5($newuser_pass)), time() + 31536000, COOKIEPATH);
+		wp_clearcookie();
+		wp_setcookie($user_login, $newuser_pass);
 	}
 
 	$newuser_firstname = wp_specialchars($_POST['newuser_firstname']);

wp-includes/functions.php

@@ -1628,4 +1628,37 @@ function add_magic_quotes($array) {
 	return $array;
 }
 
+function wp_setcookie($username, $password, $already_md5 = false, $home = '', $siteurl = '') {
+	if ( ! $already_md5)
+		$password = md5(md5($password)); // Double hash the password in the cookie.
+
+	if (empty($home))
+		$cookiepath = COOKIEPATH;
+	else
+		$cookiepath = preg_replace('|https?://[^/]+|i', '', $home . '/' );
+
+	if (empty($siteurl)) {
+		$sitecookiepath = SITECOOKIEPATH;
+		$cookiehash = COOKIEHASH;
+	} else {
+		$sitecookiepath = preg_replace('|https?://[^/]+|i', '', $siteurl . '/' );
+		$cookiehash = md5($siteurl);
+	}
+
+	setcookie('wordpressuser_'. $cookiehash, $username, time() + 31536000, $cookiepath);
+	setcookie('wordpresspass_'. $cookiehash, $password, time() + 31536000, $cookiepath);
+
+	if ( $cookiepath != $sitecookiepath ) {
+		setcookie('wordpressuser_'. $cookiehash, $username, time() + 31536000, $sitecookiepath);
+		setcookie('wordpresspass_'. $cookiehash, $password, time() + 31536000, $sitecookiepath);
+	}
+}
+
+function wp_clearcookie() {
+	setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH);
+	setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH);
+	setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH);
+	setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH);
+}
+
 ?>

wp-includes/vars.php

@@ -113,6 +113,7 @@ foreach($wpsmiliestrans as $smiley => $img) {
 
 // Path for cookies
 define('COOKIEPATH', preg_replace('|https?://[^/]+|i', '', get_settings('home') . '/' ) );
+define('SITECOOKIEPATH', preg_replace('|https?://[^/]+|i', '', get_settings('siteurl') . '/' ) );
 
 // Some default filters
 add_filter('bloginfo','wp_specialchars');

wp-login.php

@@ -20,13 +20,11 @@ switch($action) {
 
 case 'logout':
 
-    setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH);
-    setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH);
+	wp_clearcookie();
 	header('Expires: Mon, 11 Jan 1984 05:00:00 GMT');
 	header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
 	header('Cache-Control: no-cache, must-revalidate, max-age=0');
 	header('Pragma: no-cache');
-
 	header('Location: wp-login.php');
 	exit();
 
@@ -134,9 +132,7 @@ default:
 
 		if ( wp_login($user_login, $user_pass, $using_cookie) ) {
 			if (! $using_cookie) {
-				$user_pass = md5(md5($user_pass)); // Double hash the password in the cookie.
-				setcookie('wordpressuser_'. COOKIEHASH, $user_login, time() + 31536000, COOKIEPATH);
-				setcookie('wordpresspass_'. COOKIEHASH, $user_pass, time() + 31536000, COOKIEPATH);
+				wp_setcookie($user_login, $user_pass);
 			}
 
 			header("Location: $redirect_to");