WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Cookies are now unique, based on siteurl, allowing multiple installs under a single domain name. 

git-svn-id: http://svn.automattic.com/wordpress/trunk@458 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
emc3 2003-10-20 20:53:13 +00:00
parent 9b49dac1c4
commit 45fe889b00
11 changed files with 45 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
b2-include/b2functions.php
View File

@ -380,9 +380,9 @@ function user_pass_ok($user_login,$user_pass) {
} }
function get_currentuserinfo() { // a bit like get_userdata(), on steroids function get_currentuserinfo() { // a bit like get_userdata(), on steroids
global $HTTP_COOKIE_VARS, $user_login, $userdata, $user_level, $user_ID, $user_nickname, $user_email, $user_url, $user_pass_md5; global $HTTP_COOKIE_VARS, $user_login, $userdata, $user_level, $user_ID, $user_nickname, $user_email, $user_url, $user_pass_md5, $cookiehash;
// *** retrieving user's data from cookies and db - no spoofing // *** retrieving user's data from cookies and db - no spoofing
$user_login = $HTTP_COOKIE_VARS['wordpressuser']; $user_login = $HTTP_COOKIE_VARS['wordpressuser_'.$cookiehash];
$userdata = get_userdatabylogin($user_login); $userdata = get_userdatabylogin($user_login);
$user_level = $userdata->user_level; $user_level = $userdata->user_level;
$user_ID = $userdata->ID; $user_ID = $userdata->ID;

12
b2-include/b2template.functions.php
View File

@ -598,13 +598,13 @@ function the_content_unicode($more_link_text='(more...)', $stripteaser=0, $more_
function get_the_content($more_link_text='(more...)', $stripteaser=0, $more_file='') { function get_the_content($more_link_text='(more...)', $stripteaser=0, $more_file='') {
global $id, $post, $more, $c, $withcomments, $page, $pages, $multipage, $numpages; global $id, $post, $more, $c, $withcomments, $page, $pages, $multipage, $numpages;
global $HTTP_SERVER_VARS, $HTTP_COOKIE_VARS, $preview; global $HTTP_SERVER_VARS, $HTTP_COOKIE_VARS, $preview, $cookiehash;
global $querystring_start, $querystring_equal, $querystring_separator; global $querystring_start, $querystring_equal, $querystring_separator;
global $pagenow; global $pagenow;
$output = ''; $output = '';
if (!empty($post->post_password)) { // if there's a password if (!empty($post->post_password)) { // if there's a password
if ($HTTP_COOKIE_VARS['wp-postpass'] != $post->post_password) { // and it doesn't match the cookie if ($HTTP_COOKIE_VARS['wp-postpass_'.$cookiehash] != $post->post_password) { // and it doesn't match the cookie
$output = get_the_password_form(); $output = get_the_password_form();
return $output; return $output;
} }
@ -692,11 +692,11 @@ function the_excerpt_unicode() {
function get_the_excerpt($fakeit = false) { function get_the_excerpt($fakeit = false) {
global $id, $post; global $id, $post;
global $HTTP_SERVER_VARS, $HTTP_COOKIE_VARS, $preview; global $HTTP_SERVER_VARS, $HTTP_COOKIE_VARS, $preview, $cookiehash;
$output = ''; $output = '';
$output = stripslashes($post->post_excerpt); $output = stripslashes($post->post_excerpt);
if (!empty($post->post_password)) { // if there's a password if (!empty($post->post_password)) { // if there's a password
if ($HTTP_COOKIE_VARS['wp-postpass'] != $post->post_password) { // and it doesn't match the cookie if ($HTTP_COOKIE_VARS['wp-postpass_'.$cookiehash] != $post->post_password) { // and it doesn't match the cookie
$output = "There is no excerpt because this is a protected post."; $output = "There is no excerpt because this is a protected post.";
return $output; return $output;
} }
@ -1173,7 +1173,7 @@ function comments_popup_script($width=400, $height=400, $file='b2commentspopup.p
} }
function comments_popup_link($zero='No Comments', $one='1 Comment', $more='% Comments', $CSSclass='', $none='Comments Off') { function comments_popup_link($zero='No Comments', $one='1 Comment', $more='% Comments', $CSSclass='', $none='Comments Off') {
global $id, $b2commentspopupfile, $b2commentsjavascript, $post, $wpdb, $tablecomments, $HTTP_COOKIE_VARS; global $id, $b2commentspopupfile, $b2commentsjavascript, $post, $wpdb, $tablecomments, $HTTP_COOKIE_VARS, $cookiehash;
global $querystring_start, $querystring_equal, $querystring_separator, $siteurl; global $querystring_start, $querystring_equal, $querystring_separator, $siteurl;
$number = $wpdb->get_var("SELECT COUNT(*) FROM $tablecomments WHERE comment_post_ID = $id"); $number = $wpdb->get_var("SELECT COUNT(*) FROM $tablecomments WHERE comment_post_ID = $id");
if (0 == $number && 'closed' == $post->comment_status) { if (0 == $number && 'closed' == $post->comment_status) {
@ -1181,7 +1181,7 @@ function comments_popup_link($zero='No Comments', $one='1 Comment', $more='% Com
return; return;
} else { } else {
if (!empty($post->post_password)) { // if there's a password if (!empty($post->post_password)) { // if there's a password
if ($HTTP_COOKIE_VARS['wp-postpass'] != $post->post_password) { // and it doesn't match the cookie if ($HTTP_COOKIE_VARS['wp-postpass_'.$cookiehash] != $post->post_password) { // and it doesn't match the cookie
echo("Enter your password to view comments"); echo("Enter your password to view comments");
return; return;
} }

8
b2comments.php
View File

@ -4,15 +4,15 @@
if (($withcomments) or ($c)) { if (($withcomments) or ($c)) {
if (!empty($post->post_password)) { // if there's a password if (!empty($post->post_password)) { // if there's a password
if ($HTTP_COOKIE_VARS['wp-postpass'] != $post->post_password) { // and it doesn't match the cookie if ($HTTP_COOKIE_VARS['wp-postpass_'.$cookiehash] != $post->post_password) { // and it doesn't match the cookie
echo("<p>Enter your password to view comments.<p>"); echo("<p>Enter your password to view comments.<p>");
return; return;
} }
} }
$comment_author = trim($HTTP_COOKIE_VARS["comment_author"]); $comment_author = trim($HTTP_COOKIE_VARS["comment_author_".$cookiehash]);
$comment_author_email = trim($HTTP_COOKIE_VARS["comment_author_email"]); $comment_author_email = trim($HTTP_COOKIE_VARS["comment_author_email_".$cookiehash]);
$comment_author_url = trim($HTTP_COOKIE_VARS["comment_author_url"]); $comment_author_url = trim($HTTP_COOKIE_VARS["comment_author_url_".$cookiehash]);
$comments = $wpdb->get_results("SELECT * FROM $tablecomments WHERE comment_post_ID = $id ORDER BY comment_date"); $comments = $wpdb->get_results("SELECT * FROM $tablecomments WHERE comment_post_ID = $id ORDER BY comment_date");
?> ?>

6
b2comments.post.php
View File

@ -118,9 +118,9 @@ if ($ok) { // if there was no comment from this IP in the last 10 seconds
if ($url == '') if ($url == '')
$url = ' '; // this to make sure a cookie is set for 'no url' $url = ' '; // this to make sure a cookie is set for 'no url'
setcookie('comment_author', $author, time()+30000000); setcookie('comment_author_'.$cookiehash, $author, time()+30000000);
setcookie('comment_author_email', $email, time()+30000000); setcookie('comment_author_email_'.$cookiehash, $email, time()+30000000);
setcookie('comment_author_url', $url, time()+30000000); setcookie('comment_author_url_'.$cookiehash, $url, time()+30000000);
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT'); header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');

2
b2commentspopup.php
View File

@ -31,7 +31,7 @@ foreach ($posts as $post) { start_b2();
<?php /* this line is b2's motor, do not delete it */ <?php /* this line is b2's motor, do not delete it */
$comments = $wpdb->get_results("SELECT * FROM $tablecomments WHERE comment_post_ID = $id ORDER BY comment_date"); $comments = $wpdb->get_results("SELECT * FROM $tablecomments WHERE comment_post_ID = $id ORDER BY comment_date");
$commentstatus = $wpdb->get_row("SELECT comment_status, post_password FROM $tableposts WHERE ID = $id"); $commentstatus = $wpdb->get_row("SELECT comment_status, post_password FROM $tableposts WHERE ID = $id");
if (!empty($commentstatus->post_password) && $HTTP_COOKIE_VARS['wp-postpass'] != $commentstatus->post_password) { // and it doesn't match the cookie if (!empty($commentstatus->post_password) && $HTTP_COOKIE_VARS['wp-postpass_'.$cookiehash] != $commentstatus->post_password) { // and it doesn't match the cookie
echo("<li>".get_the_password_form()."</li></ol>"); echo("<li>".get_the_password_form()."</li></ol>");
} }
else { else {

22
b2login.php
View File

@ -44,8 +44,8 @@ switch($action) {
case 'logout': case 'logout':
setcookie('wordpressuser'); setcookie('wordpressuser_'.$cookiehash);
setcookie('wordpresspass'); setcookie('wordpresspass_'.$cookiehash);
header('Expires: Wed, 11 Jan 1984 05:00:00 GMT'); header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-cache, must-revalidate'); header('Cache-Control: no-cache, must-revalidate');
@ -122,14 +122,14 @@ case 'login':
} else { } else {
$user_login = $log; $user_login = $log;
$user_pass = $pwd; $user_pass = $pwd;
setcookie('wordpressuser', $user_login, time()+31536000); setcookie('wordpressuser_'.$cookiehash, $user_login, time()+31536000);
if ($pass_is_md5) { if ($pass_is_md5) {
setcookie('wordpresspass', $user_pass, time()+31536000); setcookie('wordpresspass_'.$cookiehash, $user_pass, time()+31536000);
} else { } else {
setcookie('wordpresspass', md5($user_pass), time()+31536000); setcookie('wordpresspass_'.$cookiehash, md5($user_pass), time()+31536000);
} }
if (empty($HTTP_COOKIE_VARS['wordpressblogid'])) { if (empty($HTTP_COOKIE_VARS['wordpressblogid_'.$cookiehash])) {
setcookie('wordpressblogid', 1,time()+31536000); setcookie('wordpressblogid_'.$cookiehash, 1,time()+31536000);
} }
header('Expires: Wed, 11 Jan 1984 05:00:00 GMT'); header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
@ -231,9 +231,9 @@ break;
default: default:
if((!empty($HTTP_COOKIE_VARS['wordpressuser'])) && (!empty($HTTP_COOKIE_VARS['wordpresspass']))) { if((!empty($HTTP_COOKIE_VARS['wordpressuser_'.$cookiehash])) && (!empty($HTTP_COOKIE_VARS['wordpresspass_'.$cookiehash]))) {
$user_login = $HTTP_COOKIE_VARS['wordpressuser']; $user_login = $HTTP_COOKIE_VARS['wordpressuser_'.$cookiehash];
$user_pass_md5 = $HTTP_COOKIE_VARS['wordpresspass']; $user_pass_md5 = $HTTP_COOKIE_VARS['wordpresspass_'.$cookiehash];
} }
function checklogin() { function checklogin() {
@ -249,7 +249,7 @@ default:
} }
if ( !(checklogin()) ) { if ( !(checklogin()) ) {
if (!empty($HTTP_COOKIE_VARS['wordpressuser'])) { if (!empty($HTTP_COOKIE_VARS['wordpressuser_'.$cookiehash])) {
$error="Error: wrong login/password"; //, or your session has expired."; $error="Error: wrong login/password"; //, or your session has expired.";
} }
} else { } else {

4
wp-admin/b2profile.php
View File

@ -79,7 +79,7 @@ case 'update':
die ("<strong>ERROR</strong>: you typed two different passwords. Go back to correct that."); die ("<strong>ERROR</strong>: you typed two different passwords. Go back to correct that.");
$newuser_pass = $HTTP_POST_VARS["pass1"]; $newuser_pass = $HTTP_POST_VARS["pass1"];
$updatepassword = "user_pass='$newuser_pass', "; $updatepassword = "user_pass='$newuser_pass', ";
setcookie("wordpresspass",md5($newuser_pass),time()+31536000); setcookie("wordpresspass_".$cookiehash,md5($newuser_pass),time()+31536000);
} }
$newuser_firstname=addslashes($HTTP_POST_VARS["newuser_firstname"]); $newuser_firstname=addslashes($HTTP_POST_VARS["newuser_firstname"]);
@ -115,7 +115,7 @@ case 'viewprofile':
require_once('b2verifauth.php'); require_once('b2verifauth.php');
$profiledata = get_userdata($user); $profiledata = get_userdata($user);
if ($HTTP_COOKIE_VARS['wordpressuser'] == $profiledata->user_login) if ($HTTP_COOKIE_VARS['wordpressuser_'.$cookiehash] == $profiledata->user_login)
header ('Location: b2profile.php'); header ('Location: b2profile.php');
$profile = 1; $profile = 1;

10
wp-admin/b2verifauth.php
View File

@ -4,12 +4,12 @@ require_once('../wp-config.php');
/* checking login & pass in the database */ /* checking login & pass in the database */
function veriflog() { function veriflog() {
global $HTTP_COOKIE_VARS; global $HTTP_COOKIE_VARS,$cookiehash;
global $tableusers, $wpdb; global $tableusers, $wpdb;
if (!empty($HTTP_COOKIE_VARS["wordpressuser"])) { if (!empty($HTTP_COOKIE_VARS["wordpressuser_".$cookiehash])) {
$user_login = $HTTP_COOKIE_VARS["wordpressuser"]; $user_login = $HTTP_COOKIE_VARS["wordpressuser_".$cookiehash];
$user_pass_md5 = $HTTP_COOKIE_VARS["wordpresspass"]; $user_pass_md5 = $HTTP_COOKIE_VARS["wordpresspass_".$cookiehash];
} else { } else {
return false; return false;
} }
@ -38,7 +38,7 @@ function veriflog() {
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-cache, must-revalidate'); header('Cache-Control: no-cache, must-revalidate');
header('Pragma: no-cache'); header('Pragma: no-cache');
if (!empty($HTTP_COOKIE_VARS["wordpressuser"])) { if (!empty($HTTP_COOKIE_VARS["wordpressuser_".$cookiehash])) {
$error="<strong>Error</strong>: wrong login or password"; $error="<strong>Error</strong>: wrong login or password";
} }
header("Location: $siteurl/b2login.php"); header("Location: $siteurl/b2login.php");

12
wp-admin/linkmanager.php
View File

@ -84,8 +84,8 @@ for ($i=0; $i<count($b2varstoreset); $i += 1) {
} }
} }
$links_show_cat_id = $HTTP_COOKIE_VARS["links_show_cat_id"]; $links_show_cat_id = $HTTP_COOKIE_VARS["links_show_cat_id_".$cookiehash];
$links_show_order = $HTTP_COOKIE_VARS["links_show_order"]; $links_show_order = $HTTP_COOKIE_VARS["links_show_order_".$cookiehash];
if ($action2 != '') if ($action2 != '')
$action = $action2; $action = $action2;
@ -263,7 +263,7 @@ switch ($action) {
" link_notes='" . addslashes($link_notes) . "'\n" . " link_notes='" . addslashes($link_notes) . "'\n" .
" WHERE link_id=$link_id"); " WHERE link_id=$link_id");
} // end if save } // end if save
setcookie('links_show_cat_id', $links_show_cat_id, time()+600); setcookie('links_show_cat_id_'.$cookiehash, $links_show_cat_id, time()+600);
header('Location: '.$this_file); header('Location: '.$this_file);
break; break;
} // end Save } // end Save
@ -288,7 +288,7 @@ switch ($action) {
$cat_id = 'All'; $cat_id = 'All';
} }
$links_show_cat_id = $cat_id; $links_show_cat_id = $cat_id;
setcookie("links_show_cat_id", $links_show_cat_id, time()+600); setcookie("links_show_cat_id_".$cookiehash, $links_show_cat_id, time()+600);
header('Location: '.$this_file); header('Location: '.$this_file);
break; break;
} // end Delete } // end Delete
@ -441,8 +441,8 @@ switch ($action) {
$order_by = 'order_name'; $order_by = 'order_name';
$links_show_order = $order_by; $links_show_order = $order_by;
setcookie('links_show_cat_id', $links_show_cat_id, time()+600); setcookie('links_show_cat_id_'.$cookiehash, $links_show_cat_id, time()+600);
setcookie('links_show_order', $links_show_order, time()+600); setcookie('links_show_order_'.$cookiehash, $links_show_order, time()+600);
$standalone=0; $standalone=0;
include_once ("./b2header.php"); include_once ("./b2header.php");
if ($user_level < get_settings('links_minadminlevel')) { if ($user_level < get_settings('links_minadminlevel')) {

4
wp-pass.php
View File

@ -5,8 +5,8 @@
It doesn't need to connect to the DB, or do anything fancy at all. Yum. It doesn't need to connect to the DB, or do anything fancy at all. Yum.
-- Matt -- Matt
*/ */
include_once('wp-config.php');
setcookie('wp-postpass', $HTTP_POST_VARS['post_password'], time()+60*60*24*30); setcookie('wp-postpass_'.$cookiehash, $HTTP_POST_VARS['post_password'], time()+60*60*24*30);
header('Location: ' . $HTTP_SERVER_VARS['HTTP_REFERER']); header('Location: ' . $HTTP_SERVER_VARS['HTTP_REFERER']);
?> ?>

3
wp-settings.php
View File

@ -62,5 +62,8 @@ if (!$_wp_installing) {
$querystring_equal = '='; $querystring_equal = '=';
$querystring_separator = '&amp;'; $querystring_separator = '&amp;';
//} //}
// Used to guarantee unique cookies
$cookiehash = md5($siteurl);
} //end !$_wp_installing } //end !$_wp_installing
?> ?>