diff --git a/wp-admin/auth.php b/wp-admin/auth.php
index 07bff18f4b..a00b8b3458 100644
--- a/wp-admin/auth.php
+++ b/wp-admin/auth.php
@@ -1,48 +1,13 @@
get_row("SELECT user_login, user_pass FROM $wpdb->users WHERE user_login = '$user_login'");
-
- if (!$login) {
- return false;
-
- } else {
- if ($login->user_login == $user_login && md5($login->user_pass) == $user_pass_md5) {
- return true;
- } else {
- return false;
- }
- }
-}
-
-if ( !veriflog() ) {
+if ( !empty($_COOKIE['wordpressuser_' . COOKIEHASH]) && !wp_login($_COOKIE['wordpressuser_' . COOKIEHASH], $_COOKIE['wordpresspass_' . COOKIEHASH) ) {
header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-cache, must-revalidate');
header('Pragma: no-cache');
- if (!empty($_COOKIE['wordpressuser_' . $cookiehash])) {
- $error= __("Error: wrong login or password.");
- }
- $redir = 'Location: ' . get_settings('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']);
- header($redir);
+
+ header('Location: ' . get_settings('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']);
exit();
}
diff --git a/wp-admin/link-manager.php b/wp-admin/link-manager.php
index 31cd43a6a3..1b545c4e83 100644
--- a/wp-admin/link-manager.php
+++ b/wp-admin/link-manager.php
@@ -73,8 +73,8 @@ for ($i=0; $iERROR: you typed two different passwords. Go back to correct that."));
$newuser_pass = $_POST["pass1"];
$updatepassword = "user_pass=MD5('$newuser_pass'), ";
- setcookie('wordpresspass_'.$cookiehash, " ", time() - 31536000, COOKIEPATH);
- setcookie('wordpresspass_'.$cookiehash, md5(md5($newuser_pass)), time() + 31536000, COOKIEPATH);
+ setcookie('wordpresspass_' . COOKIEHASH, " ", time() - 31536000, COOKIEPATH);
+ setcookie('wordpresspass_' . COOKIEHASH, md5(md5($newuser_pass)), time() + 31536000, COOKIEPATH);
}
$newuser_firstname=$_POST['newuser_firstname'];
diff --git a/wp-comments-popup.php b/wp-comments-popup.php
index 7327b0593e..38ab6f4d54 100644
--- a/wp-comments-popup.php
+++ b/wp-comments-popup.php
@@ -31,12 +31,12 @@ foreach ($posts as $post) { start_wp();
get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = $id AND comment_approved = '1' ORDER BY comment_date");
$commentstatus = $wpdb->get_row("SELECT comment_status, post_password FROM $wpdb->posts WHERE ID = $id");
-if (!empty($commentstatus->post_password) && $_COOKIE['wp-postpass_'.$cookiehash] != $commentstatus->post_password) { // and it doesn't match the cookie
+if (!empty($commentstatus->post_password) && $_COOKIE['wp-postpass_'. COOKIEHASH] != $commentstatus->post_password) { // and it doesn't match the cookie
echo(get_the_password_form());
} else { ?>
diff --git a/wp-comments.php b/wp-comments.php
index e1aa077e2b..09d6abe001 100644
--- a/wp-comments.php
+++ b/wp-comments.php
@@ -1,4 +1,4 @@
-post_password) && $_COOKIE['wp-postpass_'.$cookiehash] != $post->post_password) : ?>
+post_password) && $_COOKIE['wp-postpass_' . COOKIEHASH] != $post->post_password) : ?>
diff --git a/wp-includes/functions-user.php b/wp-includes/functions-user.php
deleted file mode 100644
index 986679b203..0000000000
--- a/wp-includes/functions-user.php
+++ /dev/null
@@ -1,31 +0,0 @@
-Error: The password field is empty.');
- return false;
- }
-
- $login = $wpdb->get_row("SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$username'");
-
- if (!$login) {
- $error = __('Error: Wrong login.');
- return false;
- } else {
-
- if ( ($login->user_login == $username && $login->user_pass == $password) || ($already_md5 && $login->user_login == $username && md5($login->user_pass) == $password) ) {
- return true;
- } else {
- $error = __('Error: Incorrect password.');
- $pwd = '';
- return false;
- }
- }
-}
-
-?>
\ No newline at end of file
diff --git a/wp-includes/functions.php b/wp-includes/functions.php
index d85baeb6d1..8defb3f166 100644
--- a/wp-includes/functions.php
+++ b/wp-includes/functions.php
@@ -156,11 +156,11 @@ function user_pass_ok($user_login,$user_pass) {
}
function get_currentuserinfo() { // a bit like get_userdata(), on steroids
- global $user_login, $userdata, $user_level, $user_ID, $user_nickname, $user_email, $user_url, $user_pass_md5, $cookiehash;
+ global $user_login, $userdata, $user_level, $user_ID, $user_nickname, $user_email, $user_url, $user_pass_md5;
// *** retrieving user's data from cookies and db - no spoofing
- if (isset($_COOKIE['wordpressuser_' . $cookiehash]))
- $user_login = $_COOKIE['wordpressuser_' . $cookiehash];
+ if (isset($_COOKIE['wordpressuser_' . COOKIEHASH]))
+ $user_login = $_COOKIE['wordpressuser_' . COOKIEHASH];
$userdata = get_userdatabylogin($user_login);
$user_level = $userdata->user_level;
$user_ID = $userdata->ID;
@@ -1890,4 +1890,32 @@ function wp_mail($to, $subject, $message, $headers = '', $more = '') {
return mail($to, $subject, $message, $headers, $more);
}
-?>
+function wp_login($username, $password, $already_md5 = false) {
+ global $wpdb, $error;
+
+ if ( !$username )
+ return false;
+
+ if ( !$password ) {
+ $error = __('Error: The password field is empty.');
+ return false;
+ }
+
+ $login = $wpdb->get_row("SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$username'");
+
+ if (!$login) {
+ $error = __('Error: Wrong login.');
+ return false;
+ } else {
+
+ if ( ($login->user_login == $username && $login->user_pass == $password) || ($already_md5 && $login->user_login == $username && md5($login->user_pass) == $password) ) {
+ return true;
+ } else {
+ $error = __('Error: Incorrect password.');
+ $pwd = '';
+ return false;
+ }
+ }
+}
+
+?>
\ No newline at end of file
diff --git a/wp-includes/template-functions-comment.php b/wp-includes/template-functions-comment.php
index 02420295e0..e425b53cd6 100644
--- a/wp-includes/template-functions-comment.php
+++ b/wp-includes/template-functions-comment.php
@@ -17,13 +17,13 @@ add_filter('comment_text', 'convert_smilies', 20);
add_filter('comment_excerpt', 'convert_chars');
function comments_template() {
- global $withcomments, $post, $wpdb, $id, $comment, $cookiehash;
+ global $withcomments, $post, $wpdb, $id, $comment;
if ( is_single() || $withcomments ) :
$req = get_settings('require_name_email');
- $comment_author = isset($_COOKIE['comment_author_'.$cookiehash]) ? trim(stripslashes($_COOKIE['comment_author_'.$cookiehash])) : '';
- $comment_author_email = isset($_COOKIE['comment_author_email_'.$cookiehash]) ? trim(stripslashes($_COOKIE['comment_author_email_'.$cookiehash])) : '';
- $comment_author_url = isset($_COOKIE['comment_author_url_'.$cookiehash]) ? trim(stripslashes($_COOKIE['comment_author_url_'.$cookiehash])) : '';
+ $comment_author = isset($_COOKIE['comment_author_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_'.COOKIEHASH])) : '';
+ $comment_author_email = isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_email_'.COOKIEHASH])) : '';
+ $comment_author_url = isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_url_'.COOKIEHASH])) : '';
$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND comment_approved = '1' ORDER BY comment_date");
$template = get_template_directory();
@@ -90,7 +90,7 @@ function comments_popup_script($width=400, $height=400, $file='wp-comments-popup
}
function comments_popup_link($zero='No Comments', $one='1 Comment', $more='% Comments', $CSSclass='', $none='Comments Off') {
- global $id, $wpcommentspopupfile, $wpcommentsjavascript, $post, $wpdb, $cookiehash;
+ global $id, $wpcommentspopupfile, $wpcommentsjavascript, $post, $wpdb;
global $querystring_start, $querystring_equal, $querystring_separator;
global $comment_count_cache;
@@ -105,7 +105,7 @@ function comments_popup_link($zero='No Comments', $one='1 Comment', $more='% Com
return;
} else {
if (!empty($post->post_password)) { // if there's a password
- if ($_COOKIE['wp-postpass_'.$cookiehash] != $post->post_password) { // and it doesn't match the cookie
+ if ($_COOKIE['wp-postpass_'.COOKIEHASH] != $post->post_password) { // and it doesn't match the cookie
echo('Enter your password to view comments');
return;
}
diff --git a/wp-includes/template-functions-post.php b/wp-includes/template-functions-post.php
index fc2bdc40f3..ec25c3c109 100644
--- a/wp-includes/template-functions-post.php
+++ b/wp-includes/template-functions-post.php
@@ -97,12 +97,12 @@ function the_content_rss($more_link_text='(more...)', $stripteaser=0, $more_file
function get_the_content($more_link_text = '(more...)', $stripteaser = 0, $more_file = '') {
global $id, $post, $more, $single, $withcomments, $page, $pages, $multipage, $numpages;
- global $preview, $cookiehash;
+ global $preview;
global $pagenow;
$output = '';
if (!empty($post->post_password)) { // if there's a password
- if (stripslashes($_COOKIE['wp-postpass_'.$cookiehash]) != $post->post_password) { // and it doesn't match the cookie
+ if (stripslashes($_COOKIE['wp-postpass_'.COOKIEHASH]) != $post->post_password) { // and it doesn't match the cookie
$output = get_the_password_form();
return $output;
}
@@ -176,11 +176,10 @@ function the_excerpt_rss($cut = 0, $encode_html = 0) {
function get_the_excerpt($fakeit = true) {
global $id, $post;
- global $cookiehash;
$output = '';
$output = $post->post_excerpt;
if (!empty($post->post_password)) { // if there's a password
- if ($_COOKIE['wp-postpass_'.$cookiehash] != $post->post_password) { // and it doesn't match the cookie
+ if ($_COOKIE['wp-postpass_'.COOKIEHASH] != $post->post_password) { // and it doesn't match the cookie
$output = __('There is no excerpt because this is a protected post.');
return $output;
}
diff --git a/wp-login.php b/wp-login.php
index 719bd11a92..35df65fff6 100644
--- a/wp-login.php
+++ b/wp-login.php
@@ -148,22 +148,17 @@ default:
$redirect_to = get_settings('siteurl') . '/wp-admin/profile.php';
}
- if ( !login($log, $pwd) ) {
- header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
- header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
- header('Cache-Control: no-cache, must-revalidate');
- header('Pragma: no-cache');
- } else {
+ header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
+ header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
+ header('Cache-Control: no-cache, must-revalidate');
+ header('Pragma: no-cache');
+
+ if ( wp_login($log, $pwd) ) {
$user_login = $log;
$user_pass = $pwd;
setcookie('wordpressuser_'. COOKIEHASH, $user_login, time() + 31536000, COOKIEPATH);
setcookie('wordpresspass_'. COOKIEHASH, md5($user_pass), time() + 31536000, COOKIEPATH);
- header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
- header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
- header('Cache-Control: no-cache, must-revalidate');
- header('Pragma: no-cache');
-
if ($is_IIS)
header("Refresh: 0;url=$redirect_to");
else
@@ -175,7 +170,7 @@ default:
$user_pass_md5 = $_COOKIE['wordpresspass_' . COOKIEHASH];
}
- if ( login($user_login, $user_pass_md5, true) ) {
+ if ( wp_login($user_login, $user_pass_md5, true) ) {
header('Expires: Wed, 5 Jun 1979 23:41:00 GMT'); // Michel's birthday
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-cache, must-revalidate');
diff --git a/wp-settings.php b/wp-settings.php
index 0e8771103d..469661461f 100644
--- a/wp-settings.php
+++ b/wp-settings.php
@@ -68,7 +68,7 @@ if (!strstr($_SERVER['PHP_SELF'], 'install.php') && !strstr($_SERVER['PHP_SELF']
$querystring_separator = '&';
// Used to guarantee unique hash cookies
- $cookiehash = md5(get_settings('siteurl'));
+ $cookiehash = md5(get_settings('siteurl')); // Remove in 1.4
define('COOKIEHASH', $cookiehash);
endif;