From 587429f35878a59a832488e12169734636313c52 Mon Sep 17 00:00:00 2001
From: saxmatt <saxmatt@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Sun, 10 Oct 2004 18:02:30 +0000
Subject: [PATCH] Move to cookiehash define, use wp_login()  function for
 auth.php.

git-svn-id: http://svn.automattic.com/wordpress/trunk@1768 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/auth.php                          | 41 ++--------------------
 wp-admin/link-manager.php                  | 12 +++----
 wp-admin/profile.php                       |  4 +--
 wp-comments-popup.php                      |  8 ++---
 wp-comments.php                            |  2 +-
 wp-includes/functions-user.php             | 31 ----------------
 wp-includes/functions.php                  | 36 ++++++++++++++++---
 wp-includes/template-functions-comment.php | 12 +++----
 wp-includes/template-functions-post.php    |  7 ++--
 wp-login.php                               | 19 ++++------
 wp-settings.php                            |  2 +-
 11 files changed, 65 insertions(+), 109 deletions(-)
 delete mode 100644 wp-includes/functions-user.php

diff --git a/wp-admin/auth.php b/wp-admin/auth.php
index 07bff18f4b..a00b8b3458 100644
--- a/wp-admin/auth.php
+++ b/wp-admin/auth.php
@@ -1,48 +1,13 @@
 <?php
-
 require_once('../wp-config.php');
 
-/* Checking login & pass in the database */
-function veriflog() {
-	global $cookiehash;
-	global $wpdb;
-
-	if (!empty($_COOKIE['wordpressuser_' . $cookiehash])) {
-		$user_login = $_COOKIE['wordpressuser_' . $cookiehash];
-		$user_pass_md5 = $_COOKIE['wordpresspass_' . $cookiehash];
-	} else {
-		return false;
-	}
-
-	if ('' == $user_login)
-		return false;
-	if (!$user_pass_md5)
-		return false;
-
-	$login = $wpdb->get_row("SELECT user_login, user_pass FROM $wpdb->users WHERE user_login = '$user_login'");
-
-	if (!$login) {
-		return false;
-
-	} else {
-		if ($login->user_login == $user_login && md5($login->user_pass) == $user_pass_md5) {
-			return true;
-		} else {
-			return false;
-		}
-	}
-}
-
-if ( !veriflog() ) {
+if ( !empty($_COOKIE['wordpressuser_' . COOKIEHASH]) && !wp_login($_COOKIE['wordpressuser_' . COOKIEHASH], $_COOKIE['wordpresspass_' . COOKIEHASH) ) {
 	header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
 	header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
 	header('Cache-Control: no-cache, must-revalidate');
 	header('Pragma: no-cache');
-	if (!empty($_COOKIE['wordpressuser_' . $cookiehash])) {
-		$error= __("<strong>Error</strong>: wrong login or password.");
-	}
-	$redir = 'Location: ' . get_settings('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']);
-	header($redir);
+
+	header('Location: ' . get_settings('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']);
 	exit();
 }
 
diff --git a/wp-admin/link-manager.php b/wp-admin/link-manager.php
index 31cd43a6a3..1b545c4e83 100644
--- a/wp-admin/link-manager.php
+++ b/wp-admin/link-manager.php
@@ -73,8 +73,8 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
     }
 }
 
-$links_show_cat_id = $_COOKIE['links_show_cat_id_' . $cookiehash];
-$links_show_order = $_COOKIE['links_show_order_' . $cookiehash];
+$links_show_cat_id = $_COOKIE['links_show_cat_id_' . COOKIEHASH];
+$links_show_order = $_COOKIE['links_show_order_' . COOKIEHASH];
 
 if ('' != $_POST['assign']) $action = 'assign';
 if ('' != $_POST['visibility']) $action = 'visibility';
@@ -269,7 +269,7 @@ switch ($action) {
 	  link_rss = '$link_rss_uri'
 	  WHERE link_id=$link_id");
     } // end if save
-    setcookie('links_show_cat_id_' . $cookiehash, $links_show_cat_id, time()+600);
+    setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600);
     header('Location: ' . $this_file);
     break;
   } // end Save
@@ -296,7 +296,7 @@ switch ($action) {
         $cat_id = 'All';
     }
     $links_show_cat_id = $cat_id;
-    setcookie("links_show_cat_id_".$cookiehash, $links_show_cat_id, time()+600);
+    setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600);
     header('Location: '.$this_file);
     break;
   } // end Delete
@@ -567,8 +567,8 @@ switch ($action) {
         $order_by = 'order_name';
     $links_show_order = $order_by;
 
-    setcookie('links_show_cat_id_'.$cookiehash, $links_show_cat_id, time()+600);
-    setcookie('links_show_order_'.$cookiehash, $links_show_order, time()+600);
+    setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600);
+    setcookie('links_show_order_' . COOKIEHASH, $links_show_order, time()+600);
     $standalone=0;
     include_once ("./admin-header.php");
     if ($user_level < 5) {
diff --git a/wp-admin/profile.php b/wp-admin/profile.php
index 01090eb3da..4084ae4398 100644
--- a/wp-admin/profile.php
+++ b/wp-admin/profile.php
@@ -79,8 +79,8 @@ case 'update':
 			die (__("<strong>ERROR</strong>: you typed two different passwords. Go back to correct that."));
 		$newuser_pass = $_POST["pass1"];
 		$updatepassword = "user_pass=MD5('$newuser_pass'), ";
-		setcookie('wordpresspass_'.$cookiehash, " ", time() - 31536000, COOKIEPATH);
-		setcookie('wordpresspass_'.$cookiehash, md5(md5($newuser_pass)), time() + 31536000, COOKIEPATH);
+		setcookie('wordpresspass_' . COOKIEHASH, " ", time() - 31536000, COOKIEPATH);
+		setcookie('wordpresspass_' . COOKIEHASH, md5(md5($newuser_pass)), time() + 31536000, COOKIEPATH);
 	}
 
 	$newuser_firstname=$_POST['newuser_firstname'];
diff --git a/wp-comments-popup.php b/wp-comments-popup.php
index 7327b0593e..38ab6f4d54 100644
--- a/wp-comments-popup.php
+++ b/wp-comments-popup.php
@@ -31,12 +31,12 @@ foreach ($posts as $post) { start_wp();
 
 <?php
 // this line is WordPress' motor, do not delete it.
-$comment_author = (isset($_COOKIE['comment_author_'.$cookiehash])) ? trim($_COOKIE['comment_author_'.$cookiehash]) : '';
-$comment_author_email = (isset($_COOKIE['comment_author_email_'.$cookiehash])) ? trim($_COOKIE['comment_author_email_'.$cookiehash]) : '';
-$comment_author_url = (isset($_COOKIE['comment_author_url_'.$cookiehash])) ? trim($_COOKIE['comment_author_url_'.$cookiehash]) : '';
+$comment_author = (isset($_COOKIE['comment_author_' . COOKIEHASH])) ? trim($_COOKIE['comment_author_'. COOKIEHASH]) : '';
+$comment_author_email = (isset($_COOKIE['comment_author_email_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_email_'. COOKIEHASH]) : '';
+$comment_author_url = (isset($_COOKIE['comment_author_url_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_url_'. COOKIEHASH]) : '';
 $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = $id AND comment_approved = '1' ORDER BY comment_date");
 $commentstatus = $wpdb->get_row("SELECT comment_status, post_password FROM $wpdb->posts WHERE ID = $id");
-if (!empty($commentstatus->post_password) && $_COOKIE['wp-postpass_'.$cookiehash] != $commentstatus->post_password) {  // and it doesn't match the cookie
+if (!empty($commentstatus->post_password) && $_COOKIE['wp-postpass_'. COOKIEHASH] != $commentstatus->post_password) {  // and it doesn't match the cookie
 	echo(get_the_password_form());
 } else { ?>
 
diff --git a/wp-comments.php b/wp-comments.php
index e1aa077e2b..09d6abe001 100644
--- a/wp-comments.php
+++ b/wp-comments.php
@@ -1,4 +1,4 @@
-<?php if ( !empty($post->post_password) && $_COOKIE['wp-postpass_'.$cookiehash] != $post->post_password) : ?>
+<?php if ( !empty($post->post_password) && $_COOKIE['wp-postpass_' . COOKIEHASH] != $post->post_password) : ?>
 <p><?php _e('Enter your password to view comments.'); ?></p>
 <?php return; endif; ?>
 
diff --git a/wp-includes/functions-user.php b/wp-includes/functions-user.php
deleted file mode 100644
index 986679b203..0000000000
--- a/wp-includes/functions-user.php
+++ /dev/null
@@ -1,31 +0,0 @@
-<?php
-
-function login($username, $password, $already_md5 = false) {
-	global $wpdb, $error;
-
-	if ( !$username )
-		return false;
-
-	if ( !$password ) {
-		$error = __('<strong>Error</strong>: The password field is empty.');
-		return false;
-	}
-
-	$login = $wpdb->get_row("SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$username'");
-
-	if (!$login) {
-		$error = __('<strong>Error</strong>: Wrong login.');
-		return false;
-	} else {
-
-		if ( ($login->user_login == $username && $login->user_pass == $password) || ($already_md5 && $login->user_login == $username && md5($login->user_pass) == $password) ) {
-			return true;
-		} else {
-			$error = __('<strong>Error</strong>: Incorrect password.');
-			$pwd = '';
-			return false;
-		}
-	}
-}
-
-?>
\ No newline at end of file
diff --git a/wp-includes/functions.php b/wp-includes/functions.php
index d85baeb6d1..8defb3f166 100644
--- a/wp-includes/functions.php
+++ b/wp-includes/functions.php
@@ -156,11 +156,11 @@ function user_pass_ok($user_login,$user_pass) {
 }
 
 function get_currentuserinfo() { // a bit like get_userdata(), on steroids
-	global $user_login, $userdata, $user_level, $user_ID, $user_nickname, $user_email, $user_url, $user_pass_md5, $cookiehash;
+	global $user_login, $userdata, $user_level, $user_ID, $user_nickname, $user_email, $user_url, $user_pass_md5;
 	// *** retrieving user's data from cookies and db - no spoofing
 
-	if (isset($_COOKIE['wordpressuser_' . $cookiehash])) 
-		$user_login = $_COOKIE['wordpressuser_' . $cookiehash];
+	if (isset($_COOKIE['wordpressuser_' . COOKIEHASH])) 
+		$user_login = $_COOKIE['wordpressuser_' . COOKIEHASH];
 	$userdata = get_userdatabylogin($user_login);
 	$user_level = $userdata->user_level;
 	$user_ID = $userdata->ID;
@@ -1890,4 +1890,32 @@ function wp_mail($to, $subject, $message, $headers = '', $more = '') {
 		return mail($to, $subject, $message, $headers, $more);
 }
 
-?>
+function wp_login($username, $password, $already_md5 = false) {
+	global $wpdb, $error;
+
+	if ( !$username )
+		return false;
+
+	if ( !$password ) {
+		$error = __('<strong>Error</strong>: The password field is empty.');
+		return false;
+	}
+
+	$login = $wpdb->get_row("SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$username'");
+
+	if (!$login) {
+		$error = __('<strong>Error</strong>: Wrong login.');
+		return false;
+	} else {
+
+		if ( ($login->user_login == $username && $login->user_pass == $password) || ($already_md5 && $login->user_login == $username && md5($login->user_pass) == $password) ) {
+			return true;
+		} else {
+			$error = __('<strong>Error</strong>: Incorrect password.');
+			$pwd = '';
+			return false;
+		}
+	}
+}
+
+?>
\ No newline at end of file
diff --git a/wp-includes/template-functions-comment.php b/wp-includes/template-functions-comment.php
index 02420295e0..e425b53cd6 100644
--- a/wp-includes/template-functions-comment.php
+++ b/wp-includes/template-functions-comment.php
@@ -17,13 +17,13 @@ add_filter('comment_text', 'convert_smilies', 20);
 add_filter('comment_excerpt', 'convert_chars');
 
 function comments_template() {
-	global $withcomments, $post, $wpdb, $id, $comment, $cookiehash;
+	global $withcomments, $post, $wpdb, $id, $comment;
 
 	if ( is_single() || $withcomments ) :
 		$req = get_settings('require_name_email');
-        $comment_author = isset($_COOKIE['comment_author_'.$cookiehash]) ? trim(stripslashes($_COOKIE['comment_author_'.$cookiehash])) : '';
-		$comment_author_email = isset($_COOKIE['comment_author_email_'.$cookiehash]) ? trim(stripslashes($_COOKIE['comment_author_email_'.$cookiehash])) : '';
-		$comment_author_url = isset($_COOKIE['comment_author_url_'.$cookiehash]) ? trim(stripslashes($_COOKIE['comment_author_url_'.$cookiehash])) : '';
+        $comment_author = isset($_COOKIE['comment_author_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_'.COOKIEHASH])) : '';
+		$comment_author_email = isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_email_'.COOKIEHASH])) : '';
+		$comment_author_url = isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_url_'.COOKIEHASH])) : '';
 		$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND comment_approved = '1' ORDER BY comment_date");
 
 		$template = get_template_directory();
@@ -90,7 +90,7 @@ function comments_popup_script($width=400, $height=400, $file='wp-comments-popup
 }
 
 function comments_popup_link($zero='No Comments', $one='1 Comment', $more='% Comments', $CSSclass='', $none='Comments Off') {
-    global $id, $wpcommentspopupfile, $wpcommentsjavascript, $post, $wpdb, $cookiehash;
+    global $id, $wpcommentspopupfile, $wpcommentsjavascript, $post, $wpdb;
     global $querystring_start, $querystring_equal, $querystring_separator;
     global $comment_count_cache;
 
@@ -105,7 +105,7 @@ function comments_popup_link($zero='No Comments', $one='1 Comment', $more='% Com
         return;
     } else {
         if (!empty($post->post_password)) { // if there's a password
-            if ($_COOKIE['wp-postpass_'.$cookiehash] != $post->post_password) {  // and it doesn't match the cookie
+            if ($_COOKIE['wp-postpass_'.COOKIEHASH] != $post->post_password) {  // and it doesn't match the cookie
                 echo('Enter your password to view comments');
                 return;
             }
diff --git a/wp-includes/template-functions-post.php b/wp-includes/template-functions-post.php
index fc2bdc40f3..ec25c3c109 100644
--- a/wp-includes/template-functions-post.php
+++ b/wp-includes/template-functions-post.php
@@ -97,12 +97,12 @@ function the_content_rss($more_link_text='(more...)', $stripteaser=0, $more_file
 
 function get_the_content($more_link_text = '(more...)', $stripteaser = 0, $more_file = '') {
     global $id, $post, $more, $single, $withcomments, $page, $pages, $multipage, $numpages;
-    global $preview, $cookiehash;
+    global $preview;
     global $pagenow;
     $output = '';
 
     if (!empty($post->post_password)) { // if there's a password
-        if (stripslashes($_COOKIE['wp-postpass_'.$cookiehash]) != $post->post_password) {  // and it doesn't match the cookie
+        if (stripslashes($_COOKIE['wp-postpass_'.COOKIEHASH]) != $post->post_password) {  // and it doesn't match the cookie
             $output = get_the_password_form();
             return $output;
         }
@@ -176,11 +176,10 @@ function the_excerpt_rss($cut = 0, $encode_html = 0) {
 
 function get_the_excerpt($fakeit = true) {
     global $id, $post;
-    global $cookiehash;
     $output = '';
     $output = $post->post_excerpt;
     if (!empty($post->post_password)) { // if there's a password
-        if ($_COOKIE['wp-postpass_'.$cookiehash] != $post->post_password) {  // and it doesn't match the cookie
+        if ($_COOKIE['wp-postpass_'.COOKIEHASH] != $post->post_password) {  // and it doesn't match the cookie
             $output = __('There is no excerpt because this is a protected post.');
             return $output;
         }
diff --git a/wp-login.php b/wp-login.php
index 719bd11a92..35df65fff6 100644
--- a/wp-login.php
+++ b/wp-login.php
@@ -148,22 +148,17 @@ default:
 		$redirect_to = get_settings('siteurl') . '/wp-admin/profile.php';
 	}
 
-	if ( !login($log, $pwd) ) {
-		header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
-		header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
-		header('Cache-Control: no-cache, must-revalidate');
-		header('Pragma: no-cache');
-	} else {
+	header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
+	header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
+	header('Cache-Control: no-cache, must-revalidate');
+	header('Pragma: no-cache');
+
+	if ( wp_login($log, $pwd) ) {
 		$user_login = $log;
 		$user_pass = $pwd;
 		setcookie('wordpressuser_'. COOKIEHASH, $user_login, time() + 31536000, COOKIEPATH);
 		setcookie('wordpresspass_'. COOKIEHASH, md5($user_pass), time() + 31536000, COOKIEPATH);
 
-		header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
-		header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
-		header('Cache-Control: no-cache, must-revalidate');
-		header('Pragma: no-cache');
-
 		if ($is_IIS)
 			header("Refresh: 0;url=$redirect_to");
 		else
@@ -175,7 +170,7 @@ default:
 		$user_pass_md5 = $_COOKIE['wordpresspass_' . COOKIEHASH];
 	}
 
-	if ( login($user_login, $user_pass_md5, true) ) {
+	if ( wp_login($user_login, $user_pass_md5, true) ) {
 		header('Expires: Wed, 5 Jun 1979 23:41:00 GMT'); // Michel's birthday
 		header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
 		header('Cache-Control: no-cache, must-revalidate');
diff --git a/wp-settings.php b/wp-settings.php
index 0e8771103d..469661461f 100644
--- a/wp-settings.php
+++ b/wp-settings.php
@@ -68,7 +68,7 @@ if (!strstr($_SERVER['PHP_SELF'], 'install.php') && !strstr($_SERVER['PHP_SELF']
     $querystring_separator = '&amp;';
 
     // Used to guarantee unique hash cookies
-    $cookiehash = md5(get_settings('siteurl'));
+    $cookiehash = md5(get_settings('siteurl')); // Remove in 1.4
 	define('COOKIEHASH', $cookiehash); 
 endif;