WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Move to cookiehash define, use wp_login() function for auth.php. 

git-svn-id: http://svn.automattic.com/wordpress/trunk@1768 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
saxmatt 2004-10-10 18:02:30 +00:00
parent e4f041f289
commit 587429f358
11 changed files with 65 additions and 109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
wp-admin/auth.php
View File

@ -1,48 +1,13 @@
<?php <?php
require_once('../wp-config.php'); require_once('../wp-config.php');
/* Checking login & pass in the database */ if ( !empty($_COOKIE['wordpressuser_' . COOKIEHASH]) && !wp_login($_COOKIE['wordpressuser_' . COOKIEHASH], $_COOKIE['wordpresspass_' . COOKIEHASH) ) {
function veriflog() {
global $cookiehash;
global $wpdb;
if (!empty($_COOKIE['wordpressuser_' . $cookiehash])) {
$user_login = $_COOKIE['wordpressuser_' . $cookiehash];
$user_pass_md5 = $_COOKIE['wordpresspass_' . $cookiehash];
} else {
return false;
}
if ('' == $user_login)
return false;
if (!$user_pass_md5)
return false;
$login = $wpdb->get_row("SELECT user_login, user_pass FROM $wpdb->users WHERE user_login = '$user_login'");
if (!$login) {
return false;
} else {
if ($login->user_login == $user_login && md5($login->user_pass) == $user_pass_md5) {
return true;
} else {
return false;
}
}
}
if ( !veriflog() ) {
header('Expires: Wed, 11 Jan 1984 05:00:00 GMT'); header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-cache, must-revalidate'); header('Cache-Control: no-cache, must-revalidate');
header('Pragma: no-cache'); header('Pragma: no-cache');
if (!empty($_COOKIE['wordpressuser_' . $cookiehash])) {
$error= __("<strong>Error</strong>: wrong login or password."); header('Location: ' . get_settings('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']);
}
$redir = 'Location: ' . get_settings('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']);
header($redir);
exit(); exit();
} }

12
wp-admin/link-manager.php
View File

@ -73,8 +73,8 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
} }
} }
$links_show_cat_id = $_COOKIE['links_show_cat_id_' . $cookiehash]; $links_show_cat_id = $_COOKIE['links_show_cat_id_' . COOKIEHASH];
$links_show_order = $_COOKIE['links_show_order_' . $cookiehash]; $links_show_order = $_COOKIE['links_show_order_' . COOKIEHASH];
if ('' != $_POST['assign']) $action = 'assign'; if ('' != $_POST['assign']) $action = 'assign';
if ('' != $_POST['visibility']) $action = 'visibility'; if ('' != $_POST['visibility']) $action = 'visibility';
@ -269,7 +269,7 @@ switch ($action) {
link_rss = '$link_rss_uri' link_rss = '$link_rss_uri'
WHERE link_id=$link_id"); WHERE link_id=$link_id");
} // end if save } // end if save
setcookie('links_show_cat_id_' . $cookiehash, $links_show_cat_id, time()+600); setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600);
header('Location: ' . $this_file); header('Location: ' . $this_file);
break; break;
} // end Save } // end Save
@ -296,7 +296,7 @@ switch ($action) {
$cat_id = 'All'; $cat_id = 'All';
} }
$links_show_cat_id = $cat_id; $links_show_cat_id = $cat_id;
setcookie("links_show_cat_id_".$cookiehash, $links_show_cat_id, time()+600); setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600);
header('Location: '.$this_file); header('Location: '.$this_file);
break; break;
} // end Delete } // end Delete
@ -567,8 +567,8 @@ switch ($action) {
$order_by = 'order_name'; $order_by = 'order_name';
$links_show_order = $order_by; $links_show_order = $order_by;
setcookie('links_show_cat_id_'.$cookiehash, $links_show_cat_id, time()+600); setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600);
setcookie('links_show_order_'.$cookiehash, $links_show_order, time()+600); setcookie('links_show_order_' . COOKIEHASH, $links_show_order, time()+600);
$standalone=0; $standalone=0;
include_once ("./admin-header.php"); include_once ("./admin-header.php");
if ($user_level < 5) { if ($user_level < 5) {

4
wp-admin/profile.php
View File

@ -79,8 +79,8 @@ case 'update':
die (__("<strong>ERROR</strong>: you typed two different passwords. Go back to correct that.")); die (__("<strong>ERROR</strong>: you typed two different passwords. Go back to correct that."));
$newuser_pass = $_POST["pass1"]; $newuser_pass = $_POST["pass1"];
$updatepassword = "user_pass=MD5('$newuser_pass'), "; $updatepassword = "user_pass=MD5('$newuser_pass'), ";
setcookie('wordpresspass_'.$cookiehash, " ", time() - 31536000, COOKIEPATH); setcookie('wordpresspass_' . COOKIEHASH, " ", time() - 31536000, COOKIEPATH);
setcookie('wordpresspass_'.$cookiehash, md5(md5($newuser_pass)), time() + 31536000, COOKIEPATH); setcookie('wordpresspass_' . COOKIEHASH, md5(md5($newuser_pass)), time() + 31536000, COOKIEPATH);
} }
$newuser_firstname=$_POST['newuser_firstname']; $newuser_firstname=$_POST['newuser_firstname'];

8
wp-comments-popup.php
View File

@ -31,12 +31,12 @@ foreach ($posts as $post) { start_wp();
<?php <?php
// this line is WordPress' motor, do not delete it. // this line is WordPress' motor, do not delete it.
$comment_author = (isset($_COOKIE['comment_author_'.$cookiehash])) ? trim($_COOKIE['comment_author_'.$cookiehash]) : ''; $comment_author = (isset($_COOKIE['comment_author_' . COOKIEHASH])) ? trim($_COOKIE['comment_author_'. COOKIEHASH]) : '';
$comment_author_email = (isset($_COOKIE['comment_author_email_'.$cookiehash])) ? trim($_COOKIE['comment_author_email_'.$cookiehash]) : ''; $comment_author_email = (isset($_COOKIE['comment_author_email_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_email_'. COOKIEHASH]) : '';
$comment_author_url = (isset($_COOKIE['comment_author_url_'.$cookiehash])) ? trim($_COOKIE['comment_author_url_'.$cookiehash]) : ''; $comment_author_url = (isset($_COOKIE['comment_author_url_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_url_'. COOKIEHASH]) : '';
$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = $id AND comment_approved = '1' ORDER BY comment_date"); $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = $id AND comment_approved = '1' ORDER BY comment_date");
$commentstatus = $wpdb->get_row("SELECT comment_status, post_password FROM $wpdb->posts WHERE ID = $id"); $commentstatus = $wpdb->get_row("SELECT comment_status, post_password FROM $wpdb->posts WHERE ID = $id");
if (!empty($commentstatus->post_password) && $_COOKIE['wp-postpass_'.$cookiehash] != $commentstatus->post_password) { // and it doesn't match the cookie if (!empty($commentstatus->post_password) && $_COOKIE['wp-postpass_'. COOKIEHASH] != $commentstatus->post_password) { // and it doesn't match the cookie
echo(get_the_password_form()); echo(get_the_password_form());
} else { ?> } else { ?>

2
wp-comments.php
View File

@ -1,4 +1,4 @@
<?php if ( !empty($post->post_password) && $_COOKIE['wp-postpass_'.$cookiehash] != $post->post_password) : ?> <?php if ( !empty($post->post_password) && $_COOKIE['wp-postpass_' . COOKIEHASH] != $post->post_password) : ?>
<p><?php _e('Enter your password to view comments.'); ?></p> <p><?php _e('Enter your password to view comments.'); ?></p>
<?php return; endif; ?> <?php return; endif; ?>

31
wp-includes/functions-user.php
View File

@ -1,31 +0,0 @@
<?php
function login($username, $password, $already_md5 = false) {
global $wpdb, $error;
if ( !$username )
return false;
if ( !$password ) {
$error = __('<strong>Error</strong>: The password field is empty.');
return false;
}
$login = $wpdb->get_row("SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$username'");
if (!$login) {
$error = __('<strong>Error</strong>: Wrong login.');
return false;
} else {
if ( ($login->user_login == $username && $login->user_pass == $password) || ($already_md5 && $login->user_login == $username && md5($login->user_pass) == $password) ) {
return true;
} else {
$error = __('<strong>Error</strong>: Incorrect password.');
$pwd = '';
return false;
}
}
}
?>

34
wp-includes/functions.php
View File

@ -156,11 +156,11 @@ function user_pass_ok($user_login,$user_pass) {
} }
function get_currentuserinfo() { // a bit like get_userdata(), on steroids function get_currentuserinfo() { // a bit like get_userdata(), on steroids
global $user_login, $userdata, $user_level, $user_ID, $user_nickname, $user_email, $user_url, $user_pass_md5, $cookiehash; global $user_login, $userdata, $user_level, $user_ID, $user_nickname, $user_email, $user_url, $user_pass_md5;
// *** retrieving user's data from cookies and db - no spoofing // *** retrieving user's data from cookies and db - no spoofing
if (isset($_COOKIE['wordpressuser_' . $cookiehash])) if (isset($_COOKIE['wordpressuser_' . COOKIEHASH]))
$user_login = $_COOKIE['wordpressuser_' . $cookiehash]; $user_login = $_COOKIE['wordpressuser_' . COOKIEHASH];
$userdata = get_userdatabylogin($user_login); $userdata = get_userdatabylogin($user_login);
$user_level = $userdata->user_level; $user_level = $userdata->user_level;
$user_ID = $userdata->ID; $user_ID = $userdata->ID;
@ -1890,4 +1890,32 @@ function wp_mail($to, $subject, $message, $headers = '', $more = '') {
return mail($to, $subject, $message, $headers, $more); return mail($to, $subject, $message, $headers, $more);
} }
function wp_login($username, $password, $already_md5 = false) {
global $wpdb, $error;
if ( !$username )
return false;
if ( !$password ) {
$error = __('<strong>Error</strong>: The password field is empty.');
return false;
}
$login = $wpdb->get_row("SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$username'");
if (!$login) {
$error = __('<strong>Error</strong>: Wrong login.');
return false;
} else {
if ( ($login->user_login == $username && $login->user_pass == $password) || ($already_md5 && $login->user_login == $username && md5($login->user_pass) == $password) ) {
return true;
} else {
$error = __('<strong>Error</strong>: Incorrect password.');
$pwd = '';
return false;
}
}
}
?> ?>

12
wp-includes/template-functions-comment.php
View File

@ -17,13 +17,13 @@ add_filter('comment_text', 'convert_smilies', 20);
add_filter('comment_excerpt', 'convert_chars'); add_filter('comment_excerpt', 'convert_chars');
function comments_template() { function comments_template() {
global $withcomments, $post, $wpdb, $id, $comment, $cookiehash; global $withcomments, $post, $wpdb, $id, $comment;
if ( is_single() || $withcomments ) : if ( is_single() || $withcomments ) :
$req = get_settings('require_name_email'); $req = get_settings('require_name_email');
$comment_author = isset($_COOKIE['comment_author_'.$cookiehash]) ? trim(stripslashes($_COOKIE['comment_author_'.$cookiehash])) : ''; $comment_author = isset($_COOKIE['comment_author_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_'.COOKIEHASH])) : '';
$comment_author_email = isset($_COOKIE['comment_author_email_'.$cookiehash]) ? trim(stripslashes($_COOKIE['comment_author_email_'.$cookiehash])) : ''; $comment_author_email = isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_email_'.COOKIEHASH])) : '';
$comment_author_url = isset($_COOKIE['comment_author_url_'.$cookiehash]) ? trim(stripslashes($_COOKIE['comment_author_url_'.$cookiehash])) : ''; $comment_author_url = isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_url_'.COOKIEHASH])) : '';
$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND comment_approved = '1' ORDER BY comment_date"); $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND comment_approved = '1' ORDER BY comment_date");
$template = get_template_directory(); $template = get_template_directory();
@ -90,7 +90,7 @@ function comments_popup_script($width=400, $height=400, $file='wp-comments-popup
} }
function comments_popup_link($zero='No Comments', $one='1 Comment', $more='% Comments', $CSSclass='', $none='Comments Off') { function comments_popup_link($zero='No Comments', $one='1 Comment', $more='% Comments', $CSSclass='', $none='Comments Off') {
global $id, $wpcommentspopupfile, $wpcommentsjavascript, $post, $wpdb, $cookiehash; global $id, $wpcommentspopupfile, $wpcommentsjavascript, $post, $wpdb;
global $querystring_start, $querystring_equal, $querystring_separator; global $querystring_start, $querystring_equal, $querystring_separator;
global $comment_count_cache; global $comment_count_cache;
@ -105,7 +105,7 @@ function comments_popup_link($zero='No Comments', $one='1 Comment', $more='% Com
return; return;
} else { } else {
if (!empty($post->post_password)) { // if there's a password if (!empty($post->post_password)) { // if there's a password
if ($_COOKIE['wp-postpass_'.$cookiehash] != $post->post_password) { // and it doesn't match the cookie if ($_COOKIE['wp-postpass_'.COOKIEHASH] != $post->post_password) { // and it doesn't match the cookie
echo('Enter your password to view comments'); echo('Enter your password to view comments');
return; return;
} }

7
wp-includes/template-functions-post.php
View File

@ -97,12 +97,12 @@ function the_content_rss($more_link_text='(more...)', $stripteaser=0, $more_file
function get_the_content($more_link_text = '(more...)', $stripteaser = 0, $more_file = '') { function get_the_content($more_link_text = '(more...)', $stripteaser = 0, $more_file = '') {
global $id, $post, $more, $single, $withcomments, $page, $pages, $multipage, $numpages; global $id, $post, $more, $single, $withcomments, $page, $pages, $multipage, $numpages;
global $preview, $cookiehash; global $preview;
global $pagenow; global $pagenow;
$output = ''; $output = '';
if (!empty($post->post_password)) { // if there's a password if (!empty($post->post_password)) { // if there's a password
if (stripslashes($_COOKIE['wp-postpass_'.$cookiehash]) != $post->post_password) { // and it doesn't match the cookie if (stripslashes($_COOKIE['wp-postpass_'.COOKIEHASH]) != $post->post_password) { // and it doesn't match the cookie
$output = get_the_password_form(); $output = get_the_password_form();
return $output; return $output;
} }
@ -176,11 +176,10 @@ function the_excerpt_rss($cut = 0, $encode_html = 0) {
function get_the_excerpt($fakeit = true) { function get_the_excerpt($fakeit = true) {
global $id, $post; global $id, $post;
global $cookiehash;
$output = ''; $output = '';
$output = $post->post_excerpt; $output = $post->post_excerpt;
if (!empty($post->post_password)) { // if there's a password if (!empty($post->post_password)) { // if there's a password
if ($_COOKIE['wp-postpass_'.$cookiehash] != $post->post_password) { // and it doesn't match the cookie if ($_COOKIE['wp-postpass_'.COOKIEHASH] != $post->post_password) { // and it doesn't match the cookie
$output = __('There is no excerpt because this is a protected post.'); $output = __('There is no excerpt because this is a protected post.');
return $output; return $output;
} }

11
wp-login.php
View File

@ -148,22 +148,17 @@ default:
$redirect_to = get_settings('siteurl') . '/wp-admin/profile.php'; $redirect_to = get_settings('siteurl') . '/wp-admin/profile.php';
} }
if ( !login($log, $pwd) ) {
header('Expires: Wed, 11 Jan 1984 05:00:00 GMT'); header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-cache, must-revalidate'); header('Cache-Control: no-cache, must-revalidate');
header('Pragma: no-cache'); header('Pragma: no-cache');
} else {
if ( wp_login($log, $pwd) ) {
$user_login = $log; $user_login = $log;
$user_pass = $pwd; $user_pass = $pwd;
setcookie('wordpressuser_'. COOKIEHASH, $user_login, time() + 31536000, COOKIEPATH); setcookie('wordpressuser_'. COOKIEHASH, $user_login, time() + 31536000, COOKIEPATH);
setcookie('wordpresspass_'. COOKIEHASH, md5($user_pass), time() + 31536000, COOKIEPATH); setcookie('wordpresspass_'. COOKIEHASH, md5($user_pass), time() + 31536000, COOKIEPATH);
header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-cache, must-revalidate');
header('Pragma: no-cache');
if ($is_IIS) if ($is_IIS)
header("Refresh: 0;url=$redirect_to"); header("Refresh: 0;url=$redirect_to");
else else
@ -175,7 +170,7 @@ default:
$user_pass_md5 = $_COOKIE['wordpresspass_' . COOKIEHASH]; $user_pass_md5 = $_COOKIE['wordpresspass_' . COOKIEHASH];
} }
if ( login($user_login, $user_pass_md5, true) ) { if ( wp_login($user_login, $user_pass_md5, true) ) {
header('Expires: Wed, 5 Jun 1979 23:41:00 GMT'); // Michel's birthday header('Expires: Wed, 5 Jun 1979 23:41:00 GMT'); // Michel's birthday
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-cache, must-revalidate'); header('Cache-Control: no-cache, must-revalidate');

2
wp-settings.php
View File

@ -68,7 +68,7 @@ if (!strstr($_SERVER['PHP_SELF'], 'install.php') && !strstr($_SERVER['PHP_SELF']
$querystring_separator = '&amp;'; $querystring_separator = '&amp;';
// Used to guarantee unique hash cookies // Used to guarantee unique hash cookies
$cookiehash = md5(get_settings('siteurl')); $cookiehash = md5(get_settings('siteurl')); // Remove in 1.4
define('COOKIEHASH', $cookiehash); define('COOKIEHASH', $cookiehash);
endif; endif;