Move to cookiehash define, use wp_login() function for auth.php.
git-svn-id: http://svn.automattic.com/wordpress/trunk@1768 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
e4f041f289
commit
587429f358
|
@ -1,48 +1,13 @@
|
|||
<?php
|
||||
|
||||
require_once('../wp-config.php');
|
||||
|
||||
/* Checking login & pass in the database */
|
||||
function veriflog() {
|
||||
global $cookiehash;
|
||||
global $wpdb;
|
||||
|
||||
if (!empty($_COOKIE['wordpressuser_' . $cookiehash])) {
|
||||
$user_login = $_COOKIE['wordpressuser_' . $cookiehash];
|
||||
$user_pass_md5 = $_COOKIE['wordpresspass_' . $cookiehash];
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
|
||||
if ('' == $user_login)
|
||||
return false;
|
||||
if (!$user_pass_md5)
|
||||
return false;
|
||||
|
||||
$login = $wpdb->get_row("SELECT user_login, user_pass FROM $wpdb->users WHERE user_login = '$user_login'");
|
||||
|
||||
if (!$login) {
|
||||
return false;
|
||||
|
||||
} else {
|
||||
if ($login->user_login == $user_login && md5($login->user_pass) == $user_pass_md5) {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ( !veriflog() ) {
|
||||
if ( !empty($_COOKIE['wordpressuser_' . COOKIEHASH]) && !wp_login($_COOKIE['wordpressuser_' . COOKIEHASH], $_COOKIE['wordpresspass_' . COOKIEHASH) ) {
|
||||
header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
|
||||
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
|
||||
header('Cache-Control: no-cache, must-revalidate');
|
||||
header('Pragma: no-cache');
|
||||
if (!empty($_COOKIE['wordpressuser_' . $cookiehash])) {
|
||||
$error= __("<strong>Error</strong>: wrong login or password.");
|
||||
}
|
||||
$redir = 'Location: ' . get_settings('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']);
|
||||
header($redir);
|
||||
|
||||
header('Location: ' . get_settings('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']);
|
||||
exit();
|
||||
}
|
||||
|
||||
|
|
|
@ -73,8 +73,8 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
|
|||
}
|
||||
}
|
||||
|
||||
$links_show_cat_id = $_COOKIE['links_show_cat_id_' . $cookiehash];
|
||||
$links_show_order = $_COOKIE['links_show_order_' . $cookiehash];
|
||||
$links_show_cat_id = $_COOKIE['links_show_cat_id_' . COOKIEHASH];
|
||||
$links_show_order = $_COOKIE['links_show_order_' . COOKIEHASH];
|
||||
|
||||
if ('' != $_POST['assign']) $action = 'assign';
|
||||
if ('' != $_POST['visibility']) $action = 'visibility';
|
||||
|
@ -269,7 +269,7 @@ switch ($action) {
|
|||
link_rss = '$link_rss_uri'
|
||||
WHERE link_id=$link_id");
|
||||
} // end if save
|
||||
setcookie('links_show_cat_id_' . $cookiehash, $links_show_cat_id, time()+600);
|
||||
setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600);
|
||||
header('Location: ' . $this_file);
|
||||
break;
|
||||
} // end Save
|
||||
|
@ -296,7 +296,7 @@ switch ($action) {
|
|||
$cat_id = 'All';
|
||||
}
|
||||
$links_show_cat_id = $cat_id;
|
||||
setcookie("links_show_cat_id_".$cookiehash, $links_show_cat_id, time()+600);
|
||||
setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600);
|
||||
header('Location: '.$this_file);
|
||||
break;
|
||||
} // end Delete
|
||||
|
@ -567,8 +567,8 @@ switch ($action) {
|
|||
$order_by = 'order_name';
|
||||
$links_show_order = $order_by;
|
||||
|
||||
setcookie('links_show_cat_id_'.$cookiehash, $links_show_cat_id, time()+600);
|
||||
setcookie('links_show_order_'.$cookiehash, $links_show_order, time()+600);
|
||||
setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600);
|
||||
setcookie('links_show_order_' . COOKIEHASH, $links_show_order, time()+600);
|
||||
$standalone=0;
|
||||
include_once ("./admin-header.php");
|
||||
if ($user_level < 5) {
|
||||
|
|
|
@ -79,8 +79,8 @@ case 'update':
|
|||
die (__("<strong>ERROR</strong>: you typed two different passwords. Go back to correct that."));
|
||||
$newuser_pass = $_POST["pass1"];
|
||||
$updatepassword = "user_pass=MD5('$newuser_pass'), ";
|
||||
setcookie('wordpresspass_'.$cookiehash, " ", time() - 31536000, COOKIEPATH);
|
||||
setcookie('wordpresspass_'.$cookiehash, md5(md5($newuser_pass)), time() + 31536000, COOKIEPATH);
|
||||
setcookie('wordpresspass_' . COOKIEHASH, " ", time() - 31536000, COOKIEPATH);
|
||||
setcookie('wordpresspass_' . COOKIEHASH, md5(md5($newuser_pass)), time() + 31536000, COOKIEPATH);
|
||||
}
|
||||
|
||||
$newuser_firstname=$_POST['newuser_firstname'];
|
||||
|
|
|
@ -31,12 +31,12 @@ foreach ($posts as $post) { start_wp();
|
|||
|
||||
<?php
|
||||
// this line is WordPress' motor, do not delete it.
|
||||
$comment_author = (isset($_COOKIE['comment_author_'.$cookiehash])) ? trim($_COOKIE['comment_author_'.$cookiehash]) : '';
|
||||
$comment_author_email = (isset($_COOKIE['comment_author_email_'.$cookiehash])) ? trim($_COOKIE['comment_author_email_'.$cookiehash]) : '';
|
||||
$comment_author_url = (isset($_COOKIE['comment_author_url_'.$cookiehash])) ? trim($_COOKIE['comment_author_url_'.$cookiehash]) : '';
|
||||
$comment_author = (isset($_COOKIE['comment_author_' . COOKIEHASH])) ? trim($_COOKIE['comment_author_'. COOKIEHASH]) : '';
|
||||
$comment_author_email = (isset($_COOKIE['comment_author_email_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_email_'. COOKIEHASH]) : '';
|
||||
$comment_author_url = (isset($_COOKIE['comment_author_url_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_url_'. COOKIEHASH]) : '';
|
||||
$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = $id AND comment_approved = '1' ORDER BY comment_date");
|
||||
$commentstatus = $wpdb->get_row("SELECT comment_status, post_password FROM $wpdb->posts WHERE ID = $id");
|
||||
if (!empty($commentstatus->post_password) && $_COOKIE['wp-postpass_'.$cookiehash] != $commentstatus->post_password) { // and it doesn't match the cookie
|
||||
if (!empty($commentstatus->post_password) && $_COOKIE['wp-postpass_'. COOKIEHASH] != $commentstatus->post_password) { // and it doesn't match the cookie
|
||||
echo(get_the_password_form());
|
||||
} else { ?>
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
<?php if ( !empty($post->post_password) && $_COOKIE['wp-postpass_'.$cookiehash] != $post->post_password) : ?>
|
||||
<?php if ( !empty($post->post_password) && $_COOKIE['wp-postpass_' . COOKIEHASH] != $post->post_password) : ?>
|
||||
<p><?php _e('Enter your password to view comments.'); ?></p>
|
||||
<?php return; endif; ?>
|
||||
|
||||
|
|
|
@ -1,31 +0,0 @@
|
|||
<?php
|
||||
|
||||
function login($username, $password, $already_md5 = false) {
|
||||
global $wpdb, $error;
|
||||
|
||||
if ( !$username )
|
||||
return false;
|
||||
|
||||
if ( !$password ) {
|
||||
$error = __('<strong>Error</strong>: The password field is empty.');
|
||||
return false;
|
||||
}
|
||||
|
||||
$login = $wpdb->get_row("SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$username'");
|
||||
|
||||
if (!$login) {
|
||||
$error = __('<strong>Error</strong>: Wrong login.');
|
||||
return false;
|
||||
} else {
|
||||
|
||||
if ( ($login->user_login == $username && $login->user_pass == $password) || ($already_md5 && $login->user_login == $username && md5($login->user_pass) == $password) ) {
|
||||
return true;
|
||||
} else {
|
||||
$error = __('<strong>Error</strong>: Incorrect password.');
|
||||
$pwd = '';
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
|
@ -156,11 +156,11 @@ function user_pass_ok($user_login,$user_pass) {
|
|||
}
|
||||
|
||||
function get_currentuserinfo() { // a bit like get_userdata(), on steroids
|
||||
global $user_login, $userdata, $user_level, $user_ID, $user_nickname, $user_email, $user_url, $user_pass_md5, $cookiehash;
|
||||
global $user_login, $userdata, $user_level, $user_ID, $user_nickname, $user_email, $user_url, $user_pass_md5;
|
||||
// *** retrieving user's data from cookies and db - no spoofing
|
||||
|
||||
if (isset($_COOKIE['wordpressuser_' . $cookiehash]))
|
||||
$user_login = $_COOKIE['wordpressuser_' . $cookiehash];
|
||||
if (isset($_COOKIE['wordpressuser_' . COOKIEHASH]))
|
||||
$user_login = $_COOKIE['wordpressuser_' . COOKIEHASH];
|
||||
$userdata = get_userdatabylogin($user_login);
|
||||
$user_level = $userdata->user_level;
|
||||
$user_ID = $userdata->ID;
|
||||
|
@ -1890,4 +1890,32 @@ function wp_mail($to, $subject, $message, $headers = '', $more = '') {
|
|||
return mail($to, $subject, $message, $headers, $more);
|
||||
}
|
||||
|
||||
function wp_login($username, $password, $already_md5 = false) {
|
||||
global $wpdb, $error;
|
||||
|
||||
if ( !$username )
|
||||
return false;
|
||||
|
||||
if ( !$password ) {
|
||||
$error = __('<strong>Error</strong>: The password field is empty.');
|
||||
return false;
|
||||
}
|
||||
|
||||
$login = $wpdb->get_row("SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$username'");
|
||||
|
||||
if (!$login) {
|
||||
$error = __('<strong>Error</strong>: Wrong login.');
|
||||
return false;
|
||||
} else {
|
||||
|
||||
if ( ($login->user_login == $username && $login->user_pass == $password) || ($already_md5 && $login->user_login == $username && md5($login->user_pass) == $password) ) {
|
||||
return true;
|
||||
} else {
|
||||
$error = __('<strong>Error</strong>: Incorrect password.');
|
||||
$pwd = '';
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
|
@ -17,13 +17,13 @@ add_filter('comment_text', 'convert_smilies', 20);
|
|||
add_filter('comment_excerpt', 'convert_chars');
|
||||
|
||||
function comments_template() {
|
||||
global $withcomments, $post, $wpdb, $id, $comment, $cookiehash;
|
||||
global $withcomments, $post, $wpdb, $id, $comment;
|
||||
|
||||
if ( is_single() || $withcomments ) :
|
||||
$req = get_settings('require_name_email');
|
||||
$comment_author = isset($_COOKIE['comment_author_'.$cookiehash]) ? trim(stripslashes($_COOKIE['comment_author_'.$cookiehash])) : '';
|
||||
$comment_author_email = isset($_COOKIE['comment_author_email_'.$cookiehash]) ? trim(stripslashes($_COOKIE['comment_author_email_'.$cookiehash])) : '';
|
||||
$comment_author_url = isset($_COOKIE['comment_author_url_'.$cookiehash]) ? trim(stripslashes($_COOKIE['comment_author_url_'.$cookiehash])) : '';
|
||||
$comment_author = isset($_COOKIE['comment_author_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_'.COOKIEHASH])) : '';
|
||||
$comment_author_email = isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_email_'.COOKIEHASH])) : '';
|
||||
$comment_author_url = isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_url_'.COOKIEHASH])) : '';
|
||||
$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND comment_approved = '1' ORDER BY comment_date");
|
||||
|
||||
$template = get_template_directory();
|
||||
|
@ -90,7 +90,7 @@ function comments_popup_script($width=400, $height=400, $file='wp-comments-popup
|
|||
}
|
||||
|
||||
function comments_popup_link($zero='No Comments', $one='1 Comment', $more='% Comments', $CSSclass='', $none='Comments Off') {
|
||||
global $id, $wpcommentspopupfile, $wpcommentsjavascript, $post, $wpdb, $cookiehash;
|
||||
global $id, $wpcommentspopupfile, $wpcommentsjavascript, $post, $wpdb;
|
||||
global $querystring_start, $querystring_equal, $querystring_separator;
|
||||
global $comment_count_cache;
|
||||
|
||||
|
@ -105,7 +105,7 @@ function comments_popup_link($zero='No Comments', $one='1 Comment', $more='% Com
|
|||
return;
|
||||
} else {
|
||||
if (!empty($post->post_password)) { // if there's a password
|
||||
if ($_COOKIE['wp-postpass_'.$cookiehash] != $post->post_password) { // and it doesn't match the cookie
|
||||
if ($_COOKIE['wp-postpass_'.COOKIEHASH] != $post->post_password) { // and it doesn't match the cookie
|
||||
echo('Enter your password to view comments');
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -97,12 +97,12 @@ function the_content_rss($more_link_text='(more...)', $stripteaser=0, $more_file
|
|||
|
||||
function get_the_content($more_link_text = '(more...)', $stripteaser = 0, $more_file = '') {
|
||||
global $id, $post, $more, $single, $withcomments, $page, $pages, $multipage, $numpages;
|
||||
global $preview, $cookiehash;
|
||||
global $preview;
|
||||
global $pagenow;
|
||||
$output = '';
|
||||
|
||||
if (!empty($post->post_password)) { // if there's a password
|
||||
if (stripslashes($_COOKIE['wp-postpass_'.$cookiehash]) != $post->post_password) { // and it doesn't match the cookie
|
||||
if (stripslashes($_COOKIE['wp-postpass_'.COOKIEHASH]) != $post->post_password) { // and it doesn't match the cookie
|
||||
$output = get_the_password_form();
|
||||
return $output;
|
||||
}
|
||||
|
@ -176,11 +176,10 @@ function the_excerpt_rss($cut = 0, $encode_html = 0) {
|
|||
|
||||
function get_the_excerpt($fakeit = true) {
|
||||
global $id, $post;
|
||||
global $cookiehash;
|
||||
$output = '';
|
||||
$output = $post->post_excerpt;
|
||||
if (!empty($post->post_password)) { // if there's a password
|
||||
if ($_COOKIE['wp-postpass_'.$cookiehash] != $post->post_password) { // and it doesn't match the cookie
|
||||
if ($_COOKIE['wp-postpass_'.COOKIEHASH] != $post->post_password) { // and it doesn't match the cookie
|
||||
$output = __('There is no excerpt because this is a protected post.');
|
||||
return $output;
|
||||
}
|
||||
|
|
11
wp-login.php
11
wp-login.php
|
@ -148,22 +148,17 @@ default:
|
|||
$redirect_to = get_settings('siteurl') . '/wp-admin/profile.php';
|
||||
}
|
||||
|
||||
if ( !login($log, $pwd) ) {
|
||||
header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
|
||||
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
|
||||
header('Cache-Control: no-cache, must-revalidate');
|
||||
header('Pragma: no-cache');
|
||||
} else {
|
||||
|
||||
if ( wp_login($log, $pwd) ) {
|
||||
$user_login = $log;
|
||||
$user_pass = $pwd;
|
||||
setcookie('wordpressuser_'. COOKIEHASH, $user_login, time() + 31536000, COOKIEPATH);
|
||||
setcookie('wordpresspass_'. COOKIEHASH, md5($user_pass), time() + 31536000, COOKIEPATH);
|
||||
|
||||
header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
|
||||
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
|
||||
header('Cache-Control: no-cache, must-revalidate');
|
||||
header('Pragma: no-cache');
|
||||
|
||||
if ($is_IIS)
|
||||
header("Refresh: 0;url=$redirect_to");
|
||||
else
|
||||
|
@ -175,7 +170,7 @@ default:
|
|||
$user_pass_md5 = $_COOKIE['wordpresspass_' . COOKIEHASH];
|
||||
}
|
||||
|
||||
if ( login($user_login, $user_pass_md5, true) ) {
|
||||
if ( wp_login($user_login, $user_pass_md5, true) ) {
|
||||
header('Expires: Wed, 5 Jun 1979 23:41:00 GMT'); // Michel's birthday
|
||||
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
|
||||
header('Cache-Control: no-cache, must-revalidate');
|
||||
|
|
|
@ -68,7 +68,7 @@ if (!strstr($_SERVER['PHP_SELF'], 'install.php') && !strstr($_SERVER['PHP_SELF']
|
|||
$querystring_separator = '&';
|
||||
|
||||
// Used to guarantee unique hash cookies
|
||||
$cookiehash = md5(get_settings('siteurl'));
|
||||
$cookiehash = md5(get_settings('siteurl')); // Remove in 1.4
|
||||
define('COOKIEHASH', $cookiehash);
|
||||
endif;
|
||||
|
||||
|
|
Loading…
Reference in New Issue