Pluggable random password generator from pishmishy. fixes #5401
git-svn-id: http://svn.automattic.com/wordpress/trunk@6385 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
ce1ac877cf
commit
7b16e3616c
|
@ -224,7 +224,7 @@ function populate_options() {
|
||||||
}
|
}
|
||||||
|
|
||||||
// 2.0.3
|
// 2.0.3
|
||||||
add_option('secret', md5(uniqid(microtime())));
|
add_option('secret', wp_generate_password());
|
||||||
|
|
||||||
// 2.1
|
// 2.1
|
||||||
add_option('blog_public', '1');
|
add_option('blog_public', '1');
|
||||||
|
|
|
@ -35,7 +35,7 @@ function wp_install($blog_title, $user_name, $user_email, $public, $deprecated='
|
||||||
// being shared among blogs. Just set the role in that case.
|
// being shared among blogs. Just set the role in that case.
|
||||||
$user_id = username_exists($user_name);
|
$user_id = username_exists($user_name);
|
||||||
if ( !$user_id ) {
|
if ( !$user_id ) {
|
||||||
$random_password = substr(md5(uniqid(microtime())), 0, 6);
|
$random_password = wp_generate_password();
|
||||||
$user_id = wp_create_user($user_name, $random_password, $user_email);
|
$user_id = wp_create_user($user_name, $random_password, $user_email);
|
||||||
} else {
|
} else {
|
||||||
$random_password = __('User already exists. Password inherited.');
|
$random_password = __('User already exists. Password inherited.');
|
||||||
|
|
|
@ -59,7 +59,7 @@ endforeach;
|
||||||
|
|
||||||
<fieldset class="options">
|
<fieldset class="options">
|
||||||
<legend><?php _e('Post via e-mail') ?></legend>
|
<legend><?php _e('Post via e-mail') ?></legend>
|
||||||
<p><?php printf(__('To post to WordPress by e-mail you must set up a secret e-mail account with POP3 access. Any mail received at this address will be posted, so it’s a good idea to keep this address very secret. Here are three random strings you could use: <code>%s</code>, <code>%s</code>, <code>%s</code>.'), substr(md5(uniqid(microtime())),0,5), substr(md5(uniqid(microtime())),0,5), substr(md5(uniqid(microtime())),0,5)) ?></p>
|
<p><?php printf(__('To post to WordPress by e-mail you must set up a secret e-mail account with POP3 access. Any mail received at this address will be posted, so it’s a good idea to keep this address very secret. Here are three random strings you could use: <code>%s</code>, <code>%s</code>, <code>%s</code>.'), wp_generate_password(), wp_generate_password(), wp_generate_password()) ?></p>
|
||||||
|
|
||||||
<table width="100%" cellspacing="2" cellpadding="5" class="optiontable editform">
|
<table width="100%" cellspacing="2" cellpadding="5" class="optiontable editform">
|
||||||
<tr valign="top">
|
<tr valign="top">
|
||||||
|
|
|
@ -744,4 +744,18 @@ function wp_check_password($password, $hash) {
|
||||||
}
|
}
|
||||||
endif;
|
endif;
|
||||||
|
|
||||||
|
if ( !function_exists('wp_generate_password') ) :
|
||||||
|
/**
|
||||||
|
* Generates a random password drawn from the defined set of characters
|
||||||
|
* @return string the password
|
||||||
|
**/
|
||||||
|
function wp_generate_password() {
|
||||||
|
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
|
||||||
|
$length = 7;
|
||||||
|
$password = '';
|
||||||
|
for ( $i = 0; $i < $length; $i++ )
|
||||||
|
$password .= substr($chars, mt_rand(0, 61), 1);
|
||||||
|
return $password;
|
||||||
|
}
|
||||||
|
endif;
|
||||||
?>
|
?>
|
||||||
|
|
10
wp-login.php
10
wp-login.php
|
@ -110,9 +110,9 @@ case 'retrievepassword' :
|
||||||
do_action('retreive_password', $user_login); // Misspelled and deprecated
|
do_action('retreive_password', $user_login); // Misspelled and deprecated
|
||||||
do_action('retrieve_password', $user_login);
|
do_action('retrieve_password', $user_login);
|
||||||
|
|
||||||
// Generate something random for a password... md5'ing current time with a rand salt
|
// Generate something random for a key...
|
||||||
$key = substr( md5( uniqid( microtime() ) ), 0, 8);
|
$key = substr( md5( uniqid( microtime() ) ), 0, 8);
|
||||||
// Now insert the new pass md5'd into the db
|
// Now insert the new md5 key into the db
|
||||||
$wpdb->query("UPDATE $wpdb->users SET user_activation_key = '$key' WHERE user_login = '$user_login'");
|
$wpdb->query("UPDATE $wpdb->users SET user_activation_key = '$key' WHERE user_login = '$user_login'");
|
||||||
$message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n";
|
$message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n";
|
||||||
$message .= get_option('siteurl') . "\r\n\r\n";
|
$message .= get_option('siteurl') . "\r\n\r\n";
|
||||||
|
@ -182,8 +182,8 @@ case 'rp' :
|
||||||
|
|
||||||
do_action('password_reset');
|
do_action('password_reset');
|
||||||
|
|
||||||
// Generate something random for a password... md5'ing current time with a rand salt
|
// Generate something random for a password...
|
||||||
$new_pass = substr( md5( uniqid( microtime() ) ), 0, 7);
|
$new_pass = wp_generate_password();
|
||||||
$new_hash = wp_hash_password($new_pass);
|
$new_hash = wp_hash_password($new_pass);
|
||||||
$wpdb->query("UPDATE $wpdb->users SET user_pass = '$new_hash', user_activation_key = '' WHERE ID = '$user->ID'");
|
$wpdb->query("UPDATE $wpdb->users SET user_pass = '$new_hash', user_activation_key = '' WHERE ID = '$user->ID'");
|
||||||
wp_cache_delete($user->ID, 'users');
|
wp_cache_delete($user->ID, 'users');
|
||||||
|
@ -241,7 +241,7 @@ case 'register' :
|
||||||
$errors = apply_filters( 'registration_errors', $errors );
|
$errors = apply_filters( 'registration_errors', $errors );
|
||||||
|
|
||||||
if ( empty( $errors ) ) {
|
if ( empty( $errors ) ) {
|
||||||
$user_pass = substr( md5( uniqid( microtime() ) ), 0, 7);
|
$user_pass = wp_generate_password();
|
||||||
|
|
||||||
$user_id = wp_create_user( $user_login, $user_pass, $user_email );
|
$user_id = wp_create_user( $user_login, $user_pass, $user_email );
|
||||||
if ( !$user_id )
|
if ( !$user_id )
|
||||||
|
|
Loading…
Reference in New Issue