Double hash password in cookies.
git-svn-id: http://svn.automattic.com/wordpress/trunk@1788 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
6842c8a917
commit
f192cfe5c8
|
@ -1900,7 +1900,9 @@ function wp_login($username, $password, $already_md5 = false) {
|
||||||
$error = __('<strong>Error</strong>: Wrong login.');
|
$error = __('<strong>Error</strong>: Wrong login.');
|
||||||
return false;
|
return false;
|
||||||
} else {
|
} else {
|
||||||
if ( ($already_md5 && $login->user_login == $username && $login->user_pass == $password) || ($login->user_login == $username && $login->user_pass == md5($password)) ) {
|
// If the password is already_md5, it has been double hashed.
|
||||||
|
// Otherwise, it is plain text.
|
||||||
|
if ( ($already_md5 && $login->user_login == $username && md5($login->user_pass) == $password) || ($login->user_login == $username && $login->user_pass == md5($password)) ) {
|
||||||
return true;
|
return true;
|
||||||
} else {
|
} else {
|
||||||
$error = __('<strong>Error</strong>: Incorrect password.');
|
$error = __('<strong>Error</strong>: Incorrect password.');
|
||||||
|
|
|
@ -159,7 +159,7 @@ default:
|
||||||
if ($log && $pwd) {
|
if ($log && $pwd) {
|
||||||
if ( wp_login($log, $pwd) ) {
|
if ( wp_login($log, $pwd) ) {
|
||||||
$user_login = $log;
|
$user_login = $log;
|
||||||
$user_pass = md5($pwd);
|
$user_pass = md5(md5($pwd)); // Double hash the password in the cookie.
|
||||||
setcookie('wordpressuser_'. COOKIEHASH, $user_login, time() + 31536000, COOKIEPATH);
|
setcookie('wordpressuser_'. COOKIEHASH, $user_login, time() + 31536000, COOKIEPATH);
|
||||||
setcookie('wordpresspass_'. COOKIEHASH, $user_pass, time() + 31536000, COOKIEPATH);
|
setcookie('wordpresspass_'. COOKIEHASH, $user_pass, time() + 31536000, COOKIEPATH);
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue