pluggable.php

Revision 1400, 15.9 kB (checked in by sambauers, 1 year ago)
Add missing wp_set_password() to pluggable.php
Property svn:eol-style set to `native`

Line
1	<?php
2
3	if ( !function_exists('bb_auth') ) :
4	function bb_auth() {
5	// Checks if a user has a valid cookie, if not redirects them to the login page
6	if (!wp_validate_auth_cookie()) {
7	nocache_headers();
8	header('Location: ' . bb_get_option('uri'));
9	exit();
10	}
11	}
12	endif;
13
14	// $already_md5 variable is deprecated
15	if ( !function_exists('bb_check_login') ) :
16	function bb_check_login($user, $pass, $already_md5 = false) {
17	global $bbdb;
18	$user = sanitize_user( $user );
19	if ($user == '') {
20	return false;
21	}
22	$user = bb_get_user_by_name( $user );
23
24	if ( !wp_check_password($pass, $user->user_pass, $user->ID) ) {
25	return false;
26	}
27
28	return $user;
29	}
30	endif;
31
32	if ( !function_exists('bb_get_current_user') ) :
33	function bb_get_current_user() {
34	global $bb_current_user;
35
36	bb_current_user();
37
38	return $bb_current_user;
39	}
40	endif;
41
42	if ( !function_exists('bb_set_current_user') ) :
43	function bb_set_current_user($id) {
44	global $bb_current_user;
45
46	if ( isset($bb_current_user) && ($id == $bb_current_user->ID) )
47	return $bb_current_user;
48
49	if ( empty($id) ) {
50	$bb_current_user = 0;
51	} else {
52	$bb_current_user = new BB_User($id);
53	if ( !$bb_current_user->ID )
54	$bb_current_user = 0;
55	}
56
57	do_action('bb_set_current_user', $id);
58
59	return $bb_current_user;
60	}
61	endif;
62
63	if ( !function_exists('bb_current_user') ) :
64	//This is only used at initialization. Use bb_get_current_user_info() (or $bb_current_user global if really needed) to grab user info.
65	function bb_current_user() {
66	global $bb_current_user;
67
68	if ( defined( 'BB_INSTALLING' ) )
69	return false;
70
71	if ( ! empty($bb_current_user) )
72	return $bb_current_user;
73
74	if ($user_id = wp_validate_auth_cookie()) {
75	return bb_set_current_user($user_id);
76	} else {
77	global $bb_user_cache;
78	$bb_user_cache[$user_id] = false;
79	bb_set_current_user(0);
80	return false;
81	}
82	}
83	endif;
84
85	if ( !function_exists('bb_is_user_authorized') ) :
86	function bb_is_user_authorized() {
87	return bb_is_user_logged_in();
88	}
89	endif;
90
91	if ( !function_exists('bb_is_user_logged_in') ) :
92	function bb_is_user_logged_in() {
93	$current_user = bb_get_current_user();
94
95	if ( empty($current_user) )
96	return false;
97
98	return true;
99	}
100	endif;
101
102	if ( !function_exists('bb_login') ) :
103	function bb_login($login, $password, $remember = false) {
104	if ( $user = bb_check_login( $login, $password ) ) {
105	wp_set_auth_cookie($user->ID, $remember);
106
107	do_action('bb_user_login', (int) $user->ID );
108	}
109
110	return $user;
111	}
112	endif;
113
114	if ( !function_exists('bb_logout') ) :
115	function bb_logout() {
116	wp_clear_auth_cookie();
117
118	do_action('bb_user_logout', '');
119	}
120	endif;
121
122	if ( !function_exists('wp_validate_auth_cookie') ) :
123	function wp_validate_auth_cookie($cookie = '') {
124	if ( empty($cookie) ) {
125	global $bb;
126	if ( empty($_COOKIE[$bb->authcookie]) )
127	return false;
128	$cookie = $_COOKIE[$bb->authcookie];
129	}
130
131	list($username, $expiration, $hmac) = explode('\|', $cookie);
132
133	$expired = $expiration;
134
135	// Allow a grace period for POST and AJAX requests
136	if ( defined('DOING_AJAX') \|\| 'POST' == $_SERVER['REQUEST_METHOD'] )
137	$expired += 3600;
138
139	if ( $expired < time() )
140	return false;
141
142	$key = wp_hash($username . $expiration);
143	$hash = hash_hmac('md5', $username . $expiration, $key);
144
145	if ( $hmac != $hash )
146	return false;
147
148	$user = bb_get_user_by_name($username);
149	if ( ! $user )
150	return false;
151
152	return $user->ID;
153	}
154	endif;
155
156	if ( !function_exists('wp_generate_auth_cookie') ) :
157	function wp_generate_auth_cookie($user_id, $expiration) {
158	$user = bb_get_user($user_id);
159
160	$key = wp_hash($user->user_login . $expiration);
161	$hash = hash_hmac('md5', $user->user_login . $expiration, $key);
162
163	$cookie = $user->user_login . '\|' . $expiration . '\|' . $hash;
164
165	return apply_filters('auth_cookie', $cookie, $user_id, $expiration);
166	}
167	endif;
168
169	if ( !function_exists('wp_set_auth_cookie') ) :
170	function wp_set_auth_cookie($user_id, $remember = false) {
171	global $bb;
172
173	if ( $remember ) {
174	$expiration = $expire = time() + 1209600;
175	} else {
176	$expiration = time() + 172800;
177	$expire = 0;
178	}
179
180	$cookie = wp_generate_auth_cookie($user_id, $expiration);
181
182	do_action('set_auth_cookie', $cookie, $expire);
183
184	setcookie($bb->authcookie, $cookie, $expire, $bb->cookiepath, $bb->cookiedomain);
185	if ( $bb->cookiepath != $bb->sitecookiepath )
186	setcookie($bb->authcookie, $cookie, $expire, $bb->sitecookiepath, $bb->cookiedomain);
187	}
188	endif;
189
190	if ( !function_exists('wp_clear_auth_cookie') ) :
191	function wp_clear_auth_cookie() {
192	global $bb;
193	setcookie($bb->authcookie, ' ', time() - 31536000, $bb->cookiepath, $bb->cookiedomain);
194	setcookie($bb->authcookie, ' ', time() - 31536000, $bb->sitecookiepath, $bb->cookiedomain);
195
196	// Old cookies
197	setcookie($bb->usercookie, ' ', time() - 31536000, $bb->cookiepath, $bb->cookiedomain);
198	setcookie($bb->usercookie, ' ', time() - 31536000, $bb->sitecookiepath, $bb->cookiedomain);
199	setcookie($bb->passcookie, ' ', time() - 31536000, $bb->cookiepath, $bb->cookiedomain);
200	setcookie($bb->passcookie, ' ', time() - 31536000, $bb->sitecookiepath, $bb->cookiedomain);
201	}
202	endif;
203
204	// Cookie safe redirect. Works around IIS Set-Cookie bug.
205	// http://support.microsoft.com/kb/q176113/
206	if ( !function_exists('wp_redirect') ) : // [WP6134]
207	function wp_redirect($location, $status = 302) {
208	global $is_IIS;
209
210	$location = apply_filters('wp_redirect', $location, $status);
211
212	$status = apply_filters('wp_redirect_status', $status, $location);
213
214	if ( !$location ) // allows the wp_redirect filter to cancel a redirect
215	return false;
216
217	$location = wp_sanitize_redirect($location);
218
219	if ( $is_IIS ) {
220	header("Refresh: 0;url=$location");
221	} else {
222	if ( php_sapi_name() != 'cgi-fcgi' )
223	status_header($status); // This causes problems on IIS and some FastCGI setups
224	header("Location: $location");
225	}
226	}
227	endif;
228
229	if ( !function_exists('wp_sanitize_redirect') ) : // [WP6134]
230	/**
231	* sanitizes a URL for use in a redirect
232	* @return string redirect-sanitized URL
233	**/
234	function wp_sanitize_redirect($location) {
235	$location = preg_replace('\|[^a-z0-9-~+_.?#=&;,/:%]\|i', '', $location);
236	$location = wp_kses_no_null($location);
237
238	// remove %0d and %0a from location
239	$strip = array('%0d', '%0a');
240	$found = true;
241	while($found) {
242	$found = false;
243	foreach($strip as $val) {
244	while(strpos($location, $val) !== false) {
245	$found = true;
246	$location = str_replace($val, '', $location);
247	}
248	}
249	}
250	return $location;
251	}
252	endif;
253
254	if ( !function_exists('bb_safe_redirect') ) : // based on [WP6145] (home is different)
255	/**
256	* performs a safe (local) redirect, using wp_redirect()
257	* @return void
258	**/
259	function bb_safe_redirect($location, $status = 302) {
260
261	// Need to look at the URL the way it will end up in wp_redirect()
262	$location = wp_sanitize_redirect($location);
263
264	// browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
265	if ( substr($location, 0, 2) == '//' )
266	$location = 'http:' . $location;
267
268	$lp = parse_url($location);
269	$wpp = parse_url(bb_get_option('uri'));
270
271	$allowed_hosts = (array) apply_filters('allowed_redirect_hosts', array($wpp['host']), isset($lp['host']) ? $lp['host'] : '');
272
273	if ( isset($lp['host']) && !in_array($lp['host'], $allowed_hosts) )
274	$location = bb_get_option('uri');
275
276	wp_redirect($location, $status);
277	}
278	endif;
279
280	if ( !function_exists('bb_verify_nonce') ) :
281	function bb_verify_nonce($nonce, $action = -1) {
282	$user = bb_get_current_user();
283	$uid = $user->ID;
284
285	$i = ceil(time() / 43200);
286
287	// Nonce generated 0-12 hours ago
288	if ( substr(wp_hash($i . $action . $uid), -12, 10) == $nonce )
289	return 1;
290	// Nonce generated 12-24 hours ago
291	if ( substr(wp_hash(($i - 1) . $action . $uid), -12, 10) == $nonce )
292	return 2;
293	// Invalid nonce
294	return false;
295	}
296	endif;
297
298	if ( !function_exists('bb_create_nonce') ) :
299	function bb_create_nonce($action = -1) {
300	$user = bb_get_current_user();
301	$uid = $user->ID;
302
303	$i = ceil(time() / 43200);
304
305	return substr(wp_hash($i . $action . $uid), -12, 10);
306	}
307	endif;
308
309	// Not verbatim WP, bb has no options table and constants have different names.
310	if ( !function_exists('wp_salt') ) :
311	function wp_salt() {
312
313	$secret_key = '';
314	if ( defined('BB_SECRET_KEY') && ('' != BB_SECRET_KEY) && ('put your unique phrase here' != BB_SECRET_KEY) )
315	$secret_key = BB_SECRET_KEY;
316
317	if ( defined('BB_SECRET_SALT') ) {
318	$salt = BB_SECRET_SALT;
319	} else {
320	if (!defined('BB_INSTALLING')) {
321	$salt = bb_get_option('secret');
322	if ( empty($salt) ) {
323	$salt = wp_generate_password();
324	bb_update_option('secret', $salt);
325	}
326	}
327	}
328
329	return apply_filters('salt', $secret_key . $salt);
330	}
331	endif;
332
333	if ( !function_exists('wp_hash') ) :
334	function wp_hash($data) {
335	$salt = wp_salt();
336
337	if ( function_exists('hash_hmac') ) {
338	return hash_hmac('md5', $data, $salt);
339	} else {
340	return md5($data . $salt);
341	}
342	}
343	endif;
344
345	if ( !function_exists('wp_hash_password') ) : // [WP6350]
346	function wp_hash_password($password) {
347	global $wp_hasher;
348
349	if ( empty($wp_hasher) ) {
350	require_once( BB_PATH . BB_INC . 'class-phpass.php');
351	// By default, use the portable hash from phpass
352	$wp_hasher = new PasswordHash(8, TRUE);
353	}
354
355	return $wp_hasher->HashPassword($password);
356	}
357	endif;
358
359	if ( !function_exists('wp_check_password') ) : // [WP6350]
360	function wp_check_password($password, $hash, $user_id = '') {
361	global $wp_hasher;
362
363	// If the hash is still md5...
364	if ( strlen($hash) <= 32 ) {
365	$check = ( $hash == md5($password) );
366	if ( $check && $user_id ) {
367	// Rehash using new hash.
368	wp_set_password($password, $user_id);
369	$hash = wp_hash_password($password);
370	}
371
372	return apply_filters('check_password', $check, $password, $hash, $user_id);
373	}
374
375	if ( strlen($hash) <= 32 )
376	return ( $hash == md5($password) );
377
378	// If the stored hash is longer than an MD5, presume the
379	// new style phpass portable hash.
380	if ( empty($wp_hasher) ) {
381	require_once( BB_PATH . BB_INC . 'class-phpass.php');
382	// By default, use the portable hash from phpass
383	$wp_hasher = new PasswordHash(8, TRUE);
384	}
385
386	$check = $wp_hasher->CheckPassword($password, $hash);
387
388	return apply_filters('check_password', $check, $password, $hash, $user_id);
389	}
390	endif;
391
392	if ( !function_exists('wp_generate_password') ) :
393	/**
394	* Generates a random password drawn from the defined set of characters
395	* @return string the password
396	**/
397	function wp_generate_password() {
398	$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
399	$length = 7;
400	$password = '';
401	for ( $i = 0; $i < $length; $i++ )
402	$password .= substr($chars, mt_rand(0, 61), 1);
403	return $password;
404	}
405	endif;
406
407	if ( !function_exists('bb_check_admin_referer') ) :
408	function bb_check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) {
409	if ( !bb_verify_nonce($_REQUEST[$query_arg], $action) ) {
410	bb_nonce_ays($action);
411	die();
412	}
413	do_action('bb_check_admin_referer', $action);
414	}
415	endif;
416
417	if ( !function_exists('bb_check_ajax_referer') ) :
418	function bb_check_ajax_referer( $action = -1, $query_arg = false, $die = true ) {
419	if ( $query_arg )
420	$nonce = $_REQUEST[$query_arg];
421	else
422	$nonce = $_REQUEST['_ajax_nonce'] ? $_REQUEST['_ajax_nonce'] : $_REQUEST['_wpnonce'];
423
424	$result = bb_verify_nonce( $nonce, $action );
425
426	if ( $die && false == $result )
427	die('-1');
428
429	do_action('bb_check_ajax_referer', $action, $result);
430	return $result;
431	}
432	endif;
433
434	if ( !function_exists('bb_break_password') ) :
435	function bb_break_password( $user_id ) {
436	global $bbdb;
437	$user_id = (int) $user_id;
438	if ( !$user = bb_get_user( $user_id ) )
439	return false;
440	$secret = substr(wp_hash( 'bb_break_password' ), 0, 13);
441	if ( false === strpos( $user->user_pass, '---' ) )
442	return $bbdb->query( $bbdb->prepare(
443	"UPDATE $bbdb->users SET user_pass = CONCAT(user_pass, '---', %s) WHERE ID = %d",
444	$secret, $user_id
445	) );
446	else
447	return true;
448	}
449	endif;
450
451	if ( !function_exists('bb_fix_password') ) :
452	function bb_fix_password( $user_id ) {
453	global $bbdb;
454	$user_id = (int) $user_id;
455	if ( !$user = bb_get_user( $user_id ) )
456	return false;
457	if ( false === strpos( $user->user_pass, '---' ) )
458	return true;
459	else
460	return $bbdb->query( $bbdb->prepare(
461	"UPDATE $bbdb->users SET user_pass = SUBSTRING_INDEX(user_pass, '---', 1) WHERE ID = %d",
462	$user_id
463	) );
464	}
465	endif;
466
467	if ( !function_exists('bb_has_broken_pass') ) :
468	function bb_has_broken_pass( $user_id = 0 ) {
469	global $bb_current_user;
470	if ( !$user_id )
471	$user =& $bb_current_user->data;
472	else
473	$user = bb_get_user( $user_id );
474
475	return ( false !== strpos($user->user_pass, '---' ) );
476	}
477	endif;
478
479	if ( !function_exists('bb_new_user') ) :
480	function bb_new_user( $user_login, $user_email, $user_url ) {
481	global $bbdb;
482	$user_login = sanitize_user( $user_login, true );
483	$user_email = bb_verify_email( $user_email );
484
485	if ( !$user_login \|\| !$user_email )
486	return false;
487
488	$user_nicename = $_user_nicename = bb_user_nicename_sanitize( $user_login );
489	if ( strlen( $_user_nicename ) < 1 )
490	return false;
491
492	while ( is_numeric($user_nicename) \|\| $existing_user = bb_get_user_by_nicename( $user_nicename ) )
493	$user_nicename = bb_slug_increment($_user_nicename, $existing_user->user_nicename, 50);
494
495	$user_url = bb_fix_link( $user_url );
496	$user_registered = bb_current_time('mysql');
497	$password = wp_generate_password();
498	$user_pass = wp_hash_password( $password );
499
500	$bbdb->insert( $bbdb->users,
501	compact( 'user_login', 'user_pass', 'user_nicename', 'user_email', 'user_url', 'user_registered' )
502	);
503
504	$user_id = $bbdb->insert_id;
505
506	if ( defined( 'BB_INSTALLING' ) ) {
507	bb_update_usermeta( $user_id, $bbdb->prefix . 'capabilities', array('keymaster' => true) );
508	} else {
509	bb_update_usermeta( $user_id, $bbdb->prefix . 'capabilities', array('member' => true) );
510	bb_send_pass( $user_id, $password );
511	}
512
513	do_action('bb_new_user', $user_id, $password);
514	return $user_id;
515	}
516	endif;
517
518	if ( !function_exists( 'bb_mail' ) ) :
519	function bb_mail( $to, $subject, $message, $headers = '' ) {
520	if (!is_array($headers)) {
521	$headers = trim($headers);
522	$headers = preg_split('@\r(?:\n{0,1})\|\n@', $headers, -1, PREG_SPLIT_NO_EMPTY);
523	}
524
525	if (!count($headers) \|\| !count(preg_grep('/^from:\s/im', $headers))) {
526	if (!$from = bb_get_option('from_email'))
527	if ($uri_parsed = parse_url(bb_get_option('uri')))
528	if ($uri_parsed['host'])
529	$from = 'bbpress@' . trim(preg_replace('/^www./i', '', $uri_parsed['host']));
530
531	if ($from)
532	$headers[] = 'From: "' . bb_get_option('name') . '" <' . $from . '>';
533	}
534	$headers = trim(join(defined('BB_MAIL_EOL') ? BB_MAIL_EOL : "\n", $headers));
535
536	return @mail($to, $subject, $message, $headers);
537	}
538	endif;
539
540	if ( !function_exists('wp_set_password') ) :
541	function wp_set_password( $password, $user_id ) {
542	global $bbdb, $bb_cache;
543
544	$hash = wp_hash_password($password);
545	$query = $bbdb->prepare("UPDATE $bbdb->users SET user_pass = %s WHERE ID = %d", $hash, $user_id);
546	$bbdb->query($query);
547	$bb_cache->flush_one( 'user', $user_id );
548	}
549	endif;
550
551	if ( !function_exists( 'bb_get_avatar' ) ) :
552	/**
553	* bb_get_avatar() - Get avatar for a user
554	*
555	* Retrieve the avatar for a user provided a user ID or email address
556	*
557	* @since 0.9
558	* @param int\|string $id_or_email A user ID or email address
559	* @param int $size Size of the avatar image
560	* @param string $default URL to a default image to use if no avatar is available
561	* @return string <img> tag for the user's avatar
562	*/
563	function bb_get_avatar( $id_or_email, $size = 80, $default = '' ) {
564	if ( !bb_get_option('avatars_show') )
565	return false;
566
567	if ( !is_numeric($size) )
568	$size = 80;
569
570	if ( !$email = bb_get_user_email($id_or_email) )
571	$email = $id_or_email;
572
573	if ( !$email )
574	$email = '';
575
576	if ( empty($default) )
577	$default = 'http://www.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=' . $size;
578	// ad516503a11cd5ca435acc9bb6523536 == md5('unknown@gravatar.com')
579
580	if ( !empty($email) ) {
581	$src = 'http://www.gravatar.com/avatar/';
582	$src .= md5( strtolower( $email ) );
583	$src .= '?s=' . $size;
584	$src .= '&d=' . urlencode( $default );
585
586	$rating = bb_get_option('avatars_rating');
587	if ( !empty( $rating ) )
588	$src .= '&r=' . $rating;
589
590	$class = 'avatar avatar-' . $size;
591	} else {
592	$src = $default;
593	$class = 'avatar avatar-' . $size . ' avatar-default';
594	}
595
596	$avatar = '<img alt="" src="' . $src . '" class="' . $class . '" style="height:' . $size . 'px; width:' . $size . 'px;" />';
597
598	return apply_filters('bb_get_avatar', $avatar, $id_or_email, $size, $default);
599	}
600	endif;
601	?>
602

Note: See TracBrowser for help on using the browser.

root/branches/0.8/bb-includes/pluggable.php

Download in other formats: