Changeset 972
- Timestamp:
- 12/06/07 14:02:15 (9 months ago)
- Files:
-
- trunk/bb-includes/class-phpass.php (added)
- trunk/bb-includes/pluggable.php (modified) (4 diffs)
- trunk/bb-includes/registration-functions.php (modified) (1 diff)
- trunk/profile-edit.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/bb-includes/pluggable.php
r945 r972 4 4 function bb_auth() { 5 5 // Checks if a user is logged in, if not redirects them to the login page 6 if ( (!empty($_COOKIE[bb_get_option( 'usercookie' )]) && 7 !bb_check_login($_COOKIE[bb_get_option( 'usercookie' )], $_COOKIE[bb_get_option( 'passcookie' )], true)) || 8 (empty($_COOKIE[bb_get_option( 'usercookie' )])) ) { 6 $usercookie = $_COOKIE[bb_get_option( 'usercookie' )]; 7 $passcookie = $_COOKIE[bb_get_option( 'passcookie' )]; 8 if ( 9 empty($usercookie) || 10 (!empty($usercookie) && !bb_check_login($usercookie, $passcookie, true)) 11 ) { 9 12 nocache_headers(); 10 13 … … 19 22 global $bbdb; 20 23 $user = bb_user_sanitize( $user ); 24 if ($user == '') { 25 return false; 26 } 27 $user = bb_get_user_by_name( $user ); 28 21 29 if ( !$already_md5 ) { 22 $pass = bb_user_sanitize( md5( $pass ) ); 23 return $bbdb->get_row("SELECT * FROM $bbdb->users WHERE user_login = '$user' AND SUBSTRING_INDEX( user_pass, '---', 1 ) = '$pass'"); 30 if ( wp_check_password($pass, $user->user_pass) ) { 31 // If using old md5 password, rehash. 32 if ( strlen($user->user_pass) <= 32 ) { 33 $hash = wp_hash_password($pass); 34 $bbdb->query("UPDATE $bbdb->users SET user_pass = '$hash' WHERE ID = '$user->ID'"); 35 global $bb_cache; 36 $bb_cache->flush_one( 'user', $user->ID ); 37 $user = bb_get_user( $user->ID ); 38 } 39 40 return $user; 41 } 24 42 } else { 25 return $bbdb->get_row("SELECT * FROM $bbdb->users WHERE user_login = '$user' AND MD5( user_pass ) = '$pass'"); 26 } 43 if ( md5($user->user_pass) == $pass ) { 44 return $user; 45 } 46 } 47 48 return false; 27 49 } 28 50 endif; … … 266 288 endif; 267 289 290 if ( !function_exists('wp_hash_password') ) : // [WP6350] 291 function wp_hash_password($password) { 292 global $wp_hasher; 293 294 if ( empty($wp_hasher) ) { 295 require_once( BBPATH . BBINC . 'class-phpass.php'); 296 // By default, use the portable hash from phpass 297 $wp_hasher = new PasswordHash(8, TRUE); 298 } 299 300 return $wp_hasher->HashPassword($password); 301 } 302 endif; 303 304 if ( !function_exists('wp_check_password') ) : // [WP6350] 305 function wp_check_password($password, $hash) { 306 global $wp_hasher; 307 308 if ( strlen($hash) <= 32 ) 309 return ( $hash == md5($password) ); 310 311 // If the stored hash is longer than an MD5, presume the 312 // new style phpass portable hash. 313 if ( empty($wp_hasher) ) { 314 require_once( BBPATH . BBINC . 'class-phpass.php'); 315 // By default, use the portable hash from phpass 316 $wp_hasher = new PasswordHash(8, TRUE); 317 } 318 319 return $wp_hasher->CheckPassword($password, $hash); 320 } 321 endif; 322 268 323 if ( !function_exists('bb_check_admin_referer') ) : 269 324 function bb_check_admin_referer( $action = -1 ) { … … 342 397 $now = bb_current_time('mysql'); 343 398 $password = bb_random_pass(); 344 $passcrypt = md5( $password );399 $passcrypt = wp_hash_password( $password ); 345 400 346 401 if ( !$user_login || !$email ) trunk/bb-includes/registration-functions.php
r927 r972 85 85 $user_id = (int) $user_id; 86 86 87 $passhash = md5( $password );87 $passhash = wp_hash_password( $password ); 88 88 89 89 $bbdb->query("UPDATE $bbdb->users SET trunk/profile-edit.php
r903 r972 103 103 $_POST['pass1'] = addslashes($_POST['pass1']); 104 104 bb_update_user_password( $user->ID, $_POST['pass1'] ); 105 if ( $bb_current_id == $user->ID ) 106 bb_cookie( bb_get_option( 'passcookie' ), md5( md5( $_POST['pass1'] ) ) ); // One week 105 if ( $bb_current_id == $user->ID ) { 106 $user = bb_get_user( $user->ID ); 107 bb_cookie( bb_get_option( 'passcookie' ), md5( $user->user_pass ) ); // One week 108 } 107 109 endif; 108 110
