[ Index ] |
PHP Cross Reference of BackPress |
[Summary view] [Print] [Text view]
1 <?php 2 // Last sync [WP10712] - Refactored into a class from wp-incldues/pluggable.php 3 4 class WP_Pass { 5 /** 6 * Create a hash (encrypt) of a plain text password. 7 * 8 * For integration with other applications, this function can be overwritten to 9 * instead use the other package password checking algorithm. 10 * 11 * @since WP 2.5 12 * @global object $wp_hasher PHPass object 13 * @uses PasswordHash::HashPassword 14 * 15 * @param string $password Plain text user password to hash 16 * @return string The hash string of the password 17 */ 18 function hash_password($password) { 19 global $wp_hasher; 20 21 if ( empty($wp_hasher) ) { 22 require_once ( BACKPRESS_PATH . 'class.passwordhash.php'); 23 // By default, use the portable hash from phpass 24 $wp_hasher = new PasswordHash(8, TRUE); 25 } 26 27 return $wp_hasher->HashPassword($password); 28 } 29 30 /** 31 * Checks the plaintext password against the encrypted Password. 32 * 33 * Maintains compatibility between old version and the new cookie authentication 34 * protocol using PHPass library. The $hash parameter is the encrypted password 35 * and the function compares the plain text password when encypted similarly 36 * against the already encrypted password to see if they match. 37 * 38 * For integration with other applications, this function can be overwritten to 39 * instead use the other package password checking algorithm. 40 * 41 * @since WP 2.5 42 * @global object $wp_hasher PHPass object used for checking the password 43 * against the $hash + $password 44 * @uses PasswordHash::CheckPassword 45 * 46 * @param string $password Plaintext user's password 47 * @param string $hash Hash of the user's password to check against. 48 * @return bool False, if the $password does not match the hashed password 49 */ 50 function check_password($password, $hash, $user_id = '') { 51 global $wp_hasher, $wp_users_object; 52 53 list($hash, $broken) = array_pad( explode( '---', $hash ), 2, '' ); 54 55 // If the hash is still md5... 56 if ( strlen($hash) <= 32 ) { 57 $check = ( $hash == md5($password) ); 58 if ( $check && $user_id && !$broken ) { 59 // Rehash using new hash. 60 $wp_users_object->set_password($password, $user_id); 61 $hash = WP_Pass::hash_password($password); 62 } 63 64 return apply_filters('check_password', $check, $password, $hash, $user_id); 65 } 66 67 // If the stored hash is longer than an MD5, presume the 68 // new style phpass portable hash. 69 if ( empty($wp_hasher) ) { 70 require_once ( BACKPRESS_PATH . 'class.passwordhash.php'); 71 // By default, use the portable hash from phpass 72 $wp_hasher = new PasswordHash(8, TRUE); 73 } 74 75 $check = $wp_hasher->CheckPassword($password, $hash); 76 77 return apply_filters('check_password', $check, $password, $hash, $user_id); 78 } 79 80 /** 81 * Generates a random password drawn from the defined set of characters 82 * 83 * @since WP 2.5 84 * 85 * @param int $length The length of password to generate 86 * @param bool $special_chars Whether to include standard special characters 87 * @return string The random password 88 */ 89 function generate_password($length = 12, $special_chars = true) { 90 $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; 91 if ( $special_chars ) 92 $chars .= '!@#$%^&*()'; 93 94 $password = ''; 95 for ( $i = 0; $i < $length; $i++ ) 96 $password .= substr($chars, WP_Pass::rand(0, strlen($chars) - 1), 1); 97 return $password; 98 } 99 100 /** 101 * Generates a random number 102 * 103 * Not verbatim WordPress, keeps seed value in backpress options. 104 * 105 * @since WP 2.6.2 106 * 107 * @param int $min Lower limit for the generated number (optional, default is 0) 108 * @param int $max Upper limit for the generated number (optional, default is 4294967295) 109 * @return int A random number between min and max 110 */ 111 function rand( $min = 0, $max = 0 ) { 112 global $rnd_value; 113 114 $seed = backpress_get_transient('random_seed'); 115 116 // Reset $rnd_value after 14 uses 117 // 32(md5) + 40(sha1) + 40(sha1) / 8 = 14 random numbers from $rnd_value 118 if ( strlen($rnd_value) < 8 ) { 119 $rnd_value = md5( uniqid(microtime() . mt_rand(), true ) . $seed ); 120 $rnd_value .= sha1($rnd_value); 121 $rnd_value .= sha1($rnd_value . $seed); 122 $seed = md5($seed . $rnd_value); 123 backpress_set_transient('random_seed', $seed); 124 } 125 126 // Take the first 8 digits for our value 127 $value = substr($rnd_value, 0, 8); 128 129 // Strip the first eight, leaving the remainder for the next call to wp_rand(). 130 $rnd_value = substr($rnd_value, 8); 131 132 $value = abs(hexdec($value)); 133 134 // Reduce the value to be within the min - max range 135 // 4294967295 = 0xffffffff = max random number 136 if ( $max != 0 ) 137 $value = $min + (($max - $min + 1) * ($value / (4294967295 + 1))); 138 139 return abs(intval($value)); 140 } 141 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Sat Nov 23 01:00:54 2024 | Cross-referenced by PHPXref 0.7.1 |