[Summary view] [Print] [Text view]

   1  <?php
   2  // Last sync [WP10712] - Refactored into a class from wp-incldues/pluggable.php
   3  
   4  class WP_Pass {
   5      /**
   6       * Create a hash (encrypt) of a plain text password.
   7       *
   8       * For integration with other applications, this function can be overwritten to
   9       * instead use the other package password checking algorithm.
  10       *
  11       * @since WP 2.5
  12       * @global object $wp_hasher PHPass object
  13       * @uses PasswordHash::HashPassword
  14       *
  15       * @param string $password Plain text user password to hash
  16       * @return string The hash string of the password
  17       */
  18  	function hash_password($password) {
  19          global $wp_hasher;
  20  
  21          if ( empty($wp_hasher) ) {
  22              require_once ( BACKPRESS_PATH . 'class.passwordhash.php');
  23              // By default, use the portable hash from phpass
  24              $wp_hasher = new PasswordHash(8, TRUE);
  25          }
  26  
  27          return $wp_hasher->HashPassword($password);
  28      }
  29  
  30      /**
  31       * Checks the plaintext password against the encrypted Password.
  32       *
  33       * Maintains compatibility between old version and the new cookie authentication
  34       * protocol using PHPass library. The $hash parameter is the encrypted password
  35       * and the function compares the plain text password when encypted similarly
  36       * against the already encrypted password to see if they match.
  37       *
  38       * For integration with other applications, this function can be overwritten to
  39       * instead use the other package password checking algorithm.
  40       *
  41       * @since WP 2.5
  42       * @global object $wp_hasher PHPass object used for checking the password
  43       *    against the $hash + $password
  44       * @uses PasswordHash::CheckPassword
  45       *
  46       * @param string $password Plaintext user's password
  47       * @param string $hash Hash of the user's password to check against.
  48       * @return bool False, if the $password does not match the hashed password
  49       */
  50  	function check_password($password, $hash, $user_id = '') {
  51          global $wp_hasher, $wp_users_object;
  52  
  53          list($hash, $broken) = array_pad( explode( '---', $hash ), 2, '' );
  54  
  55          // If the hash is still md5...
  56          if ( strlen($hash) <= 32 ) {
  57              $check = ( $hash == md5($password) );
  58              if ( $check && $user_id && !$broken ) {
  59                  // Rehash using new hash.
  60                  $wp_users_object->set_password($password, $user_id);
  61                  $hash = WP_Pass::hash_password($password);
  62              }
  63  
  64              return apply_filters('check_password', $check, $password, $hash, $user_id);
  65          }
  66  
  67          // If the stored hash is longer than an MD5, presume the
  68          // new style phpass portable hash.
  69          if ( empty($wp_hasher) ) {
  70              require_once ( BACKPRESS_PATH . 'class.passwordhash.php');
  71              // By default, use the portable hash from phpass
  72              $wp_hasher = new PasswordHash(8, TRUE);
  73          }
  74  
  75          $check = $wp_hasher->CheckPassword($password, $hash);
  76  
  77          return apply_filters('check_password', $check, $password, $hash, $user_id);
  78      }
  79  
  80      /**
  81       * Generates a random password drawn from the defined set of characters
  82       *
  83       * @since WP 2.5
  84       *
  85       * @param int $length The length of password to generate
  86       * @param bool $special_chars Whether to include standard special characters 
  87       * @return string The random password
  88       */
  89  	function generate_password($length = 12, $special_chars = true) {
  90          $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
  91          if ( $special_chars )
  92              $chars .= '!@#$%^&*()';
  93  
  94          $password = '';
  95          for ( $i = 0; $i < $length; $i++ )
  96              $password .= substr($chars, WP_Pass::rand(0, strlen($chars) - 1), 1);
  97          return $password;
  98      }
  99  
 100      /**
 101       * Generates a random number
 102       *
 103       * Not verbatim WordPress, keeps seed value in backpress options.
 104       *
 105       * @since WP 2.6.2
 106       *
 107       * @param int $min Lower limit for the generated number (optional, default is 0)
 108       * @param int $max Upper limit for the generated number (optional, default is 4294967295)
 109       * @return int A random number between min and max
 110       */
 111  	function rand( $min = 0, $max = 0 ) {
 112          global $rnd_value;
 113  
 114          $seed = backpress_get_transient('random_seed');
 115  
 116          // Reset $rnd_value after 14 uses
 117          // 32(md5) + 40(sha1) + 40(sha1) / 8 = 14 random numbers from $rnd_value
 118          if ( strlen($rnd_value) < 8 ) {
 119              $rnd_value = md5( uniqid(microtime() . mt_rand(), true ) . $seed );
 120              $rnd_value .= sha1($rnd_value);
 121              $rnd_value .= sha1($rnd_value . $seed);
 122              $seed = md5($seed . $rnd_value);
 123              backpress_set_transient('random_seed', $seed);
 124          }
 125  
 126          // Take the first 8 digits for our value
 127          $value = substr($rnd_value, 0, 8);
 128  
 129          // Strip the first eight, leaving the remainder for the next call to wp_rand().
 130          $rnd_value = substr($rnd_value, 8);
 131  
 132          $value = abs(hexdec($value));
 133  
 134          // Reduce the value to be within the min - max range
 135          // 4294967295 = 0xffffffff = max random number
 136          if ( $max != 0 )
 137              $value = $min + (($max - $min + 1) * ($value / (4294967295 + 1)));
 138  
 139          return abs(intval($value));
 140      }
 141  }