Upstream
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Cookies are now unique, based on siteurl, allowing multiple installs under a single domain name. 

git-svn-id: http://svn.automattic.com/wordpress/trunk@458 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
emc3 2003-10-20 20:53:13 +00:00
parent 9b49dac1c4
commit 45fe889b00
11 changed files with 45 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
b2-include/b2functions.php
View File

@ -380,9 +380,9 @@ function user_pass_ok($user_login,$user_pass) {
}
function get_currentuserinfo() { // a bit like get_userdata(), on steroids
global $HTTP_COOKIE_VARS, $user_login, $userdata, $user_level, $user_ID, $user_nickname, $user_email, $user_url, $user_pass_md5;
global $HTTP_COOKIE_VARS, $user_login, $userdata, $user_level, $user_ID, $user_nickname, $user_email, $user_url, $user_pass_md5, $cookiehash;
// *** retrieving user's data from cookies and db - no spoofing
$user_login = $HTTP_COOKIE_VARS['wordpressuser'];
$user_login = $HTTP_COOKIE_VARS['wordpressuser_'.$cookiehash];
$userdata = get_userdatabylogin($user_login);
$user_level = $userdata->user_level;
$user_ID = $userdata->ID;

12
b2-include/b2template.functions.php
View File

@ -598,13 +598,13 @@ function the_content_unicode($more_link_text='(more...)', $stripteaser=0, $more_
function get_the_content($more_link_text='(more...)', $stripteaser=0, $more_file='') {
global $id, $post, $more, $c, $withcomments, $page, $pages, $multipage, $numpages;
global $HTTP_SERVER_VARS, $HTTP_COOKIE_VARS, $preview;
global $HTTP_SERVER_VARS, $HTTP_COOKIE_VARS, $preview, $cookiehash;
global $querystring_start, $querystring_equal, $querystring_separator;
global $pagenow;
$output = '';
if (!empty($post->post_password)) { // if there's a password
if ($HTTP_COOKIE_VARS['wp-postpass'] != $post->post_password) { // and it doesn't match the cookie
if ($HTTP_COOKIE_VARS['wp-postpass_'.$cookiehash] != $post->post_password) { // and it doesn't match the cookie
$output = get_the_password_form();
return $output;
}
@ -692,11 +692,11 @@ function the_excerpt_unicode() {
function get_the_excerpt($fakeit = false) {
global $id, $post;
global $HTTP_SERVER_VARS, $HTTP_COOKIE_VARS, $preview;
global $HTTP_SERVER_VARS, $HTTP_COOKIE_VARS, $preview, $cookiehash;
$output = '';
$output = stripslashes($post->post_excerpt);
if (!empty($post->post_password)) { // if there's a password
if ($HTTP_COOKIE_VARS['wp-postpass'] != $post->post_password) { // and it doesn't match the cookie
if ($HTTP_COOKIE_VARS['wp-postpass_'.$cookiehash] != $post->post_password) { // and it doesn't match the cookie
$output = "There is no excerpt because this is a protected post.";
return $output;
}
@ -1173,7 +1173,7 @@ function comments_popup_script($width=400, $height=400, $file='b2commentspopup.p
}
function comments_popup_link($zero='No Comments', $one='1 Comment', $more='% Comments', $CSSclass='', $none='Comments Off') {
global $id, $b2commentspopupfile, $b2commentsjavascript, $post, $wpdb, $tablecomments, $HTTP_COOKIE_VARS;
global $id, $b2commentspopupfile, $b2commentsjavascript, $post, $wpdb, $tablecomments, $HTTP_COOKIE_VARS, $cookiehash;
global $querystring_start, $querystring_equal, $querystring_separator, $siteurl;
$number = $wpdb->get_var("SELECT COUNT(*) FROM $tablecomments WHERE comment_post_ID = $id");
if (0 == $number && 'closed' == $post->comment_status) {
@ -1181,7 +1181,7 @@ function comments_popup_link($zero='No Comments', $one='1 Comment', $more='% Com
return;
} else {
if (!empty($post->post_password)) { // if there's a password
if ($HTTP_COOKIE_VARS['wp-postpass'] != $post->post_password) { // and it doesn't match the cookie
if ($HTTP_COOKIE_VARS['wp-postpass_'.$cookiehash] != $post->post_password) { // and it doesn't match the cookie
echo("Enter your password to view comments");
return;
}

8
b2comments.php
View File

@ -4,15 +4,15 @@
if (($withcomments) or ($c)) {
if (!empty($post->post_password)) { // if there's a password
if ($HTTP_COOKIE_VARS['wp-postpass'] != $post->post_password) { // and it doesn't match the cookie
if ($HTTP_COOKIE_VARS['wp-postpass_'.$cookiehash] != $post->post_password) { // and it doesn't match the cookie
echo("<p>Enter your password to view comments.<p>");
return;
}
}
$comment_author = trim($HTTP_COOKIE_VARS["comment_author"]);
$comment_author_email = trim($HTTP_COOKIE_VARS["comment_author_email"]);
$comment_author_url = trim($HTTP_COOKIE_VARS["comment_author_url"]);
$comment_author = trim($HTTP_COOKIE_VARS["comment_author_".$cookiehash]);
$comment_author_email = trim($HTTP_COOKIE_VARS["comment_author_email_".$cookiehash]);
$comment_author_url = trim($HTTP_COOKIE_VARS["comment_author_url_".$cookiehash]);
$comments = $wpdb->get_results("SELECT * FROM $tablecomments WHERE comment_post_ID = $id ORDER BY comment_date");
?>

6
b2comments.post.php
View File

@ -118,9 +118,9 @@ if ($ok) { // if there was no comment from this IP in the last 10 seconds
if ($url == '')
$url = ' '; // this to make sure a cookie is set for 'no url'
setcookie('comment_author', $author, time()+30000000);
setcookie('comment_author_email', $email, time()+30000000);
setcookie('comment_author_url', $url, time()+30000000);
setcookie('comment_author_'.$cookiehash, $author, time()+30000000);
setcookie('comment_author_email_'.$cookiehash, $email, time()+30000000);
setcookie('comment_author_url_'.$cookiehash, $url, time()+30000000);
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');

2
b2commentspopup.php
View File

@ -31,7 +31,7 @@ foreach ($posts as $post) { start_b2();
<?php /* this line is b2's motor, do not delete it */
$comments = $wpdb->get_results("SELECT * FROM $tablecomments WHERE comment_post_ID = $id ORDER BY comment_date");
$commentstatus = $wpdb->get_row("SELECT comment_status, post_password FROM $tableposts WHERE ID = $id");
if (!empty($commentstatus->post_password) && $HTTP_COOKIE_VARS['wp-postpass'] != $commentstatus->post_password) { // and it doesn't match the cookie
if (!empty($commentstatus->post_password) && $HTTP_COOKIE_VARS['wp-postpass_'.$cookiehash] != $commentstatus->post_password) { // and it doesn't match the cookie
echo("<li>".get_the_password_form()."</li></ol>");
}
else {

22
b2login.php
View File

@ -44,8 +44,8 @@ switch($action) {
case 'logout':
setcookie('wordpressuser');
setcookie('wordpresspass');
setcookie('wordpressuser_'.$cookiehash);
setcookie('wordpresspass_'.$cookiehash);
header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-cache, must-revalidate');
@ -122,14 +122,14 @@ case 'login':
} else {
$user_login = $log;
$user_pass = $pwd;
setcookie('wordpressuser', $user_login, time()+31536000);
setcookie('wordpressuser_'.$cookiehash, $user_login, time()+31536000);
if ($pass_is_md5) {
setcookie('wordpresspass', $user_pass, time()+31536000);
setcookie('wordpresspass_'.$cookiehash, $user_pass, time()+31536000);
} else {
setcookie('wordpresspass', md5($user_pass), time()+31536000);
setcookie('wordpresspass_'.$cookiehash, md5($user_pass), time()+31536000);
}
if (empty($HTTP_COOKIE_VARS['wordpressblogid'])) {
setcookie('wordpressblogid', 1,time()+31536000);
if (empty($HTTP_COOKIE_VARS['wordpressblogid_'.$cookiehash])) {
setcookie('wordpressblogid_'.$cookiehash, 1,time()+31536000);
}
header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
@ -231,9 +231,9 @@ break;
default:
if((!empty($HTTP_COOKIE_VARS['wordpressuser'])) && (!empty($HTTP_COOKIE_VARS['wordpresspass']))) {
$user_login = $HTTP_COOKIE_VARS['wordpressuser'];
$user_pass_md5 = $HTTP_COOKIE_VARS['wordpresspass'];
if((!empty($HTTP_COOKIE_VARS['wordpressuser_'.$cookiehash])) && (!empty($HTTP_COOKIE_VARS['wordpresspass_'.$cookiehash]))) {
$user_login = $HTTP_COOKIE_VARS['wordpressuser_'.$cookiehash];
$user_pass_md5 = $HTTP_COOKIE_VARS['wordpresspass_'.$cookiehash];
}
function checklogin() {
@ -249,7 +249,7 @@ default:
}
if ( !(checklogin()) ) {
if (!empty($HTTP_COOKIE_VARS['wordpressuser'])) {
if (!empty($HTTP_COOKIE_VARS['wordpressuser_'.$cookiehash])) {
$error="Error: wrong login/password"; //, or your session has expired.";
}
} else {

4
wp-admin/b2profile.php
View File

@ -79,7 +79,7 @@ case 'update':
die ("<strong>ERROR</strong>: you typed two different passwords. Go back to correct that.");
$newuser_pass = $HTTP_POST_VARS["pass1"];
$updatepassword = "user_pass='$newuser_pass', ";
setcookie("wordpresspass",md5($newuser_pass),time()+31536000);
setcookie("wordpresspass_".$cookiehash,md5($newuser_pass),time()+31536000);
}
$newuser_firstname=addslashes($HTTP_POST_VARS["newuser_firstname"]);
@ -115,7 +115,7 @@ case 'viewprofile':
require_once('b2verifauth.php');
$profiledata = get_userdata($user);
if ($HTTP_COOKIE_VARS['wordpressuser'] == $profiledata->user_login)
if ($HTTP_COOKIE_VARS['wordpressuser_'.$cookiehash] == $profiledata->user_login)
header ('Location: b2profile.php');
$profile = 1;

10
wp-admin/b2verifauth.php
View File

@ -4,12 +4,12 @@ require_once('../wp-config.php');
/* checking login & pass in the database */
function veriflog() {
global $HTTP_COOKIE_VARS;
global $HTTP_COOKIE_VARS,$cookiehash;
global $tableusers, $wpdb;
if (!empty($HTTP_COOKIE_VARS["wordpressuser"])) {
$user_login = $HTTP_COOKIE_VARS["wordpressuser"];
$user_pass_md5 = $HTTP_COOKIE_VARS["wordpresspass"];
if (!empty($HTTP_COOKIE_VARS["wordpressuser_".$cookiehash])) {
$user_login = $HTTP_COOKIE_VARS["wordpressuser_".$cookiehash];
$user_pass_md5 = $HTTP_COOKIE_VARS["wordpresspass_".$cookiehash];
} else {
return false;
}
@ -38,7 +38,7 @@ function veriflog() {
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-cache, must-revalidate');
header('Pragma: no-cache');
if (!empty($HTTP_COOKIE_VARS["wordpressuser"])) {
if (!empty($HTTP_COOKIE_VARS["wordpressuser_".$cookiehash])) {
$error="<strong>Error</strong>: wrong login or password";
}
header("Location: $siteurl/b2login.php");

12
wp-admin/linkmanager.php
View File

@ -84,8 +84,8 @@ for ($i=0; $i<count($b2varstoreset); $i += 1) {
}
}
$links_show_cat_id = $HTTP_COOKIE_VARS["links_show_cat_id"];
$links_show_order = $HTTP_COOKIE_VARS["links_show_order"];
$links_show_cat_id = $HTTP_COOKIE_VARS["links_show_cat_id_".$cookiehash];
$links_show_order = $HTTP_COOKIE_VARS["links_show_order_".$cookiehash];
if ($action2 != '')
$action = $action2;
@ -263,7 +263,7 @@ switch ($action) {
" link_notes='" . addslashes($link_notes) . "'\n" .
" WHERE link_id=$link_id");
} // end if save
setcookie('links_show_cat_id', $links_show_cat_id, time()+600);
setcookie('links_show_cat_id_'.$cookiehash, $links_show_cat_id, time()+600);
header('Location: '.$this_file);
break;
} // end Save
@ -288,7 +288,7 @@ switch ($action) {
$cat_id = 'All';
}
$links_show_cat_id = $cat_id;
setcookie("links_show_cat_id", $links_show_cat_id, time()+600);
setcookie("links_show_cat_id_".$cookiehash, $links_show_cat_id, time()+600);
header('Location: '.$this_file);
break;
} // end Delete
@ -441,8 +441,8 @@ switch ($action) {
$order_by = 'order_name';
$links_show_order = $order_by;
setcookie('links_show_cat_id', $links_show_cat_id, time()+600);
setcookie('links_show_order', $links_show_order, time()+600);
setcookie('links_show_cat_id_'.$cookiehash, $links_show_cat_id, time()+600);
setcookie('links_show_order_'.$cookiehash, $links_show_order, time()+600);
$standalone=0;
include_once ("./b2header.php");
if ($user_level < get_settings('links_minadminlevel')) {

4
wp-pass.php
View File

@ -5,8 +5,8 @@
It doesn't need to connect to the DB, or do anything fancy at all. Yum.
-- Matt
*/
setcookie('wp-postpass', $HTTP_POST_VARS['post_password'], time()+60*60*24*30);
include_once('wp-config.php');
setcookie('wp-postpass_'.$cookiehash, $HTTP_POST_VARS['post_password'], time()+60*60*24*30);
header('Location: ' . $HTTP_SERVER_VARS['HTTP_REFERER']);
?>

3
wp-settings.php
View File

@ -62,5 +62,8 @@ if (!$_wp_installing) {
$querystring_equal = '=';
$querystring_separator = '&amp;';
//}
// Used to guarantee unique cookies
$cookiehash = md5($siteurl);
} //end !$_wp_installing
?>