mirror of
https://github.com/WordPress/WordPress.git
synced 2025-01-05 16:08:12 +01:00
Cookies are now unique, based on siteurl, allowing multiple installs under a single domain name.
git-svn-id: http://svn.automattic.com/wordpress/trunk@458 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
9b49dac1c4
commit
45fe889b00
@ -380,9 +380,9 @@ function user_pass_ok($user_login,$user_pass) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
function get_currentuserinfo() { // a bit like get_userdata(), on steroids
|
function get_currentuserinfo() { // a bit like get_userdata(), on steroids
|
||||||
global $HTTP_COOKIE_VARS, $user_login, $userdata, $user_level, $user_ID, $user_nickname, $user_email, $user_url, $user_pass_md5;
|
global $HTTP_COOKIE_VARS, $user_login, $userdata, $user_level, $user_ID, $user_nickname, $user_email, $user_url, $user_pass_md5, $cookiehash;
|
||||||
// *** retrieving user's data from cookies and db - no spoofing
|
// *** retrieving user's data from cookies and db - no spoofing
|
||||||
$user_login = $HTTP_COOKIE_VARS['wordpressuser'];
|
$user_login = $HTTP_COOKIE_VARS['wordpressuser_'.$cookiehash];
|
||||||
$userdata = get_userdatabylogin($user_login);
|
$userdata = get_userdatabylogin($user_login);
|
||||||
$user_level = $userdata->user_level;
|
$user_level = $userdata->user_level;
|
||||||
$user_ID = $userdata->ID;
|
$user_ID = $userdata->ID;
|
||||||
|
@ -598,13 +598,13 @@ function the_content_unicode($more_link_text='(more...)', $stripteaser=0, $more_
|
|||||||
|
|
||||||
function get_the_content($more_link_text='(more...)', $stripteaser=0, $more_file='') {
|
function get_the_content($more_link_text='(more...)', $stripteaser=0, $more_file='') {
|
||||||
global $id, $post, $more, $c, $withcomments, $page, $pages, $multipage, $numpages;
|
global $id, $post, $more, $c, $withcomments, $page, $pages, $multipage, $numpages;
|
||||||
global $HTTP_SERVER_VARS, $HTTP_COOKIE_VARS, $preview;
|
global $HTTP_SERVER_VARS, $HTTP_COOKIE_VARS, $preview, $cookiehash;
|
||||||
global $querystring_start, $querystring_equal, $querystring_separator;
|
global $querystring_start, $querystring_equal, $querystring_separator;
|
||||||
global $pagenow;
|
global $pagenow;
|
||||||
$output = '';
|
$output = '';
|
||||||
|
|
||||||
if (!empty($post->post_password)) { // if there's a password
|
if (!empty($post->post_password)) { // if there's a password
|
||||||
if ($HTTP_COOKIE_VARS['wp-postpass'] != $post->post_password) { // and it doesn't match the cookie
|
if ($HTTP_COOKIE_VARS['wp-postpass_'.$cookiehash] != $post->post_password) { // and it doesn't match the cookie
|
||||||
$output = get_the_password_form();
|
$output = get_the_password_form();
|
||||||
return $output;
|
return $output;
|
||||||
}
|
}
|
||||||
@ -692,11 +692,11 @@ function the_excerpt_unicode() {
|
|||||||
|
|
||||||
function get_the_excerpt($fakeit = false) {
|
function get_the_excerpt($fakeit = false) {
|
||||||
global $id, $post;
|
global $id, $post;
|
||||||
global $HTTP_SERVER_VARS, $HTTP_COOKIE_VARS, $preview;
|
global $HTTP_SERVER_VARS, $HTTP_COOKIE_VARS, $preview, $cookiehash;
|
||||||
$output = '';
|
$output = '';
|
||||||
$output = stripslashes($post->post_excerpt);
|
$output = stripslashes($post->post_excerpt);
|
||||||
if (!empty($post->post_password)) { // if there's a password
|
if (!empty($post->post_password)) { // if there's a password
|
||||||
if ($HTTP_COOKIE_VARS['wp-postpass'] != $post->post_password) { // and it doesn't match the cookie
|
if ($HTTP_COOKIE_VARS['wp-postpass_'.$cookiehash] != $post->post_password) { // and it doesn't match the cookie
|
||||||
$output = "There is no excerpt because this is a protected post.";
|
$output = "There is no excerpt because this is a protected post.";
|
||||||
return $output;
|
return $output;
|
||||||
}
|
}
|
||||||
@ -1173,7 +1173,7 @@ function comments_popup_script($width=400, $height=400, $file='b2commentspopup.p
|
|||||||
}
|
}
|
||||||
|
|
||||||
function comments_popup_link($zero='No Comments', $one='1 Comment', $more='% Comments', $CSSclass='', $none='Comments Off') {
|
function comments_popup_link($zero='No Comments', $one='1 Comment', $more='% Comments', $CSSclass='', $none='Comments Off') {
|
||||||
global $id, $b2commentspopupfile, $b2commentsjavascript, $post, $wpdb, $tablecomments, $HTTP_COOKIE_VARS;
|
global $id, $b2commentspopupfile, $b2commentsjavascript, $post, $wpdb, $tablecomments, $HTTP_COOKIE_VARS, $cookiehash;
|
||||||
global $querystring_start, $querystring_equal, $querystring_separator, $siteurl;
|
global $querystring_start, $querystring_equal, $querystring_separator, $siteurl;
|
||||||
$number = $wpdb->get_var("SELECT COUNT(*) FROM $tablecomments WHERE comment_post_ID = $id");
|
$number = $wpdb->get_var("SELECT COUNT(*) FROM $tablecomments WHERE comment_post_ID = $id");
|
||||||
if (0 == $number && 'closed' == $post->comment_status) {
|
if (0 == $number && 'closed' == $post->comment_status) {
|
||||||
@ -1181,7 +1181,7 @@ function comments_popup_link($zero='No Comments', $one='1 Comment', $more='% Com
|
|||||||
return;
|
return;
|
||||||
} else {
|
} else {
|
||||||
if (!empty($post->post_password)) { // if there's a password
|
if (!empty($post->post_password)) { // if there's a password
|
||||||
if ($HTTP_COOKIE_VARS['wp-postpass'] != $post->post_password) { // and it doesn't match the cookie
|
if ($HTTP_COOKIE_VARS['wp-postpass_'.$cookiehash] != $post->post_password) { // and it doesn't match the cookie
|
||||||
echo("Enter your password to view comments");
|
echo("Enter your password to view comments");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -4,15 +4,15 @@
|
|||||||
if (($withcomments) or ($c)) {
|
if (($withcomments) or ($c)) {
|
||||||
|
|
||||||
if (!empty($post->post_password)) { // if there's a password
|
if (!empty($post->post_password)) { // if there's a password
|
||||||
if ($HTTP_COOKIE_VARS['wp-postpass'] != $post->post_password) { // and it doesn't match the cookie
|
if ($HTTP_COOKIE_VARS['wp-postpass_'.$cookiehash] != $post->post_password) { // and it doesn't match the cookie
|
||||||
echo("<p>Enter your password to view comments.<p>");
|
echo("<p>Enter your password to view comments.<p>");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$comment_author = trim($HTTP_COOKIE_VARS["comment_author"]);
|
$comment_author = trim($HTTP_COOKIE_VARS["comment_author_".$cookiehash]);
|
||||||
$comment_author_email = trim($HTTP_COOKIE_VARS["comment_author_email"]);
|
$comment_author_email = trim($HTTP_COOKIE_VARS["comment_author_email_".$cookiehash]);
|
||||||
$comment_author_url = trim($HTTP_COOKIE_VARS["comment_author_url"]);
|
$comment_author_url = trim($HTTP_COOKIE_VARS["comment_author_url_".$cookiehash]);
|
||||||
|
|
||||||
$comments = $wpdb->get_results("SELECT * FROM $tablecomments WHERE comment_post_ID = $id ORDER BY comment_date");
|
$comments = $wpdb->get_results("SELECT * FROM $tablecomments WHERE comment_post_ID = $id ORDER BY comment_date");
|
||||||
?>
|
?>
|
||||||
|
@ -118,9 +118,9 @@ if ($ok) { // if there was no comment from this IP in the last 10 seconds
|
|||||||
if ($url == '')
|
if ($url == '')
|
||||||
$url = ' '; // this to make sure a cookie is set for 'no url'
|
$url = ' '; // this to make sure a cookie is set for 'no url'
|
||||||
|
|
||||||
setcookie('comment_author', $author, time()+30000000);
|
setcookie('comment_author_'.$cookiehash, $author, time()+30000000);
|
||||||
setcookie('comment_author_email', $email, time()+30000000);
|
setcookie('comment_author_email_'.$cookiehash, $email, time()+30000000);
|
||||||
setcookie('comment_author_url', $url, time()+30000000);
|
setcookie('comment_author_url_'.$cookiehash, $url, time()+30000000);
|
||||||
|
|
||||||
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
|
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
|
||||||
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
|
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
|
||||||
|
@ -31,7 +31,7 @@ foreach ($posts as $post) { start_b2();
|
|||||||
<?php /* this line is b2's motor, do not delete it */
|
<?php /* this line is b2's motor, do not delete it */
|
||||||
$comments = $wpdb->get_results("SELECT * FROM $tablecomments WHERE comment_post_ID = $id ORDER BY comment_date");
|
$comments = $wpdb->get_results("SELECT * FROM $tablecomments WHERE comment_post_ID = $id ORDER BY comment_date");
|
||||||
$commentstatus = $wpdb->get_row("SELECT comment_status, post_password FROM $tableposts WHERE ID = $id");
|
$commentstatus = $wpdb->get_row("SELECT comment_status, post_password FROM $tableposts WHERE ID = $id");
|
||||||
if (!empty($commentstatus->post_password) && $HTTP_COOKIE_VARS['wp-postpass'] != $commentstatus->post_password) { // and it doesn't match the cookie
|
if (!empty($commentstatus->post_password) && $HTTP_COOKIE_VARS['wp-postpass_'.$cookiehash] != $commentstatus->post_password) { // and it doesn't match the cookie
|
||||||
echo("<li>".get_the_password_form()."</li></ol>");
|
echo("<li>".get_the_password_form()."</li></ol>");
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
22
b2login.php
22
b2login.php
@ -44,8 +44,8 @@ switch($action) {
|
|||||||
|
|
||||||
case 'logout':
|
case 'logout':
|
||||||
|
|
||||||
setcookie('wordpressuser');
|
setcookie('wordpressuser_'.$cookiehash);
|
||||||
setcookie('wordpresspass');
|
setcookie('wordpresspass_'.$cookiehash);
|
||||||
header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
|
header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
|
||||||
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
|
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
|
||||||
header('Cache-Control: no-cache, must-revalidate');
|
header('Cache-Control: no-cache, must-revalidate');
|
||||||
@ -122,14 +122,14 @@ case 'login':
|
|||||||
} else {
|
} else {
|
||||||
$user_login = $log;
|
$user_login = $log;
|
||||||
$user_pass = $pwd;
|
$user_pass = $pwd;
|
||||||
setcookie('wordpressuser', $user_login, time()+31536000);
|
setcookie('wordpressuser_'.$cookiehash, $user_login, time()+31536000);
|
||||||
if ($pass_is_md5) {
|
if ($pass_is_md5) {
|
||||||
setcookie('wordpresspass', $user_pass, time()+31536000);
|
setcookie('wordpresspass_'.$cookiehash, $user_pass, time()+31536000);
|
||||||
} else {
|
} else {
|
||||||
setcookie('wordpresspass', md5($user_pass), time()+31536000);
|
setcookie('wordpresspass_'.$cookiehash, md5($user_pass), time()+31536000);
|
||||||
}
|
}
|
||||||
if (empty($HTTP_COOKIE_VARS['wordpressblogid'])) {
|
if (empty($HTTP_COOKIE_VARS['wordpressblogid_'.$cookiehash])) {
|
||||||
setcookie('wordpressblogid', 1,time()+31536000);
|
setcookie('wordpressblogid_'.$cookiehash, 1,time()+31536000);
|
||||||
}
|
}
|
||||||
header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
|
header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
|
||||||
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
|
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
|
||||||
@ -231,9 +231,9 @@ break;
|
|||||||
|
|
||||||
default:
|
default:
|
||||||
|
|
||||||
if((!empty($HTTP_COOKIE_VARS['wordpressuser'])) && (!empty($HTTP_COOKIE_VARS['wordpresspass']))) {
|
if((!empty($HTTP_COOKIE_VARS['wordpressuser_'.$cookiehash])) && (!empty($HTTP_COOKIE_VARS['wordpresspass_'.$cookiehash]))) {
|
||||||
$user_login = $HTTP_COOKIE_VARS['wordpressuser'];
|
$user_login = $HTTP_COOKIE_VARS['wordpressuser_'.$cookiehash];
|
||||||
$user_pass_md5 = $HTTP_COOKIE_VARS['wordpresspass'];
|
$user_pass_md5 = $HTTP_COOKIE_VARS['wordpresspass_'.$cookiehash];
|
||||||
}
|
}
|
||||||
|
|
||||||
function checklogin() {
|
function checklogin() {
|
||||||
@ -249,7 +249,7 @@ default:
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ( !(checklogin()) ) {
|
if ( !(checklogin()) ) {
|
||||||
if (!empty($HTTP_COOKIE_VARS['wordpressuser'])) {
|
if (!empty($HTTP_COOKIE_VARS['wordpressuser_'.$cookiehash])) {
|
||||||
$error="Error: wrong login/password"; //, or your session has expired.";
|
$error="Error: wrong login/password"; //, or your session has expired.";
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
@ -79,7 +79,7 @@ case 'update':
|
|||||||
die ("<strong>ERROR</strong>: you typed two different passwords. Go back to correct that.");
|
die ("<strong>ERROR</strong>: you typed two different passwords. Go back to correct that.");
|
||||||
$newuser_pass = $HTTP_POST_VARS["pass1"];
|
$newuser_pass = $HTTP_POST_VARS["pass1"];
|
||||||
$updatepassword = "user_pass='$newuser_pass', ";
|
$updatepassword = "user_pass='$newuser_pass', ";
|
||||||
setcookie("wordpresspass",md5($newuser_pass),time()+31536000);
|
setcookie("wordpresspass_".$cookiehash,md5($newuser_pass),time()+31536000);
|
||||||
}
|
}
|
||||||
|
|
||||||
$newuser_firstname=addslashes($HTTP_POST_VARS["newuser_firstname"]);
|
$newuser_firstname=addslashes($HTTP_POST_VARS["newuser_firstname"]);
|
||||||
@ -115,7 +115,7 @@ case 'viewprofile':
|
|||||||
require_once('b2verifauth.php');
|
require_once('b2verifauth.php');
|
||||||
|
|
||||||
$profiledata = get_userdata($user);
|
$profiledata = get_userdata($user);
|
||||||
if ($HTTP_COOKIE_VARS['wordpressuser'] == $profiledata->user_login)
|
if ($HTTP_COOKIE_VARS['wordpressuser_'.$cookiehash] == $profiledata->user_login)
|
||||||
header ('Location: b2profile.php');
|
header ('Location: b2profile.php');
|
||||||
|
|
||||||
$profile = 1;
|
$profile = 1;
|
||||||
|
@ -4,12 +4,12 @@ require_once('../wp-config.php');
|
|||||||
|
|
||||||
/* checking login & pass in the database */
|
/* checking login & pass in the database */
|
||||||
function veriflog() {
|
function veriflog() {
|
||||||
global $HTTP_COOKIE_VARS;
|
global $HTTP_COOKIE_VARS,$cookiehash;
|
||||||
global $tableusers, $wpdb;
|
global $tableusers, $wpdb;
|
||||||
|
|
||||||
if (!empty($HTTP_COOKIE_VARS["wordpressuser"])) {
|
if (!empty($HTTP_COOKIE_VARS["wordpressuser_".$cookiehash])) {
|
||||||
$user_login = $HTTP_COOKIE_VARS["wordpressuser"];
|
$user_login = $HTTP_COOKIE_VARS["wordpressuser_".$cookiehash];
|
||||||
$user_pass_md5 = $HTTP_COOKIE_VARS["wordpresspass"];
|
$user_pass_md5 = $HTTP_COOKIE_VARS["wordpresspass_".$cookiehash];
|
||||||
} else {
|
} else {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
@ -38,7 +38,7 @@ function veriflog() {
|
|||||||
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
|
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
|
||||||
header('Cache-Control: no-cache, must-revalidate');
|
header('Cache-Control: no-cache, must-revalidate');
|
||||||
header('Pragma: no-cache');
|
header('Pragma: no-cache');
|
||||||
if (!empty($HTTP_COOKIE_VARS["wordpressuser"])) {
|
if (!empty($HTTP_COOKIE_VARS["wordpressuser_".$cookiehash])) {
|
||||||
$error="<strong>Error</strong>: wrong login or password";
|
$error="<strong>Error</strong>: wrong login or password";
|
||||||
}
|
}
|
||||||
header("Location: $siteurl/b2login.php");
|
header("Location: $siteurl/b2login.php");
|
||||||
|
@ -84,8 +84,8 @@ for ($i=0; $i<count($b2varstoreset); $i += 1) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$links_show_cat_id = $HTTP_COOKIE_VARS["links_show_cat_id"];
|
$links_show_cat_id = $HTTP_COOKIE_VARS["links_show_cat_id_".$cookiehash];
|
||||||
$links_show_order = $HTTP_COOKIE_VARS["links_show_order"];
|
$links_show_order = $HTTP_COOKIE_VARS["links_show_order_".$cookiehash];
|
||||||
|
|
||||||
if ($action2 != '')
|
if ($action2 != '')
|
||||||
$action = $action2;
|
$action = $action2;
|
||||||
@ -263,7 +263,7 @@ switch ($action) {
|
|||||||
" link_notes='" . addslashes($link_notes) . "'\n" .
|
" link_notes='" . addslashes($link_notes) . "'\n" .
|
||||||
" WHERE link_id=$link_id");
|
" WHERE link_id=$link_id");
|
||||||
} // end if save
|
} // end if save
|
||||||
setcookie('links_show_cat_id', $links_show_cat_id, time()+600);
|
setcookie('links_show_cat_id_'.$cookiehash, $links_show_cat_id, time()+600);
|
||||||
header('Location: '.$this_file);
|
header('Location: '.$this_file);
|
||||||
break;
|
break;
|
||||||
} // end Save
|
} // end Save
|
||||||
@ -288,7 +288,7 @@ switch ($action) {
|
|||||||
$cat_id = 'All';
|
$cat_id = 'All';
|
||||||
}
|
}
|
||||||
$links_show_cat_id = $cat_id;
|
$links_show_cat_id = $cat_id;
|
||||||
setcookie("links_show_cat_id", $links_show_cat_id, time()+600);
|
setcookie("links_show_cat_id_".$cookiehash, $links_show_cat_id, time()+600);
|
||||||
header('Location: '.$this_file);
|
header('Location: '.$this_file);
|
||||||
break;
|
break;
|
||||||
} // end Delete
|
} // end Delete
|
||||||
@ -441,8 +441,8 @@ switch ($action) {
|
|||||||
$order_by = 'order_name';
|
$order_by = 'order_name';
|
||||||
$links_show_order = $order_by;
|
$links_show_order = $order_by;
|
||||||
|
|
||||||
setcookie('links_show_cat_id', $links_show_cat_id, time()+600);
|
setcookie('links_show_cat_id_'.$cookiehash, $links_show_cat_id, time()+600);
|
||||||
setcookie('links_show_order', $links_show_order, time()+600);
|
setcookie('links_show_order_'.$cookiehash, $links_show_order, time()+600);
|
||||||
$standalone=0;
|
$standalone=0;
|
||||||
include_once ("./b2header.php");
|
include_once ("./b2header.php");
|
||||||
if ($user_level < get_settings('links_minadminlevel')) {
|
if ($user_level < get_settings('links_minadminlevel')) {
|
||||||
|
@ -5,8 +5,8 @@
|
|||||||
It doesn't need to connect to the DB, or do anything fancy at all. Yum.
|
It doesn't need to connect to the DB, or do anything fancy at all. Yum.
|
||||||
-- Matt
|
-- Matt
|
||||||
*/
|
*/
|
||||||
|
include_once('wp-config.php');
|
||||||
setcookie('wp-postpass', $HTTP_POST_VARS['post_password'], time()+60*60*24*30);
|
setcookie('wp-postpass_'.$cookiehash, $HTTP_POST_VARS['post_password'], time()+60*60*24*30);
|
||||||
header('Location: ' . $HTTP_SERVER_VARS['HTTP_REFERER']);
|
header('Location: ' . $HTTP_SERVER_VARS['HTTP_REFERER']);
|
||||||
|
|
||||||
?>
|
?>
|
@ -62,5 +62,8 @@ if (!$_wp_installing) {
|
|||||||
$querystring_equal = '=';
|
$querystring_equal = '=';
|
||||||
$querystring_separator = '&';
|
$querystring_separator = '&';
|
||||||
//}
|
//}
|
||||||
|
// Used to guarantee unique cookies
|
||||||
|
$cookiehash = md5($siteurl);
|
||||||
|
|
||||||
} //end !$_wp_installing
|
} //end !$_wp_installing
|
||||||
?>
|
?>
|
Loading…
Reference in New Issue
Block a user