mirror of
https://github.com/WordPress/WordPress.git
synced 2025-01-22 00:01:27 +01:00
Rehash old md5 hashes inside of wp_check_password() to make hashing more pluggable.
git-svn-id: http://svn.automattic.com/wordpress/trunk@7555 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
585f442ec5
commit
77d5b58105
@ -431,15 +431,11 @@ function wp_authenticate($username, $password) {
|
||||
return $user;
|
||||
}
|
||||
|
||||
if ( !wp_check_password($password, $user->user_pass) ) {
|
||||
if ( !wp_check_password($password, $user->user_pass, $user->ID) ) {
|
||||
do_action( 'wp_login_failed', $username );
|
||||
return new WP_Error('incorrect_password', __('<strong>ERROR</strong>: Incorrect password.'));
|
||||
}
|
||||
|
||||
// If using old md5 password, rehash.
|
||||
if ( strlen($user->user_pass) <= 32 )
|
||||
wp_set_password($password, $user->ID);
|
||||
|
||||
return new WP_User($user->ID);
|
||||
}
|
||||
endif;
|
||||
@ -1134,11 +1130,20 @@ if ( !function_exists('wp_check_password') ) :
|
||||
* @param string $hash Hash of the user's password to check against.
|
||||
* @return bool False, if the $password does not match the hashed password
|
||||
*/
|
||||
function wp_check_password($password, $hash) {
|
||||
function wp_check_password($password, $hash, $user_id = '') {
|
||||
global $wp_hasher;
|
||||
|
||||
if ( strlen($hash) <= 32 )
|
||||
return ( $hash == md5($password) );
|
||||
// If the hash is still md5...
|
||||
if ( strlen($hash) <= 32 ) {
|
||||
$check = ( $hash == md5($password) );
|
||||
if ( $check && $user_id ) {
|
||||
// Rehash using new hash.
|
||||
wp_set_password($password, $user_id);
|
||||
$hash = wp_hash_password($password);
|
||||
}
|
||||
|
||||
return apply_filters('check_password', $check, $password, $hash, $user_id);
|
||||
}
|
||||
|
||||
// If the stored hash is longer than an MD5, presume the
|
||||
// new style phpass portable hash.
|
||||
@ -1150,7 +1155,7 @@ function wp_check_password($password, $hash) {
|
||||
|
||||
$check = $wp_hasher->CheckPassword($password, $hash);
|
||||
|
||||
return apply_filters('check_password', $check, $password, $hash);
|
||||
return apply_filters('check_password', $check, $password, $hash, $user_id);
|
||||
}
|
||||
endif;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user