Rehash old md5 hashes inside of wp_check_password() to make hashing more pluggable.

git-svn-id: http://svn.automattic.com/wordpress/trunk@7555 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2008-03-27 22:44:47 +00:00
parent 585f442ec5
commit 77d5b58105

View File

@ -431,15 +431,11 @@ function wp_authenticate($username, $password) {
return $user;
}
if ( !wp_check_password($password, $user->user_pass) ) {
if ( !wp_check_password($password, $user->user_pass, $user->ID) ) {
do_action( 'wp_login_failed', $username );
return new WP_Error('incorrect_password', __('<strong>ERROR</strong>: Incorrect password.'));
}
// If using old md5 password, rehash.
if ( strlen($user->user_pass) <= 32 )
wp_set_password($password, $user->ID);
return new WP_User($user->ID);
}
endif;
@ -1134,11 +1130,20 @@ if ( !function_exists('wp_check_password') ) :
* @param string $hash Hash of the user's password to check against.
* @return bool False, if the $password does not match the hashed password
*/
function wp_check_password($password, $hash) {
function wp_check_password($password, $hash, $user_id = '') {
global $wp_hasher;
if ( strlen($hash) <= 32 )
return ( $hash == md5($password) );
// If the hash is still md5...
if ( strlen($hash) <= 32 ) {
$check = ( $hash == md5($password) );
if ( $check && $user_id ) {
// Rehash using new hash.
wp_set_password($password, $user_id);
$hash = wp_hash_password($password);
}
return apply_filters('check_password', $check, $password, $hash, $user_id);
}
// If the stored hash is longer than an MD5, presume the
// new style phpass portable hash.
@ -1150,7 +1155,7 @@ function wp_check_password($password, $hash) {
$check = $wp_hasher->CheckPassword($password, $hash);
return apply_filters('check_password', $check, $password, $hash);
return apply_filters('check_password', $check, $password, $hash, $user_id);
}
endif;