Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2025-01-22 08:11:52 +01:00
Code Issues Projects Releases Wiki Activity

Rehash old md5 hashes inside of wp_check_password() to make hashing more pluggable.

Browse Source 
git-svn-id: http://svn.automattic.com/wordpress/trunk@7555 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2008-03-27 22:44:47 +00:00
parent 585f442ec5
commit 77d5b58105
1 changed files with 14 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
wp-includes/pluggable.php
View File

@ -431,15 +431,11 @@ function wp_authenticate($username, $password) {
return $user; return $user;
} }
if ( !wp_check_password($password, $user->user_pass) ) { if ( !wp_check_password($password, $user->user_pass, $user->ID) ) {
do_action( 'wp_login_failed', $username ); do_action( 'wp_login_failed', $username );
return new WP_Error('incorrect_password', __('<strong>ERROR</strong>: Incorrect password.')); return new WP_Error('incorrect_password', __('<strong>ERROR</strong>: Incorrect password.'));
} }
// If using old md5 password, rehash.
if ( strlen($user->user_pass) <= 32 )
wp_set_password($password, $user->ID);
return new WP_User($user->ID); return new WP_User($user->ID);
} }
endif; endif;
@ -1134,11 +1130,20 @@ if ( !function_exists('wp_check_password') ) :
* @param string $hash Hash of the user's password to check against. * @param string $hash Hash of the user's password to check against.
* @return bool False, if the $password does not match the hashed password * @return bool False, if the $password does not match the hashed password
*/ */
function wp_check_password($password, $hash) { function wp_check_password($password, $hash, $user_id = '') {
global $wp_hasher; global $wp_hasher;
if ( strlen($hash) <= 32 ) // If the hash is still md5...
return ( $hash == md5($password) ); if ( strlen($hash) <= 32 ) {
$check = ( $hash == md5($password) );
if ( $check && $user_id ) {
// Rehash using new hash.
wp_set_password($password, $user_id);
$hash = wp_hash_password($password);
}
return apply_filters('check_password', $check, $password, $hash, $user_id);
}
// If the stored hash is longer than an MD5, presume the // If the stored hash is longer than an MD5, presume the
// new style phpass portable hash. // new style phpass portable hash.
@ -1150,7 +1155,7 @@ function wp_check_password($password, $hash) {
$check = $wp_hasher->CheckPassword($password, $hash); $check = $wp_hasher->CheckPassword($password, $hash);
return apply_filters('check_password', $check, $password, $hash); return apply_filters('check_password', $check, $password, $hash, $user_id);
} }
endif; endif;