From 15deed87d170f730e2cbb8de923b0263fc41aacf Mon Sep 17 00:00:00 2001
From: Matt Mullenweg <matt@git.wordpress.org>
Date: Mon, 9 Feb 2004 09:56:57 +0000
Subject: [PATCH] MD5 passwords, including code from Robert Hartman and John
 Gray.

git-svn-id: https://develop.svn.wordpress.org/trunk@850 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-admin/auth.php              | 29 ++++++++++++++--------------
 wp-admin/profile.php           |  5 +++--
 wp-admin/upgrade-functions.php | 13 +++++++++++++
 wp-admin/users.php             |  2 +-
 wp-login.php                   | 35 ++++++++++++++--------------------
 wp-register.php                |  2 +-
 6 files changed, 46 insertions(+), 40 deletions(-)

diff --git a/wp-admin/auth.php b/wp-admin/auth.php
index cc4e68bdfe..4b423d3080 100644
--- a/wp-admin/auth.php
+++ b/wp-admin/auth.php
@@ -2,7 +2,7 @@
 
 require_once('../wp-config.php');
 
-/* checking login & pass in the database */
+/* Checking login & pass in the database */
 function veriflog() {
 	global $HTTP_COOKIE_VARS,$cookiehash;
 	global $tableusers, $wpdb;
@@ -31,19 +31,18 @@ function veriflog() {
 		}
 	}
 }
-//if ( $user_login!="" && $user_pass!="" && $id_session!="" && $adresse_ip==$REMOTE_ADDR) {
-//	if ( !(veriflog()) AND !(verifcookielog()) ) {
-	if (!(veriflog())) {
-		header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
-		header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
-		header('Cache-Control: no-cache, must-revalidate');
-		header('Pragma: no-cache');
-		if (!empty($HTTP_COOKIE_VARS["wordpressuser_".$cookiehash])) {
-			$error="<strong>Error</strong>: wrong login or password";
-		}
-		$redir = "Location: $siteurl/wp-login.php?redirect_to=" . urlencode($HTTP_SERVER_VARS["REQUEST_URI"]);
-		header($redir);
-		exit();
+
+if ( !veriflog() ) {
+	header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
+	header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
+	header('Cache-Control: no-cache, must-revalidate');
+	header('Pragma: no-cache');
+	if (!empty($HTTP_COOKIE_VARS["wordpressuser_".$cookiehash])) {
+		$error="<strong>Error</strong>: wrong login or password.";
 	}
-//}
+	$redir = "Location: $siteurl/wp-login.php?redirect_to=" . urlencode($HTTP_SERVER_VARS["REQUEST_URI"]);
+	header($redir);
+	exit();
+}
+
 ?>
\ No newline at end of file
diff --git a/wp-admin/profile.php b/wp-admin/profile.php
index cacf95c3fc..db1666f6de 100644
--- a/wp-admin/profile.php
+++ b/wp-admin/profile.php
@@ -75,7 +75,7 @@ case 'update':
 		if ($HTTP_POST_VARS["pass1"] != $HTTP_POST_VARS["pass2"])
 			die ("<strong>ERROR</strong>: you typed two different passwords. Go back to correct that.");
 		$newuser_pass = $HTTP_POST_VARS["pass1"];
-		$updatepassword = "user_pass='$newuser_pass', ";
+		$updatepassword = "user_pass=MD5('$newuser_pass'), ";
 		setcookie("wordpresspass_".$cookiehash,md5($newuser_pass),time()+31536000);
 	}
 
@@ -344,4 +344,5 @@ break;
 }
 
 /* </Profile | My Profile> */
-include('admin-footer.php') ?>
\ No newline at end of file
+include('admin-footer.php');
+ ?>
\ No newline at end of file
diff --git a/wp-admin/upgrade-functions.php b/wp-admin/upgrade-functions.php
index 2db0039f65..f7311b034d 100644
--- a/wp-admin/upgrade-functions.php
+++ b/wp-admin/upgrade-functions.php
@@ -679,7 +679,20 @@ function upgrade_110() {
 	maybe_add_column($tableusers, 'user_activation_key', "ALTER TABLE `$tableusers` ADD `user_activation_key` VARCHAR( 60 ) NOT NULL ;");
 	maybe_add_column($tableusers, 'user_status', "ALTER TABLE `$tableusers` ADD `user_status` INT DEFAULT '0' NOT NULL ;");
 	$wpdb->query("ALTER TABLE `$tableposts` CHANGE `comment_status` `comment_status` ENUM( 'open', 'closed', 'registered_only' ) DEFAULT 'open' NOT NULL");
+
+	// Convert passwords to MD5 and update table appropiately
+	$query = 'DESCRIBE wp_users user_pass';
+	$res = $wpdb->get_results($query);
+	if ($res[0]['Type'] != 'varchar(32)') {
+		$wpdb->query('ALTER TABLE wp_users MODIFY user_pass varchar(64) not null');
+	}
 	
+	$query = 'SELECT ID, user_pass from wp_users';
+	foreach ($wpdb->get_results($query) as $row) {
+		if (!preg_match('/^[A-Fa-f0-9]{32}$/', $row->user_pass)) {
+			   $wpdb->query('UPDATE wp_users SET user_pass = MD5(\''.$row->user_pass.'\') WHERE ID = \''.$row->ID.'\'');
+		}
+	}
 }
 
 ?>
\ No newline at end of file
diff --git a/wp-admin/users.php b/wp-admin/users.php
index b853bfcf09..4be93b9d64 100644
--- a/wp-admin/users.php
+++ b/wp-admin/users.php
@@ -73,7 +73,7 @@ case 'adduser':
 	$result = $wpdb->query("INSERT INTO $tableusers 
 		(user_login, user_pass, user_nickname, user_email, user_ip, user_domain, user_browser, dateYMDhour, user_level, user_idmode, user_firstname, user_lastname)
 	VALUES 
-		('$user_login', '$pass1', '$user_nickname', '$user_email', '$user_ip', '$user_domain', '$user_browser', '$now', '$new_users_can_blog', 'nickname', '$user_firstname', '$user_lastname')");
+		('$user_login', MD5('$pass1'), '$user_nickname', '$user_email', '$user_ip', '$user_domain', '$user_browser', '$now', '$new_users_can_blog', 'nickname', '$user_firstname', '$user_lastname')");
 	
 	if ($result == false) {
 		die ('<strong>ERROR</strong>: Couldn&#8217;t register you... please contact the <a href="mailto:'.$admin_email.'">webmaster</a> !');
diff --git a/wp-login.php b/wp-login.php
index d19af3eb46..189493e325 100644
--- a/wp-login.php
+++ b/wp-login.php
@@ -59,9 +59,9 @@ break;
 case 'login':
 
 	if(!empty($HTTP_POST_VARS)) {
-		$log = $HTTP_POST_VARS["log"];
-		$pwd = $HTTP_POST_VARS["pwd"];
-		$redirect_to = $HTTP_POST_VARS["redirect_to"];
+		$log = $HTTP_POST_VARS['log'];
+		$pwd = $HTTP_POST_VARS['pwd'];
+		$redirect_to = $HTTP_POST_VARS['redirect_to'];
 	}
 	
 	$user = get_userdatabylogin($log);
@@ -74,37 +74,32 @@ case 'login':
 		global $wpdb, $log, $pwd, $error, $user_ID;
 		global $tableusers, $pass_is_md5;
 		$user_login = &$log;
+		$pwd = md5($pwd);
 		$password = &$pwd;
 		if (!$user_login) {
-			$error="<strong>ERROR</strong>: the login field is empty";
+			$error = '<strong>Error</strong>: the login field is empty.';
 			return false;
 		}
 
 		if (!$password) {
-			$error="<strong>ERROR</strong>: the password field is empty";
+			$error = '<strong>Error</strong>: the password field is empty.';
 			return false;
 		}
 
-		if ('md5:' == substr($password, 0, 4)) {
-			$pass_is_md5 = 1;
-			$password = substr($password, 4, strlen($password));
-			$query = "SELECT ID, user_login, user_pass FROM $tableusers WHERE user_login = '$user_login' AND MD5(user_pass) = '$password'";
-		} else {
-			$pass_is_md5 = 0;
-			$query = "SELECT ID, user_login, user_pass FROM $tableusers WHERE user_login = '$user_login' AND user_pass = '$password'";
-		}
+		$query = "SELECT ID, user_login, user_pass FROM $tableusers WHERE user_login = '$user_login' AND user_pass = '$password'";
+	
 		$login = $wpdb->get_row($query);
 
 		if (!$login) {
-			$error = '<b>ERROR</b>: wrong login or password';
+			$error = '<strong>Error</strong>: wrong login or password.';
 			$pwd = '';
 			return false;
 		} else {
 		$user_ID = $login->ID;
-			if (($pass_is_md5 == 0 && $login->user_login == $user_login && $login->user_pass == $password) || ($pass_is_md5 == 1 && $login->user_login == $user_login && md5($login->user_pass) == $password)) {
+			if (($pass_is_md5 == 0 && $login->user_login == $user_login && $login->user_pass == $password) || ($pass_is_md5 == 1 && $login->user_login == $user_login && $login->user_pass == md5($password))) {
 				return true;
 			} else {
-				$error = '<b>ERROR</b>: wrong login or password';
+				$error = '<strong>Error</strong>: wrong login or password.';
 				$pwd = '';
 			return false;
 			}
@@ -126,11 +121,7 @@ case 'login':
 		$user_login = $log;
 		$user_pass = $pwd;
 		setcookie('wordpressuser_'.$cookiehash, $user_login, time()+31536000);
-		if ($pass_is_md5) {
-			setcookie('wordpresspass_'.$cookiehash, $user_pass, time()+31536000);
-		} else {
-			setcookie('wordpresspass_'.$cookiehash, md5($user_pass), time()+31536000);
-		}
+		setcookie('wordpresspass_'.$cookiehash, md5($user_pass), time()+31536000);
 		if (empty($HTTP_COOKIE_VARS['wordpressblogid_'.$cookiehash])) {
 			setcookie('wordpressblogid_'.$cookiehash, 1,time()+31536000);
 		}
@@ -227,6 +218,8 @@ case 'retrievepassword':
 	} else {
 		echo "<p>The email was sent successfully to $user_login's email address.<br />
 		<a href='wp-login.php' title='Check your email first, of course'>Click here to login!</a></p>";
+		// send a copy of password change notification to the admin
+		mail($admin_email, "[$blogname] Password Lost/Change", "Password Lost and Changed for user: $user_login");
 		die();
 	}
 
diff --git a/wp-register.php b/wp-register.php
index 32f56ac697..50b3c187b2 100644
--- a/wp-register.php
+++ b/wp-register.php
@@ -92,7 +92,7 @@ case 'register':
 	$result = $wpdb->query("INSERT INTO $tableusers 
 		(user_login, user_pass, user_nickname, user_email, user_ip, user_domain, user_browser, dateYMDhour, user_level, user_idmode)
 	VALUES 
-		('$user_login', '$pass1', '$user_nickname', '$user_email', '$user_ip', '$user_domain', '$user_browser', '$now', '$new_users_can_blog', 'nickname')");
+		('$user_login', MD5('$pass1'), '$user_nickname', '$user_email', '$user_ip', '$user_domain', '$user_browser', '$now', '$new_users_can_blog', 'nickname')");
 	
 	if ($result == false) {
 		die ('<strong>ERROR</strong>: Couldn&#8217;t register you... please contact the <a href="mailto:'.$admin_email.'">webmaster</a> !');