diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
index 46b877d42a..ba7474a2fa 100644
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@@ -304,24 +304,21 @@ function wp_login($username, $password, $deprecated = false) {
return false;
}
- $login = get_userdatabylogin($username);
+ $user = get_userdatabylogin($username);
- if ( !$login || ($login->user_login != $username) ) {
+ if ( !$user || ($user->user_login != $username) ) {
$error = __('ERROR: Invalid username.');
return false;
}
- if ( !wp_check_password($password, $login->user_pass) ) {
+ if ( !wp_check_password($password, $user->user_pass) ) {
$error = __('ERROR: Incorrect password.');
return false;
}
// If using old md5 password, rehash.
- if ( strlen($login->user_pass) <= 32 ) {
- $hash = wp_hash_password($password);
- $wpdb->query("UPDATE $wpdb->users SET user_pass = '$hash', user_activation_key = '' WHERE ID = '$login->ID'");
- wp_cache_delete($login->ID, 'users');
- }
+ if ( strlen($user->user_pass) <= 32 )
+ wp_set_password($password, $user->ID);
return true;
}
@@ -770,6 +767,17 @@ function wp_generate_password() {
}
endif;
+if ( !function_exists('wp_set_password') ) :
+function wp_set_password( $password, $user_id ) {
+ global $wpdb;
+
+ $hash = wp_hash_password($password);
+ $query = $wpdb->prepare("UPDATE $wpdb->users SET user_pass = %s, user_activation_key = '' WHERE ID = %d", $hash, $user_id);
+ $wpdb->query($query);
+ wp_cache_delete($user_id, 'users');
+}
+endif;
+
// Deprecated. Use wp_set_auth_cookie()
if ( !function_exists('wp_setcookie') ) :
function wp_setcookie($username, $password = '', $already_md5 = false, $home = '', $siteurl = '', $remember = false) {
diff --git a/wp-login.php b/wp-login.php
index 23dc9f76e7..cda6a5a9ec 100644
--- a/wp-login.php
+++ b/wp-login.php
@@ -184,9 +184,7 @@ case 'rp' :
// Generate something random for a password...
$new_pass = wp_generate_password();
- $new_hash = wp_hash_password($new_pass);
- $wpdb->query("UPDATE $wpdb->users SET user_pass = '$new_hash', user_activation_key = '' WHERE ID = '$user->ID'");
- wp_cache_delete($user->ID, 'users');
+ wp_set_password($new_pass, $user->ID);
$message = sprintf(__('Username: %s'), $user->user_login) . "\r\n";
$message .= sprintf(__('Password: %s'), $new_pass) . "\r\n";
$message .= get_option('siteurl') . "/wp-login.php\r\n";