From 620001f33ed0cebdab75a32181f6349506507601 Mon Sep 17 00:00:00 2001 From: Dougal Campbell Date: Mon, 20 Oct 2003 20:53:13 +0000 Subject: [PATCH] Cookies are now unique, based on siteurl, allowing multiple installs under a single domain name. git-svn-id: https://develop.svn.wordpress.org/trunk@458 602fd350-edb4-49c9-b593-d223f7449a82 --- b2-include/b2functions.php | 4 ++-- b2-include/b2template.functions.php | 12 ++++++------ b2comments.php | 8 ++++---- b2comments.post.php | 6 +++--- b2commentspopup.php | 2 +- b2login.php | 22 +++++++++++----------- wp-admin/b2profile.php | 4 ++-- wp-admin/b2verifauth.php | 10 +++++----- wp-admin/linkmanager.php | 12 ++++++------ wp-pass.php | 4 ++-- wp-settings.php | 3 +++ 11 files changed, 45 insertions(+), 42 deletions(-) diff --git a/b2-include/b2functions.php b/b2-include/b2functions.php index bea388e43f..fe29de2fa3 100644 --- a/b2-include/b2functions.php +++ b/b2-include/b2functions.php @@ -380,9 +380,9 @@ function user_pass_ok($user_login,$user_pass) { } function get_currentuserinfo() { // a bit like get_userdata(), on steroids - global $HTTP_COOKIE_VARS, $user_login, $userdata, $user_level, $user_ID, $user_nickname, $user_email, $user_url, $user_pass_md5; + global $HTTP_COOKIE_VARS, $user_login, $userdata, $user_level, $user_ID, $user_nickname, $user_email, $user_url, $user_pass_md5, $cookiehash; // *** retrieving user's data from cookies and db - no spoofing - $user_login = $HTTP_COOKIE_VARS['wordpressuser']; + $user_login = $HTTP_COOKIE_VARS['wordpressuser_'.$cookiehash]; $userdata = get_userdatabylogin($user_login); $user_level = $userdata->user_level; $user_ID = $userdata->ID; diff --git a/b2-include/b2template.functions.php b/b2-include/b2template.functions.php index 35c6ea8956..8d4af5aca3 100644 --- a/b2-include/b2template.functions.php +++ b/b2-include/b2template.functions.php @@ -598,13 +598,13 @@ function the_content_unicode($more_link_text='(more...)', $stripteaser=0, $more_ function get_the_content($more_link_text='(more...)', $stripteaser=0, $more_file='') { global $id, $post, $more, $c, $withcomments, $page, $pages, $multipage, $numpages; - global $HTTP_SERVER_VARS, $HTTP_COOKIE_VARS, $preview; + global $HTTP_SERVER_VARS, $HTTP_COOKIE_VARS, $preview, $cookiehash; global $querystring_start, $querystring_equal, $querystring_separator; global $pagenow; $output = ''; if (!empty($post->post_password)) { // if there's a password - if ($HTTP_COOKIE_VARS['wp-postpass'] != $post->post_password) { // and it doesn't match the cookie + if ($HTTP_COOKIE_VARS['wp-postpass_'.$cookiehash] != $post->post_password) { // and it doesn't match the cookie $output = get_the_password_form(); return $output; } @@ -692,11 +692,11 @@ function the_excerpt_unicode() { function get_the_excerpt($fakeit = false) { global $id, $post; - global $HTTP_SERVER_VARS, $HTTP_COOKIE_VARS, $preview; + global $HTTP_SERVER_VARS, $HTTP_COOKIE_VARS, $preview, $cookiehash; $output = ''; $output = stripslashes($post->post_excerpt); if (!empty($post->post_password)) { // if there's a password - if ($HTTP_COOKIE_VARS['wp-postpass'] != $post->post_password) { // and it doesn't match the cookie + if ($HTTP_COOKIE_VARS['wp-postpass_'.$cookiehash] != $post->post_password) { // and it doesn't match the cookie $output = "There is no excerpt because this is a protected post."; return $output; } @@ -1173,7 +1173,7 @@ function comments_popup_script($width=400, $height=400, $file='b2commentspopup.p } function comments_popup_link($zero='No Comments', $one='1 Comment', $more='% Comments', $CSSclass='', $none='Comments Off') { - global $id, $b2commentspopupfile, $b2commentsjavascript, $post, $wpdb, $tablecomments, $HTTP_COOKIE_VARS; + global $id, $b2commentspopupfile, $b2commentsjavascript, $post, $wpdb, $tablecomments, $HTTP_COOKIE_VARS, $cookiehash; global $querystring_start, $querystring_equal, $querystring_separator, $siteurl; $number = $wpdb->get_var("SELECT COUNT(*) FROM $tablecomments WHERE comment_post_ID = $id"); if (0 == $number && 'closed' == $post->comment_status) { @@ -1181,7 +1181,7 @@ function comments_popup_link($zero='No Comments', $one='1 Comment', $more='% Com return; } else { if (!empty($post->post_password)) { // if there's a password - if ($HTTP_COOKIE_VARS['wp-postpass'] != $post->post_password) { // and it doesn't match the cookie + if ($HTTP_COOKIE_VARS['wp-postpass_'.$cookiehash] != $post->post_password) { // and it doesn't match the cookie echo("Enter your password to view comments"); return; } diff --git a/b2comments.php b/b2comments.php index 319978261b..425540a672 100644 --- a/b2comments.php +++ b/b2comments.php @@ -4,15 +4,15 @@ if (($withcomments) or ($c)) { if (!empty($post->post_password)) { // if there's a password - if ($HTTP_COOKIE_VARS['wp-postpass'] != $post->post_password) { // and it doesn't match the cookie + if ($HTTP_COOKIE_VARS['wp-postpass_'.$cookiehash] != $post->post_password) { // and it doesn't match the cookie echo("

Enter your password to view comments.

"); return; } } - $comment_author = trim($HTTP_COOKIE_VARS["comment_author"]); - $comment_author_email = trim($HTTP_COOKIE_VARS["comment_author_email"]); - $comment_author_url = trim($HTTP_COOKIE_VARS["comment_author_url"]); + $comment_author = trim($HTTP_COOKIE_VARS["comment_author_".$cookiehash]); + $comment_author_email = trim($HTTP_COOKIE_VARS["comment_author_email_".$cookiehash]); + $comment_author_url = trim($HTTP_COOKIE_VARS["comment_author_url_".$cookiehash]); $comments = $wpdb->get_results("SELECT * FROM $tablecomments WHERE comment_post_ID = $id ORDER BY comment_date"); ?> diff --git a/b2comments.post.php b/b2comments.post.php index f7a75f2e16..b37bb6cc1d 100644 --- a/b2comments.post.php +++ b/b2comments.post.php @@ -118,9 +118,9 @@ if ($ok) { // if there was no comment from this IP in the last 10 seconds if ($url == '') $url = ' '; // this to make sure a cookie is set for 'no url' - setcookie('comment_author', $author, time()+30000000); - setcookie('comment_author_email', $email, time()+30000000); - setcookie('comment_author_url', $url, time()+30000000); + setcookie('comment_author_'.$cookiehash, $author, time()+30000000); + setcookie('comment_author_email_'.$cookiehash, $email, time()+30000000); + setcookie('comment_author_url_'.$cookiehash, $url, time()+30000000); header('Expires: Mon, 26 Jul 1997 05:00:00 GMT'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); diff --git a/b2commentspopup.php b/b2commentspopup.php index a94a32c739..24b098cc71 100644 --- a/b2commentspopup.php +++ b/b2commentspopup.php @@ -31,7 +31,7 @@ foreach ($posts as $post) { start_b2(); get_results("SELECT * FROM $tablecomments WHERE comment_post_ID = $id ORDER BY comment_date"); $commentstatus = $wpdb->get_row("SELECT comment_status, post_password FROM $tableposts WHERE ID = $id"); -if (!empty($commentstatus->post_password) && $HTTP_COOKIE_VARS['wp-postpass'] != $commentstatus->post_password) { // and it doesn't match the cookie +if (!empty($commentstatus->post_password) && $HTTP_COOKIE_VARS['wp-postpass_'.$cookiehash] != $commentstatus->post_password) { // and it doesn't match the cookie echo("

  • ".get_the_password_form()."
    • "); } else { diff --git a/b2login.php b/b2login.php index caf7ab52e3..19dda22b13 100644 --- a/b2login.php +++ b/b2login.php @@ -44,8 +44,8 @@ switch($action) { case 'logout': - setcookie('wordpressuser'); - setcookie('wordpresspass'); + setcookie('wordpressuser_'.$cookiehash); + setcookie('wordpresspass_'.$cookiehash); header('Expires: Wed, 11 Jan 1984 05:00:00 GMT'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); header('Cache-Control: no-cache, must-revalidate'); @@ -122,14 +122,14 @@ case 'login': } else { $user_login = $log; $user_pass = $pwd; - setcookie('wordpressuser', $user_login, time()+31536000); + setcookie('wordpressuser_'.$cookiehash, $user_login, time()+31536000); if ($pass_is_md5) { - setcookie('wordpresspass', $user_pass, time()+31536000); + setcookie('wordpresspass_'.$cookiehash, $user_pass, time()+31536000); } else { - setcookie('wordpresspass', md5($user_pass), time()+31536000); + setcookie('wordpresspass_'.$cookiehash, md5($user_pass), time()+31536000); } - if (empty($HTTP_COOKIE_VARS['wordpressblogid'])) { - setcookie('wordpressblogid', 1,time()+31536000); + if (empty($HTTP_COOKIE_VARS['wordpressblogid_'.$cookiehash])) { + setcookie('wordpressblogid_'.$cookiehash, 1,time()+31536000); } header('Expires: Wed, 11 Jan 1984 05:00:00 GMT'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); @@ -231,9 +231,9 @@ break; default: - if((!empty($HTTP_COOKIE_VARS['wordpressuser'])) && (!empty($HTTP_COOKIE_VARS['wordpresspass']))) { - $user_login = $HTTP_COOKIE_VARS['wordpressuser']; - $user_pass_md5 = $HTTP_COOKIE_VARS['wordpresspass']; + if((!empty($HTTP_COOKIE_VARS['wordpressuser_'.$cookiehash])) && (!empty($HTTP_COOKIE_VARS['wordpresspass_'.$cookiehash]))) { + $user_login = $HTTP_COOKIE_VARS['wordpressuser_'.$cookiehash]; + $user_pass_md5 = $HTTP_COOKIE_VARS['wordpresspass_'.$cookiehash]; } function checklogin() { @@ -249,7 +249,7 @@ default: } if ( !(checklogin()) ) { - if (!empty($HTTP_COOKIE_VARS['wordpressuser'])) { + if (!empty($HTTP_COOKIE_VARS['wordpressuser_'.$cookiehash])) { $error="Error: wrong login/password"; //, or your session has expired."; } } else { diff --git a/wp-admin/b2profile.php b/wp-admin/b2profile.php index ac1ccb5b94..d13dbddc4f 100644 --- a/wp-admin/b2profile.php +++ b/wp-admin/b2profile.php @@ -79,7 +79,7 @@ case 'update': die ("ERROR: you typed two different passwords. Go back to correct that."); $newuser_pass = $HTTP_POST_VARS["pass1"]; $updatepassword = "user_pass='$newuser_pass', "; - setcookie("wordpresspass",md5($newuser_pass),time()+31536000); + setcookie("wordpresspass_".$cookiehash,md5($newuser_pass),time()+31536000); } $newuser_firstname=addslashes($HTTP_POST_VARS["newuser_firstname"]); @@ -115,7 +115,7 @@ case 'viewprofile': require_once('b2verifauth.php'); $profiledata = get_userdata($user); - if ($HTTP_COOKIE_VARS['wordpressuser'] == $profiledata->user_login) + if ($HTTP_COOKIE_VARS['wordpressuser_'.$cookiehash] == $profiledata->user_login) header ('Location: b2profile.php'); $profile = 1; diff --git a/wp-admin/b2verifauth.php b/wp-admin/b2verifauth.php index 0857365c82..b2e53388b7 100644 --- a/wp-admin/b2verifauth.php +++ b/wp-admin/b2verifauth.php @@ -4,12 +4,12 @@ require_once('../wp-config.php'); /* checking login & pass in the database */ function veriflog() { - global $HTTP_COOKIE_VARS; + global $HTTP_COOKIE_VARS,$cookiehash; global $tableusers, $wpdb; - if (!empty($HTTP_COOKIE_VARS["wordpressuser"])) { - $user_login = $HTTP_COOKIE_VARS["wordpressuser"]; - $user_pass_md5 = $HTTP_COOKIE_VARS["wordpresspass"]; + if (!empty($HTTP_COOKIE_VARS["wordpressuser_".$cookiehash])) { + $user_login = $HTTP_COOKIE_VARS["wordpressuser_".$cookiehash]; + $user_pass_md5 = $HTTP_COOKIE_VARS["wordpresspass_".$cookiehash]; } else { return false; } @@ -38,7 +38,7 @@ function veriflog() { header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); header('Cache-Control: no-cache, must-revalidate'); header('Pragma: no-cache'); - if (!empty($HTTP_COOKIE_VARS["wordpressuser"])) { + if (!empty($HTTP_COOKIE_VARS["wordpressuser_".$cookiehash])) { $error="Error: wrong login or password"; } header("Location: $siteurl/b2login.php"); diff --git a/wp-admin/linkmanager.php b/wp-admin/linkmanager.php index e7ca71491b..ae91c82516 100644 --- a/wp-admin/linkmanager.php +++ b/wp-admin/linkmanager.php @@ -84,8 +84,8 @@ for ($i=0; $i \ No newline at end of file diff --git a/wp-settings.php b/wp-settings.php index d40f174958..2221c11315 100644 --- a/wp-settings.php +++ b/wp-settings.php @@ -62,5 +62,8 @@ if (!$_wp_installing) { $querystring_equal = '='; $querystring_separator = '&'; //} + // Used to guarantee unique cookies + $cookiehash = md5($siteurl); + } //end !$_wp_installing ?> \ No newline at end of file