Some cookie validation hooks. fixes #7440
git-svn-id: https://develop.svn.wordpress.org/trunk@8696 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren
parent
ba5140d219
commit
78a2c0f781
|
|
@ -485,25 +485,12 @@ if ( !function_exists('wp_validate_auth_cookie') ) :
|
|||
* @return bool|int False if invalid cookie, User ID if valid.
|
||||
*/
|
||||
function wp_validate_auth_cookie($cookie = '', $scheme = 'auth') {
|
||||
if ( empty($cookie) ) {
|
||||
if ( is_ssl() ) {
|
||||
$cookie_name = SECURE_AUTH_COOKIE;
|
||||
$scheme = 'secure_auth';
|
||||
} else {
|
||||
$cookie_name = AUTH_COOKIE;
|
||||
$scheme = 'auth';
|
||||
}
|
||||
|
||||
if ( empty($_COOKIE[$cookie_name]) )
|
||||
return false;
|
||||
$cookie = $_COOKIE[$cookie_name];
|
||||
if ( ! $cookie_elements = wp_parse_auth_cookie($cookie, $scheme) ) {
|
||||
do_action('auth_cookie_malformed', $cookie, $scheme);
|
||||
return false;
|
||||
}
|
||||
|
||||
$cookie_elements = explode('|', $cookie);
|
||||
if ( count($cookie_elements) != 3 )
|
||||
return false;
|
||||
|
||||
list($username, $expiration, $hmac) = $cookie_elements;
|
||||
extract($cookie_elements, EXTR_OVERWRITE);
|
||||
|
||||
$expired = $expiration;
|
||||
|
||||
|
|
@ -512,18 +499,26 @@ function wp_validate_auth_cookie($cookie = '', $scheme = 'auth') {
|
|||
$expired += 3600;
|
||||
|
||||
// Quick check to see if an honest cookie has expired
|
||||
if ( $expired < time() )
|
||||
if ( $expired < time() ) {
|
||||
do_action('auth_cookie_expired', $cookie_elements);
|
||||
return false;
|
||||
}
|
||||
|
||||
$key = wp_hash($username . '|' . $expiration, $scheme);
|
||||
$hash = hash_hmac('md5', $username . '|' . $expiration, $key);
|
||||
|
||||
if ( $hmac != $hash )
|
||||
if ( $hmac != $hash ) {
|
||||
do_action('auth_cookie_bad_hash', $cookie_elements);
|
||||
return false;
|
||||
}
|
||||
|
||||
$user = get_userdatabylogin($username);
|
||||
if ( ! $user )
|
||||
if ( ! $user ) {
|
||||
do_action('auth_cookie_bad_username', $cookie_elements);
|
||||
return false;
|
||||
}
|
||||
|
||||
do_action('auth_cookie_valid', $cookie_elements, $user);
|
||||
|
||||
return $user->ID;
|
||||
}
|
||||
|
|
@ -554,6 +549,41 @@ function wp_generate_auth_cookie($user_id, $expiration, $scheme = 'auth') {
|
|||
}
|
||||
endif;
|
||||
|
||||
if ( !function_exists('wp_parse_auth_cookie') ) :
|
||||
/**
|
||||
* Parse a cookie into its components
|
||||
*
|
||||
* @since 2.7
|
||||
*
|
||||
* @param string $cookie
|
||||
* @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in
|
||||
* @return array Authentication cookie components
|
||||
*/
|
||||
function wp_parse_auth_cookie($cookie = '', $scheme = 'auth') {
|
||||
if ( empty($cookie) ) {
|
||||
if ( is_ssl() ) {
|
||||
$cookie_name = SECURE_AUTH_COOKIE;
|
||||
$scheme = 'secure_auth';
|
||||
} else {
|
||||
$cookie_name = AUTH_COOKIE;
|
||||
$scheme = 'auth';
|
||||
}
|
||||
|
||||
if ( empty($_COOKIE[$cookie_name]) )
|
||||
return false;
|
||||
$cookie = $_COOKIE[$cookie_name];
|
||||
}
|
||||
|
||||
$cookie_elements = explode('|', $cookie);
|
||||
if ( count($cookie_elements) != 3 )
|
||||
return false;
|
||||
|
||||
list($username, $expiration, $hmac) = $cookie_elements;
|
||||
|
||||
return compact('username', 'expiration', 'hmac', 'scheme');
|
||||
}
|
||||
endif;
|
||||
|
||||
if ( !function_exists('wp_set_auth_cookie') ) :
|
||||
/**
|
||||
* Sets the authentication cookies based User ID.
|
||||
|
|
@ -607,6 +637,8 @@ if ( !function_exists('wp_clear_auth_cookie') ) :
|
|||
* @since 2.5
|
||||
*/
|
||||
function wp_clear_auth_cookie() {
|
||||
do_action('clear_auth_cookie');
|
||||
|
||||
setcookie(AUTH_COOKIE, ' ', time() - 31536000, ADMIN_COOKIE_PATH, COOKIE_DOMAIN);
|
||||
setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, ADMIN_COOKIE_PATH, COOKIE_DOMAIN);
|
||||
setcookie(AUTH_COOKIE, ' ', time() - 31536000, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN);
|
||||
|
|
|
|||
Loading…
Reference in New Issue