From ad71598fc8d9284850d56b70f9c7f66cc3af030b Mon Sep 17 00:00:00 2001 From: Ryan Boren Date: Tue, 3 Feb 2009 05:03:16 +0000 Subject: [PATCH] Seed cookie hash key with a fragment from the password hash git-svn-id: https://develop.svn.wordpress.org/trunk@10486 602fd350-edb4-49c9-b593-d223f7449a82 --- wp-includes/pluggable.php | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php index c9d82127b2..0c69afbaac 100644 --- a/wp-includes/pluggable.php +++ b/wp-includes/pluggable.php @@ -488,7 +488,15 @@ function wp_validate_auth_cookie($cookie = '', $scheme = '') { return false; } - $key = wp_hash($username . '|' . $expiration, $scheme); + $user = get_userdatabylogin($username); + if ( ! $user ) { + do_action('auth_cookie_bad_username', $cookie_elements); + return false; + } + + $pass_frag = substr($user->user_pass, 8, 4); + + $key = wp_hash($username . $pass_frag . '|' . $expiration, $scheme); $hash = hash_hmac('md5', $username . '|' . $expiration, $key); if ( $hmac != $hash ) { @@ -496,12 +504,6 @@ function wp_validate_auth_cookie($cookie = '', $scheme = '') { return false; } - $user = get_userdatabylogin($username); - if ( ! $user ) { - do_action('auth_cookie_bad_username', $cookie_elements); - return false; - } - do_action('auth_cookie_valid', $cookie_elements, $user); return $user->ID; @@ -524,7 +526,9 @@ if ( !function_exists('wp_generate_auth_cookie') ) : function wp_generate_auth_cookie($user_id, $expiration, $scheme = 'auth') { $user = get_userdata($user_id); - $key = wp_hash($user->user_login . '|' . $expiration, $scheme); + $pass_frag = substr($user->user_pass, 8, 4); + + $key = wp_hash($user->user_login . $pass_frag . '|' . $expiration, $scheme); $hash = hash_hmac('md5', $user->user_login . '|' . $expiration, $key); $cookie = $user->user_login . '|' . $expiration . '|' . $hash;