Seed cookie hash key with a fragment from the password hash

git-svn-id: https://develop.svn.wordpress.org/trunk@10486 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren 2009-02-03 05:03:16 +00:00
parent 940103ddc9
commit ad71598fc8
1 changed files with 12 additions and 8 deletions

View File

@ -488,7 +488,15 @@ function wp_validate_auth_cookie($cookie = '', $scheme = '') {
return false;
}
$key = wp_hash($username . '|' . $expiration, $scheme);
$user = get_userdatabylogin($username);
if ( ! $user ) {
do_action('auth_cookie_bad_username', $cookie_elements);
return false;
}
$pass_frag = substr($user->user_pass, 8, 4);
$key = wp_hash($username . $pass_frag . '|' . $expiration, $scheme);
$hash = hash_hmac('md5', $username . '|' . $expiration, $key);
if ( $hmac != $hash ) {
@ -496,12 +504,6 @@ function wp_validate_auth_cookie($cookie = '', $scheme = '') {
return false;
}
$user = get_userdatabylogin($username);
if ( ! $user ) {
do_action('auth_cookie_bad_username', $cookie_elements);
return false;
}
do_action('auth_cookie_valid', $cookie_elements, $user);
return $user->ID;
@ -524,7 +526,9 @@ if ( !function_exists('wp_generate_auth_cookie') ) :
function wp_generate_auth_cookie($user_id, $expiration, $scheme = 'auth') {
$user = get_userdata($user_id);
$key = wp_hash($user->user_login . '|' . $expiration, $scheme);
$pass_frag = substr($user->user_pass, 8, 4);
$key = wp_hash($user->user_login . $pass_frag . '|' . $expiration, $scheme);
$hash = hash_hmac('md5', $user->user_login . '|' . $expiration, $key);
$cookie = $user->user_login . '|' . $expiration . '|' . $hash;