Some cookie validation hooks. fixes #7440

git-svn-id: http://svn.automattic.com/wordpress/trunk@8696 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2008-08-21 00:08:25 +00:00
parent 9f9ef004db
commit 01e3a5ec79
1 changed files with 52 additions and 20 deletions

View File

@ -485,25 +485,12 @@ if ( !function_exists('wp_validate_auth_cookie') ) :
* @return bool|int False if invalid cookie, User ID if valid.
*/
function wp_validate_auth_cookie($cookie = '', $scheme = 'auth') {
if ( empty($cookie) ) {
if ( is_ssl() ) {
$cookie_name = SECURE_AUTH_COOKIE;
$scheme = 'secure_auth';
} else {
$cookie_name = AUTH_COOKIE;
$scheme = 'auth';
}
if ( empty($_COOKIE[$cookie_name]) )
return false;
$cookie = $_COOKIE[$cookie_name];
if ( ! $cookie_elements = wp_parse_auth_cookie($cookie, $scheme) ) {
do_action('auth_cookie_malformed', $cookie, $scheme);
return false;
}
$cookie_elements = explode('|', $cookie);
if ( count($cookie_elements) != 3 )
return false;
list($username, $expiration, $hmac) = $cookie_elements;
extract($cookie_elements, EXTR_OVERWRITE);
$expired = $expiration;
@ -512,18 +499,26 @@ function wp_validate_auth_cookie($cookie = '', $scheme = 'auth') {
$expired += 3600;
// Quick check to see if an honest cookie has expired
if ( $expired < time() )
if ( $expired < time() ) {
do_action('auth_cookie_expired', $cookie_elements);
return false;
}
$key = wp_hash($username . '|' . $expiration, $scheme);
$hash = hash_hmac('md5', $username . '|' . $expiration, $key);
if ( $hmac != $hash )
if ( $hmac != $hash ) {
do_action('auth_cookie_bad_hash', $cookie_elements);
return false;
}
$user = get_userdatabylogin($username);
if ( ! $user )
if ( ! $user ) {
do_action('auth_cookie_bad_username', $cookie_elements);
return false;
}
do_action('auth_cookie_valid', $cookie_elements, $user);
return $user->ID;
}
@ -554,6 +549,41 @@ function wp_generate_auth_cookie($user_id, $expiration, $scheme = 'auth') {
}
endif;
if ( !function_exists('wp_parse_auth_cookie') ) :
/**
* Parse a cookie into its components
*
* @since 2.7
*
* @param string $cookie
* @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in
* @return array Authentication cookie components
*/
function wp_parse_auth_cookie($cookie = '', $scheme = 'auth') {
if ( empty($cookie) ) {
if ( is_ssl() ) {
$cookie_name = SECURE_AUTH_COOKIE;
$scheme = 'secure_auth';
} else {
$cookie_name = AUTH_COOKIE;
$scheme = 'auth';
}
if ( empty($_COOKIE[$cookie_name]) )
return false;
$cookie = $_COOKIE[$cookie_name];
}
$cookie_elements = explode('|', $cookie);
if ( count($cookie_elements) != 3 )
return false;
list($username, $expiration, $hmac) = $cookie_elements;
return compact('username', 'expiration', 'hmac', 'scheme');
}
endif;
if ( !function_exists('wp_set_auth_cookie') ) :
/**
* Sets the authentication cookies based User ID.
@ -607,6 +637,8 @@ if ( !function_exists('wp_clear_auth_cookie') ) :
* @since 2.5
*/
function wp_clear_auth_cookie() {
do_action('clear_auth_cookie');
setcookie(AUTH_COOKIE, ' ', time() - 31536000, ADMIN_COOKIE_PATH, COOKIE_DOMAIN);
setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, ADMIN_COOKIE_PATH, COOKIE_DOMAIN);
setcookie(AUTH_COOKIE, ' ', time() - 31536000, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN);