Changeset 1768
- Timestamp:
- 10/10/04 18:02:30 (4 years ago)
- Files:
-
- trunk/wp-admin/auth.php (modified) (1 diff)
- trunk/wp-admin/link-manager.php (modified) (4 diffs)
- trunk/wp-admin/profile.php (modified) (1 diff)
- trunk/wp-comments-popup.php (modified) (1 diff)
- trunk/wp-comments.php (modified) (1 diff)
- trunk/wp-includes/functions-user.php (deleted)
- trunk/wp-includes/functions.php (modified) (2 diffs)
- trunk/wp-includes/template-functions-comment.php (modified) (3 diffs)
- trunk/wp-includes/template-functions-post.php (modified) (2 diffs)
- trunk/wp-login.php (modified) (3 diffs)
- trunk/wp-settings.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/wp-admin/auth.php
r1429 r1768 1 1 <?php 2 3 2 require_once('../wp-config.php'); 4 3 5 /* Checking login & pass in the database */ 6 function veriflog() { 7 global $cookiehash; 8 global $wpdb; 9 10 if (!empty($_COOKIE['wordpressuser_' . $cookiehash])) { 11 $user_login = $_COOKIE['wordpressuser_' . $cookiehash]; 12 $user_pass_md5 = $_COOKIE['wordpresspass_' . $cookiehash]; 13 } else { 14 return false; 15 } 16 17 if ('' == $user_login) 18 return false; 19 if (!$user_pass_md5) 20 return false; 21 22 $login = $wpdb->get_row("SELECT user_login, user_pass FROM $wpdb->users WHERE user_login = '$user_login'"); 23 24 if (!$login) { 25 return false; 26 27 } else { 28 if ($login->user_login == $user_login && md5($login->user_pass) == $user_pass_md5) { 29 return true; 30 } else { 31 return false; 32 } 33 } 34 } 35 36 if ( !veriflog() ) { 4 if ( !empty($_COOKIE['wordpressuser_' . COOKIEHASH]) && !wp_login($_COOKIE['wordpressuser_' . COOKIEHASH], $_COOKIE['wordpresspass_' . COOKIEHASH) ) { 37 5 header('Expires: Wed, 11 Jan 1984 05:00:00 GMT'); 38 6 header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); 39 7 header('Cache-Control: no-cache, must-revalidate'); 40 8 header('Pragma: no-cache'); 41 if (!empty($_COOKIE['wordpressuser_' . $cookiehash])) { 42 $error= __("<strong>Error</strong>: wrong login or password."); 43 } 44 $redir = 'Location: ' . get_settings('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']); 45 header($redir); 9 10 header('Location: ' . get_settings('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']); 46 11 exit(); 47 12 } trunk/wp-admin/link-manager.php
r1599 r1768 74 74 } 75 75 76 $links_show_cat_id = $_COOKIE['links_show_cat_id_' . $cookiehash];77 $links_show_order = $_COOKIE['links_show_order_' . $cookiehash];76 $links_show_cat_id = $_COOKIE['links_show_cat_id_' . COOKIEHASH]; 77 $links_show_order = $_COOKIE['links_show_order_' . COOKIEHASH]; 78 78 79 79 if ('' != $_POST['assign']) $action = 'assign'; … … 270 270 WHERE link_id=$link_id"); 271 271 } // end if save 272 setcookie('links_show_cat_id_' . $cookiehash, $links_show_cat_id, time()+600);272 setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600); 273 273 header('Location: ' . $this_file); 274 274 break; … … 297 297 } 298 298 $links_show_cat_id = $cat_id; 299 setcookie( "links_show_cat_id_".$cookiehash, $links_show_cat_id, time()+600);299 setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600); 300 300 header('Location: '.$this_file); 301 301 break; … … 568 568 $links_show_order = $order_by; 569 569 570 setcookie('links_show_cat_id_' .$cookiehash, $links_show_cat_id, time()+600);571 setcookie('links_show_order_' .$cookiehash, $links_show_order, time()+600);570 setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600); 571 setcookie('links_show_order_' . COOKIEHASH, $links_show_order, time()+600); 572 572 $standalone=0; 573 573 include_once ("./admin-header.php"); trunk/wp-admin/profile.php
r1599 r1768 80 80 $newuser_pass = $_POST["pass1"]; 81 81 $updatepassword = "user_pass=MD5('$newuser_pass'), "; 82 setcookie('wordpresspass_' .$cookiehash, " ", time() - 31536000, COOKIEPATH);83 setcookie('wordpresspass_' .$cookiehash, md5(md5($newuser_pass)), time() + 31536000, COOKIEPATH);82 setcookie('wordpresspass_' . COOKIEHASH, " ", time() - 31536000, COOKIEPATH); 83 setcookie('wordpresspass_' . COOKIEHASH, md5(md5($newuser_pass)), time() + 31536000, COOKIEPATH); 84 84 } 85 85 trunk/wp-comments-popup.php
r1763 r1768 32 32 <?php 33 33 // this line is WordPress' motor, do not delete it. 34 $comment_author = (isset($_COOKIE['comment_author_' .$cookiehash])) ? trim($_COOKIE['comment_author_'.$cookiehash]) : '';35 $comment_author_email = (isset($_COOKIE['comment_author_email_'. $cookiehash])) ? trim($_COOKIE['comment_author_email_'.$cookiehash]) : '';36 $comment_author_url = (isset($_COOKIE['comment_author_url_'. $cookiehash])) ? trim($_COOKIE['comment_author_url_'.$cookiehash]) : '';34 $comment_author = (isset($_COOKIE['comment_author_' . COOKIEHASH])) ? trim($_COOKIE['comment_author_'. COOKIEHASH]) : ''; 35 $comment_author_email = (isset($_COOKIE['comment_author_email_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_email_'. COOKIEHASH]) : ''; 36 $comment_author_url = (isset($_COOKIE['comment_author_url_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_url_'. COOKIEHASH]) : ''; 37 37 $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = $id AND comment_approved = '1' ORDER BY comment_date"); 38 38 $commentstatus = $wpdb->get_row("SELECT comment_status, post_password FROM $wpdb->posts WHERE ID = $id"); 39 if (!empty($commentstatus->post_password) && $_COOKIE['wp-postpass_'. $cookiehash] != $commentstatus->post_password) { // and it doesn't match the cookie39 if (!empty($commentstatus->post_password) && $_COOKIE['wp-postpass_'. COOKIEHASH] != $commentstatus->post_password) { // and it doesn't match the cookie 40 40 echo(get_the_password_form()); 41 41 } else { ?> trunk/wp-comments.php
r1607 r1768 1 <?php if ( !empty($post->post_password) && $_COOKIE['wp-postpass_' .$cookiehash] != $post->post_password) : ?>1 <?php if ( !empty($post->post_password) && $_COOKIE['wp-postpass_' . COOKIEHASH] != $post->post_password) : ?> 2 2 <p><?php _e('Enter your password to view comments.'); ?></p> 3 3 <?php return; endif; ?> trunk/wp-includes/functions.php
r1764 r1768 157 157 158 158 function get_currentuserinfo() { // a bit like get_userdata(), on steroids 159 global $user_login, $userdata, $user_level, $user_ID, $user_nickname, $user_email, $user_url, $user_pass_md5 , $cookiehash;159 global $user_login, $userdata, $user_level, $user_ID, $user_nickname, $user_email, $user_url, $user_pass_md5; 160 160 // *** retrieving user's data from cookies and db - no spoofing 161 161 162 if (isset($_COOKIE['wordpressuser_' . $cookiehash]))163 $user_login = $_COOKIE['wordpressuser_' . $cookiehash];162 if (isset($_COOKIE['wordpressuser_' . COOKIEHASH])) 163 $user_login = $_COOKIE['wordpressuser_' . COOKIEHASH]; 164 164 $userdata = get_userdatabylogin($user_login); 165 165 $user_level = $userdata->user_level; … … 1891 1891 } 1892 1892 1893 function wp_login($username, $password, $already_md5 = false) { 1894 global $wpdb, $error; 1895 1896 if ( !$username ) 1897 return false; 1898 1899 if ( !$password ) { 1900 $error = __('<strong>Error</strong>: The password field is empty.'); 1901 return false; 1902 } 1903 1904 $login = $wpdb->get_row("SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$username'"); 1905 1906 if (!$login) { 1907 $error = __('<strong>Error</strong>: Wrong login.'); 1908 return false; 1909 } else { 1910 1911 if ( ($login->user_login == $username && $login->user_pass == $password) || ($already_md5 && $login->user_login == $username && md5($login->user_pass) == $password) ) { 1912 return true; 1913 } else { 1914 $error = __('<strong>Error</strong>: Incorrect password.'); 1915 $pwd = ''; 1916 return false; 1917 } 1918 } 1919 } 1920 1893 1921 ?> trunk/wp-includes/template-functions-comment.php
r1726 r1768 18 18 19 19 function comments_template() { 20 global $withcomments, $post, $wpdb, $id, $comment , $cookiehash;20 global $withcomments, $post, $wpdb, $id, $comment; 21 21 22 22 if ( is_single() || $withcomments ) : 23 23 $req = get_settings('require_name_email'); 24 $comment_author = isset($_COOKIE['comment_author_'. $cookiehash]) ? trim(stripslashes($_COOKIE['comment_author_'.$cookiehash])) : '';25 $comment_author_email = isset($_COOKIE['comment_author_email_'. $cookiehash]) ? trim(stripslashes($_COOKIE['comment_author_email_'.$cookiehash])) : '';26 $comment_author_url = isset($_COOKIE['comment_author_url_'. $cookiehash]) ? trim(stripslashes($_COOKIE['comment_author_url_'.$cookiehash])) : '';24 $comment_author = isset($_COOKIE['comment_author_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_'.COOKIEHASH])) : ''; 25 $comment_author_email = isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_email_'.COOKIEHASH])) : ''; 26 $comment_author_url = isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ? trim(stripslashes($_COOKIE['comment_author_url_'.COOKIEHASH])) : ''; 27 27 $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND comment_approved = '1' ORDER BY comment_date"); 28 28 … … 91 91 92 92 function comments_popup_link($zero='No Comments', $one='1 Comment', $more='% Comments', $CSSclass='', $none='Comments Off') { 93 global $id, $wpcommentspopupfile, $wpcommentsjavascript, $post, $wpdb , $cookiehash;93 global $id, $wpcommentspopupfile, $wpcommentsjavascript, $post, $wpdb; 94 94 global $querystring_start, $querystring_equal, $querystring_separator; 95 95 global $comment_count_cache; … … 106 106 } else { 107 107 if (!empty($post->post_password)) { // if there's a password 108 if ($_COOKIE['wp-postpass_'. $cookiehash] != $post->post_password) { // and it doesn't match the cookie108 if ($_COOKIE['wp-postpass_'.COOKIEHASH] != $post->post_password) { // and it doesn't match the cookie 109 109 echo('Enter your password to view comments'); 110 110 return; trunk/wp-includes/template-functions-post.php
r1766 r1768 98 98 function get_the_content($more_link_text = '(more...)', $stripteaser = 0, $more_file = '') { 99 99 global $id, $post, $more, $single, $withcomments, $page, $pages, $multipage, $numpages; 100 global $preview , $cookiehash;100 global $preview; 101 101 global $pagenow; 102 102 $output = ''; 103 103 104 104 if (!empty($post->post_password)) { // if there's a password 105 if (stripslashes($_COOKIE['wp-postpass_'. $cookiehash]) != $post->post_password) { // and it doesn't match the cookie105 if (stripslashes($_COOKIE['wp-postpass_'.COOKIEHASH]) != $post->post_password) { // and it doesn't match the cookie 106 106 $output = get_the_password_form(); 107 107 return $output; … … 177 177 function get_the_excerpt($fakeit = true) { 178 178 global $id, $post; 179 global $cookiehash;180 179 $output = ''; 181 180 $output = $post->post_excerpt; 182 181 if (!empty($post->post_password)) { // if there's a password 183 if ($_COOKIE['wp-postpass_'. $cookiehash] != $post->post_password) { // and it doesn't match the cookie182 if ($_COOKIE['wp-postpass_'.COOKIEHASH] != $post->post_password) { // and it doesn't match the cookie 184 183 $output = __('There is no excerpt because this is a protected post.'); 185 184 return $output; trunk/wp-login.php
r1754 r1768 149 149 } 150 150 151 if ( !login($log, $pwd) ) {152 header('Expires: Wed, 11 Jan 1984 05:00:00GMT');153 header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');154 header('Cache-Control: no-cache, must-revalidate');155 header('Pragma: no-cache'); 156 } else{151 header('Expires: Wed, 11 Jan 1984 05:00:00 GMT'); 152 header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); 153 header('Cache-Control: no-cache, must-revalidate'); 154 header('Pragma: no-cache'); 155 156 if ( wp_login($log, $pwd) ) { 157 157 $user_login = $log; 158 158 $user_pass = $pwd; … … 160 160 setcookie('wordpresspass_'. COOKIEHASH, md5($user_pass), time() + 31536000, COOKIEPATH); 161 161 162 header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');163 header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');164 header('Cache-Control: no-cache, must-revalidate');165 header('Pragma: no-cache');166 167 162 if ($is_IIS) 168 163 header("Refresh: 0;url=$redirect_to"); … … 176 171 } 177 172 178 if ( login($user_login, $user_pass_md5, true) ) {173 if ( wp_login($user_login, $user_pass_md5, true) ) { 179 174 header('Expires: Wed, 5 Jun 1979 23:41:00 GMT'); // Michel's birthday 180 175 header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); trunk/wp-settings.php
r1734 r1768 69 69 70 70 // Used to guarantee unique hash cookies 71 $cookiehash = md5(get_settings('siteurl')); 71 $cookiehash = md5(get_settings('siteurl')); // Remove in 1.4 72 72 define('COOKIEHASH', $cookiehash); 73 73 endif;
