Navigation

← Previous Changeset
Next Changeset →

Changeset 458

Timestamp:

10/20/03 20:53:13 (5 years ago)

Author:

emc3

Message:

Cookies are now unique, based on siteurl, allowing multiple installs under a single domain name.

Files:

trunk/b2-include/b2functions.php (modified) (1 diff)
trunk/b2-include/b2template.functions.php (modified) (5 diffs)
trunk/b2comments.php (modified) (2 diffs)
trunk/b2comments.post.php (modified) (1 diff)
trunk/b2commentspopup.php (modified) (1 diff)
trunk/b2login.php (modified) (4 diffs)
trunk/wp-admin/b2profile.php (modified) (2 diffs)
trunk/wp-admin/b2verifauth.php (modified) (2 diffs)
trunk/wp-admin/linkmanager.php (modified) (4 diffs)
trunk/wp-pass.php (modified) (1 diff)
trunk/wp-settings.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

trunk/b2-include/b2functions.php

r456	r458
381	381
382	382	function get_currentuserinfo() { // a bit like get_userdata(), on steroids
383		global $HTTP_COOKIE_VARS, $user_login, $userdata, $user_level, $user_ID, $user_nickname, $user_email, $user_url, $user_pass_md5;
	383	global $HTTP_COOKIE_VARS, $user_login, $userdata, $user_level, $user_ID, $user_nickname, $user_email, $user_url, $user_pass_md5, $cookiehash;
384	384	// *** retrieving user's data from cookies and db - no spoofing
385		$user_login = $HTTP_COOKIE_VARS['wordpressuser'];
	385	$user_login = $HTTP_COOKIE_VARS['wordpressuser_'.$cookiehash];
386	386	$userdata = get_userdatabylogin($user_login);
387	387	$user_level = $userdata->user_level;

trunk/b2-include/b2template.functions.php

r440	r458
599	599	function get_the_content($more_link_text='(more...)', $stripteaser=0, $more_file='') {
600	600	global $id, $post, $more, $c, $withcomments, $page, $pages, $multipage, $numpages;
601		global $HTTP_SERVER_VARS, $HTTP_COOKIE_VARS, $preview;
	601	global $HTTP_SERVER_VARS, $HTTP_COOKIE_VARS, $preview, $cookiehash;
602	602	global $querystring_start, $querystring_equal, $querystring_separator;
603	603	global $pagenow;
…	…
605	605
606	606	if (!empty($post->post_password)) { // if there's a password
607		if ($HTTP_COOKIE_VARS['wp-postpass'] != $post->post_password) { // and it doesn't match the cookie
	607	if ($HTTP_COOKIE_VARS['wp-postpass_'.$cookiehash] != $post->post_password) { // and it doesn't match the cookie
608	608	$output = get_the_password_form();
609	609	return $output;
…	…
693	693	function get_the_excerpt($fakeit = false) {
694	694	global $id, $post;
695		global $HTTP_SERVER_VARS, $HTTP_COOKIE_VARS, $preview;
	695	global $HTTP_SERVER_VARS, $HTTP_COOKIE_VARS, $preview, $cookiehash;
696	696	$output = '';
697	697	$output = stripslashes($post->post_excerpt);
698	698	if (!empty($post->post_password)) { // if there's a password
699		if ($HTTP_COOKIE_VARS['wp-postpass'] != $post->post_password) { // and it doesn't match the cookie
	699	if ($HTTP_COOKIE_VARS['wp-postpass_'.$cookiehash] != $post->post_password) { // and it doesn't match the cookie
700	700	$output = "There is no excerpt because this is a protected post.";
701	701	return $output;
…	…
1174	1174
1175	1175	function comments_popup_link($zero='No Comments', $one='1 Comment', $more='% Comments', $CSSclass='', $none='Comments Off') {
1176		global $id, $b2commentspopupfile, $b2commentsjavascript, $post, $wpdb, $tablecomments, $HTTP_COOKIE_VARS;
	1176	global $id, $b2commentspopupfile, $b2commentsjavascript, $post, $wpdb, $tablecomments, $HTTP_COOKIE_VARS, $cookiehash;
1177	1177	global $querystring_start, $querystring_equal, $querystring_separator, $siteurl;
1178	1178	$number = $wpdb->get_var("SELECT COUNT(*) FROM $tablecomments WHERE comment_post_ID = $id");
…	…
1182	1182	} else {
1183	1183	if (!empty($post->post_password)) { // if there's a password
1184		if ($HTTP_COOKIE_VARS['wp-postpass'] != $post->post_password) { // and it doesn't match the cookie
	1184	if ($HTTP_COOKIE_VARS['wp-postpass_'.$cookiehash] != $post->post_password) { // and it doesn't match the cookie
1185	1185	echo("Enter your password to view comments");
1186	1186	return;

trunk/b2comments.php

r457	r458
5	5
6	6	if (!empty($post->post_password)) { // if there's a password
7		if ($HTTP_COOKIE_VARS['wp-postpass'] != $post->post_password) { // and it doesn't match the cookie
	7	if ($HTTP_COOKIE_VARS['wp-postpass_'.$cookiehash] != $post->post_password) { // and it doesn't match the cookie
8	8	echo("<p>Enter your password to view comments.<p>");
9	9	return;
…	…
11	11	}
12	12
13		$comment_author = trim($HTTP_COOKIE_VARS["comment_author"]);
14		$comment_author_email = trim($HTTP_COOKIE_VARS["comment_author_email"]);
15		$comment_author_url = trim($HTTP_COOKIE_VARS["comment_author_url"]);
	13	$comment_author = trim($HTTP_COOKIE_VARS["comment_author_".$cookiehash]);
	14	$comment_author_email = trim($HTTP_COOKIE_VARS["comment_author_email_".$cookiehash]);
	15	$comment_author_url = trim($HTTP_COOKIE_VARS["comment_author_url_".$cookiehash]);
16	16
17	17	$comments = $wpdb->get_results("SELECT * FROM $tablecomments WHERE comment_post_ID = $id ORDER BY comment_date");

trunk/b2comments.post.php

r407	r458
119	119	$url = ' '; // this to make sure a cookie is set for 'no url'
120	120
121		setcookie('comment_author', $author, time()+30000000);
122		setcookie('comment_author_email', $email, time()+30000000);
123		setcookie('comment_author_url', $url, time()+30000000);
	121	setcookie('comment_author_'.$cookiehash, $author, time()+30000000);
	122	setcookie('comment_author_email_'.$cookiehash, $email, time()+30000000);
	123	setcookie('comment_author_url_'.$cookiehash, $url, time()+30000000);
124	124
125	125	header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');

trunk/b2commentspopup.php

r457	r458
32	32	$comments = $wpdb->get_results("SELECT * FROM $tablecomments WHERE comment_post_ID = $id ORDER BY comment_date");
33	33	$commentstatus = $wpdb->get_row("SELECT comment_status, post_password FROM $tableposts WHERE ID = $id");
34		if (!empty($commentstatus->post_password) && $HTTP_COOKIE_VARS['wp-postpass'] != $commentstatus->post_password) { // and it doesn't match the cookie
	34	if (!empty($commentstatus->post_password) && $HTTP_COOKIE_VARS['wp-postpass_'.$cookiehash] != $commentstatus->post_password) { // and it doesn't match the cookie
35	35	echo("<li>".get_the_password_form()."</li></ol>");
36	36	}

trunk/b2login.php

r397	r458
45	45	case 'logout':
46	46
47		setcookie('wordpressuser');
48		setcookie('wordpresspass');
	47	setcookie('wordpressuser_'.$cookiehash);
	48	setcookie('wordpresspass_'.$cookiehash);
49	49	header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
50	50	header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
…	…
123	123	$user_login = $log;
124	124	$user_pass = $pwd;
125		setcookie('wordpressuser', $user_login, time()+31536000);
	125	setcookie('wordpressuser_'.$cookiehash, $user_login, time()+31536000);
126	126	if ($pass_is_md5) {
127		setcookie('wordpresspass', $user_pass, time()+31536000);
128		} else {
129		setcookie('wordpresspass', md5($user_pass), time()+31536000);
130		}
131		if (empty($HTTP_COOKIE_VARS['wordpressblogid'])) {
132		setcookie('wordpressblogid', 1,time()+31536000);
	127	setcookie('wordpresspass_'.$cookiehash, $user_pass, time()+31536000);
	128	} else {
	129	setcookie('wordpresspass_'.$cookiehash, md5($user_pass), time()+31536000);
	130	}
	131	if (empty($HTTP_COOKIE_VARS['wordpressblogid_'.$cookiehash])) {
	132	setcookie('wordpressblogid_'.$cookiehash, 1,time()+31536000);
133	133	}
134	134	header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
…	…
232	232	default:
233	233
234		if((!empty($HTTP_COOKIE_VARS['wordpressuser~~'])) && (!empty($HTTP_COOKIE_VARS['wordpresspass'~~]))) {
235		$user_login = $HTTP_COOKIE_VARS['wordpressuser'];
236		$user_pass_md5 = $HTTP_COOKIE_VARS['wordpresspass'];
	234	if((!empty($HTTP_COOKIE_VARS['wordpressuser_'.$cookiehash])) && (!empty($HTTP_COOKIE_VARS['wordpresspass_'.$cookiehash]))) {
	235	$user_login = $HTTP_COOKIE_VARS['wordpressuser_'.$cookiehash];
	236	$user_pass_md5 = $HTTP_COOKIE_VARS['wordpresspass_'.$cookiehash];
237	237	}
238	238
…	…
250	250
251	251	if ( !(checklogin()) ) {
252		if (!empty($HTTP_COOKIE_VARS['wordpressuser'])) {
	252	if (!empty($HTTP_COOKIE_VARS['wordpressuser_'.$cookiehash])) {
253	253	$error="Error: wrong login/password"; //, or your session has expired.";
254	254	}

trunk/wp-admin/b2profile.php

r282	r458
80	80	$newuser_pass = $HTTP_POST_VARS["pass1"];
81	81	$updatepassword = "user_pass='$newuser_pass', ";
82		setcookie("wordpresspass",md5($newuser_pass),time()+31536000);
	82	setcookie("wordpresspass_".$cookiehash,md5($newuser_pass),time()+31536000);
83	83	}
84	84
…	…
116	116
117	117	$profiledata = get_userdata($user);
118		if ($HTTP_COOKIE_VARS['wordpressuser'] == $profiledata->user_login)
	118	if ($HTTP_COOKIE_VARS['wordpressuser_'.$cookiehash] == $profiledata->user_login)
119	119	header ('Location: b2profile.php');
120	120

trunk/wp-admin/b2verifauth.php

r221	r458
5	5	/* checking login & pass in the database */
6	6	function veriflog() {
7		global $HTTP_COOKIE_VARS;
	7	global $HTTP_COOKIE_VARS,$cookiehash;
8	8	global $tableusers, $wpdb;
9	9
10		if (!empty($HTTP_COOKIE_VARS["wordpressuser"])) {
11		$user_login = $HTTP_COOKIE_VARS["wordpressuser"];
12		$user_pass_md5 = $HTTP_COOKIE_VARS["wordpresspass"];
	10	if (!empty($HTTP_COOKIE_VARS["wordpressuser_".$cookiehash])) {
	11	$user_login = $HTTP_COOKIE_VARS["wordpressuser_".$cookiehash];
	12	$user_pass_md5 = $HTTP_COOKIE_VARS["wordpresspass_".$cookiehash];
13	13	} else {
14	14	return false;
…	…
39	39	header('Cache-Control: no-cache, must-revalidate');
40	40	header('Pragma: no-cache');
41		if (!empty($HTTP_COOKIE_VARS["wordpressuser"])) {
	41	if (!empty($HTTP_COOKIE_VARS["wordpressuser_".$cookiehash])) {
42	42	$error="<strong>Error</strong>: wrong login or password";
43	43	}

trunk/wp-admin/linkmanager.php

r296	r458
85	85	}
86	86
87		$links_show_cat_id = $HTTP_COOKIE_VARS["links_show_cat_id"];
88		$links_show_order = $HTTP_COOKIE_VARS["links_show_order"];
	87	$links_show_cat_id = $HTTP_COOKIE_VARS["links_show_cat_id_".$cookiehash];
	88	$links_show_order = $HTTP_COOKIE_VARS["links_show_order_".$cookiehash];
89	89
90	90	if ($action2 != '')
…	…
264	264	" WHERE link_id=$link_id");
265	265	} // end if save
266		setcookie('links_show_cat_id', $links_show_cat_id, time()+600);
	266	setcookie('links_show_cat_id_'.$cookiehash, $links_show_cat_id, time()+600);
267	267	header('Location: '.$this_file);
268	268	break;
…	…
289	289	}
290	290	$links_show_cat_id = $cat_id;
291		setcookie("links_show_cat_id", $links_show_cat_id, time()+600);
	291	setcookie("links_show_cat_id_".$cookiehash, $links_show_cat_id, time()+600);
292	292	header('Location: '.$this_file);
293	293	break;
…	…
442	442	$links_show_order = $order_by;
443	443
444		setcookie('links_show_cat_id', $links_show_cat_id, time()+600);
445		setcookie('links_show_order', $links_show_order, time()+600);
	444	setcookie('links_show_cat_id_'.$cookiehash, $links_show_cat_id, time()+600);
	445	setcookie('links_show_order_'.$cookiehash, $links_show_order, time()+600);
446	446	$standalone=0;
447	447	include_once ("./b2header.php");

trunk/wp-pass.php

r323	r458
6	6	-- Matt
7	7	*/
8
9		setcookie('wp-postpass', $HTTP_POST_VARS['post_password'], time()+606024*30);
	8	include_once('wp-config.php');
	9	setcookie('wp-postpass_'.$cookiehash, $HTTP_POST_VARS['post_password'], time()+606024*30);
10	10	header('Location: ' . $HTTP_SERVER_VARS['HTTP_REFERER']);
11	11

trunk/wp-settings.php

r417	r458
63	63	$querystring_separator = '&';
64	64	//}
	65	// Used to guarantee unique cookies
	66	$cookiehash = md5($siteurl);
	67
65	68	} //end !$_wp_installing
66	69	?>

Navigation

Changeset 458

Legend:

Download in other formats: