PageRenderTime 42ms CodeModel.GetById 14ms RepoModel.GetById 1ms app.codeStats 0ms

/plugins/buddypress/bp-forums/bbpress/bb-includes/backpress/class.wp-pass.php

https://bitbucket.org/codemen_iftekhar/codemen
PHP | 141 lines | 55 code | 20 blank | 66 comment | 12 complexity | d9364329333e7a3a8b5b778374586cbd MD5 | raw file
    

  1. <?php
    2. 

  2. // Last sync [WP10712] - Refactored into a class from wp-incldues/pluggable.php
    3. 

  3. 

  4. class WP_Pass {
    5. 

  5. 	/**
    6. 

  6. 	 * Create a hash (encrypt) of a plain text password.
    7. 

  7. 	 *
    8. 

  8. 	 * For integration with other applications, this function can be overwritten to
    9. 

  9. 	 * instead use the other package password checking algorithm.
    10. 

  10. 	 *
    11. 

  11. 	 * @since WP 2.5
    12. 

  12. 	 * @global object $wp_hasher PHPass object
    13. 

  13. 	 * @uses PasswordHash::HashPassword
    14. 

  14. 	 *
    15. 

  15. 	 * @param string $password Plain text user password to hash
    16. 

  16. 	 * @return string The hash string of the password
    17. 

  17. 	 */
    18. 

  18. 	function hash_password($password) {
    19. 

  19. 		global $wp_hasher;
    20. 

  20. 

  21. 		if ( empty($wp_hasher) ) {
    22. 

  22. 			require_once( BACKPRESS_PATH . 'class.passwordhash.php');
    23. 

  23. 			// By default, use the portable hash from phpass
    24. 

  24. 			$wp_hasher = new PasswordHash(8, TRUE);
    25. 

  25. 		}
    26. 

  26. 

  27. 		return $wp_hasher->HashPassword($password);
    28. 

  28. 	}
    29. 

  29. 

  30. 	/**
    31. 

  31. 	 * Checks the plaintext password against the encrypted Password.
    32. 

  32. 	 *
    33. 

  33. 	 * Maintains compatibility between old version and the new cookie authentication
    34. 

  34. 	 * protocol using PHPass library. The $hash parameter is the encrypted password
    35. 

  35. 	 * and the function compares the plain text password when encypted similarly
    36. 

  36. 	 * against the already encrypted password to see if they match.
    37. 

  37. 	 *
    38. 

  38. 	 * For integration with other applications, this function can be overwritten to
    39. 

  39. 	 * instead use the other package password checking algorithm.
    40. 

  40. 	 *
    41. 

  41. 	 * @since WP 2.5
    42. 

  42. 	 * @global object $wp_hasher PHPass object used for checking the password
    43. 

  43. 	 *	against the $hash + $password
    44. 

  44. 	 * @uses PasswordHash::CheckPassword
    45. 

  45. 	 *
    46. 

  46. 	 * @param string $password Plaintext user's password
    47. 

  47. 	 * @param string $hash Hash of the user's password to check against.
    48. 

  48. 	 * @return bool False, if the $password does not match the hashed password
    49. 

  49. 	 */
    50. 

  50. 	function check_password($password, $hash, $user_id = '') {
    51. 

  51. 		global $wp_hasher, $wp_users_object;
    52. 

  52. 

  53. 		list($hash, $broken) = array_pad( explode( '---', $hash ), 2, '' );
    54. 

  54. 

  55. 		// If the hash is still md5...
    56. 

  56. 		if ( strlen($hash) <= 32 ) {
    57. 

  57. 			$check = ( $hash == md5($password) );
    58. 

  58. 			if ( $check && $user_id && !$broken ) {
    59. 

  59. 				// Rehash using new hash.
    60. 

  60. 				$wp_users_object->set_password($password, $user_id);
    61. 

  61. 				$hash = WP_Pass::hash_password($password);
    62. 

  62. 			}
    63. 

  63. 

  64. 			return apply_filters('check_password', $check, $password, $hash, $user_id);
    65. 

  65. 		}
    66. 

  66. 

  67. 		// If the stored hash is longer than an MD5, presume the
    68. 

  68. 		// new style phpass portable hash.
    69. 

  69. 		if ( empty($wp_hasher) ) {
    70. 

  70. 			require_once( BACKPRESS_PATH . 'class.passwordhash.php');
    71. 

  71. 			// By default, use the portable hash from phpass
    72. 

  72. 			$wp_hasher = new PasswordHash(8, TRUE);
    73. 

  73. 		}
    74. 

  74. 

  75. 		$check = $wp_hasher->CheckPassword($password, $hash);
    76. 

  76. 

  77. 		return apply_filters('check_password', $check, $password, $hash, $user_id);
    78. 

  78. 	}
    79. 

  79. 

  80. 	/**
    81. 

  81. 	 * Generates a random password drawn from the defined set of characters
    82. 

  82. 	 *
    83. 

  83. 	 * @since WP 2.5
    84. 

  84. 	 *
    85. 

  85. 	 * @param int $length The length of password to generate
    86. 

  86. 	 * @param bool $special_chars Whether to include standard special characters 
    87. 

  87. 	 * @return string The random password
    88. 

  88. 	 */
    89. 

  89. 	function generate_password($length = 12, $special_chars = true) {
    90. 

  90. 		$chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
    91. 

  91. 		if ( $special_chars )
    92. 

  92. 			$chars .= '!@#$%^&*()';
    93. 

  93. 

  94. 		$password = '';
    95. 

  95. 		for ( $i = 0; $i < $length; $i++ )
    96. 

  96. 			$password .= substr($chars, WP_Pass::rand(0, strlen($chars) - 1), 1);
    97. 

  97. 		return $password;
    98. 

  98. 	}
    99. 

  99. 

  100. 	/**
    101. 

  101. 	 * Generates a random number
    102. 

  102. 	 *
    103. 

  103. 	 * Not verbatim WordPress, keeps seed value in backpress options.
    104. 

  104. 	 *
    105. 

  105. 	 * @since WP 2.6.2
    106. 

  106. 	 *
    107. 

  107. 	 * @param int $min Lower limit for the generated number (optional, default is 0)
    108. 

  108. 	 * @param int $max Upper limit for the generated number (optional, default is 4294967295)
    109. 

  109. 	 * @return int A random number between min and max
    110. 

  110. 	 */
    111. 

  111. 	function rand( $min = 0, $max = 0 ) {
    112. 

  112. 		global $rnd_value;
    113. 

  113. 

  114. 		$seed = backpress_get_transient('random_seed');
    115. 

  115. 

  116. 		// Reset $rnd_value after 14 uses
    117. 

  117. 		// 32(md5) + 40(sha1) + 40(sha1) / 8 = 14 random numbers from $rnd_value
    118. 

  118. 		if ( strlen($rnd_value) < 8 ) {
    119. 

  119. 			$rnd_value = md5( uniqid(microtime() . mt_rand(), true ) . $seed );
    120. 

  120. 			$rnd_value .= sha1($rnd_value);
    121. 

  121. 			$rnd_value .= sha1($rnd_value . $seed);
    122. 

  122. 			$seed = md5($seed . $rnd_value);
    123. 

  123. 			backpress_set_transient('random_seed', $seed);
    124. 

  124. 		}
    125. 

  125. 

  126. 		// Take the first 8 digits for our value
    127. 

  127. 		$value = substr($rnd_value, 0, 8);
    128. 

  128. 

  129. 		// Strip the first eight, leaving the remainder for the next call to wp_rand().
    130. 

  130. 		$rnd_value = substr($rnd_value, 8);
    131. 

  131. 

  132. 		$value = abs(hexdec($value));
    133. 

  133. 

  134. 		// Reduce the value to be within the min - max range
    135. 

  135. 		// 4294967295 = 0xffffffff = max random number
    136. 

  136. 		if ( $max != 0 )
    137. 

  137. 			$value = $min + (($max - $min + 1) * ($value / (4294967295 + 1)));
    138. 

  138. 

  139. 		return abs(intval($value));
    140. 

  140. 	}
    141. 

  141. }
    142. 

  142.