WP_Pass

The BuddyPress WP Pass class.

Defined (1)

The class is defined in the following location(s).

/bp-forums/bbpress/bb-includes/backpress/class.wp-pass.php  
  1. class WP_Pass { 
  2. /** 
  3. * Create a hash (encrypt) of a plain text password. 
  4. * For integration with other applications, this function can be overwritten to 
  5. * instead use the other package password checking algorithm. 
  6. * @since WP 2.5 
  7. * @global object $wp_hasher PHPass object 
  8. * @uses PasswordHash::HashPassword 
  9. * @param string $password Plain text user password to hash 
  10. * @return string The hash string of the password 
  11. */ 
  12. function hash_password($password) { 
  13. global $wp_hasher; 
  14.  
  15. if ( empty($wp_hasher) ) { 
  16. require_once( BACKPRESS_PATH . 'class.passwordhash.php'); 
  17. // By default, use the portable hash from phpass 
  18. $wp_hasher = new PasswordHash(8, TRUE); 
  19.  
  20. return $wp_hasher->HashPassword($password); 
  21.  
  22. /** 
  23. * Checks the plaintext password against the encrypted Password. 
  24. * Maintains compatibility between old version and the new cookie authentication 
  25. * protocol using PHPass library. The $hash parameter is the encrypted password 
  26. * and the function compares the plain text password when encypted similarly 
  27. * against the already encrypted password to see if they match. 
  28. * For integration with other applications, this function can be overwritten to 
  29. * instead use the other package password checking algorithm. 
  30. * @since WP 2.5 
  31. * @global object $wp_hasher PHPass object used for checking the password 
  32. * against the $hash + $password 
  33. * @uses PasswordHash::CheckPassword 
  34. * @param string $password Plaintext user's password 
  35. * @param string $hash Hash of the user's password to check against. 
  36. * @return bool False, if the $password does not match the hashed password 
  37. */ 
  38. function check_password($password, $hash, $user_id = '') { 
  39. global $wp_hasher, $wp_users_object; 
  40.  
  41. list($hash, $broken) = array_pad( explode( '---', $hash ), 2, '' ); 
  42.  
  43. // If the hash is still md5... 
  44. if ( strlen($hash) <= 32 ) { 
  45. $check = ( $hash == md5($password) ); 
  46. if ( $check && $user_id && !$broken ) { 
  47. // Rehash using new hash. 
  48. $wp_users_object->set_password($password, $user_id); 
  49. $hash = WP_Pass::hash_password($password); 
  50.  
  51. return apply_filters('check_password', $check, $password, $hash, $user_id); 
  52.  
  53. // If the stored hash is longer than an MD5, presume the 
  54. // new style phpass portable hash. 
  55. if ( empty($wp_hasher) ) { 
  56. require_once( BACKPRESS_PATH . 'class.passwordhash.php'); 
  57. // By default, use the portable hash from phpass 
  58. $wp_hasher = new PasswordHash(8, TRUE); 
  59.  
  60. $check = $wp_hasher->CheckPassword($password, $hash); 
  61.  
  62. return apply_filters('check_password', $check, $password, $hash, $user_id); 
  63.  
  64. /** 
  65. * Generates a random password drawn from the defined set of characters 
  66. * @since WP 2.5 
  67. * @param int $length The length of password to generate 
  68. * @param bool $special_chars Whether to include standard special characters  
  69. * @return string The random password 
  70. */ 
  71. function generate_password($length = 12, $special_chars = true) { 
  72. $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; 
  73. if ( $special_chars ) 
  74. $chars .= '!@#$%^&*()'; 
  75.  
  76. $password = ''; 
  77. for ( $i = 0; $i < $length; $i++ ) 
  78. $password .= substr($chars, WP_Pass::rand(0, strlen($chars) - 1), 1); 
  79. return $password; 
  80.  
  81. /** 
  82. * Generates a random number 
  83. * Not verbatim WordPress, keeps seed value in backpress options. 
  84. * @since WP 2.6.2 
  85. * @param int $min Lower limit for the generated number (optional, default is 0) 
  86. * @param int $max Upper limit for the generated number (optional, default is 4294967295) 
  87. * @return int A random number between min and max 
  88. */ 
  89. function rand( $min = 0, $max = 0 ) { 
  90. global $rnd_value; 
  91.  
  92. $seed = backpress_get_transient('random_seed'); 
  93.  
  94. // Reset $rnd_value after 14 uses 
  95. // 32(md5) + 40(sha1) + 40(sha1) / 8 = 14 random numbers from $rnd_value 
  96. if ( strlen($rnd_value) < 8 ) { 
  97. $rnd_value = md5( uniqid(microtime() . mt_rand(), true ) . $seed ); 
  98. $rnd_value .= sha1($rnd_value); 
  99. $rnd_value .= sha1($rnd_value . $seed); 
  100. $seed = md5($seed . $rnd_value); 
  101. backpress_set_transient('random_seed', $seed); 
  102.  
  103. // Take the first 8 digits for our value 
  104. $value = substr($rnd_value, 0, 8); 
  105.  
  106. // Strip the first eight, leaving the remainder for the next call to wp_rand(). 
  107. $rnd_value = substr($rnd_value, 8); 
  108.  
  109. $value = abs(hexdec($value)); 
  110.  
  111. // Reduce the value to be within the min - max range 
  112. // 4294967295 = 0xffffffff = max random number 
  113. if ( $max != 0 ) 
  114. $value = $min + (($max - $min + 1) * ($value / (4294967295 + 1))); 
  115.  
  116. return abs(intval($value));