/bp-forums/bbpress/bb-includes/backpress/class.wp-pass.php

  1. <?php 
  2. // Last sync [WP10712] - Refactored into a class from wp-incldues/pluggable.php 
  3.  
  4. class WP_Pass { 
  5. /** 
  6. * Create a hash (encrypt) of a plain text password. 
  7. * 
  8. * For integration with other applications, this function can be overwritten to 
  9. * instead use the other package password checking algorithm. 
  10. * 
  11. * @since WP 2.5 
  12. * @global object $wp_hasher PHPass object 
  13. * @uses PasswordHash::HashPassword 
  14. * 
  15. * @param string $password Plain text user password to hash 
  16. * @return string The hash string of the password 
  17. */ 
  18. function hash_password($password) { 
  19. global $wp_hasher; 
  20.  
  21. if ( empty($wp_hasher) ) { 
  22. require_once( BACKPRESS_PATH . 'class.passwordhash.php'); 
  23. // By default, use the portable hash from phpass 
  24. $wp_hasher = new PasswordHash(8, TRUE); 
  25.  
  26. return $wp_hasher->HashPassword($password); 
  27.  
  28. /** 
  29. * Checks the plaintext password against the encrypted Password. 
  30. * 
  31. * Maintains compatibility between old version and the new cookie authentication 
  32. * protocol using PHPass library. The $hash parameter is the encrypted password 
  33. * and the function compares the plain text password when encypted similarly 
  34. * against the already encrypted password to see if they match. 
  35. * 
  36. * For integration with other applications, this function can be overwritten to 
  37. * instead use the other package password checking algorithm. 
  38. * 
  39. * @since WP 2.5 
  40. * @global object $wp_hasher PHPass object used for checking the password 
  41. * against the $hash + $password 
  42. * @uses PasswordHash::CheckPassword 
  43. * 
  44. * @param string $password Plaintext user's password 
  45. * @param string $hash Hash of the user's password to check against. 
  46. * @return bool False, if the $password does not match the hashed password 
  47. */ 
  48. function check_password($password, $hash, $user_id = '') { 
  49. global $wp_hasher, $wp_users_object; 
  50.  
  51. list($hash, $broken) = array_pad( explode( '---', $hash ), 2, '' ); 
  52.  
  53. // If the hash is still md5... 
  54. if ( strlen($hash) <= 32 ) { 
  55. $check = ( $hash == md5($password) ); 
  56. if ( $check && $user_id && !$broken ) { 
  57. // Rehash using new hash. 
  58. $wp_users_object->set_password($password, $user_id); 
  59. $hash = WP_Pass::hash_password($password); 
  60.  
  61. return apply_filters('check_password', $check, $password, $hash, $user_id); 
  62.  
  63. // If the stored hash is longer than an MD5, presume the 
  64. // new style phpass portable hash. 
  65. if ( empty($wp_hasher) ) { 
  66. require_once( BACKPRESS_PATH . 'class.passwordhash.php'); 
  67. // By default, use the portable hash from phpass 
  68. $wp_hasher = new PasswordHash(8, TRUE); 
  69.  
  70. $check = $wp_hasher->CheckPassword($password, $hash); 
  71.  
  72. return apply_filters('check_password', $check, $password, $hash, $user_id); 
  73.  
  74. /** 
  75. * Generates a random password drawn from the defined set of characters 
  76. * 
  77. * @since WP 2.5 
  78. * 
  79. * @param int $length The length of password to generate 
  80. * @param bool $special_chars Whether to include standard special characters  
  81. * @return string The random password 
  82. */ 
  83. function generate_password($length = 12, $special_chars = true) { 
  84. $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; 
  85. if ( $special_chars ) 
  86. $chars .= '!@#$%^&*()'; 
  87.  
  88. $password = ''; 
  89. for ( $i = 0; $i < $length; $i++ ) 
  90. $password .= substr($chars, WP_Pass::rand(0, strlen($chars) - 1), 1); 
  91. return $password; 
  92.  
  93. /** 
  94. * Generates a random number 
  95. * 
  96. * Not verbatim WordPress, keeps seed value in backpress options. 
  97. * 
  98. * @since WP 2.6.2 
  99. * 
  100. * @param int $min Lower limit for the generated number (optional, default is 0) 
  101. * @param int $max Upper limit for the generated number (optional, default is 4294967295) 
  102. * @return int A random number between min and max 
  103. */ 
  104. function rand( $min = 0, $max = 0 ) { 
  105. global $rnd_value; 
  106.  
  107. $seed = backpress_get_transient('random_seed'); 
  108.  
  109. // Reset $rnd_value after 14 uses 
  110. // 32(md5) + 40(sha1) + 40(sha1) / 8 = 14 random numbers from $rnd_value 
  111. if ( strlen($rnd_value) < 8 ) { 
  112. $rnd_value = md5( uniqid(microtime() . mt_rand(), true ) . $seed ); 
  113. $rnd_value .= sha1($rnd_value); 
  114. $rnd_value .= sha1($rnd_value . $seed); 
  115. $seed = md5($seed . $rnd_value); 
  116. backpress_set_transient('random_seed', $seed); 
  117.  
  118. // Take the first 8 digits for our value 
  119. $value = substr($rnd_value, 0, 8); 
  120.  
  121. // Strip the first eight, leaving the remainder for the next call to wp_rand(). 
  122. $rnd_value = substr($rnd_value, 8); 
  123.  
  124. $value = abs(hexdec($value)); 
  125.  
  126. // Reduce the value to be within the min - max range 
  127. // 4294967295 = 0xffffffff = max random number 
  128. if ( $max != 0 ) 
  129. $value = $min + (($max - $min + 1) * ($value / (4294967295 + 1))); 
  130.  
  131. return abs(intval($value)); 
.