CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
CheckPassword example
/*
* If the stored hash is longer than an MD5,
* presume the new style phpass portable hash.
*/
if ( empty( $wp_hasher ) ) {
require_once ABSPATH . WPINC . '/class-phpass.php';
// By default, use the portable hash from phpass. $wp_hasher = new PasswordHash( 8, true );
}
$check = $wp_hasher->CheckPassword( $password, $hash );
/** This filter is documented in wp-includes/pluggable.php */
return apply_filters( 'check_password', $check, $password, $hash, $user_id );
}
endif;
if ( ! function_exists( 'wp_generate_password' ) ) :
/** * Generates a random password drawn from the defined set of characters. * * Uses wp_rand() to create passwords with far less predictability * than similar native PHP functions like `rand()` or `mt_rand()`. * * @since 2.5.0 * * @param int $length Optional. The length of password to generate. Default 12. * @param bool $special_chars Optional. Whether to include standard special characters. * Default true. * @param bool $extra_special_chars Optional. Whether to include other special characters. * Used when generating secret keys and salts. Default false. * @return string The random password. */
if ( empty( $wp_hasher ) ) {
require_once ABSPATH . WPINC . '/class-phpass.php';
// By default, use the portable hash from phpass. $wp_hasher = new PasswordHash( 8, true );
}
$check = $wp_hasher->CheckPassword( $password, $hash );
/** This filter is documented in wp-includes/pluggable.php */
return apply_filters( 'check_password', $check, $password, $hash, $user_id );
}
endif;
if ( ! function_exists( 'wp_generate_password' ) ) :
/** * Generates a random password drawn from the defined set of characters. * * Uses wp_rand() to create passwords with far less predictability * than similar native PHP functions like `rand()` or `mt_rand()`. * * @since 2.5.0 * * @param int $length Optional. The length of password to generate. Default 12. * @param bool $special_chars Optional. Whether to include standard special characters. * Default true. * @param bool $extra_special_chars Optional. Whether to include other special characters. * Used when generating secret keys and salts. Default false. * @return string The random password. */
list( $pass_request_time, $pass_key ) = explode( ':', $user->user_activation_key, 2 );
$expiration_time = $pass_request_time + $expiration_duration;
} else {
$pass_key = $user->user_activation_key;
$expiration_time = false;
}
if ( ! $pass_key ) {
return new WP_Error( 'invalid_key', __( 'Invalid key.' ) );
}
$hash_is_correct = $wp_hasher->CheckPassword( $key, $pass_key );
if ( $hash_is_correct && $expiration_time && time() < $expiration_time ) {
return $user;
} elseif ( $hash_is_correct && $expiration_time ) {
// Key has an expiration time that's passed. return new WP_Error( 'expired_key', __( 'Invalid key.' ) );
}
if ( hash_equals( $user->user_activation_key, $key ) || ( $hash_is_correct && ! $expiration_time ) ) {
$return = new WP_Error( 'expired_key', __( 'Invalid key.' ) );
$user_id = $user->ID;
$expiration_time = $pass_request_time + $expiration_duration;
} else {
$pass_key = $user->user_activation_key;
$expiration_time = false;
}
if ( ! $pass_key ) {
return new WP_Error( 'invalid_key', __( 'Invalid key.' ) );
}
$hash_is_correct = $wp_hasher->CheckPassword( $key, $pass_key );
if ( $hash_is_correct && $expiration_time && time() < $expiration_time ) {
return $user;
} elseif ( $hash_is_correct && $expiration_time ) {
// Key has an expiration time that's passed. return new WP_Error( 'expired_key', __( 'Invalid key.' ) );
}
if ( hash_equals( $user->user_activation_key, $key ) || ( $hash_is_correct && ! $expiration_time ) ) {
$return = new WP_Error( 'expired_key', __( 'Invalid key.' ) );
$user_id = $user->ID;
$this->remove_key( $token );
if ( ! is_array( $record ) || ! isset( $record['hashed_key'], $record['created_at'] ) ) {
return new WP_Error( 'invalid_recovery_key_format', __( 'Invalid recovery key format.' ) );
}
if ( empty( $wp_hasher ) ) {
require_once ABSPATH . WPINC . '/class-phpass.php';
$wp_hasher = new PasswordHash( 8, true );
}
if ( ! $wp_hasher->CheckPassword( $key, $record['hashed_key'] ) ) {
return new WP_Error( 'hash_mismatch', __( 'Invalid recovery key.' ) );
}
if ( time() > $record['created_at'] + $ttl ) {
return new WP_Error( 'key_expired', __( 'Recovery key expired.' ) );
}
return true;
}
/** * Removes expired recovery mode keys. * * @since 5.2.0 * * @param int $ttl Time in seconds for the keys to be valid for. */
if ( ! is_array( $record ) || ! isset( $record['hashed_key'], $record['created_at'] ) ) {
return new WP_Error( 'invalid_recovery_key_format', __( 'Invalid recovery key format.' ) );
}
if ( empty( $wp_hasher ) ) {
require_once ABSPATH . WPINC . '/class-phpass.php';
$wp_hasher = new PasswordHash( 8, true );
}
if ( ! $wp_hasher->CheckPassword( $key, $record['hashed_key'] ) ) {
return new WP_Error( 'hash_mismatch', __( 'Invalid recovery key.' ) );
}
if ( time() > $record['created_at'] + $ttl ) {
return new WP_Error( 'key_expired', __( 'Recovery key expired.' ) );
}
return true;
}
/** * Removes expired recovery mode keys. * * @since 5.2.0 * * @param int $ttl Time in seconds for the keys to be valid for. */
/** This filter is documented in wp-includes/post-template.php */
return apply_filters( 'post_password_required', true, $post );
}
require_once ABSPATH . WPINC . '/class-phpass.php';
$hasher = new PasswordHash( 8, true );
$hash = wp_unslash( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] );
if ( ! str_starts_with( $hash, '$P$B' ) ) {
$required = true;
} else {
$required = ! $hasher->CheckPassword( $post->post_password, $hash );
}
/** * Filters whether a post requires the user to supply a password. * * @since 4.7.0 * * @param bool $required Whether the user needs to supply a password. True if password has not been * provided or is incorrect, false if password has been supplied or is not required. * @param WP_Post $post Post object. */
return apply_filters( 'post_password_required', true, $post );
}
require_once ABSPATH . WPINC . '/class-phpass.php';
$hasher = new PasswordHash( 8, true );
$hash = wp_unslash( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] );
if ( ! str_starts_with( $hash, '$P$B' ) ) {
$required = true;
} else {
$required = ! $hasher->CheckPassword( $post->post_password, $hash );
}
/** * Filters whether a post requires the user to supply a password. * * @since 4.7.0 * * @param bool $required Whether the user needs to supply a password. True if password has not been * provided or is incorrect, false if password has been supplied or is not required. * @param WP_Post $post Post object. */