XPressME Integration Kit

Trac

Changeset 131 for trunk/wp-content


Ignore:
Timestamp:
Mar 21, 2009, 8:11:42 PM (16 years ago)
Author:
toemon
Message:

ImpressCMSのパスワードHash対応 #75 bump Ver0.13

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-content/plugins/xpressme/include/pluggable-override.php

    r130 r131  
    130130function wp_check_password($password, $hash, $user_id = '') { 
    131131        global $wp_hasher; 
    132  
    133         if ($hash == $password){ // The password taken out of XOOPS is hash value. 
     132        global $xoops_config,$xoops_db; 
     133 
     134        // For attestation when password has been sent as hash value. (When having logged it in from Xoops and ImpressCMS) 
     135        if ($hash == $password){  
    134136                return apply_filters('check_password', true, $password, $hash, $user_id); 
    135137        } 
     138         
     139        // Password authentication for Xoops  
     140        if ( strlen($hash) <= 32 ) { 
     141                $check = ( $hash == md5($password) ); 
     142                return apply_filters('check_password', $check, $password, $hash, $user_id);      
     143        } 
     144         
     145        // Password authentication for ImpressCMS  
     146        if($xoops_config->is_impress && function_exists('hash')){ 
     147                $mainSalt = $xoops_config->xoops_db_salt; 
     148                // get user salt 
     149                $xpress_user_db = $xoops_config->module_db_prefix . 'users'; 
     150                $xoops_user_db = $xoops_config->xoops_db_prefix . '_users'; 
     151                $login_name = $xoops_db->get_var("SELECT user_login FROM $xpress_user_db WHERE ID = $user_id"); 
     152                $user_salt = $xoops_db->get_var("SELECT salt FROM $xoops_user_db WHERE uname = '$login_name'"); 
     153                // Make Impress hash  
     154                $impress_hash = hash('sha256', $user_salt.md5($password).$mainSalt); 
     155                if ($hash == $impress_hash){ 
     156                        return apply_filters('check_password', true, $password, $hash, $user_id); 
     157                } 
     158        }        
     159 
    136160        // If the hash is still md5... 
    137161        if ( strlen($hash) <= 32 ) { 
Note: See TracChangeset for help on using the changeset viewer.