Changeset 131 for trunk/wp-content/plugins
- Timestamp:
- Mar 21, 2009, 8:11:42 PM (16 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-content/plugins/xpressme/include/pluggable-override.php
r130 r131 130 130 function wp_check_password($password, $hash, $user_id = '') { 131 131 global $wp_hasher; 132 133 if ($hash == $password){ // The password taken out of XOOPS is hash value. 132 global $xoops_config,$xoops_db; 133 134 // For attestation when password has been sent as hash value. (When having logged it in from Xoops and ImpressCMS) 135 if ($hash == $password){ 134 136 return apply_filters('check_password', true, $password, $hash, $user_id); 135 137 } 138 139 // Password authentication for Xoops 140 if ( strlen($hash) <= 32 ) { 141 $check = ( $hash == md5($password) ); 142 return apply_filters('check_password', $check, $password, $hash, $user_id); 143 } 144 145 // Password authentication for ImpressCMS 146 if($xoops_config->is_impress && function_exists('hash')){ 147 $mainSalt = $xoops_config->xoops_db_salt; 148 // get user salt 149 $xpress_user_db = $xoops_config->module_db_prefix . 'users'; 150 $xoops_user_db = $xoops_config->xoops_db_prefix . '_users'; 151 $login_name = $xoops_db->get_var("SELECT user_login FROM $xpress_user_db WHERE ID = $user_id"); 152 $user_salt = $xoops_db->get_var("SELECT salt FROM $xoops_user_db WHERE uname = '$login_name'"); 153 // Make Impress hash 154 $impress_hash = hash('sha256', $user_salt.md5($password).$mainSalt); 155 if ($hash == $impress_hash){ 156 return apply_filters('check_password', true, $password, $hash, $user_id); 157 } 158 } 159 136 160 // If the hash is still md5... 137 161 if ( strlen($hash) <= 32 ) {
Note: See TracChangeset
for help on using the changeset viewer.