Skip to:
Content

Changeset 1588


Ignore:
Timestamp:
07/11/08 16:34:53 (6 years ago)
Author:
sambauers
Message:

Bring bbPress cookies up to speed with WordPress, first pass.

Location:
trunk
Files:
11 edited

Legend:

Unmodified
Added
Removed
  • trunk/bb-config-sample.php

    r1573 r1588  
    1111                                     // If you are installing for the first time, leave them here 
    1212 
    13 // Change BB_SECRET_KEY to a unique phrase.  You won't have to remember it later, 
    14 // so make it long and complicated.  You can visit https://www.grc.com/passwords.htm 
    15 // to get a phrase generated for you, or just make something up. 
    16 // If you are integrating logins with WordPress, you will need to match the value 
    17 // of the "SECRET_KEY" in the WordPress file wp-config.php 
    18 define('BB_SECRET_KEY', 'put your unique phrase here'); // Change this to a unique phrase. 
     13// Change each KEY to a different unique phrase.  You won't have to remember the phrases later, 
     14// so make them long and complicated.  You can visit https://www.grc.com/passwords.htm 
     15// to get phrases generated for you, or just make something up.  Each key should have a different phrase. 
     16// If you are integrating logins with WordPress, you will need to match each key to 
     17// the value of their equivalent keys in the WordPress file wp-config.php 
     18define('BB_AUTH_KEY', 'put your unique phrase here'); // Change this to a unique phrase. 
     19define('BB_SECURE_AUTH_KEY', 'put your unique phrase here'); // Change this to a unique phrase. 
     20define('BB_LOGGED_IN_KEY', 'put your unique phrase here'); // Change this to a unique phrase. 
    1921 
    2022// If you are running multiple bbPress installations in a single database, 
  • trunk/bb-edit.php

    r1575 r1588  
    22require('./bb-load.php'); 
    33 
    4 bb_auth(); 
     4bb_auth('logged_in'); 
    55 
    66$post_id = (int) $_POST['post_id']; 
  • trunk/bb-includes/functions.php

    r1585 r1588  
    17871787        'wp_siteurl' => '', 
    17881788        'wp_home' => '', 
    1789         'cookiedomain' => '', 
     1789        'cookiedomain' => false, 
    17901790        'usercookie' => '', 
    17911791        'passcookie' => '', 
    17921792        'authcookie' => '', 
    17931793        'cookiepath' => '', 
    1794         'sitecookiepath' => '' 
     1794        'sitecookiepath' => '', 
     1795        'secure_auth_cookie' => '', 
     1796        'logged_in_cookie' => '', 
     1797        'admin_cookie_path' => '', 
     1798        'core_plugins_cookie_path' => '', 
     1799        'user_plugins_cookie_path' => '', 
     1800        'wp_admin_cookie_path' => '', 
     1801        'wp_plugins_cookie_path' => '' 
    17951802    ); 
    17961803     
  • trunk/bb-includes/pluggable.php

    r1582 r1588  
    22 
    33if ( !function_exists('bb_auth') ) : 
    4 function bb_auth() { // Checks if a user has a valid cookie, if not redirects them to the main page 
    5     if ( !wp_validate_auth_cookie() ) { 
     4function bb_auth($scheme = 'auth') { // Checks if a user has a valid cookie, if not redirects them to the main page 
     5    if ( !wp_validate_auth_cookie('', $scheme) ) { 
    66        nocache_headers(); 
    77        header('Location: ' . bb_get_uri(null, null, BB_URI_CONTEXT_HEADER)); 
     
    9898 
    9999if ( !function_exists('wp_validate_auth_cookie') ) : 
    100 function wp_validate_auth_cookie($cookie = '') { 
     100function wp_validate_auth_cookie($cookie = '', $scheme = 'auth') { 
    101101    global $wp_auth_object; 
    102     return $wp_auth_object->validate_auth_cookie( $cookie ); 
     102    if ( empty($cookie) && $scheme == 'auth' ) { 
     103        if ( bb_is_ssl() ) { 
     104            $scheme = 'secure_auth'; 
     105        } else { 
     106            $scheme = 'auth'; 
     107        } 
     108    } 
     109    return $wp_auth_object->validate_auth_cookie( $cookie, $scheme ); 
    103110} 
    104111endif; 
    105112 
    106113if ( !function_exists('wp_set_auth_cookie') ) : 
    107 function wp_set_auth_cookie($user_id, $remember = false) { 
     114function wp_set_auth_cookie($user_id, $remember = false, $secure = '') { 
    108115    global $wp_auth_object; 
    109116 
    110     if ( $remember ) 
    111         $expiration = time() + 1209600; 
    112     else 
    113         $expiration = 0; 
    114  
    115     $wp_auth_object->set_auth_cookie( $user_id, $expiration ); 
     117    if ( $remember ) { 
     118        $expiration = $expire = time() + 1209600; 
     119    } else { 
     120        $expiration = time() + 172800; 
     121        $expire = 0; 
     122    } 
     123     
     124    if ( '' === $secure ) 
     125        $secure = bb_is_ssl() ? true : false; 
     126 
     127    if ( $secure ) { 
     128        $scheme = 'secure_auth'; 
     129    } else { 
     130        $scheme = 'auth'; 
     131    } 
     132 
     133    $wp_auth_object->set_auth_cookie( $user_id, $expiration, $expire, $scheme ); 
    116134} 
    117135endif; 
     
    120138function wp_clear_auth_cookie() { 
    121139    global $bb, $wp_auth_object; 
    122  
     140     
    123141    $wp_auth_object->clear_auth_cookie(); 
    124142     
    125143    // Old cookies 
     144    setcookie($bb->authcookie, ' ', time() - 31536000, $bb->cookiepath, $bb->cookiedomain); 
     145    setcookie($bb->authcookie, ' ', time() - 31536000, $bb->sitecookiepath, $bb->cookiedomain); 
     146     
     147    // Even older cookies 
    126148    setcookie($bb->usercookie, ' ', time() - 31536000, $bb->cookiepath, $bb->cookiedomain); 
    127149    setcookie($bb->usercookie, ' ', time() - 31536000, $bb->sitecookiepath, $bb->cookiedomain); 
     
    236258endif; 
    237259 
    238 // Not verbatim WP,  bb has no options table and constants have different names. 
     260// Not verbatim WP,  constants have different names. 
    239261if ( !function_exists('wp_salt') ) : 
    240 function wp_salt() { 
    241  
     262function wp_salt($scheme = 'auth') { 
     263    global $bb_default_secret_key; 
     264     
    242265    $secret_key = ''; 
    243     if ( defined('BB_SECRET_KEY') && ('' != BB_SECRET_KEY) && ('put your unique phrase here' != BB_SECRET_KEY) ) 
     266    if ( defined('BB_SECRET_KEY') && ('' != BB_SECRET_KEY) && ($bb_default_secret_key != BB_SECRET_KEY) ) 
    244267        $secret_key = BB_SECRET_KEY; 
    245  
    246     if ( defined('BB_SECRET_SALT') ) { 
    247         $salt = BB_SECRET_SALT; 
    248     } else { 
    249         if (!BB_INSTALLING) { 
    250             $salt = bb_get_option('secret'); 
    251             if ( empty($salt) ) { 
    252                 $salt = wp_generate_password(64); 
    253                 bb_update_option('secret', $salt); 
     268     
     269    switch ($scheme) { 
     270        case 'auth': 
     271            if ( defined('BB_AUTH_KEY') && ('' != BB_AUTH_KEY) && ( $bb_default_secret_key != BB_AUTH_KEY) ) 
     272                $secret_key = BB_AUTH_KEY; 
     273             
     274            if ( defined('BB_AUTH_SALT') ) { 
     275                $salt = BB_AUTH_SALT; 
     276            } elseif ( defined('BB_SECRET_SALT') ) { 
     277                $salt = BB_SECRET_SALT; 
     278            } elseif ( !BB_INSTALLING ) { 
     279                $salt = bb_get_option('bb_auth_salt'); 
     280                if ( empty($salt) ) { 
     281                    $salt = wp_generate_password(); 
     282                    bb_update_option('bb_auth_salt', $salt); 
     283                } 
    254284            } 
    255         } 
    256     } 
    257  
    258     return apply_filters('salt', $secret_key . $salt); 
     285            break; 
     286         
     287        case 'secure_auth': 
     288            if ( defined('BB_SECURE_AUTH_KEY') && ('' != BB_SECURE_AUTH_KEY) && ( $bb_default_secret_key != BB_SECURE_AUTH_KEY) ) 
     289                $secret_key = BB_SECURE_AUTH_KEY; 
     290             
     291            if ( defined('BB_SECURE_AUTH_SALT') ) { 
     292                $salt = BB_SECURE_AUTH_SALT; 
     293            } else { 
     294                $salt = bb_get_option('bb_secure_auth_salt'); 
     295                if ( empty($salt) ) { 
     296                    $salt = wp_generate_password(); 
     297                    bb_update_option('bb_secure_auth_salt', $salt); 
     298                } 
     299            } 
     300            break; 
     301         
     302        case 'logged_in': 
     303            if ( defined('BB_LOGGED_IN_KEY') && ('' != BB_LOGGED_IN_KEY) && ( $bb_default_secret_key != BB_LOGGED_IN_KEY) ) 
     304                $secret_key = BB_LOGGED_IN_KEY; 
     305             
     306            if ( defined('BB_LOGGED_IN_SALT') ) { 
     307                $salt = BB_LOGGED_IN_SALT; 
     308            } else { 
     309                $salt = bb_get_option('bb_logged_in_salt'); 
     310                if ( empty($salt) ) { 
     311                    $salt = wp_generate_password(); 
     312                    bb_update_option('bb_logged_in_salt', $salt); 
     313                } 
     314            } 
     315            break; 
     316    } 
     317     
     318    return apply_filters('salt', $secret_key . $salt, $scheme); 
    259319} 
    260320endif; 
    261321 
    262322if ( !function_exists('wp_hash') ) : 
    263 function wp_hash($data) {  
    264     $salt = wp_salt(); 
     323function wp_hash($data, $scheme = 'auth') {  
     324    $salt = wp_salt($scheme); 
    265325 
    266326    return hash_hmac('md5', $data, $salt); 
     
    285345 * @return string the password 
    286346 **/ 
    287 function wp_generate_password( $length = 7 ) { 
    288     return WP_Pass::generate_password( $length ); 
     347function wp_generate_password( $length = 12, $special_chars = true ) { 
     348    return WP_Pass::generate_password( $length, $special_chars ); 
    289349} 
    290350endif; 
  • trunk/bb-post.php

    r1575 r1588  
    22require('./bb-load.php'); 
    33 
    4 bb_auth(); 
     4bb_auth('logged_in'); 
    55 
    66if ( $throttle_time = bb_get_option( 'throttle_time' ) ) 
  • trunk/bb-settings.php

    r1575 r1588  
    406406     
    407407    if ( preg_match( '@^(https?://[^/]+)((?:/.*)*/{1,1})$@i', $bb->uri, $matches ) ) { 
    408         // Not used in core anymore, only set here for plugin compatibility 
     408        // Used when setting up cookie domain 
    409409        $bb->domain = $matches[1]; 
    410410        // Used when setting up cookie paths 
     
    609609} 
    610610 
     611$bb->secure_auth_cookie = bb_get_option('secure_auth_cookie'); 
     612if ( !$bb->secure_auth_cookie ) { 
     613    $bb->secure_auth_cookie = ($bb->wp_cookies_integrated ? 'wordpress_sec_' : 'bbpress_sec_') . BB_HASH; 
     614} 
     615 
     616$bb->logged_in_cookie = bb_get_option('logged_in_cookie'); 
     617if ( !$bb->logged_in_cookie ) { 
     618    $bb->logged_in_cookie = ($bb->wp_cookies_integrated ? 'wordpress_logged_in_' : 'bbpress_logged_in_') . BB_HASH; 
     619} 
     620 
    611621$bb->cookiepath = bb_get_option('cookiepath'); 
    612622if ( !$bb->cookiepath ) { 
     
    614624} 
    615625 
     626$bb->admin_cookie_path = bb_get_option('bb_admin_cookie_path'); 
     627if ( !$bb->admin_cookie_path ) { 
     628    $bb->admin_cookie_path = $bb->path . 'bb-admin/'; 
     629} 
     630 
     631$bb->core_plugins_cookie_path = bb_get_option('bb_core_plugins_cookie_path'); 
     632if ( !$bb->core_plugins_cookie_path ) { 
     633    $bb->core_plugins_cookie_path = preg_replace('|https?://[^/]+|i', '', BB_CORE_PLUGIN_URL); 
     634} 
     635 
     636$bb->user_plugins_cookie_path = bb_get_option('bb_user_plugins_cookie_path'); 
     637if ( !$bb->user_plugins_cookie_path ) { 
     638    $bb->user_plugins_cookie_path = preg_replace('|https?://[^/]+|i', '', BB_PLUGIN_URL); 
     639} 
     640 
    616641$bb->sitecookiepath = bb_get_option('sitecookiepath'); 
    617 if ( !$bb->sitecookiepath ) { 
    618     $bb->sitecookiepath = $bb->wp_cookies_integrated ? preg_replace('|https?://[^/]+|i', '', $bb->wp_siteurl ) : $bb->path; 
    619 } 
     642$_bb_sitecookiepath = $bb->sitecookiepath; 
     643if ( !$bb->sitecookiepath && $bb->wp_cookies_integrated ) { 
     644    $bb->sitecookiepath = preg_replace('|https?://[^/]+|i', '', $bb->wp_siteurl ); 
     645    $_bb_sitecookiepath = $bb->sitecookiepath; 
     646    if (bb_get_common_paths($bb->sitecookiepath, $bb->cookiepath) == $bb->cookiepath) { 
     647        $bb->sitecookiepath = $bb->cookiepath; 
     648    } 
     649} 
     650 
     651$bb->wp_admin_cookie_path = bb_get_option('wp_admin_cookie_path'); 
     652if ( !$bb->wp_admin_cookie_path && $bb->wp_cookies_integrated ) { 
     653    $bb->wp_admin_cookie_path = $_bb_sitecookiepath . 'wp-admin/'; 
     654} 
     655 
     656$bb->wp_plugins_cookie_path = bb_get_option('wp_plugins_cookie_path'); 
     657if ( !$bb->wp_plugins_cookie_path && $bb->wp_cookies_integrated ) { 
     658    // This is a best guess only, should be manually set to match WP_PLUGIN_URL 
     659    $bb->wp_plugins_cookie_path = $_bb_sitecookiepath . 'wp-content/plugins/'; 
     660} 
     661unset($_bb_sitecookiepath); 
     662 
     663/** 
     664 * Should be exactly the same as the default value of the KEYS in bb-config-sample.php 
     665 * @since 1.0-beta 
     666 */ 
     667$bb_default_secret_key = 'put your unique phrase here'; 
    620668 
    621669 
     
    651699    require( BACKPRESS_PATH . 'class.wp-auth.php' ); 
    652700     
     701    $cookies = array(); 
     702     
     703    $cookies['logged_in'][] = array( 
     704        'domain' => $bb->cookiedomain, 
     705        'path' => $bb->cookiepath, 
     706        'name' => $bb->logged_in_cookie 
     707    ); 
     708     
     709    if ($bb->sitecookiepath && $bb->cookiepath != $bb->sitecookiepath) { 
     710        $cookies['logged_in'][] = array( 
     711            'domain' => $bb->cookiedomain, 
     712            'path' => $bb->sitecookiepath, 
     713            'name' => $bb->logged_in_cookie 
     714        ); 
     715    } 
     716     
     717    $cookies['auth'][] = array( 
     718        'domain' => $bb->cookiedomain, 
     719        'path' => $bb->admin_cookie_path, 
     720        'name' => $bb->authcookie 
     721    ); 
     722     
     723    $cookies['secure_auth'][] = array( 
     724        'domain' => $bb->cookiedomain, 
     725        'path' => $bb->admin_cookie_path, 
     726        'name' => $bb->secure_auth_cookie 
     727    ); 
     728     
     729    $cookies['auth'][] = array( 
     730        'domain' => $bb->cookiedomain, 
     731        'path' => $bb->core_plugins_cookie_path, 
     732        'name' => $bb->authcookie 
     733    ); 
     734     
     735    $cookies['secure_auth'][] = array( 
     736        'domain' => $bb->cookiedomain, 
     737        'path' => $bb->core_plugins_cookie_path, 
     738        'name' => $bb->secure_auth_cookie 
     739    ); 
     740     
     741    $cookies['auth'][] = array( 
     742        'domain' => $bb->cookiedomain, 
     743        'path' => $bb->user_plugins_cookie_path, 
     744        'name' => $bb->authcookie 
     745    ); 
     746     
     747    $cookies['secure_auth'][] = array( 
     748        'domain' => $bb->cookiedomain, 
     749        'path' => $bb->user_plugins_cookie_path, 
     750        'name' => $bb->secure_auth_cookie 
     751    ); 
     752     
     753    if ($bb->wp_admin_cookie_path) { 
     754        $cookies['auth'][] = array( 
     755            'domain' => $bb->cookiedomain, 
     756            'path' => $bb->wp_admin_cookie_path, 
     757            'name' => $bb->authcookie 
     758        ); 
     759     
     760        $cookies['secure_auth'][] = array( 
     761            'domain' => $bb->cookiedomain, 
     762            'path' => $bb->wp_admin_cookie_path, 
     763            'name' => $bb->secure_auth_cookie 
     764        ); 
     765    } 
     766     
     767    if ($bb->wp_plugins_cookie_path) { 
     768        $cookies['auth'][] = array( 
     769            'domain' => $bb->cookiedomain, 
     770            'path' => $bb->wp_plugins_cookie_path, 
     771            'name' => $bb->authcookie 
     772        ); 
     773     
     774        $cookies['secure_auth'][] = array( 
     775            'domain' => $bb->cookiedomain, 
     776            'path' => $bb->wp_plugins_cookie_path, 
     777            'name' => $bb->secure_auth_cookie 
     778        ); 
     779    } 
     780     
    653781    /** 
    654782     * WP_Auth object 
    655783     */ 
    656     $wp_auth_object = new WP_Auth( $bbdb, $wp_users_object, array( 
    657         'domain' => $bb->cookiedomain, 
    658         'path' => array( $bb->cookiepath, $bb->sitecookiepath ), 
    659         'name' => $bb->authcookie 
    660     ) ); 
     784    $wp_auth_object = new WP_Auth( 
     785        $bbdb, 
     786        $wp_users_object, 
     787        $cookies 
     788    ); 
     789     
     790    unset($cookies); 
    661791} 
    662792 
  • trunk/edit.php

    r1575 r1588  
    22require('./bb-load.php'); 
    33 
    4 bb_auth(); 
     4bb_auth('logged_in'); 
    55 
    66$post_id = (int) $_GET['id']; 
  • trunk/favorites.php

    r1575 r1588  
    22require_once('./bb-load.php'); 
    33 
    4 bb_auth(); 
     4bb_auth('logged_in'); 
    55 
    66if ( !bb_current_user_can( 'edit_favorites_of', $user_id ) ) 
  • trunk/profile-edit.php

    r1585 r1588  
    44bb_ssl_redirect(); 
    55 
    6 bb_auth(); 
     6bb_auth('logged_in'); 
    77 
    88if ( !bb_current_user_can( 'edit_user', $user_id ) ) { 
  • trunk/tag-add.php

    r1026 r1588  
    22require('./bb-load.php'); 
    33 
    4 bb_auth(); 
     4bb_auth('logged_in'); 
    55 
    66if ( !bb_is_user_logged_in() ) 
  • trunk/tag-remove.php

    r1285 r1588  
    22require('./bb-load.php'); 
    33 
    4 bb_auth(); 
     4bb_auth('logged_in'); 
    55 
    66$tag_id = (int) @$_GET['tag']; 
Note: See TracChangeset for help on using the changeset viewer.