kage password hashing algorithm.
*
* @since 2.5.0
*
* @global PasswordHash $wp_hasher PHPass object.
*
* @param string $password Plain text user password to hash.
* @return string The hash string of the password.
*/
function wp_hash_password( $password ) {
global $wp_hasher;
if ( empty( $wp_hasher ) ) {
require_once ABSPATH . WPINC . '/class-phpass.php';
// By default, use the portable hash from phpass.
$wp_hasher = new PasswordHash( 8, true );
}
return $wp_hasher->HashPassword( trim( $password ) );
}
endif;
if ( ! function_exists( 'wp_check_password' ) ) :
/**
* Checks a plaintext password against a hashed password.
*
* Maintains compatibility between old version and the new cookie authentication
* protocol using PHPass library. The $hash parameter is the encrypted password
* and the function compares the plain text password when encrypted similarly
* against the already encrypted password to see if they match.
*
* For integration with other applications, this function can be overwritten to
* instead use the other package password hashing algorithm.
*
* @since 2.5.0
*
* @global PasswordHash $wp_hasher PHPass object used for checking the password
* against the $hash + $password.
* @uses PasswordHash::CheckPassword
*
* @param string $password Plaintext user's password.
* @param string $hash Hash of the user's password to check against.
* @param string|int $user_id Optional. User ID.
* @return bool False, if the $password does not match the hashed password.
*/
function wp_check_password( $password, $hash, $user_id = '' ) {
global $wp_hasher;
// If the hash is still md5...
if ( strlen( $hash ) <= 32 ) {
$check = hash_equals( $hash, md5( $password ) );
if ( $check && $user_id ) {
// Rehash using new hash.
wp_set_password( $password, $user_id );
$hash = wp_hash_password( $password );
}
/**
* Filters whether the plaintext password matches the encrypted password.
*
* @since 2.5.0
*
* @param bool $check Whether the passwords match.
* @param string $password The plaintext password.
* @param string $hash The hashed password.
* @param string|int $user_id User ID. Can be empty.
*/
return apply_filters( 'check_password', $check, $password, $hash, $user_id );
}
/*
* If the stored hash is longer than an MD5,
* presume the new style phpass portable hash.
*/
if ( empty( $wp_hasher ) ) {
require_once ABSPATH . WPINC . '/class-phpass.php';
// By default, use the portable hash from phpass.
$wp_hasher = new PasswordHash( 8, true );
}
$check = $wp_hasher->CheckPassword( $password, $hash );
/** This filter is documented in wp-includes/pluggable.php */
return apply_filters( 'check_password', $check, $password, $hash, $user_id );
}
endif;
if ( ! function_exists( 'wp_generate_password' ) ) :
/**
* Generates a random password drawn from the defined set of characters.
*
* Uses wp_rand() to create passwords with far less predictability
* than similar native PHP functions like `rand()` or `mt_rand()`.
*
* @since 2.5.0
*
* @param int $length Optional. The length of password to generate. Default 12.
* @param bool $special_chars Optional. Whether to include standard special characters.
* Default true.
* @param bool $extra_special_chars Optional. Whether to include other special characters.
* Used when generating secret keys and salts. Default false.
* @return string The random password.
*/
function wp_generate_password( $length = 12, $special_chars = true, $extra_special_chars = false ) {
$chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
if ( $special_chars ) {
$chars .= '!@#$%^&*()';
}
if ( $extra_special_chars ) {
$chars .= '-_ []{}<>~`+=,.;:/?|';
}
$password = '';
for ( $i = 0; $i < $length; $i++ ) {
$password .= substr( $chars, wp_rand( 0, strlen( $chars ) - 1 ), 1 );
}
/**
* Filters the randomly-generated password.
*
* @since 3.0.0
* @since 5.3.0 Added the `$length`, `$special_chars`, and `$extra_special_chars` parameters.
*
* @param string $password The generated password.
* @param int $length The length of password to generate.
* @param bool $special_chars Whether to include standard special characters.
* @param bool $extra_special_chars Whether to include other special characters.
*/
return apply_filters( 'random_password', $password, $length, $special_chars, $extra_special_chars );
}
endif;
if ( ! function_exists( 'wp_rand' ) ) :
/**
* Generates a random non-negative number.
*
* @since 2.6.2
* @since 4.4.0 Uses PHP7 random_int() or the random_compat library if available.
* @since 6.1.0 Returns zero instead of a random number if both `$min` and `$max` are zero.
*
* @global string $rnd_value
*
* @param int $min Optional. Lower limit for the generated number.
* Accepts positive integers or zero. Defaults to 0.
* @param int $max Optional. Upper limit for the generated number.
* Accepts positive integers. Defaults to 4294967295.
* @return int A random non-negative number between min and max.
*/
function wp_rand( $min = null, $max = null ) {
global $rnd_value;
/*
* Some misconfigured 32-bit environments (Entropy PHP, for example)
* truncate integers larger than PHP_INT_MAX to PHP_INT_MAX rather than overflowing them to floats.
*/
$max_random_number = 3000000000 === 2147483647 ? (float) '4294967295' : 4294967295; // 4294967295 = 0xffffffff
if ( null === $min ) {
$min = 0;
}
if ( null === $max ) {
$max = $max_random_number;
}
// We only handle ints, floats are truncated to their integer value.
$min = (int) $min;
$max = (int) $max;
// Use PHP's CSPRNG, or a compatible method.
static $use_random_int_functionality = true;
if ( $use_random_int_functionality ) {
try {
// wp_rand() can accept arguments in either order, PHP cannot.
$_max = max( $min, $max );
$_min = min( $min, $max );
$val = random_int( $_min, $_max );
if ( false !== $val ) {
return absint( $val );
} else {
$use_random_int_functionality = false;
}
} catch ( Error $e ) {
$use_random_int_functionality = false;
} catch ( Exception $e ) {
$use_random_int_functionality = false;
}
}
/*
* Reset $rnd_value after 14 uses.
* 32 (md5) + 40 (sha1) + 40 (sha1) / 8 = 14 random numbers from $rnd_value.
*/
if ( strlen( $rnd_value ) < 8 ) {
if ( defined( 'WP_SETUP_CONFIG' ) ) {
static $seed = '';
} else {
$seed = get_transient( 'random_seed' );
}
$rnd_value = md5( uniqid( microtime() . mt_rand(), true ) . $seed );
$rnd_value .= sha1( $rnd_value );
$rnd_value .= sha1( $rnd_value . $seed );
$seed = md5( $seed . $rnd_value );
if ( ! defined( 'WP_SETUP_CONFIG' ) && ! defined( 'WP_INSTALLING' ) ) {
set_transient( 'random_seed', $seed );
}
}
// Take the first 8 digits for our value.
$value = substr( $rnd_value, 0, 8 );
// Strip the first eight, leaving the remainder for the next call to wp_rand().
$rnd_value = substr( $rnd_value, 8 );
$value = abs( hexdec( $value ) );
// Reduce the value to be within the min - max range.
$value = $min + ( $max - $min + 1 ) * $value / ( $max_random_number + 1 );
return abs( (int) $value );
}
endif;
if ( ! function_exists( 'wp_set_password' ) ) :
/**
* Updates the user's password with a new hashed one.
*
* For integration with other applications, this function can be overwritten to
* instead use the other package password checking algorithm.
*
* Please note: This function should be used sparingly and is really only meant for single-time
* application. Leveraging this improperly in a plugin or theme could result in an endless loop
* of password resets if precautions are not taken to ensure it does not execute on every page load.
*
* @since 2.5.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param string $password The plaintext new user password.
* @param int $user_id User ID.
*/
function wp_set_password( $password, $user_id ) {
global $wpdb;
$old_user_data = get_userdata( $user_id );
$hash = wp_hash_password( $password );
$wpdb->update(
$wpdb->users,
array(
'user_pass' => $hash,
'user_activation_key' => '',
),
array( 'ID' => $user_id )
);
clean_user_cache( $user_id );
/**
* Fires after the user password is set.
*
* @since 6.2.0
* @since 6.7.0 The `$old_user_data` parameter was added.
*
* @param string $password The plaintext password just set.
* @param int $user_id The ID of the user whose password was just set.
* @param WP_User $old_user_data Object containing user's data prior to update.
*/
do_action( 'wp_set_password', $password, $user_id, $old_user_data );
}
endif;
if ( ! function_exists( 'get_avatar' ) ) :
/**
* Retrieves the avatar `![]()
` tag for a user, email address, MD5 hash, comment, or post.
*
* @since 2.5.0
* @since 4.2.0 Added the optional `$args` parameter.
* @since 5.5.0 Added the `loading` argument.
* @since 6.1.0 Added the `decoding` argument.
* @since 6.3.0 Added the `fetchpriority` argument.
*
* @param mixed $id_or_email The avatar to retrieve. Accepts a user ID, Gravatar MD5 hash,
* user email, WP_User object, WP_Post object, or WP_Comment object.
* @param int $size Optional. Height and width of the avatar in pixels. Default 96.
* @param string $default_value URL for the default image or a default type. Accepts:
* - '404' (return a 404 instead of a default image)
* - 'retro' (a 8-bit arcade-style pixelated face)
* - 'robohash' (a robot)
* - 'monsterid' (a monster)
* - 'wavatar' (a cartoon face)
* - 'identicon' (the "quilt", a geometric pattern)
* - 'mystery', 'mm', or 'mysteryman' (The Oyster Man)
* - 'blank' (transparent GIF)
* - 'gravatar_default' (the Gravatar logo)
* Default is the value of the 'avatar_default' option,
* with a fallback of 'mystery'.
* @param string $alt Optional. Alternative text to use in the avatar image tag.
* Default empty.
* @param array $args {
* Optional. Extra arguments to retrieve the avatar.
*
* @type int $height Display height of the avatar in pixels. Defaults to $size.
* @type int $width Display width of the avatar in pixels. Defaults to $size.
* @type bool $force_default Whether to always show the default image, never the Gravatar.
* Default false.
* @type string $rating What rating to display avatars up to. Accepts:
* - 'G' (suitable for all audiences)
* - 'PG' (possibly offensive, usually for audiences 13 and above)
* - 'R' (intended for adult audiences above 17)
* - 'X' (even more mature than above)
* Default is the value of the 'avatar_rating' option.
* @type string $scheme URL scheme to use. See set_url_scheme() for accepted values.
* Default null.
* @type array|string $class Array or string of additional classes to add to the img element.
* Default null.
* @type bool $force_display Whether to always show the avatar - ignores the show_avatars option.
* Default false.
* @type string $loading Value for the `loading` attribute.
* Default null.
* @type string $fetchpriority Value for the `fetchpriority` attribute.
* Default null.
* @type string $decoding Value for the `decoding` attribute.
* Default null.
* @type string $extra_attr HTML attributes to insert in the IMG element. Is not sanitized.
* Default empty.
* }
* @return string|false `![]()
` tag for the user's avatar. False on failure.
*/
function get_avatar( $id_or_email, $size = 96, $default_value = '', $alt = '', $args = null ) {
$defaults = array(
// get_avatar_data() args.
'size' => 96,
'height' => null,
'width' => null,
'default' => get_option( 'avatar_default', 'mystery' ),
'force_default' => false,
'rating' => get_option( 'avatar_rating' ),
'scheme' => null,
'alt' => '',
'class' => null,
'force_display' => false,
'loading' => null,
'fetchpriority' => null,
'decoding' => null,
'extra_attr' => '',
);
if ( empty( $args ) ) {
$args = array();
}
$args['size'] = (int) $size;
$args['default'] = $default_value;
$args['alt'] = $alt;
$args = wp_parse_args( $args, $defaults );
if ( empty( $args['height'] ) ) {
$args['height'] = $args['size'];
}
if ( empty( $args['width'] ) ) {
$args['width'] = $args['size'];
}
// Update args with loading optimized attributes.
$loading_optimization_attr = wp_get_loading_optimization_attributes( 'img', $args, 'get_avatar' );
$args = array_merge( $args, $loading_optimization_attr );
if ( is_object( $id_or_email ) && isset( $id_or_email->comment_ID ) ) {
$id_or_email = get_comment( $id_or_email );
}
/**
* Allows the HTML for a user's avatar to be returned early.
*
* Returning a non-null value will effectively short-circuit get_avatar(), passing
* the value through the {@see 'get_avatar'} filter and returning early.
*
* @since 4.2.0
*
* @param string|null $avatar HTML for the user's avatar. Default null.
* @param mixed $id_or_email The avatar to retrieve. Accepts a user ID, Gravatar MD5 hash,
* user email, WP_User object, WP_Post object, or WP_Comment object.
* @param array $args Arguments passed to get_avatar_url(), after processing.
*/
$avatar = apply_filters( 'pre_get_avatar', null, $id_or_email, $args );
if ( ! is_null( $avatar ) ) {
/** This filter is documented in wp-includes/pluggable.php */
return apply_filters( 'get_avatar', $avatar, $id_or_email, $args['size'], $args['default'], $args['alt'], $args );
}
if ( ! $args['force_display'] && ! get_option( 'show_avatars' ) ) {
return false;
}
$url2x = get_avatar_url( $id_or_email, array_merge( $args, array( 'size' => $args['size'] * 2 ) ) );
$args = get_avatar_data( $id_or_email, $args );
$url = $args['url'];
if ( ! $url || is_wp_error( $url ) ) {
return false;
}
$class = array( 'avatar', 'avatar-' . (int) $args['size'], 'photo' );
if ( ! $args['found_avatar'] || $args['force_default'] ) {
$class[] = 'avatar-default';
}
if ( $args['class'] ) {
if ( is_array( $args['class'] ) ) {
$class = array_merge( $class, $args['class'] );
} else {
$class[] = $args['class'];
}
}
// Add `loading`, `fetchpriority`, and `decoding` attributes.
$extra_attr = $args['extra_attr'];
if ( in_array( $args['loading'], array( 'lazy', 'eager' ), true )
&& ! preg_match( '/\bloading\s*=/', $extra_attr )
) {
if ( ! empty( $extra_attr ) ) {
$extra_attr .= ' ';
}
$extra_attr .= "loading='{$args['loading']}'";
}
if ( in_array( $args['fetchpriority'], array( 'high', 'low', 'auto' ), true )
&& ! preg_match( '/\bfetchpriority\s*=/', $extra_attr )
) {
if ( ! empty( $extra_attr ) ) {
$extra_attr .= ' ';
}
$extra_attr .= "fetchpriority='{$args['fetchpriority']}'";
}
if ( in_array( $args['decoding'], array( 'async', 'sync', 'auto' ), true )
&& ! preg_match( '/\bdecoding\s*=/', $extra_attr )
) {
if ( ! empty( $extra_attr ) ) {
$extra_attr .= ' ';
}
$extra_attr .= "decoding='{$args['decoding']}'";
}
$avatar = sprintf(
"
",
esc_attr( $args['alt'] ),
esc_url( $url ),
esc_url( $url2x ) . ' 2x',
esc_attr( implode( ' ', $class ) ),
(int) $args['height'],
(int) $args['width'],
$extra_attr
);
/**
* Filters the HTML for a user's avatar.
*
* @since 2.5.0
* @since 4.2.0 Added the `$args` parameter.
*
* @param string $avatar HTML for the user's avatar.
* @param mixed $id_or_email The avatar to retrieve. Accepts a user ID, Gravatar MD5 hash,
* user email, WP_User object, WP_Post object, or WP_Comment object.
* @param int $size Height and width of the avatar in pixels.
* @param string $default_value URL for the default image or a default type. Accepts:
* - '404' (return a 404 instead of a default image)
* - 'retro' (a 8-bit arcade-style pixelated face)
* - 'robohash' (a robot)
* - 'monsterid' (a monster)
* - 'wavatar' (a cartoon face)
* - 'identicon' (the "quilt", a geometric pattern)
* - 'mystery', 'mm', or 'mysteryman' (The Oyster Man)
* - 'blank' (transparent GIF)
* - 'gravatar_default' (the Gravatar logo)
* @param string $alt Alternative text to use in the avatar image tag.
* @param array $args Arguments passed to get_avatar_data(), after processing.
*/
return apply_filters( 'get_avatar', $avatar, $id_or_email, $args['size'], $args['default'], $args['alt'], $args );
}
endif;
if ( ! function_exists( 'wp_text_diff' ) ) :
/**
* Displays a human readable HTML representation of the difference between two strings.
*
* The Diff is available for getting the changes between versions. The output is
* HTML, so the primary use is for displaying the changes. If the two strings
* are equivalent, then an empty string will be returned.
*
* @since 2.6.0
*
* @see wp_parse_args() Used to change defaults to user defined settings.
* @uses Text_Diff
* @uses WP_Text_Diff_Renderer_Table
*
* @param string $left_string "old" (left) version of string.
* @param string $right_string "new" (right) version of string.
* @param string|array $args {
* Associative array of options to pass to WP_Text_Diff_Renderer_Table().
*
* @type string $title Titles the diff in a manner compatible
* with the output. Default empty.
* @type string $title_left Change the HTML to the left of the title.
* Default empty.
* @type string $title_right Change the HTML to the right of the title.
* Default empty.
* @type bool $show_split_view True for split view (two columns), false for
* un-split view (single column). Default true.
* }
* @return string Empty string if strings are equivalent or HTML with differences.
*/
function wp_text_diff( $left_string, $right_string, $args = null ) {
$defaults = array(
'title' => '',
'title_left' => '',
'title_right' => '',
'show_split_view' => true,
);
$args = wp_parse_args( $args, $defaults );
if ( ! class_exists( 'WP_Text_Diff_Renderer_Table', false ) ) {
require ABSPATH . WPINC . '/wp-diff.php';
}
$left_string = normalize_whitespace( $left_string );
$right_string = normalize_whitespace( $right_string );
$left_lines = explode( "\n", $left_string );
$right_lines = explode( "\n", $right_string );
$text_diff = new Text_Diff( $left_lines, $right_lines );
$renderer = new WP_Text_Diff_Renderer_Table( $args );
$diff = $renderer->render( $text_diff );
if ( ! $diff ) {
return '';
}
$is_split_view = ! empty( $args['show_split_view'] );
$is_split_view_class = $is_split_view ? ' is-split-view' : '';
$r = "\n";
if ( $args['title'] ) {
$r .= "$args[title]\n";
}
if ( $args['title_left'] || $args['title_right'] ) {
$r .= '';
}
if ( $args['title_left'] || $args['title_right'] ) {
$th_or_td_left = empty( $args['title_left'] ) ? 'td' : 'th';
$th_or_td_right = empty( $args['title_right'] ) ? 'td' : 'th';
$r .= "\n";
$r .= "\t<$th_or_td_left>$args[title_left]\n";
if ( $is_split_view ) {
$r .= "\t<$th_or_td_right>$args[title_right]\n";
}
$r .= "
\n";
}
if ( $args['title_left'] || $args['title_right'] ) {
$r .= "\n";
}
$r .= "\n$diff\n\n";
$r .= '
';
return $r;
}
endif;