-
+ C307235A69872B89439105448D217D8CB531AC9BA8F28FB45C152C73876BCEBA3245E157D7C8BA59BD2494EE5C94A2DF3D4AAF08060E9A14A95B4767915A8BC1mp-wp/wp-includes/pluggable.php(0 . 0)(1 . 1739)
137513 <?php
137514 /**
137515 * These functions can be replaced via plugins. If plugins do not redefine these
137516 * functions, then these will be used instead.
137517 *
137518 * @package WordPress
137519 */
137520
137521 if ( !function_exists('set_current_user') ) :
137522 /**
137523 * Changes the current user by ID or name.
137524 *
137525 * Set $id to null and specify a name if you do not know a user's ID.
137526 *
137527 * @since 2.0.1
137528 * @see wp_set_current_user() An alias of wp_set_current_user()
137529 *
137530 * @param int|null $id User ID.
137531 * @param string $name Optional. The user's username
137532 * @return object returns wp_set_current_user()
137533 */
137534 function set_current_user($id, $name = '') {
137535 return wp_set_current_user($id, $name);
137536 }
137537 endif;
137538
137539 if ( !function_exists('wp_set_current_user') ) :
137540 /**
137541 * Changes the current user by ID or name.
137542 *
137543 * Set $id to null and specify a name if you do not know a user's ID.
137544 *
137545 * Some WordPress functionality is based on the current user and not based on
137546 * the signed in user. Therefore, it opens the ability to edit and perform
137547 * actions on users who aren't signed in.
137548 *
137549 * @since 2.0.4
137550 * @global object $current_user The current user object which holds the user data.
137551 * @uses do_action() Calls 'set_current_user' hook after setting the current user.
137552 *
137553 * @param int $id User ID
137554 * @param string $name User's username
137555 * @return WP_User Current user User object
137556 */
137557 function wp_set_current_user($id, $name = '') {
137558 global $current_user;
137559
137560 if ( isset($current_user) && ($id == $current_user->ID) )
137561 return $current_user;
137562
137563 $current_user = new WP_User($id, $name);
137564
137565 setup_userdata($current_user->ID);
137566
137567 do_action('set_current_user');
137568
137569 return $current_user;
137570 }
137571 endif;
137572
137573 if ( !function_exists('wp_get_current_user') ) :
137574 /**
137575 * Retrieve the current user object.
137576 *
137577 * @since 2.0.4
137578 *
137579 * @return WP_User Current user WP_User object
137580 */
137581 function wp_get_current_user() {
137582 global $current_user;
137583
137584 get_currentuserinfo();
137585
137586 return $current_user;
137587 }
137588 endif;
137589
137590 if ( !function_exists('get_currentuserinfo') ) :
137591 /**
137592 * Populate global variables with information about the currently logged in user.
137593 *
137594 * Will set the current user, if the current user is not set. The current user
137595 * will be set to the logged in person. If no user is logged in, then it will
137596 * set the current user to 0, which is invalid and won't have any permissions.
137597 *
137598 * @since 0.71
137599 * @uses $current_user Checks if the current user is set
137600 * @uses wp_validate_auth_cookie() Retrieves current logged in user.
137601 *
137602 * @return bool|null False on XMLRPC Request and invalid auth cookie. Null when current user set
137603 */
137604 function get_currentuserinfo() {
137605 global $current_user;
137606
137607 if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST )
137608 return false;
137609
137610 if ( ! empty($current_user) )
137611 return;
137612
137613 if ( ! $user = wp_validate_auth_cookie() ) {
137614 if ( empty($_COOKIE[LOGGED_IN_COOKIE]) || !$user = wp_validate_auth_cookie($_COOKIE[LOGGED_IN_COOKIE], 'logged_in') ) {
137615 wp_set_current_user(0);
137616 return false;
137617 }
137618 }
137619
137620 wp_set_current_user($user);
137621 }
137622 endif;
137623
137624 if ( !function_exists('get_userdata') ) :
137625 /**
137626 * Retrieve user info by user ID.
137627 *
137628 * @since 0.71
137629 *
137630 * @param int $user_id User ID
137631 * @return bool|object False on failure, User DB row object
137632 */
137633 function get_userdata( $user_id ) {
137634 global $wpdb;
137635
137636 $user_id = absint($user_id);
137637 if ( $user_id == 0 )
137638 return false;
137639
137640 $user = wp_cache_get($user_id, 'users');
137641
137642 if ( $user )
137643 return $user;
137644
137645 if ( !$user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE ID = %d LIMIT 1", $user_id)) )
137646 return false;
137647
137648 _fill_user($user);
137649
137650 return $user;
137651 }
137652 endif;
137653
137654 if ( !function_exists('update_user_cache') ) :
137655 /**
137656 * Updates a users cache when overridden by a plugin.
137657 *
137658 * Core function does nothing.
137659 *
137660 * @since 1.5
137661 *
137662 * @return bool Only returns true
137663 */
137664 function update_user_cache() {
137665 return true;
137666 }
137667 endif;
137668
137669 if ( !function_exists('get_userdatabylogin') ) :
137670 /**
137671 * Retrieve user info by login name.
137672 *
137673 * @since 0.71
137674 *
137675 * @param string $user_login User's username
137676 * @return bool|object False on failure, User DB row object
137677 */
137678 function get_userdatabylogin($user_login) {
137679 global $wpdb;
137680 $user_login = sanitize_user( $user_login );
137681
137682 if ( empty( $user_login ) )
137683 return false;
137684
137685 $user_id = wp_cache_get($user_login, 'userlogins');
137686
137687 $user = false;
137688 if ( false !== $user_id )
137689 $user = wp_cache_get($user_id, 'users');
137690
137691 if ( false !== $user )
137692 return $user;
137693
137694 if ( !$user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_login = %s", $user_login)) )
137695 return false;
137696
137697 _fill_user($user);
137698
137699 return $user;
137700 }
137701 endif;
137702
137703 if ( !function_exists('get_user_by_email') ) :
137704 /**
137705 * Retrieve user info by email.
137706 *
137707 * @since 2.5
137708 *
137709 * @param string $email User's email address
137710 * @return bool|object False on failure, User DB row object
137711 */
137712 function get_user_by_email($email) {
137713 global $wpdb;
137714
137715 $user_id = wp_cache_get($email, 'useremail');
137716
137717 $user = false;
137718 if ( false !== $user_id )
137719 $user = wp_cache_get($user_id, 'users');
137720
137721 if ( false !== $user )
137722 return $user;
137723
137724 if ( !$user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_email = %s", $email)) )
137725 return false;
137726
137727 _fill_user($user);
137728
137729 return $user;
137730 }
137731 endif;
137732
137733 if ( !function_exists( 'wp_mail' ) ) :
137734 /**
137735 * Send mail, similar to PHP's mail
137736 *
137737 * A true return value does not automatically mean that the user received the
137738 * email successfully. It just only means that the method used was able to
137739 * process the request without any errors.
137740 *
137741 * Using the two 'wp_mail_from' and 'wp_mail_from_name' hooks allow from
137742 * creating a from address like 'Name <email@address.com>' when both are set. If
137743 * just 'wp_mail_from' is set, then just the email address will be used with no
137744 * name.
137745 *
137746 * The default content type is 'text/plain' which does not allow using HTML.
137747 * However, you can set the content type of the email by using the
137748 * 'wp_mail_content_type' filter.
137749 *
137750 * The default charset is based on the charset used on the blog. The charset can
137751 * be set using the 'wp_mail_charset' filter.
137752 *
137753 * @since 1.2.1
137754 * @uses apply_filters() Calls 'wp_mail' hook on an array of all of the parameters.
137755 * @uses apply_filters() Calls 'wp_mail_from' hook to get the from email address.
137756 * @uses apply_filters() Calls 'wp_mail_from_name' hook to get the from address name.
137757 * @uses apply_filters() Calls 'wp_mail_content_type' hook to get the email content type.
137758 * @uses apply_filters() Calls 'wp_mail_charset' hook to get the email charset
137759 * @uses do_action_ref_array() Calls 'phpmailer_init' hook on the reference to
137760 * phpmailer object.
137761 * @uses PHPMailer
137762 * @
137763 *
137764 * @param string $to Email address to send message
137765 * @param string $subject Email subject
137766 * @param string $message Message contents
137767 * @param string|array $headers Optional. Additional headers.
137768 * @param string|array $attachments Optional. Files to attach.
137769 * @return bool Whether the email contents were sent successfully.
137770 */
137771 function wp_mail( $to, $subject, $message, $headers = '', $attachments = array() ) {
137772 // Compact the input, apply the filters, and extract them back out
137773 extract( apply_filters( 'wp_mail', compact( 'to', 'subject', 'message', 'headers', 'attachments' ) ) );
137774
137775 if ( !is_array($attachments) )
137776 $attachments = explode( "\n", $attachments );
137777
137778 global $phpmailer;
137779
137780 // (Re)create it, if it's gone missing
137781 if ( !is_object( $phpmailer ) || !is_a( $phpmailer, 'PHPMailer' ) ) {
137782 require_once ABSPATH . WPINC . '/class-phpmailer.php';
137783 require_once ABSPATH . WPINC . '/class-smtp.php';
137784 $phpmailer = new PHPMailer();
137785 }
137786
137787 // Headers
137788 if ( empty( $headers ) ) {
137789 $headers = array();
137790 } elseif ( !is_array( $headers ) ) {
137791 // Explode the headers out, so this function can take both
137792 // string headers and an array of headers.
137793 $tempheaders = (array) explode( "\n", $headers );
137794 $headers = array();
137795
137796 // If it's actually got contents
137797 if ( !empty( $tempheaders ) ) {
137798 // Iterate through the raw headers
137799 foreach ( (array) $tempheaders as $header ) {
137800 if ( strpos($header, ':') === false )
137801 continue;
137802 // Explode them out
137803 list( $name, $content ) = explode( ':', trim( $header ), 2 );
137804
137805 // Cleanup crew
137806 $name = trim( $name );
137807 $content = trim( $content );
137808
137809 // Mainly for legacy -- process a From: header if it's there
137810 if ( 'from' == strtolower($name) ) {
137811 if ( strpos($content, '<' ) !== false ) {
137812 // So... making my life hard again?
137813 $from_name = substr( $content, 0, strpos( $content, '<' ) - 1 );
137814 $from_name = str_replace( '"', '', $from_name );
137815 $from_name = trim( $from_name );
137816
137817 $from_email = substr( $content, strpos( $content, '<' ) + 1 );
137818 $from_email = str_replace( '>', '', $from_email );
137819 $from_email = trim( $from_email );
137820 } else {
137821 $from_name = trim( $content );
137822 }
137823 } elseif ( 'content-type' == strtolower($name) ) {
137824 if ( strpos( $content,';' ) !== false ) {
137825 list( $type, $charset ) = explode( ';', $content );
137826 $content_type = trim( $type );
137827 $charset = trim( str_replace( array( 'charset=', '"' ), '', $charset ) );
137828 } else {
137829 $content_type = trim( $content );
137830 }
137831 } elseif ( 'cc' == strtolower($name) ) {
137832 $cc = explode(",", $content);
137833 } elseif ( 'bcc' == strtolower($name) ) {
137834 $bcc = explode(",", $content);
137835 } else {
137836 // Add it to our grand headers array
137837 $headers[trim( $name )] = trim( $content );
137838 }
137839 }
137840 }
137841 }
137842
137843 // Empty out the values that may be set
137844 $phpmailer->ClearAddresses();
137845 $phpmailer->ClearAllRecipients();
137846 $phpmailer->ClearAttachments();
137847 $phpmailer->ClearBCCs();
137848 $phpmailer->ClearCCs();
137849 $phpmailer->ClearCustomHeaders();
137850 $phpmailer->ClearReplyTos();
137851
137852 // From email and name
137853 // If we don't have a name from the input headers
137854 if ( !isset( $from_name ) ) {
137855 $from_name = 'WordPress';
137856 }
137857
137858 // If we don't have an email from the input headers
137859 if ( !isset( $from_email ) ) {
137860 // Get the site domain and get rid of www.
137861 $sitename = strtolower( $_SERVER['SERVER_NAME'] );
137862 if ( substr( $sitename, 0, 4 ) == 'www.' ) {
137863 $sitename = substr( $sitename, 4 );
137864 }
137865
137866 $from_email = 'wordpress@' . $sitename;
137867 }
137868
137869 // Set the from name and email
137870 $phpmailer->From = apply_filters( 'wp_mail_from', $from_email );
137871 $phpmailer->FromName = apply_filters( 'wp_mail_from_name', $from_name );
137872
137873 // Set destination address
137874 $phpmailer->AddAddress( $to );
137875
137876 // Set mail's subject and body
137877 $phpmailer->Subject = $subject;
137878 $phpmailer->Body = $message;
137879
137880 // Add any CC and BCC recipients
137881 if ( !empty($cc) ) {
137882 foreach ( (array) $cc as $recipient ) {
137883 $phpmailer->AddCc( trim($recipient) );
137884 }
137885 }
137886 if ( !empty($bcc) ) {
137887 foreach ( (array) $bcc as $recipient) {
137888 $phpmailer->AddBcc( trim($recipient) );
137889 }
137890 }
137891
137892 // Set to use PHP's mail()
137893 $phpmailer->IsMail();
137894
137895 // Set Content-Type and charset
137896 // If we don't have a content-type from the input headers
137897 if ( !isset( $content_type ) ) {
137898 $content_type = 'text/plain';
137899 }
137900
137901 $content_type = apply_filters( 'wp_mail_content_type', $content_type );
137902
137903 // Set whether it's plaintext or not, depending on $content_type
137904 if ( $content_type == 'text/html' ) {
137905 $phpmailer->IsHTML( true );
137906 } else {
137907 $phpmailer->IsHTML( false );
137908 }
137909
137910 // If we don't have a charset from the input headers
137911 if ( !isset( $charset ) ) {
137912 $charset = get_bloginfo( 'charset' );
137913 }
137914
137915 // Set the content-type and charset
137916 $phpmailer->CharSet = apply_filters( 'wp_mail_charset', $charset );
137917
137918 // Set custom headers
137919 if ( !empty( $headers ) ) {
137920 foreach( (array) $headers as $name => $content ) {
137921 $phpmailer->AddCustomHeader( sprintf( '%1$s: %2$s', $name, $content ) );
137922 }
137923 }
137924
137925 if ( !empty( $attachments ) ) {
137926 foreach ( $attachments as $attachment ) {
137927 $phpmailer->AddAttachment($attachment);
137928 }
137929 }
137930
137931 do_action_ref_array( 'phpmailer_init', array( &$phpmailer ) );
137932
137933 // Send!
137934 $result = @$phpmailer->Send();
137935
137936 return $result;
137937 }
137938 endif;
137939
137940 if ( !function_exists('wp_authenticate') ) :
137941 /**
137942 * Checks a user's login information and logs them in if it checks out.
137943 *
137944 * @since 2.5.0
137945 *
137946 * @param string $username User's username
137947 * @param string $password User's password
137948 * @return WP_Error|WP_User WP_User object if login successful, otherwise WP_Error object.
137949 */
137950 function wp_authenticate($username, $password) {
137951 $username = sanitize_user($username);
137952
137953 if ( '' == $username )
137954 return new WP_Error('empty_username', __('<strong>ERROR</strong>: The username field is empty.'));
137955
137956 if ( '' == $password )
137957 return new WP_Error('empty_password', __('<strong>ERROR</strong>: The password field is empty.'));
137958
137959 $user = get_userdatabylogin($username);
137960
137961 if ( !$user || ($user->user_login != $username) ) {
137962 do_action( 'wp_login_failed', $username );
137963 return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Invalid username.'));
137964 }
137965
137966 $user = apply_filters('wp_authenticate_user', $user, $password);
137967 if ( is_wp_error($user) ) {
137968 do_action( 'wp_login_failed', $username );
137969 return $user;
137970 }
137971
137972 if ( !wp_check_password($password, $user->user_pass, $user->ID) ) {
137973 do_action( 'wp_login_failed', $username );
137974 return new WP_Error('incorrect_password', __('<strong>ERROR</strong>: Incorrect password.'));
137975 }
137976
137977 return new WP_User($user->ID);
137978 }
137979 endif;
137980
137981 if ( !function_exists('wp_logout') ) :
137982 /**
137983 * Log the current user out.
137984 *
137985 * @since 2.5.0
137986 */
137987 function wp_logout() {
137988 wp_clear_auth_cookie();
137989 do_action('wp_logout');
137990 }
137991 endif;
137992
137993 if ( !function_exists('wp_validate_auth_cookie') ) :
137994 /**
137995 * Validates authentication cookie.
137996 *
137997 * The checks include making sure that the authentication cookie is set and
137998 * pulling in the contents (if $cookie is not used).
137999 *
138000 * Makes sure the cookie is not expired. Verifies the hash in cookie is what is
138001 * should be and compares the two.
138002 *
138003 * @since 2.5
138004 *
138005 * @param string $cookie Optional. If used, will validate contents instead of cookie's
138006 * @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in
138007 * @return bool|int False if invalid cookie, User ID if valid.
138008 */
138009 function wp_validate_auth_cookie($cookie = '', $scheme = '') {
138010 if ( ! $cookie_elements = wp_parse_auth_cookie($cookie, $scheme) ) {
138011 do_action('auth_cookie_malformed', $cookie, $scheme);
138012 return false;
138013 }
138014
138015 extract($cookie_elements, EXTR_OVERWRITE);
138016
138017 $expired = $expiration;
138018
138019 // Allow a grace period for POST and AJAX requests
138020 if ( defined('DOING_AJAX') || 'POST' == $_SERVER['REQUEST_METHOD'] )
138021 $expired += 3600;
138022
138023 // Quick check to see if an honest cookie has expired
138024 if ( $expired < time() ) {
138025 do_action('auth_cookie_expired', $cookie_elements);
138026 return false;
138027 }
138028
138029 $key = wp_hash($username . '|' . $expiration, $scheme);
138030 $hash = hash_hmac('md5', $username . '|' . $expiration, $key);
138031
138032 if ( $hmac != $hash ) {
138033 do_action('auth_cookie_bad_hash', $cookie_elements);
138034 return false;
138035 }
138036
138037 $user = get_userdatabylogin($username);
138038 if ( ! $user ) {
138039 do_action('auth_cookie_bad_username', $cookie_elements);
138040 return false;
138041 }
138042
138043 do_action('auth_cookie_valid', $cookie_elements, $user);
138044
138045 return $user->ID;
138046 }
138047 endif;
138048
138049 if ( !function_exists('wp_generate_auth_cookie') ) :
138050 /**
138051 * Generate authentication cookie contents.
138052 *
138053 * @since 2.5
138054 * @uses apply_filters() Calls 'auth_cookie' hook on $cookie contents, User ID
138055 * and expiration of cookie.
138056 *
138057 * @param int $user_id User ID
138058 * @param int $expiration Cookie expiration in seconds
138059 * @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in
138060 * @return string Authentication cookie contents
138061 */
138062 function wp_generate_auth_cookie($user_id, $expiration, $scheme = 'auth') {
138063 $user = get_userdata($user_id);
138064
138065 $key = wp_hash($user->user_login . '|' . $expiration, $scheme);
138066 $hash = hash_hmac('md5', $user->user_login . '|' . $expiration, $key);
138067
138068 $cookie = $user->user_login . '|' . $expiration . '|' . $hash;
138069
138070 return apply_filters('auth_cookie', $cookie, $user_id, $expiration, $scheme);
138071 }
138072 endif;
138073
138074 if ( !function_exists('wp_parse_auth_cookie') ) :
138075 /**
138076 * Parse a cookie into its components
138077 *
138078 * @since 2.7
138079 *
138080 * @param string $cookie
138081 * @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in
138082 * @return array Authentication cookie components
138083 */
138084 function wp_parse_auth_cookie($cookie = '', $scheme = '') {
138085 if ( empty($cookie) ) {
138086 switch ($scheme){
138087 case 'auth':
138088 $cookie_name = AUTH_COOKIE;
138089 break;
138090 case 'secure_auth':
138091 $cookie_name = SECURE_AUTH_COOKIE;
138092 break;
138093 case "logged_in":
138094 $cookie_name = LOGGED_IN_COOKIE;
138095 break;
138096 default:
138097 if ( is_ssl() ) {
138098 $cookie_name = SECURE_AUTH_COOKIE;
138099 $scheme = 'secure_auth';
138100 } else {
138101 $cookie_name = AUTH_COOKIE;
138102 $scheme = 'auth';
138103 }
138104 }
138105
138106 if ( empty($_COOKIE[$cookie_name]) )
138107 return false;
138108 $cookie = $_COOKIE[$cookie_name];
138109 }
138110
138111 $cookie_elements = explode('|', $cookie);
138112 if ( count($cookie_elements) != 3 )
138113 return false;
138114
138115 list($username, $expiration, $hmac) = $cookie_elements;
138116
138117 return compact('username', 'expiration', 'hmac', 'scheme');
138118 }
138119 endif;
138120
138121 if ( !function_exists('wp_set_auth_cookie') ) :
138122 /**
138123 * Sets the authentication cookies based User ID.
138124 *
138125 * The $remember parameter increases the time that the cookie will be kept. The
138126 * default the cookie is kept without remembering is two days. When $remember is
138127 * set, the cookies will be kept for 14 days or two weeks.
138128 *
138129 * @since 2.5
138130 *
138131 * @param int $user_id User ID
138132 * @param bool $remember Whether to remember the user or not
138133 */
138134 function wp_set_auth_cookie($user_id, $remember = false, $secure = '') {
138135 if ( $remember ) {
138136 $expiration = $expire = time() + 1209600;
138137 } else {
138138 $expiration = time() + 172800;
138139 $expire = 0;
138140 }
138141
138142 if ( '' === $secure )
138143 $secure = is_ssl() ? true : false;
138144
138145 if ( $secure ) {
138146 $auth_cookie_name = SECURE_AUTH_COOKIE;
138147 $scheme = 'secure_auth';
138148 } else {
138149 $auth_cookie_name = AUTH_COOKIE;
138150 $scheme = 'auth';
138151 }
138152
138153 $auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme);
138154 $logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in');
138155
138156 do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme);
138157 do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in');
138158
138159 // Set httponly if the php version is >= 5.2.0
138160 if ( version_compare(phpversion(), '5.2.0', 'ge') ) {
138161 setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
138162 setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
138163 setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, false, true);
138164 if ( COOKIEPATH != SITECOOKIEPATH )
138165 setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, false, true);
138166 } else {
138167 $cookie_domain = COOKIE_DOMAIN;
138168 if ( !empty($cookie_domain) )
138169 $cookie_domain .= '; HttpOnly';
138170 setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, $cookie_domain, $secure);
138171 setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, $cookie_domain, $secure);
138172 setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, $cookie_domain);
138173 if ( COOKIEPATH != SITECOOKIEPATH )
138174 setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, $cookie_domain);
138175 }
138176 }
138177 endif;
138178
138179 if ( !function_exists('wp_clear_auth_cookie') ) :
138180 /**
138181 * Removes all of the cookies associated with authentication.
138182 *
138183 * @since 2.5
138184 */
138185 function wp_clear_auth_cookie() {
138186 do_action('clear_auth_cookie');
138187
138188 setcookie(AUTH_COOKIE, ' ', time() - 31536000, ADMIN_COOKIE_PATH, COOKIE_DOMAIN);
138189 setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, ADMIN_COOKIE_PATH, COOKIE_DOMAIN);
138190 setcookie(AUTH_COOKIE, ' ', time() - 31536000, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN);
138191 setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN);
138192 setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
138193 setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
138194
138195 // Old cookies
138196 setcookie(AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
138197 setcookie(AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
138198 setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
138199 setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
138200
138201 // Even older cookies
138202 setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
138203 setcookie(PASS_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
138204 setcookie(USER_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
138205 setcookie(PASS_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
138206 }
138207 endif;
138208
138209 if ( !function_exists('is_user_logged_in') ) :
138210 /**
138211 * Checks if the current visitor is a logged in user.
138212 *
138213 * @since 2.0.0
138214 *
138215 * @return bool True if user is logged in, false if not logged in.
138216 */
138217 function is_user_logged_in() {
138218 $user = wp_get_current_user();
138219
138220 if ( $user->id == 0 )
138221 return false;
138222
138223 return true;
138224 }
138225 endif;
138226
138227 if ( !function_exists('auth_redirect') ) :
138228 /**
138229 * Checks if a user is logged in, if not it redirects them to the login page.
138230 *
138231 * @since 1.5
138232 */
138233 function auth_redirect() {
138234 // Checks if a user is logged in, if not redirects them to the login page
138235
138236 if ( is_ssl() || force_ssl_admin() )
138237 $secure = true;
138238 else
138239 $secure = false;
138240
138241 // If https is required and request is http, redirect
138242 if ( $secure && !is_ssl() && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin') ) {
138243 if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
138244 wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
138245 exit();
138246 } else {
138247 wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
138248 exit();
138249 }
138250 }
138251
138252 if ( $user_id = wp_validate_auth_cookie() ) {
138253 // If the user wants ssl but the session is not ssl, redirect.
138254 if ( !$secure && get_user_option('use_ssl', $user_id) && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin') ) {
138255 if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
138256 wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
138257 exit();
138258 } else {
138259 wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
138260 exit();
138261 }
138262 }
138263
138264 return; // The cookie is good so we're done
138265 }
138266
138267 // The cookie is no good so force login
138268 nocache_headers();
138269
138270 if ( is_ssl() )
138271 $proto = 'https://';
138272 else
138273 $proto = 'http://';
138274
138275 $redirect = ( strpos($_SERVER['REQUEST_URI'], '/options.php') && wp_get_referer() ) ? wp_get_referer() : $proto . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
138276
138277 $login_url = site_url( 'wp-login.php?redirect_to=' . urlencode( $redirect ), 'login' );
138278
138279 wp_redirect($login_url);
138280 exit();
138281 }
138282 endif;
138283
138284 if ( !function_exists('check_admin_referer') ) :
138285 /**
138286 * Makes sure that a user was referred from another admin page.
138287 *
138288 * To avoid security exploits.
138289 *
138290 * @since 1.2.0
138291 * @uses do_action() Calls 'check_admin_referer' on $action.
138292 *
138293 * @param string $action Action nonce
138294 * @param string $query_arg where to look for nonce in $_REQUEST (since 2.5)
138295 */
138296 function check_admin_referer($action = -1, $query_arg = '_wpnonce') {
138297 $adminurl = strtolower(admin_url());
138298 $referer = strtolower(wp_get_referer());
138299 $result = isset($_REQUEST[$query_arg]) ? wp_verify_nonce($_REQUEST[$query_arg], $action) : false;
138300 if ( !$result && !(-1 == $action && strpos($referer, $adminurl) !== false) ) {
138301 wp_nonce_ays($action);
138302 die();
138303 }
138304 do_action('check_admin_referer', $action, $result);
138305 return $result;
138306 }endif;
138307
138308 if ( !function_exists('check_ajax_referer') ) :
138309 /**
138310 * Verifies the AJAX request to prevent processing requests external of the blog.
138311 *
138312 * @since 2.0.4
138313 *
138314 * @param string $action Action nonce
138315 * @param string $query_arg where to look for nonce in $_REQUEST (since 2.5)
138316 */
138317 function check_ajax_referer( $action = -1, $query_arg = false, $die = true ) {
138318 if ( $query_arg )
138319 $nonce = $_REQUEST[$query_arg];
138320 else
138321 $nonce = $_REQUEST['_ajax_nonce'] ? $_REQUEST['_ajax_nonce'] : $_REQUEST['_wpnonce'];
138322
138323 $result = wp_verify_nonce( $nonce, $action );
138324
138325 if ( $die && false == $result )
138326 die('-1');
138327
138328 do_action('check_ajax_referer', $action, $result);
138329
138330 return $result;
138331 }
138332 endif;
138333
138334 if ( !function_exists('wp_redirect') ) :
138335 /**
138336 * Redirects to another page, with a workaround for the IIS Set-Cookie bug.
138337 *
138338 * @link http://support.microsoft.com/kb/q176113/
138339 * @since 1.5.1
138340 * @uses apply_filters() Calls 'wp_redirect' hook on $location and $status.
138341 *
138342 * @param string $location The path to redirect to
138343 * @param int $status Status code to use
138344 * @return bool False if $location is not set
138345 */
138346 function wp_redirect($location, $status = 301) {
138347 global $is_IIS;
138348
138349 $location = apply_filters('wp_redirect', $location, $status);
138350 $status = apply_filters('wp_redirect_status', $status, $location);
138351
138352 if ( !$location ) // allows the wp_redirect filter to cancel a redirect
138353 return false;
138354
138355 $location = wp_sanitize_redirect($location);
138356
138357 if ( $is_IIS ) {
138358 header("Refresh: 0;url=$location");
138359 } else {
138360 if ( php_sapi_name() != 'cgi-fcgi' )
138361 status_header($status); // This causes problems on IIS and some FastCGI setups
138362 header("Location: $location");
138363 }
138364 }
138365 endif;
138366
138367 if ( !function_exists('wp_sanitize_redirect') ) :
138368 /**
138369 * Sanitizes a URL for use in a redirect.
138370 *
138371 * @since 2.3
138372 *
138373 * @return string redirect-sanitized URL
138374 **/
138375 function wp_sanitize_redirect($location) {
138376 $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%]|i', '', $location);
138377 $location = wp_kses_no_null($location);
138378
138379 // remove %0d and %0a from location
138380 $strip = array('%0d', '%0a');
138381 $found = true;
138382 while($found) {
138383 $found = false;
138384 foreach( (array) $strip as $val ) {
138385 while(strpos($location, $val) !== false) {
138386 $found = true;
138387 $location = str_replace($val, '', $location);
138388 }
138389 }
138390 }
138391 return $location;
138392 }
138393 endif;
138394
138395 if ( !function_exists('wp_safe_redirect') ) :
138396 /**
138397 * Performs a safe (local) redirect, using wp_redirect().
138398 *
138399 * Checks whether the $location is using an allowed host, if it has an absolute
138400 * path. A plugin can therefore set or remove allowed host(s) to or from the
138401 * list.
138402 *
138403 * If the host is not allowed, then the redirect is to wp-admin on the siteurl
138404 * instead. This prevents malicious redirects which redirect to another host,
138405 * but only used in a few places.
138406 *
138407 * @since 2.3
138408 * @uses apply_filters() Calls 'allowed_redirect_hosts' on an array containing
138409 * WordPress host string and $location host string.
138410 *
138411 * @return void Does not return anything
138412 **/
138413 function wp_safe_redirect($location, $status = 301) {
138414
138415 // Need to look at the URL the way it will end up in wp_redirect()
138416 $location = wp_sanitize_redirect($location);
138417
138418 // browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
138419 if ( substr($location, 0, 2) == '//' )
138420 $location = 'http:' . $location;
138421
138422 // In php 5 parse_url may fail if the URL query part contains http://, bug #38143
138423 $test = ( $cut = strpos($location, '?') ) ? substr( $location, 0, $cut ) : $location;
138424
138425 $lp = parse_url($test);
138426 $wpp = parse_url(get_option('home'));
138427
138428 $allowed_hosts = (array) apply_filters('allowed_redirect_hosts', array($wpp['host']), isset($lp['host']) ? $lp['host'] : '');
138429
138430 if ( isset($lp['host']) && ( !in_array($lp['host'], $allowed_hosts) && $lp['host'] != strtolower($wpp['host'])) )
138431 $location = admin_url();
138432
138433 wp_redirect($location, $status);
138434 }
138435 endif;
138436
138437 if ( ! function_exists('wp_notify_postauthor') ) :
138438 /**
138439 * Notify an author of a comment/trackback/pingback to one of their posts.
138440 *
138441 * @since 1.0.0
138442 *
138443 * @param int $comment_id Comment ID
138444 * @param string $comment_type Optional. The comment type either 'comment' (default), 'trackback', or 'pingback'
138445 * @return bool False if user email does not exist. True on completion.
138446 */
138447 function wp_notify_postauthor($comment_id, $comment_type='') {
138448 $comment = get_comment($comment_id);
138449 $post = get_post($comment->comment_post_ID);
138450 $user = get_userdata( $post->post_author );
138451
138452 if ('' == $user->user_email) return false; // If there's no email to send the comment to
138453
138454 $comment_author_domain = @gethostbyaddr($comment->comment_author_IP);
138455
138456 $blogname = get_option('blogname');
138457
138458 if ( empty( $comment_type ) ) $comment_type = 'comment';
138459
138460 if ('comment' == $comment_type) {
138461 $notify_message = sprintf( __('New comment on your post #%1$s "%2$s"'), $comment->comment_post_ID, $post->post_title ) . "\r\n";
138462 $notify_message .= sprintf( __('Author : %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
138463 $notify_message .= sprintf( __('E-mail : %s'), $comment->comment_author_email ) . "\r\n";
138464 $notify_message .= sprintf( __('URL : %s'), $comment->comment_author_url ) . "\r\n";
138465 $notify_message .= sprintf( __('Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=%s'), $comment->comment_author_IP ) . "\r\n";
138466 $notify_message .= __('Comment: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";
138467 $notify_message .= __('You can see all comments on this post here: ') . "\r\n";
138468 $subject = sprintf( __('[%1$s] Comment: "%2$s"'), $blogname, $post->post_title );
138469 } elseif ('trackback' == $comment_type) {
138470 $notify_message = sprintf( __('New trackback on your post #%1$s "%2$s"'), $comment->comment_post_ID, $post->post_title ) . "\r\n";
138471 $notify_message .= sprintf( __('Website: %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
138472 $notify_message .= sprintf( __('URL : %s'), $comment->comment_author_url ) . "\r\n";
138473 $notify_message .= __('Excerpt: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";
138474 $notify_message .= __('You can see all trackbacks on this post here: ') . "\r\n";
138475 $subject = sprintf( __('[%1$s] Trackback: "%2$s"'), $blogname, $post->post_title );
138476 } elseif ('pingback' == $comment_type) {
138477 $notify_message = sprintf( __('New pingback on your post #%1$s "%2$s"'), $comment->comment_post_ID, $post->post_title ) . "\r\n";
138478 $notify_message .= sprintf( __('Website: %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
138479 $notify_message .= sprintf( __('URL : %s'), $comment->comment_author_url ) . "\r\n";
138480 $notify_message .= __('Excerpt: ') . "\r\n" . sprintf('[...] %s [...]', $comment->comment_content ) . "\r\n\r\n";
138481 $notify_message .= __('You can see all pingbacks on this post here: ') . "\r\n";
138482 $subject = sprintf( __('[%1$s] Pingback: "%2$s"'), $blogname, $post->post_title );
138483 }
138484 $notify_message .= get_permalink($comment->comment_post_ID) . "#comments\r\n\r\n";
138485 $notify_message .= sprintf( __('Delete it: %s'), admin_url("comment.php?action=cdc&c=$comment_id") ) . "\r\n";
138486 $notify_message .= sprintf( __('Spam it: %s'), admin_url("comment.php?action=cdc&dt=spam&c=$comment_id") ) . "\r\n";
138487
138488 $wp_email = 'wordpress@' . preg_replace('#^www\.#', '', strtolower($_SERVER['SERVER_NAME']));
138489
138490 if ( '' == $comment->comment_author ) {
138491 $from = "From: \"$blogname\" <$wp_email>";
138492 if ( '' != $comment->comment_author_email )
138493 $reply_to = "Reply-To: $comment->comment_author_email";
138494 } else {
138495 $from = "From: \"$comment->comment_author\" <$wp_email>";
138496 if ( '' != $comment->comment_author_email )
138497 $reply_to = "Reply-To: \"$comment->comment_author_email\" <$comment->comment_author_email>";
138498 }
138499
138500 $message_headers = "$from\n"
138501 . "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"\n";
138502
138503 if ( isset($reply_to) )
138504 $message_headers .= $reply_to . "\n";
138505
138506 $notify_message = apply_filters('comment_notification_text', $notify_message, $comment_id);
138507 $subject = apply_filters('comment_notification_subject', $subject, $comment_id);
138508 $message_headers = apply_filters('comment_notification_headers', $message_headers, $comment_id);
138509
138510 @wp_mail($user->user_email, $subject, $notify_message, $message_headers);
138511
138512 return true;
138513 }
138514 endif;
138515
138516 if ( !function_exists('wp_notify_moderator') ) :
138517 /**
138518 * Notifies the moderator of the blog about a new comment that is awaiting approval.
138519 *
138520 * @since 1.0
138521 * @uses $wpdb
138522 *
138523 * @param int $comment_id Comment ID
138524 * @return bool Always returns true
138525 */
138526 function wp_notify_moderator($comment_id) {
138527 global $wpdb;
138528
138529 if( get_option( "moderation_notify" ) == 0 )
138530 return true;
138531
138532 $comment = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_ID=%d LIMIT 1", $comment_id));
138533 $post = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID=%d LIMIT 1", $comment->comment_post_ID));
138534
138535 $comment_author_domain = @gethostbyaddr($comment->comment_author_IP);
138536 $comments_waiting = $wpdb->get_var("SELECT count(comment_ID) FROM $wpdb->comments WHERE comment_approved = '0'");
138537
138538 switch ($comment->comment_type)
138539 {
138540 case 'trackback':
138541 $notify_message = sprintf( __('A new trackback on the post #%1$s "%2$s" is waiting for your approval'), $post->ID, $post->post_title ) . "\r\n";
138542 $notify_message .= get_permalink($comment->comment_post_ID) . "\r\n\r\n";
138543 $notify_message .= sprintf( __('Website : %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
138544 $notify_message .= sprintf( __('URL : %s'), $comment->comment_author_url ) . "\r\n";
138545 $notify_message .= __('Trackback excerpt: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";
138546 break;
138547 case 'pingback':
138548 $notify_message = sprintf( __('A new pingback on the post #%1$s "%2$s" is waiting for your approval'), $post->ID, $post->post_title ) . "\r\n";
138549 $notify_message .= get_permalink($comment->comment_post_ID) . "\r\n\r\n";
138550 $notify_message .= sprintf( __('Website : %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
138551 $notify_message .= sprintf( __('URL : %s'), $comment->comment_author_url ) . "\r\n";
138552 $notify_message .= __('Pingback excerpt: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";
138553 break;
138554 default: //Comments
138555 $notify_message = sprintf( __('A new comment on the post #%1$s "%2$s" is waiting for your approval'), $post->ID, $post->post_title ) . "\r\n";
138556 $notify_message .= get_permalink($comment->comment_post_ID) . "\r\n\r\n";
138557 $notify_message .= sprintf( __('Author : %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
138558 $notify_message .= sprintf( __('E-mail : %s'), $comment->comment_author_email ) . "\r\n";
138559 $notify_message .= sprintf( __('URL : %s'), $comment->comment_author_url ) . "\r\n";
138560 $notify_message .= sprintf( __('Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=%s'), $comment->comment_author_IP ) . "\r\n";
138561 $notify_message .= __('Comment: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";
138562 break;
138563 }
138564
138565 $notify_message .= sprintf( __('Approve it: %s'), admin_url("comment.php?action=mac&c=$comment_id") ) . "\r\n";
138566 $notify_message .= sprintf( __('Delete it: %s'), admin_url("comment.php?action=cdc&c=$comment_id") ) . "\r\n";
138567 $notify_message .= sprintf( __('Spam it: %s'), admin_url("comment.php?action=cdc&dt=spam&c=$comment_id") ) . "\r\n";
138568
138569 $notify_message .= sprintf( __ngettext('Currently %s comment is waiting for approval. Please visit the moderation panel:',
138570 'Currently %s comments are waiting for approval. Please visit the moderation panel:', $comments_waiting), number_format_i18n($comments_waiting) ) . "\r\n";
138571 $notify_message .= admin_url("edit-comments.php?comment_status=moderated") . "\r\n";
138572
138573 $subject = sprintf( __('[%1$s] Please moderate: "%2$s"'), get_option('blogname'), $post->post_title );
138574 $admin_email = get_option('admin_email');
138575
138576 $notify_message = apply_filters('comment_moderation_text', $notify_message, $comment_id);
138577 $subject = apply_filters('comment_moderation_subject', $subject, $comment_id);
138578
138579 @wp_mail($admin_email, $subject, $notify_message);
138580
138581 return true;
138582 }
138583 endif;
138584
138585 if ( !function_exists('wp_password_change_notification') ) :
138586 /**
138587 * Notify the blog admin of a user changing password, normally via email.
138588 *
138589 * @since 2.7
138590 *
138591 * @param object $user User Object
138592 */
138593 function wp_password_change_notification(&$user) {
138594 // send a copy of password change notification to the admin
138595 // but check to see if it's the admin whose password we're changing, and skip this
138596 if ( $user->user_email != get_option('admin_email') ) {
138597 $message = sprintf(__('Password Lost and Changed for user: %s'), $user->user_login) . "\r\n";
138598 wp_mail(get_option('admin_email'), sprintf(__('[%s] Password Lost/Changed'), get_option('blogname')), $message);
138599 }
138600 }
138601 endif;
138602
138603 if ( !function_exists('wp_new_user_notification') ) :
138604 /**
138605 * Notify the blog admin of a new user, normally via email.
138606 *
138607 * @since 2.0
138608 *
138609 * @param int $user_id User ID
138610 * @param string $plaintext_pass Optional. The user's plaintext password
138611 */
138612 function wp_new_user_notification($user_id, $plaintext_pass = '') {
138613 $user = new WP_User($user_id);
138614
138615 $user_login = stripslashes($user->user_login);
138616 $user_email = stripslashes($user->user_email);
138617
138618 $message = sprintf(__('New user registration on your blog %s:'), get_option('blogname')) . "\r\n\r\n";
138619 $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
138620 $message .= sprintf(__('E-mail: %s'), $user_email) . "\r\n";
138621
138622 @wp_mail(get_option('admin_email'), sprintf(__('[%s] New User Registration'), get_option('blogname')), $message);
138623
138624 if ( empty($plaintext_pass) )
138625 return;
138626
138627 $message = sprintf(__('Username: %s'), $user_login) . "\r\n";
138628 $message .= sprintf(__('Password: %s'), $plaintext_pass) . "\r\n";
138629 $message .= site_url("wp-login.php", 'login') . "\r\n";
138630
138631 wp_mail($user_email, sprintf(__('[%s] Your username and password'), get_option('blogname')), $message);
138632
138633 }
138634 endif;
138635
138636 if ( !function_exists('wp_nonce_tick') ) :
138637 /**
138638 * Get the time-dependent variable for nonce creation.
138639 *
138640 * A nonce has a lifespan of two ticks. Nonces in their second tick may be
138641 * updated, e.g. by autosave.
138642 *
138643 * @since 2.5
138644 *
138645 * @return int
138646 */
138647 function wp_nonce_tick() {
138648 $nonce_life = apply_filters('nonce_life', 86400);
138649
138650 return ceil(time() / ( $nonce_life / 2 ));
138651 }
138652 endif;
138653
138654 if ( !function_exists('wp_verify_nonce') ) :
138655 /**
138656 * Verify that correct nonce was used with time limit.
138657 *
138658 * The user is given an amount of time to use the token, so therefore, since the
138659 * UID and $action remain the same, the independent variable is the time.
138660 *
138661 * @since 2.0.4
138662 *
138663 * @param string $nonce Nonce that was used in the form to verify
138664 * @param string|int $action Should give context to what is taking place and be the same when nonce was created.
138665 * @return bool Whether the nonce check passed or failed.
138666 */
138667 function wp_verify_nonce($nonce, $action = -1) {
138668 $user = wp_get_current_user();
138669 $uid = (int) $user->id;
138670
138671 $i = wp_nonce_tick();
138672
138673 // Nonce generated 0-12 hours ago
138674 if ( substr(wp_hash($i . $action . $uid, 'nonce'), -12, 10) == $nonce )
138675 return 1;
138676 // Nonce generated 12-24 hours ago
138677 if ( substr(wp_hash(($i - 1) . $action . $uid, 'nonce'), -12, 10) == $nonce )
138678 return 2;
138679 // Invalid nonce
138680 return false;
138681 }
138682 endif;
138683
138684 if ( !function_exists('wp_create_nonce') ) :
138685 /**
138686 * Creates a random, one time use token.
138687 *
138688 * @since 2.0.4
138689 *
138690 * @param string|int $action Scalar value to add context to the nonce.
138691 * @return string The one use form token
138692 */
138693 function wp_create_nonce($action = -1) {
138694 $user = wp_get_current_user();
138695 $uid = (int) $user->id;
138696
138697 $i = wp_nonce_tick();
138698
138699 return substr(wp_hash($i . $action . $uid, 'nonce'), -12, 10);
138700 }
138701 endif;
138702
138703 if ( !function_exists('wp_salt') ) :
138704 /**
138705 * Get salt to add to hashes to help prevent attacks.
138706 *
138707 * The secret key is located in two places: the database in case the secret key
138708 * isn't defined in the second place, which is in the wp-config.php file. If you
138709 * are going to set the secret key, then you must do so in the wp-config.php
138710 * file.
138711 *
138712 * The secret key in the database is randomly generated and will be appended to
138713 * the secret key that is in wp-config.php file in some instances. It is
138714 * important to have the secret key defined or changed in wp-config.php.
138715 *
138716 * If you have installed WordPress 2.5 or later, then you will have the
138717 * SECRET_KEY defined in the wp-config.php already. You will want to change the
138718 * value in it because hackers will know what it is. If you have upgraded to
138719 * WordPress 2.5 or later version from a version before WordPress 2.5, then you
138720 * should add the constant to your wp-config.php file.
138721 *
138722 * Below is an example of how the SECRET_KEY constant is defined with a value.
138723 * You must not copy the below example and paste into your wp-config.php. If you
138724 * need an example, then you can have a
138725 * {@link http://api.wordpress.org/secret-key/1.0/ secret key created} for you.
138726 *
138727 * <code>
138728 * define('SECRET_KEY', 'mAry1HadA15|\/|b17w55w1t3asSn09w');
138729 * </code>
138730 *
138731 * Salting passwords helps against tools which has stored hashed values of
138732 * common dictionary strings. The added values makes it harder to crack if given
138733 * salt string is not weak.
138734 *
138735 * @since 2.5
138736 * @link http://api.wordpress.org/secret-key/1.0/ Create a Secret Key for wp-config.php
138737 *
138738 * @return string Salt value from either 'SECRET_KEY' or 'secret' option
138739 */
138740 function wp_salt($scheme = 'auth') {
138741 global $wp_default_secret_key;
138742 $secret_key = '';
138743 if ( defined('SECRET_KEY') && ('' != SECRET_KEY) && ( $wp_default_secret_key != SECRET_KEY) )
138744 $secret_key = SECRET_KEY;
138745
138746 if ( 'auth' == $scheme ) {
138747 if ( defined('AUTH_KEY') && ('' != AUTH_KEY) && ( $wp_default_secret_key != AUTH_KEY) )
138748 $secret_key = AUTH_KEY;
138749
138750 if ( defined('AUTH_SALT') ) {
138751 $salt = AUTH_SALT;
138752 } elseif ( defined('SECRET_SALT') ) {
138753 $salt = SECRET_SALT;
138754 } else {
138755 $salt = get_option('auth_salt');
138756 if ( empty($salt) ) {
138757 $salt = wp_generate_password();
138758 update_option('auth_salt', $salt);
138759 }
138760 }
138761 } elseif ( 'secure_auth' == $scheme ) {
138762 if ( defined('SECURE_AUTH_KEY') && ('' != SECURE_AUTH_KEY) && ( $wp_default_secret_key != SECURE_AUTH_KEY) )
138763 $secret_key = SECURE_AUTH_KEY;
138764
138765 if ( defined('SECURE_AUTH_SALT') ) {
138766 $salt = SECRET_AUTH_SALT;
138767 } else {
138768 $salt = get_option('secure_auth_salt');
138769 if ( empty($salt) ) {
138770 $salt = wp_generate_password();
138771 update_option('secure_auth_salt', $salt);
138772 }
138773 }
138774 } elseif ( 'logged_in' == $scheme ) {
138775 if ( defined('LOGGED_IN_KEY') && ('' != LOGGED_IN_KEY) && ( $wp_default_secret_key != LOGGED_IN_KEY) )
138776 $secret_key = LOGGED_IN_KEY;
138777
138778 if ( defined('LOGGED_IN_SALT') ) {
138779 $salt = LOGGED_IN_SALT;
138780 } else {
138781 $salt = get_option('logged_in_salt');
138782 if ( empty($salt) ) {
138783 $salt = wp_generate_password();
138784 update_option('logged_in_salt', $salt);
138785 }
138786 }
138787 } elseif ( 'nonce' == $scheme ) {
138788 if ( defined('NONCE_KEY') && ('' != NONCE_KEY) && ( $wp_default_secret_key != NONCE_KEY) )
138789 $secret_key = NONCE_KEY;
138790
138791 if ( defined('NONCE_SALT') ) {
138792 $salt = NONCE_SALT;
138793 } else {
138794 $salt = get_option('nonce_salt');
138795 if ( empty($salt) ) {
138796 $salt = wp_generate_password();
138797 update_option('nonce_salt', $salt);
138798 }
138799 }
138800 } else {
138801 // ensure each auth scheme has its own unique salt
138802 $salt = hash_hmac('md5', $scheme, $secret_key);
138803 }
138804
138805 return apply_filters('salt', $secret_key . $salt, $scheme);
138806 }
138807 endif;
138808
138809 if ( !function_exists('wp_hash') ) :
138810 /**
138811 * Get hash of given string.
138812 *
138813 * @since 2.0.4
138814 * @uses wp_salt() Get WordPress salt
138815 *
138816 * @param string $data Plain text to hash
138817 * @return string Hash of $data
138818 */
138819 function wp_hash($data, $scheme = 'auth') {
138820 $salt = wp_salt($scheme);
138821
138822 return hash_hmac('md5', $data, $salt);
138823 }
138824 endif;
138825
138826 if ( !function_exists('wp_hash_password') ) :
138827 /**
138828 * Create a hash (encrypt) of a plain text password.
138829 *
138830 * For integration with other applications, this function can be overwritten to
138831 * instead use the other package password checking algorithm.
138832 *
138833 * @since 2.5
138834 * @global object $wp_hasher PHPass object
138835 * @uses PasswordHash::HashPassword
138836 *
138837 * @param string $password Plain text user password to hash
138838 * @return string The hash string of the password
138839 */
138840 function wp_hash_password($password) {
138841 global $wp_hasher;
138842
138843 if ( empty($wp_hasher) ) {
138844 require_once( ABSPATH . 'wp-includes/class-phpass.php');
138845 // By default, use the portable hash from phpass
138846 $wp_hasher = new PasswordHash(8, TRUE);
138847 }
138848
138849 return $wp_hasher->HashPassword($password);
138850 }
138851 endif;
138852
138853 if ( !function_exists('wp_check_password') ) :
138854 /**
138855 * Checks the plaintext password against the encrypted Password.
138856 *
138857 * Maintains compatibility between old version and the new cookie authentication
138858 * protocol using PHPass library. The $hash parameter is the encrypted password
138859 * and the function compares the plain text password when encypted similarly
138860 * against the already encrypted password to see if they match.
138861 *
138862 * For integration with other applications, this function can be overwritten to
138863 * instead use the other package password checking algorithm.
138864 *
138865 * @since 2.5
138866 * @global object $wp_hasher PHPass object used for checking the password
138867 * against the $hash + $password
138868 * @uses PasswordHash::CheckPassword
138869 *
138870 * @param string $password Plaintext user's password
138871 * @param string $hash Hash of the user's password to check against.
138872 * @return bool False, if the $password does not match the hashed password
138873 */
138874 function wp_check_password($password, $hash, $user_id = '') {
138875 global $wp_hasher;
138876
138877 // If the hash is still md5...
138878 if ( strlen($hash) <= 32 ) {
138879 $check = ( $hash == md5($password) );
138880 if ( $check && $user_id ) {
138881 // Rehash using new hash.
138882 wp_set_password($password, $user_id);
138883 $hash = wp_hash_password($password);
138884 }
138885
138886 return apply_filters('check_password', $check, $password, $hash, $user_id);
138887 }
138888
138889 // If the stored hash is longer than an MD5, presume the
138890 // new style phpass portable hash.
138891 if ( empty($wp_hasher) ) {
138892 require_once( ABSPATH . 'wp-includes/class-phpass.php');
138893 // By default, use the portable hash from phpass
138894 $wp_hasher = new PasswordHash(8, TRUE);
138895 }
138896
138897 $check = $wp_hasher->CheckPassword($password, $hash);
138898
138899 return apply_filters('check_password', $check, $password, $hash, $user_id);
138900 }
138901 endif;
138902
138903 if ( !function_exists('wp_generate_password') ) :
138904 /**
138905 * Generates a random password drawn from the defined set of characters.
138906 *
138907 * @since 2.5
138908 *
138909 * @return string The random password
138910 **/
138911 function wp_generate_password($length = 12, $special_chars = true) {
138912 $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
138913 if ( $special_chars )
138914 $chars .= '!@#$%^&*()';
138915
138916 $password = '';
138917 for ( $i = 0; $i < $length; $i++ )
138918 $password .= substr($chars, wp_rand(0, strlen($chars) - 1), 1);
138919 return $password;
138920 }
138921 endif;
138922
138923 if ( !function_exists('wp_rand') ) :
138924 /**
138925 * Generates a random number
138926 *
138927 * @since 2.6.2
138928 *
138929 * @param int $min Lower limit for the generated number (optional, default is 0)
138930 * @param int $max Upper limit for the generated number (optional, default is 4294967295)
138931 * @return int A random number between min and max
138932 */
138933 function wp_rand( $min = 0, $max = 0 ) {
138934 global $rnd_value;
138935
138936 $seed = get_option('random_seed');
138937
138938 // Reset $rnd_value after 14 uses
138939 // 32(md5) + 40(sha1) + 40(sha1) / 8 = 14 random numbers from $rnd_value
138940 if ( strlen($rnd_value) < 8 ) {
138941 $rnd_value = md5( uniqid(microtime() . mt_rand(), true ) . $seed );
138942 $rnd_value .= sha1($rnd_value);
138943 $rnd_value .= sha1($rnd_value . $seed);
138944 $seed = md5($seed . $rnd_value);
138945 update_option('random_seed', $seed);
138946 }
138947
138948 // Take the first 8 digits for our value
138949 $value = substr($rnd_value, 0, 8);
138950
138951 // Strip the first eight, leaving the remainder for the next call to wp_rand().
138952 $rnd_value = substr($rnd_value, 8);
138953
138954 $value = abs(hexdec($value));
138955
138956 // Reduce the value to be within the min - max range
138957 // 4294967295 = 0xffffffff = max random number
138958 if ( $max != 0 )
138959 $value = $min + (($max - $min + 1) * ($value / (4294967295 + 1)));
138960
138961 return abs(intval($value));
138962 }
138963 endif;
138964
138965 if ( !function_exists('wp_set_password') ) :
138966 /**
138967 * Updates the user's password with a new encrypted one.
138968 *
138969 * For integration with other applications, this function can be overwritten to
138970 * instead use the other package password checking algorithm.
138971 *
138972 * @since 2.5
138973 * @uses $wpdb WordPress database object for queries
138974 * @uses wp_hash_password() Used to encrypt the user's password before passing to the database
138975 *
138976 * @param string $password The plaintext new user password
138977 * @param int $user_id User ID
138978 */
138979 function wp_set_password( $password, $user_id ) {
138980 global $wpdb;
138981
138982 $hash = wp_hash_password($password);
138983 $query = $wpdb->prepare("UPDATE $wpdb->users SET user_pass = %s, user_activation_key = '' WHERE ID = %d", $hash, $user_id);
138984 $wpdb->query($query);
138985 wp_cache_delete($user_id, 'users');
138986 }
138987 endif;
138988
138989 if ( !function_exists( 'get_avatar' ) ) :
138990 /**
138991 * Retrieve the avatar for a user who provided a user ID or email address.
138992 *
138993 * @since 2.5
138994 * @param int|string|object $id_or_email A user ID, email address, or comment object
138995 * @param int $size Size of the avatar image
138996 * @param string $default URL to a default image to use if no avatar is available
138997 * @param string $alt Alternate text to use in image tag. Defaults to blank
138998 * @return string <img> tag for the user's avatar
138999 */
139000 function get_avatar( $id_or_email, $size = '96', $default = '', $alt = false ) {
139001 if ( ! get_option('show_avatars') )
139002 return false;
139003
139004 if ( false === $alt)
139005 $safe_alt = '';
139006 else
139007 $safe_alt = attribute_escape( $alt );
139008
139009 if ( !is_numeric($size) )
139010 $size = '96';
139011
139012 $email = '';
139013 $url = '';
139014 if ( is_numeric($id_or_email) ) {
139015 $id = (int) $id_or_email;
139016 $user = get_userdata($id);
139017 if ( $user ) {
139018 $email = $user->user_email;
139019 $url = $user->user_url;
139020 }
139021 } elseif ( is_object($id_or_email) ) {
139022 if ( isset($id_or_email->comment_type) && '' != $id_or_email->comment_type && 'comment' != $id_or_email->comment_type )
139023 return false; // No avatar for pingbacks or trackbacks
139024
139025 if ( !empty($id_or_email->user_id) ) {
139026 $id = (int) $id_or_email->user_id;
139027 $user = get_userdata($id);
139028 if ( $user) {
139029 $email = $user->user_email;
139030 $url = $user->user_url;
139031 }
139032 } else {
139033 if (!empty($id_or_email->comment_author_email)) {
139034 $email = $id_or_email->comment_author_email;
139035 }
139036 if (!empty($id_or_email->comment_author_url)) {
139037 $url = $id_or_email->comment_author_url;
139038 }
139039 }
139040 } else {
139041 $email = $id_or_email;
139042 }
139043
139044 if ( empty($default) ) {
139045 $avatar_default = get_option('avatar_default');
139046 if ( empty($avatar_default) )
139047 $default = 'mystery';
139048 else
139049 $default = $avatar_default;
139050 }
139051
139052 if ( 'mystery' == $default )
139053 $default = "http://www.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s={$size}"; // ad516503a11cd5ca435acc9bb6523536 == md5('unknown@gravatar.com')
139054 elseif ( 'blank' == $default )
139055 $default = includes_url('images/blank.gif');
139056 elseif ( !empty($email) && 'gravatar_default' == $default )
139057 $default = '';
139058 elseif ( 'gravatar_default' == $default )
139059 $default = "http://www.gravatar.com/avatar/s={$size}";
139060 elseif ('fromurl' == $default)
139061 $default = get_bloginfo('wpurl') . '/default_avatar.png';
139062 elseif ( empty($email) )
139063 $default = "http://www.gravatar.com/avatar/?d=$default&s={$size}";
139064 elseif ( strpos($default, 'http://') === 0 )
139065 $default = add_query_arg( 's', $size, $default );
139066
139067 if ( !empty($email) && empty($url)) {
139068 $out = 'http://www.gravatar.com/avatar/';
139069 $out .= md5( strtolower( $email ) );
139070 $out .= '?s='.$size;
139071 $out .= '&d=' . urlencode( $default );
139072
139073 $rating = get_option('avatar_rating');
139074 if ( !empty( $rating ) )
139075 $out .= "&r={$rating}";
139076
139077 $avatar = "<img alt='{$safe_alt}' src='{$out}' class='avatar avatar-{$size} photo' height='{$size}' width='{$size}' />";
139078 } elseif (!empty($url)) {
139079 $url_parsed = parse_url($url);
139080 if ($url_parsed["host"] . $url_parsed["path"] > "") {
139081 $out = "http://" . $url_parsed["host"] . $url_parsed["path"] . "/avatar.png";
139082 } else {
139083 $out = $default;
139084 }
139085 $avatar = "<img alt='{$safe_alt}' src='{$out}' class='avatar avatar-{$size} photo' height='{$size}' width='{$size}' />";
139086 } else {
139087 $avatar = "<img alt='{$safe_alt}' src='{$default}' class='avatar avatar-{$size} photo avatar-default' height='{$size}' width='{$size}' />";
139088 }
139089
139090 return apply_filters('get_avatar', $avatar, $id_or_email, $size, $default, $alt);
139091 }
139092 endif;
139093
139094 if ( !function_exists('wp_setcookie') ) :
139095 /**
139096 * Sets a cookie for a user who just logged in.
139097 *
139098 * @since 1.5
139099 * @deprecated Use wp_set_auth_cookie()
139100 * @see wp_set_auth_cookie()
139101 *
139102 * @param string $username The user's username
139103 * @param string $password Optional. The user's password
139104 * @param bool $already_md5 Optional. Whether the password has already been through MD5
139105 * @param string $home Optional. Will be used instead of COOKIEPATH if set
139106 * @param string $siteurl Optional. Will be used instead of SITECOOKIEPATH if set
139107 * @param bool $remember Optional. Remember that the user is logged in
139108 */
139109 function wp_setcookie($username, $password = '', $already_md5 = false, $home = '', $siteurl = '', $remember = false) {
139110 _deprecated_function( __FUNCTION__, '2.5', 'wp_set_auth_cookie()' );
139111 $user = get_userdatabylogin($username);
139112 wp_set_auth_cookie($user->ID, $remember);
139113 }
139114 endif;
139115
139116 if ( !function_exists('wp_clearcookie') ) :
139117 /**
139118 * Clears the authentication cookie, logging the user out.
139119 *
139120 * @since 1.5
139121 * @deprecated Use wp_clear_auth_cookie()
139122 * @see wp_clear_auth_cookie()
139123 */
139124 function wp_clearcookie() {
139125 _deprecated_function( __FUNCTION__, '2.5', 'wp_clear_auth_cookie()' );
139126 wp_clear_auth_cookie();
139127 }
139128 endif;
139129
139130 if ( !function_exists('wp_get_cookie_login') ):
139131 /**
139132 * Gets the user cookie login.
139133 *
139134 * This function is deprecated and should no longer be extended as it won't be
139135 * used anywhere in WordPress. Also, plugins shouldn't use it either.
139136 *
139137 * @since 2.0.4
139138 * @deprecated No alternative
139139 *
139140 * @return bool Always returns false
139141 */
139142 function wp_get_cookie_login() {
139143 _deprecated_function( __FUNCTION__, '2.5', '' );
139144 return false;
139145 }
139146 endif;
139147
139148 if ( !function_exists('wp_login') ) :
139149 /**
139150 * Checks a users login information and logs them in if it checks out.
139151 *
139152 * Use the global $error to get the reason why the login failed. If the username
139153 * is blank, no error will be set, so assume blank username on that case.
139154 *
139155 * Plugins extending this function should also provide the global $error and set
139156 * what the error is, so that those checking the global for why there was a
139157 * failure can utilize it later.
139158 *
139159 * @since 1.2.2
139160 * @deprecated Use wp_signon()
139161 * @global string $error Error when false is returned
139162 *
139163 * @param string $username User's username
139164 * @param string $password User's password
139165 * @param bool $deprecated Not used
139166 * @return bool False on login failure, true on successful check
139167 */
139168 function wp_login($username, $password, $deprecated = '') {
139169 global $error;
139170
139171 $user = wp_authenticate($username, $password);
139172
139173 if ( ! is_wp_error($user) )
139174 return true;
139175
139176 $error = $user->get_error_message();
139177 return false;
139178 }
139179 endif;
139180
139181 if ( !function_exists( 'wp_text_diff' ) ) :
139182 /**
139183 * Displays a human readable HTML representation of the difference between two strings.
139184 *
139185 * The Diff is available for getting the changes between versions. The output is
139186 * HTML, so the primary use is for displaying the changes. If the two strings
139187 * are equivalent, then an empty string will be returned.
139188 *
139189 * The arguments supported and can be changed are listed below.
139190 *
139191 * 'title' : Default is an empty string. Titles the diff in a manner compatible
139192 * with the output.
139193 * 'title_left' : Default is an empty string. Change the HTML to the left of the
139194 * title.
139195 * 'title_right' : Default is an empty string. Change the HTML to the right of
139196 * the title.
139197 *
139198 * @since 2.6
139199 * @see wp_parse_args() Used to change defaults to user defined settings.
139200 * @uses Text_Diff
139201 * @uses WP_Text_Diff_Renderer_Table
139202 *
139203 * @param string $left_string "old" (left) version of string
139204 * @param string $right_string "new" (right) version of string
139205 * @param string|array $args Optional. Change 'title', 'title_left', and 'title_right' defaults.
139206 * @return string Empty string if strings are equivalent or HTML with differences.
139207 */
139208 function wp_text_diff( $left_string, $right_string, $args = null ) {
139209 $defaults = array( 'title' => '', 'title_left' => '', 'title_right' => '' );
139210 $args = wp_parse_args( $args, $defaults );
139211
139212 if ( !class_exists( 'WP_Text_Diff_Renderer_Table' ) )
139213 require( ABSPATH . WPINC . '/wp-diff.php' );
139214
139215 $left_string = normalize_whitespace($left_string);
139216 $right_string = normalize_whitespace($right_string);
139217
139218 $left_lines = split("\n", $left_string);
139219 $right_lines = split("\n", $right_string);
139220
139221 $text_diff = new Text_Diff($left_lines, $right_lines);
139222 $renderer = new WP_Text_Diff_Renderer_Table();
139223 $diff = $renderer->render($text_diff);
139224
139225 if ( !$diff )
139226 return '';
139227
139228 $r = "<table class='diff'>\n";
139229 $r .= "<col class='ltype' /><col class='content' /><col class='ltype' /><col class='content' />";
139230
139231 if ( $args['title'] || $args['title_left'] || $args['title_right'] )
139232 $r .= "<thead>";
139233 if ( $args['title'] )
139234 $r .= "<tr class='diff-title'><th colspan='4'>$args[title]</th></tr>\n";
139235 if ( $args['title_left'] || $args['title_right'] ) {
139236 $r .= "<tr class='diff-sub-title'>\n";
139237 $r .= "\t<td></td><th>$args[title_left]</th>\n";
139238 $r .= "\t<td></td><th>$args[title_right]</th>\n";
139239 $r .= "</tr>\n";
139240 }
139241 if ( $args['title'] || $args['title_left'] || $args['title_right'] )
139242 $r .= "</thead>\n";
139243
139244 $r .= "<tbody>\n$diff\n</tbody>\n";
139245 $r .= "</table>";
139246
139247 return $r;
139248 }
139249 endif;
139250
139251 ?>