本文整理汇总了PHP中wp_generate_auth_cookie函数的典型用法代码示例。如果您正苦于以下问题:PHP wp_generate_auth_cookie函数的具体用法?PHP wp_generate_auth_cookie怎么用?PHP wp_generate_auth_cookie使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了wp_generate_auth_cookie函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: generate_auth_cookie
public function generate_auth_cookie($args)
{
/**
* @var $nonce
* @var $username
* @var $password
*
*/
extract($args);
if (!wp_verify_nonce($nonce, 'auth_gmapp')) {
return array('error' => array('code' => 'nononce', 'message' => "Something goes wrong (nonce error)... try again."));
}
if (!$username) {
return array('error' => array('code' => 'nologin', 'message' => "You must include a 'username' var in your request."));
}
if (!$password) {
return array('error' => array('code' => 'nopassword', 'message' => "You must include a 'password' var in your request."));
}
$user = wp_authenticate($username, $password);
if (is_wp_error($user)) {
remove_action('wp_login_failed', $username);
return array('error' => array('code' => 'passerror', 'message' => "Invalid username and/or password."));
}
$expiration = time() + apply_filters('auth_cookie_expiration', 1209600, $user->ID, true);
$cookie = wp_generate_auth_cookie($user->ID, $expiration, 'logged_in');
preg_match('|src="(.+?)"|', get_avatar($user->ID, 32), $avatar);
if (!isset($avatar[1])) {
$avatar[1] = '';
}
return array("cookie" => $cookie, "user" => array("id" => $user->ID, "username" => $user->user_login, "nicename" => $user->user_nicename, "email" => $user->user_email, "url" => $user->user_url, "registered" => $user->user_registered, "displayname" => $user->display_name, "firstname" => $user->user_firstname, "lastname" => $user->last_name, "nickname" => $user->nickname, "description" => $user->user_description, "capabilities" => $user->wp_capabilities, "avatar" => $avatar[1]));
}
示例2: generate_auth_cookie
public function generate_auth_cookie()
{
global $json_api;
if (!$json_api->query->username) {
$json_api->error("You must include a 'username' var in your request.");
}
if (!$json_api->query->password) {
$json_api->error("You must include a 'password' var in your request.");
}
if ($json_api->query->seconds) {
$seconds = (int) $json_api->query->seconds;
} else {
$seconds = 1209600;
}
//14 days
$user = wp_authenticate($json_api->query->username, $json_api->query->password);
if (is_wp_error($user)) {
$json_api->error("Invalid username and/or password.", 'error', '401');
remove_action('wp_login_failed', $json_api->query->username);
}
$expiration = time() + apply_filters('auth_cookie_expiration', $seconds, $user->ID, true);
$cookie = wp_generate_auth_cookie($user->ID, $expiration, 'logged_in');
preg_match('|src="(.+?)"|', get_avatar($user->ID, 32), $avatar);
return array("cookie" => $cookie, "cookie_name" => LOGGED_IN_COOKIE, "user" => array("id" => $user->ID, "username" => $user->user_login, "nicename" => $user->user_nicename, "email" => $user->user_email, "url" => $user->user_url, "registered" => $user->user_registered, "displayname" => $user->display_name, "firstname" => $user->user_firstname, "lastname" => $user->last_name, "nickname" => $user->nickname, "description" => $user->user_description, "capabilities" => $user->wp_capabilities, "avatar" => $avatar[1]));
}
示例3: test_auth_cookie_scheme
function test_auth_cookie_scheme()
{
// arbitrary scheme name
$cookie = wp_generate_auth_cookie(self::$user_id, time() + 3600, 'foo');
$this->assertEquals(self::$user_id, wp_validate_auth_cookie($cookie, 'foo'));
// wrong scheme name - should fail
$cookie = wp_generate_auth_cookie(self::$user_id, time() + 3600, 'foo');
$this->assertEquals(false, wp_validate_auth_cookie($cookie, 'bar'));
}
示例4: wp_set_auth_cookie
/**
* Sets the authentication cookies based User ID.
*
* The $remember parameter increases the time that the cookie will be kept. The
* default the cookie is kept without remembering is two days. When $remember is
* set, the cookies will be kept for 14 days or two weeks.
*
* @since 2.5
*
* @param int $user_id User ID
* @param bool $remember Whether to remember the user
*/
function wp_set_auth_cookie($user_id, $remember = false, $secure = '')
{
if ($remember) {
$expiration = $expire = time() + apply_filters('auth_cookie_expiration', 1209600, $user_id, $remember);
} else {
$expiration = time() + apply_filters('auth_cookie_expiration', 172800, $user_id, $remember);
$expire = 0;
}
if ('' === $secure) {
$secure = is_ssl();
}
if ($secure) {
$auth_cookie_name = SECURE_AUTH_COOKIE;
$scheme = 'secure_auth';
} else {
$auth_cookie_name = AUTH_COOKIE;
$scheme = 'auth';
}
$auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme);
$logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in');
do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme);
do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in');
$subdomain = get_option('rootcookie_subdomain');
$rootcookie_subdomain_manual = get_option('rootcookie_subdomain_manual');
if ($subdomain == 1) {
# Use Scotts implementation
$info = get_bloginfo('url');
$info = parse_url($info);
$info = $info['host'];
$exp = explode('.', $info);
if (count($exp) == 3) {
$domain = '.' . $exp[1] . '.' . $exp[2];
} elseif (count($exp) == 2) {
$domain = '.' . $info;
} elseif (3 < count($exp)) {
$exp = array_reverse($exp);
$domain = '.' . $exp[1] . '.' . $exp[0];
} else {
$domain = COOKIE_DOMAIN;
}
} elseif (!is_null($rootcookie_subdomain_manual)) {
# Use manual domain name setting
$domain = $rootcookie_subdomain_manual;
} else {
# Default
$domain = COOKIE_DOMAIN;
}
setcookie($auth_cookie_name, $auth_cookie, $expire, ROOT_COOKIE, $domain, $secure, true);
/** Duplicate of above - Created by Find & Replace
setcookie($auth_cookie_name, $auth_cookie, $expire, ROOT_COOKIE, $domain, $secure, true);
**/
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, ROOT_COOKIE, $domain, $secure_logged_in_cookie, true);
if (COOKIEPATH != SITECOOKIEPATH) {
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
}
}
示例5: ajax_on
public function ajax_on()
{
if (!current_user_can('view_query_monitor') or !check_ajax_referer('qm-auth-on', 'nonce', false)) {
wp_send_json_error(__('Could not set authentication cookie.', 'query-monitor'));
}
$expiration = time() + 2 * DAY_IN_SECONDS;
$secure = self::secure_cookie();
$cookie = wp_generate_auth_cookie(get_current_user_id(), $expiration, 'logged_in');
setcookie(QM_COOKIE, $cookie, $expiration, COOKIEPATH, COOKIE_DOMAIN, $secure, false);
$text = __('Authentication cookie set. You can now view Query Monitor output while logged out or while logged in as a different user.', 'query-monitor');
wp_send_json_success($text);
}
示例6: generate_auth_cookie
public function generate_auth_cookie()
{
global $json_api;
$nonce_id = $json_api->get_nonce_id('auth', 'generate_auth_cookie');
if (!wp_verify_nonce($json_api->query->nonce, $nonce_id)) {
$json_api->error("Your 'nonce' value was incorrect. Use the 'get_nonce' API method.");
}
if (!$json_api->query->username) {
$json_api->error("You must include a 'username' var in your request.");
}
if (!$json_api->query->password) {
$json_api->error("You must include a 'password' var in your request.");
}
$user = wp_authenticate($json_api->query->username, $json_api->query->password);
if (is_wp_error($user)) {
$json_api->error("Invalid username and/or password.", 'error', '401');
remove_action('wp_login_failed', $json_api->query->username);
}
$expiration = time() + apply_filters('auth_cookie_expiration', 1209600, $user->ID, true);
$cookie = wp_generate_auth_cookie($user->ID, $expiration, 'logged_in');
return array("cookie" => $cookie, "user" => array("id" => $user->ID, "username" => $user->user_login, "nicename" => $user->user_nicename, "email" => $user->user_email, "url" => $user->user_url, "registered" => $user->user_registered, "displayname" => $user->display_name, "firstname" => $user->user_firstname, "lastname" => $user->last_name, "nickname" => $user->nickname, "description" => $user->user_description, "capabilities" => $user->wp_capabilities));
}
示例7: testOldUserCookieAuthentication
function testOldUserCookieAuthentication()
{
$admin = $this->testers['admin'];
$editor = $this->testers['editor'];
$expiry = time() + 172800;
// A valid authentication cookie should pass authentication:
$auth_cookie = wp_generate_auth_cookie($editor->ID, $expiry, 'auth');
$_COOKIE[USER_SWITCHING_COOKIE] = json_encode(array($auth_cookie));
$this->assertTrue(user_switching::authenticate_old_user($editor));
$this->assertFalse(user_switching::authenticate_old_user($admin));
// An expired but otherwise valid authentication cookie should not pass authentication:
$auth_cookie = wp_generate_auth_cookie($editor->ID, time() - 1000, 'auth');
$_COOKIE[USER_SWITCHING_COOKIE] = json_encode(array($auth_cookie));
$this->assertFalse(user_switching::authenticate_old_user($editor));
$this->assertFalse(user_switching::authenticate_old_user($admin));
// A valid authentication cookie with the incorrect scheme should not pass authentication:
$logged_in_cookie = wp_generate_auth_cookie($editor->ID, $expiry, 'logged_in');
$_COOKIE[USER_SWITCHING_COOKIE] = json_encode(array($logged_in_cookie));
$this->assertFalse(user_switching::authenticate_old_user($editor));
$this->assertFalse(user_switching::authenticate_old_user($admin));
$logged_in_cookie = wp_generate_auth_cookie($editor->ID, $expiry, 'secure_auth');
$_COOKIE[USER_SWITCHING_COOKIE] = json_encode(array($logged_in_cookie));
$this->assertFalse(user_switching::authenticate_old_user($editor));
$this->assertFalse(user_switching::authenticate_old_user($admin));
// A malformed cookie should not pass authentication and not trigger any PHP errors:
$_COOKIE[USER_SWITCHING_COOKIE] = 'hello';
$this->assertFalse(user_switching::authenticate_old_user($editor));
$this->assertFalse(user_switching::authenticate_old_user($admin));
// A non-JSON-encoded cookie should not pass authentication and not trigger any PHP errors:
$auth_cookie = wp_generate_auth_cookie($editor->ID, $expiry, 'auth');
$_COOKIE[USER_SWITCHING_COOKIE] = $auth_cookie;
$this->assertFalse(user_switching::authenticate_old_user($editor));
$this->assertFalse(user_switching::authenticate_old_user($admin));
// No cookie should not pass authentication and not trigger any PHP errors:
unset($_COOKIE[USER_SWITCHING_COOKIE]);
$this->assertFalse(user_switching::authenticate_old_user($editor));
$this->assertFalse(user_switching::authenticate_old_user($admin));
}
示例8: wp_set_auth_cookie
/**
* Sets the authentication cookies based User ID.
*
* The $remember parameter increases the time that the cookie will be kept. The
* default the cookie is kept without remembering is two days. When $remember is
* set, the cookies will be kept for 14 days or two weeks.
*
* @since 2.5
*
* @param int $user_id User ID
* @param bool $remember Whether to remember the user
*/
function wp_set_auth_cookie($user_id, $remember = false, $secure = '') {
if ( $remember ) {
$expiration = time() + apply_filters('auth_cookie_expiration', 14 * DAY_IN_SECONDS, $user_id, $remember);
// Ensure the browser will continue to send the cookie after the expiration time is reached.
// Needed for the login grace period in wp_validate_auth_cookie().
$expire = $expiration + ( 12 * HOUR_IN_SECONDS );
} else {
$expiration = time() + apply_filters('auth_cookie_expiration', 2 * DAY_IN_SECONDS, $user_id, $remember);
$expire = 0;
}
if ( '' === $secure )
$secure = is_ssl();
$secure = apply_filters('secure_auth_cookie', $secure, $user_id);
$secure_logged_in_cookie = apply_filters('secure_logged_in_cookie', false, $user_id, $secure);
if ( $secure ) {
$auth_cookie_name = SECURE_AUTH_COOKIE;
$scheme = 'secure_auth';
} else {
$auth_cookie_name = AUTH_COOKIE;
$scheme = 'auth';
}
$auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme);
$logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in');
do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme);
do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in');
setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
if ( COOKIEPATH != SITECOOKIEPATH )
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
}
示例9: set_fake_cookies
/**
* Set the $_COOKIE values for our custom authentication
*
* Certain areas of WordPress use the $_COOKIE value directly rather than
* passing through the authentication filter, so we need to work
* around this.
*
* @param int $user_id
*/
protected static function set_fake_cookies($user_id)
{
$expiration = time() + apply_filters('auth_cookie_expiration', self::COOKIE_AGE * DAY_IN_SECONDS, $user_id, false);
$expire = 0;
$secure = apply_filters('secure_auth_cookie', is_ssl(), $user_id);
$secure_logged_in_cookie = apply_filters('secure_logged_in_cookie', false, $user_id, $secure);
if ($secure) {
$auth_cookie_name = SECURE_AUTH_COOKIE;
$scheme = 'secure_auth';
} else {
$auth_cookie_name = AUTH_COOKIE;
$scheme = 'auth';
}
$auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme);
$logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in');
if (!isset($_COOKIE[$auth_cookie_name])) {
$_COOKIE[$auth_cookie_name] = $auth_cookie;
}
if (!isset($_COOKIE[LOGGED_IN_COOKIE])) {
$_COOKIE[LOGGED_IN_COOKIE] = $logged_in_cookie;
}
}
示例10: wp_set_auth_cookie
/**
* Sets the authentication cookies based User ID.
*
* The $remember parameter increases the time that the cookie will be kept. The
* default the cookie is kept without remembering is two days. When $remember is
* set, the cookies will be kept for 14 days or two weeks.
*
* @since 2.5
*
* @param int $user_id User ID
* @param bool $remember Whether to remember the user or not
*/
function wp_set_auth_cookie($user_id, $remember = false, $secure = '')
{
if ($remember) {
$expiration = $expire = time() + 1209600;
} else {
$expiration = time() + 172800;
$expire = 0;
}
if ('' === $secure) {
$secure = is_ssl() ? true : false;
}
if ($secure) {
$auth_cookie_name = SECURE_AUTH_COOKIE;
$scheme = 'secure_auth';
} else {
$auth_cookie_name = AUTH_COOKIE;
$scheme = 'auth';
}
$auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme);
$logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in');
do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme);
do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in');
// Set httponly if the php version is >= 5.2.0
if (version_compare(phpversion(), '5.2.0', 'ge')) {
setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, false, true);
if (COOKIEPATH != SITECOOKIEPATH) {
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, false, true);
}
} else {
$cookie_domain = COOKIE_DOMAIN;
if (!empty($cookie_domain)) {
$cookie_domain .= '; HttpOnly';
}
setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, $cookie_domain, $secure);
setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, $cookie_domain, $secure);
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, $cookie_domain);
if (COOKIEPATH != SITECOOKIEPATH) {
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, $cookie_domain);
}
}
}
示例11: wp_set_auth_cookie
/**
* Sets the authentication cookies based User ID.
* Override for WordPress' pluggable function wp_set_auth_cookie
*
* The $remember parameter increases the time that the cookie will be kept. The
* default the cookie is kept without remembering is two days. When $remember is
* set, the cookies will be kept for 14 days or two weeks.
*
* @param int $user_id User ID
* @param bool $remember Whether to remember the user or not
* @param bool $secure Whether or not cookie is secure
*/
function wp_set_auth_cookie($user_id, $remember = false, $secure = '')
{
if ($remember) {
$expiration = $expire = time() + apply_filters('auth_cookie_expiration', 1209600, $user_id, $remember);
} else {
$expiration = time() + apply_filters('auth_cookie_expiration', 172800, $user_id, $remember);
$expire = 0;
}
if ($secure === '') {
$secure = $this->is_ssl() ? true : false;
}
if ($secure) {
$auth_cookie_name = SECURE_AUTH_COOKIE;
$scheme = 'secure_auth';
} else {
$auth_cookie_name = AUTH_COOKIE;
$scheme = 'auth';
}
$auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme);
$logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in');
do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme);
do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in');
// Cookie paths defined to accomodate Shared SSL
$cookie_domain = '.' . parse_url($this->https_url, PHP_URL_HOST);
$cookie_path = rtrim(parse_url($this->https_url, PHP_URL_PATH), '/') . COOKIEPATH;
$cookie_path_site = rtrim(parse_url($this->https_url, PHP_URL_PATH), '/') . SITECOOKIEPATH;
$cookie_path_plugins = rtrim(parse_url($this->https_url, PHP_URL_PATH), '/') . PLUGINS_COOKIE_PATH;
$cookie_path_admin = $cookie_path_site . 'wp-admin';
if ($this->shared_ssl && $this->is_ssl()) {
setcookie($auth_cookie_name, $auth_cookie, $expire, $cookie_path_plugins, $cookie_domain, $secure, true);
setcookie($auth_cookie_name, $auth_cookie, $expire, $cookie_path_admin, $cookie_domain, $secure, true);
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, $cookie_path, $cookie_domain, false, true);
if ($cookie_path != $cookie_path_site) {
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, $cookie_path_site, $cookie_domain, false, true);
}
} else {
setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
if (COOKIEPATH != SITECOOKIEPATH) {
setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
}
}
}
示例12: user_switching_set_olduser_cookie
/**
* Sets authorisation cookies containing the originating user information.
*
* @param int $old_user_id The ID of the originating user, usually the current logged in user.
* @param bool $pop Optional. Pop the latest user off the auth cookie, instead of appending the new one. Default false.
*/
function user_switching_set_olduser_cookie($old_user_id, $pop = false)
{
$secure_auth_cookie = user_switching::secure_auth_cookie();
$secure_olduser_cookie = user_switching::secure_olduser_cookie();
$expiration = time() + 172800;
# 48 hours
$auth_cookie = user_switching_get_auth_cookie();
$olduser_cookie = wp_generate_auth_cookie($old_user_id, $expiration, 'logged_in');
if ($secure_auth_cookie) {
$auth_cookie_name = USER_SWITCHING_SECURE_COOKIE;
$scheme = 'secure_auth';
} else {
$auth_cookie_name = USER_SWITCHING_COOKIE;
$scheme = 'auth';
}
if ($pop) {
array_pop($auth_cookie);
} else {
array_push($auth_cookie, wp_generate_auth_cookie($old_user_id, $expiration, $scheme));
}
setcookie($auth_cookie_name, json_encode($auth_cookie), $expiration, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_auth_cookie, true);
setcookie(USER_SWITCHING_OLDUSER_COOKIE, $olduser_cookie, $expiration, COOKIEPATH, COOKIE_DOMAIN, $secure_olduser_cookie, true);
}
示例13: get_auth_cookies
/**
* Get auth cookies and start a session for a user
*
* This is not the security vulerability you think it is:
* 1. anybody with access to WP:CLI can execute commands on behalf of a user without knowing the password
* 2. the session is destroyed when done, so the cookie becomes invalid and useless if intercepted
*/
private function get_auth_cookies($user_id)
{
$expiration = time() + DAY_IN_SECONDS;
require_once ABSPATH . WPINC . '/session.php';
$manager = WP_Session_Tokens::get_instance($user_id);
$this->token = $manager->create($expiration);
return array(SECURE_AUTH_COOKIE => wp_generate_auth_cookie($user_id, $expiration, 'secure_auth', $this->token), AUTH_COOKIE => wp_generate_auth_cookie($user_id, $expiration, 'auth', $this->token), LOGGED_IN_COOKIE => wp_generate_auth_cookie($user_id, $expiration, 'logged_in', $this->token));
}
示例14: wp_set_auth_cookie
/**
* Sets the authentication cookies based on user ID.
*
* The $remember parameter increases the time that the cookie will be kept. The
* default the cookie is kept without remembering is two days. When $remember is
* set, the cookies will be kept for 14 days or two weeks.
*
* @since 2.5.0
*
* @param int $user_id User ID
* @param bool $remember Whether to remember the user
* @param mixed $secure Whether the admin cookies should only be sent over HTTPS.
* Default is_ssl().
*/
function wp_set_auth_cookie($user_id, $remember = false, $secure = '')
{
if ($remember) {
/**
* Filter the duration of the authentication cookie expiration period.
*
* @since 2.8.0
*
* @param int $length Duration of the expiration period in seconds.
* @param int $user_id User ID.
* @param bool $remember Whether to remember the user login. Default false.
*/
$expiration = time() + apply_filters('auth_cookie_expiration', 14 * DAY_IN_SECONDS, $user_id, $remember);
/*
* Ensure the browser will continue to send the cookie after the expiration time is reached.
* Needed for the login grace period in wp_validate_auth_cookie().
*/
$expire = $expiration + 12 * HOUR_IN_SECONDS;
} else {
/** This filter is documented in wp-includes/pluggable.php */
$expiration = time() + apply_filters('auth_cookie_expiration', 2 * DAY_IN_SECONDS, $user_id, $remember);
$expire = 0;
}
if ('' === $secure) {
$secure = is_ssl();
}
// Frontend cookie is secure when the auth cookie is secure and the site's home URL is forced HTTPS.
$secure_logged_in_cookie = $secure && 'https' === parse_url(get_option('home'), PHP_URL_SCHEME);
/**
* Filter whether the connection is secure.
*
* @since 3.1.0
*
* @param bool $secure Whether the connection is secure.
* @param int $user_id User ID.
*/
$secure = apply_filters('secure_auth_cookie', $secure, $user_id);
/**
* Filter whether to use a secure cookie when logged-in.
*
* @since 3.1.0
*
* @param bool $secure_logged_in_cookie Whether to use a secure cookie when logged-in.
* @param int $user_id User ID.
* @param bool $secure Whether the connection is secure.
*/
$secure_logged_in_cookie = apply_filters('secure_logged_in_cookie', $secure_logged_in_cookie, $user_id, $secure);
if ($secure) {
$auth_cookie_name = SECURE_AUTH_COOKIE;
$scheme = 'secure_auth';
} else {
$auth_cookie_name = AUTH_COOKIE;
$scheme = 'auth';
}
$manager = WP_Session_Tokens::get_instance($user_id);
$token = $manager->create($expiration);
$auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme, $token);
$logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in', $token);
/**
* Fires immediately before the authentication cookie is set.
*
* @since 2.5.0
*
* @param string $auth_cookie Authentication cookie.
* @param int $expire Login grace period in seconds. Default 43,200 seconds, or 12 hours.
* @param int $expiration Duration in seconds the authentication cookie should be valid.
* Default 1,209,600 seconds, or 14 days.
* @param int $user_id User ID.
* @param string $scheme Authentication scheme. Values include 'auth', 'secure_auth', or 'logged_in'.
*/
do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme);
/**
* Fires immediately before the secure authentication cookie is set.
*
* @since 2.6.0
*
* @param string $logged_in_cookie The logged-in cookie.
* @param int $expire Login grace period in seconds. Default 43,200 seconds, or 12 hours.
* @param int $expiration Duration in seconds the authentication cookie should be valid.
* Default 1,209,600 seconds, or 14 days.
* @param int $user_id User ID.
* @param string $scheme Authentication scheme. Default 'logged_in'.
*/
do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in');
setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
//.........这里部分代码省略.........
示例15: test_bad_pass
/**
* @depends test_bad_user
*/
public function test_bad_pass()
{
$_SERVER['REQUEST_METHOD'] = 'GET';
$_COOKIE[AUTH_COOKIE] = wp_generate_auth_cookie(1, time() + 10);
$parts = explode('|', $_COOKIE[AUTH_COOKIE]);
$parts[$this->cookie_key_pass] = 'badpassword';
$_COOKIE[AUTH_COOKIE] = implode('|', $parts);
$expected_error = 'Cannot modify header information';
$this->expected_errors($expected_error);
$result = wp_validate_auth_cookie();
$this->assertFalse($result);
$pass = self::$lss->md5($parts[$this->cookie_key_pass]);
$this->check_fail_record($this->ip, $parts[0], $pass);
$this->assertTrue($this->were_expected_errors_found(), "Expected error not found: '{$expected_error}'");
}