尝试登录时出现以下错误:
错误:由于意外输出,Cookie被阻止
我定制了wordpress的核心功能wp_hash_password() 和wp_check_password() 使用SHA1算法进行用户身份验证,而不是MD5。我在插件中修改了它们。php文件(不是最佳实践,但适合测试)。函数现在如下所示:
function wp_hash_password( $password ) {
global $wp_hasher;
if ( empty( $wp_hasher ) ) {
$wp_hasher = sha1( $password );
}
return $wp_hasher->HashPassword( trim( $password ) );;
}
function wp_check_password( $password, $hash, $user_id = \'\' ) {
global $wp_hasher;
// If the hash is still md5...
if ( strlen( $hash ) == 40 ) {
echo \'<h2>\'.$hash.\'</h2>\';
$check = hash_equals( $hash, sha1( $password ) );
if ( $check && $user_id ) {
// Rehash using new hash.
wp_set_password( $password, $user_id );
$hash = wp_hash_password( $password );
}
/**
* Filters whether the plaintext password matches the encrypted password.
*
* @since 2.5.0
*
* @param bool $check Whether the passwords match.
* @param string $password The plaintext password.
* @param string $hash The hashed password.
* @param string|int $user_id User ID. Can be empty.
*/
return apply_filters( \'check_password\', $check, $password, $hash, $user_id );
}
// If the stored hash is longer than an MD5,
// presume the new style phpass portable hash.
if ( empty( $wp_hasher ) ) {
require_once ABSPATH . WPINC . \'/class-phpass.php\';
// By default, use the portable hash from phpass.
$wp_hasher = new PasswordHash( 8, true );
}
$check = $wp_hasher->CheckPassword( $password, $hash );
/** This filter is documented in wp-includes/pluggable.php */
return apply_filters( \'check_password\', $check, $password, $hash, $user_id );
}
从密码到SHA1的转换与密码检查一样完美。我认为负责设置cookie的函数仍在使用MD5。但我无法验证,也找不到函数
有人对此有想法吗
提前感谢
