Advertisements

wp_validate_auth_cookie

Definition:
function wp_validate_auth_cookie($cookie = '', $scheme = '') {}

Validates authentication cookie.
The checks include making sure that the authentication cookie is set and pulling in the contents (if $cookie is not used).

Parameters

  • string $cookie: Optional. If used, will validate contents instead of cookie’s
  • string $scheme: Optional. The cookie scheme to use: auth, secure_auth, or logged_in

Return values

returns:False if invalid cookie, User ID if valid.

Defined actions

  • auth_cookie_malformed
    do_action('auth_cookie_malformed', $cookie, $scheme);
  • auth_cookie_expired
    do_action('auth_cookie_expired', $cookie_elements);
  • auth_cookie_bad_username
    do_action('auth_cookie_bad_username', $cookie_elements);
  • auth_cookie_bad_hash
    do_action('auth_cookie_bad_hash', $cookie_elements);
  • auth_cookie_valid
    do_action('auth_cookie_valid', $cookie_elements, $user);

Source code

function wp_validate_auth_cookie($cookie = '', $scheme = '') {

	if ( ! $cookie_elements = wp_parse_auth_cookie($cookie, $scheme) ) {

		do_action('auth_cookie_malformed', $cookie, $scheme);

		return false;

	}



	extract($cookie_elements, EXTR_OVERWRITE);



	$expired = $expiration;



	// Allow a grace period for POST and AJAX requests

	if ( defined('DOING_AJAX') || 'POST' == $_SERVER['REQUEST_METHOD'] )

		$expired += 3600;



	// Quick check to see if an honest cookie has expired

	if ( $expired < time() ) {

		do_action('auth_cookie_expired', $cookie_elements);

		return false;

	}



	$user = get_user_by('login', $username);

	if ( ! $user ) {

		do_action('auth_cookie_bad_username', $cookie_elements);

		return false;

	}



	$pass_frag = substr($user->user_pass, 8, 4);



	$key = wp_hash($username . $pass_frag . '|' . $expiration, $scheme);

	$hash = hash_hmac('md5', $username . '|' . $expiration, $key);



	if ( $hmac != $hash ) {

		do_action('auth_cookie_bad_hash', $cookie_elements);

		return false;

	}



	if ( $expiration < time() ) // AJAX/POST grace period set above

		$GLOBALS['login_grace_period'] = 1;



	do_action('auth_cookie_valid', $cookie_elements, $user);



	return $user->ID;

}

4255

Advertisements

No comments yet... Be the first to leave a reply!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: