wpseek.com
A WordPress-centric search engine for devs and theme authors
wp_generate_auth_cookie › WordPress Function
Since2.5.0
Deprecatedn/a
› wp_generate_auth_cookie ( $user_id, $expiration, $scheme = 'auth', $token = '' )
Parameters: (4) |
|
Returns: |
|
Defined at: |
|
Codex: | |
Change Log: |
|
Generates authentication cookie contents.
Related Functions: wp_set_auth_cookie, wp_parse_auth_cookie, wp_clear_auth_cookie, wp_validate_auth_cookie, wp_generate_tag_cloud
Source
function wp_generate_auth_cookie( $user_id, $expiration, $scheme = 'auth', $token = '' ) {
$user = get_userdata( $user_id );
if ( ! $user ) {
return '';
}
if ( ! $token ) {
$manager = WP_Session_Tokens::get_instance( $user_id );
$token = $manager->create( $expiration );
}
if ( str_starts_with( $user->user_pass, '$P$' ) || str_starts_with( $user->user_pass, '$2y$' ) ) {
// Retain previous behaviour of phpass or vanilla bcrypt hashed passwords.
$pass_frag = substr( $user->user_pass, 8, 4 );
} else {
// Otherwise, use a substring from the end of the hash to avoid dealing with potentially long hash prefixes.
$pass_frag = substr( $user->user_pass, -4 );
}
$key = wp_hash( $user->user_login . '|' . $pass_frag . '|' . $expiration . '|' . $token, $scheme );
$hash = hash_hmac( 'sha256', $user->user_login . '|' . $expiration . '|' . $token, $key );
$cookie = $user->user_login . '|' . $expiration . '|' . $token . '|' . $hash;
/**
* Filters the authentication cookie.
*
* @since 2.5.0
* @since 4.0.0 The `$token` parameter was added.
*
* @param string $cookie Authentication cookie.
* @param int $user_id User ID.
* @param int $expiration The time the cookie expires as a UNIX timestamp.
* @param string $scheme Cookie scheme used. Accepts 'auth', 'secure_auth', or 'logged_in'.
* @param string $token User's session token used.
*/
return apply_filters( 'auth_cookie', $cookie, $user_id, $expiration, $scheme, $token );
}
endif;
if ( ! function_exists( 'wp_parse_auth_cookie' ) ) :
/**
* Parses a cookie into its components.
*
* @since 2.7.0
* @since 4.0.0 The `$token` element was added to the return value.
*
* @param string $cookie Authentication cookie.
* @param string $scheme Optional. The cookie scheme to use: 'auth', 'secure_auth', or 'logged_in'.
* @return string[]|false {
* Authentication cookie components. None of the components should be assumed
* to be valid as they come directly from a client-provided cookie value. If
* the cookie value is malformed, false is returned.
*
* @type string $username User's username.
* @type string $expiration The time the cookie expires as a UNIX timestamp.
* @type string $token User's session token used.
* @type string $hmac The security hash for the cookie.
* @type string $scheme The cookie scheme to use.
* }
*/