wpseek.com
A WordPress-centric search engine for devs and theme authors



wp_generate_auth_cookie › WordPress Function

Since2.5.0
Deprecatedn/a
wp_generate_auth_cookie ( $user_id, $expiration, $scheme = 'auth', $token = '' )
Parameters: (4)
  • (int) $user_id User ID.
    Required: Yes
  • (int) $expiration The time the cookie expires as a UNIX timestamp.
    Required: Yes
  • (string) $scheme Optional. The cookie scheme to use: 'auth', 'secure_auth', or 'logged_in'. Default 'auth'.
    Required: No
    Default: 'auth'
  • (string) $token User's session token to use for this cookie.
    Required: No
    Default: (empty)
Returns:
  • (string) Authentication cookie contents. Empty string if user does not exist.
Defined at:
Codex:
Change Log:
  • 4.0.0

Generates authentication cookie contents.



Related Functions: wp_set_auth_cookie, wp_parse_auth_cookie, wp_clear_auth_cookie, wp_validate_auth_cookie, wp_generate_tag_cloud

Source 

function wp_generate_auth_cookie( $user_id, $expiration, $scheme = 'auth', $token = '' ) {
		$user = get_userdata( $user_id );
		if ( ! $user ) {
			return '';
		}

		if ( ! $token ) {
			$manager = WP_Session_Tokens::get_instance( $user_id );
			$token   = $manager->create( $expiration );
		}

		if ( str_starts_with( $user->user_pass, '$P$' ) || str_starts_with( $user->user_pass, '$2y$' ) ) {
			// Retain previous behaviour of phpass or vanilla bcrypt hashed passwords.
			$pass_frag = substr( $user->user_pass, 8, 4 );
		} else {
			// Otherwise, use a substring from the end of the hash to avoid dealing with potentially long hash prefixes.
			$pass_frag = substr( $user->user_pass, -4 );
		}

		$key = wp_hash( $user->user_login . '|' . $pass_frag . '|' . $expiration . '|' . $token, $scheme );

		$hash = hash_hmac( 'sha256', $user->user_login . '|' . $expiration . '|' . $token, $key );

		$cookie = $user->user_login . '|' . $expiration . '|' . $token . '|' . $hash;

		/**
		 * Filters the authentication cookie.
		 *
		 * @since 2.5.0
		 * @since 4.0.0 The `$token` parameter was added.
		 *
		 * @param string $cookie     Authentication cookie.
		 * @param int    $user_id    User ID.
		 * @param int    $expiration The time the cookie expires as a UNIX timestamp.
		 * @param string $scheme     Cookie scheme used. Accepts 'auth', 'secure_auth', or 'logged_in'.
		 * @param string $token      User's session token used.
		 */
		return apply_filters( 'auth_cookie', $cookie, $user_id, $expiration, $scheme, $token );
	}
endif;

if ( ! function_exists( 'wp_parse_auth_cookie' ) ) :
	/**
	 * Parses a cookie into its components.
	 *
	 * @since 2.7.0
	 * @since 4.0.0 The `$token` element was added to the return value.
	 *
	 * @param string $cookie Authentication cookie.
	 * @param string $scheme Optional. The cookie scheme to use: 'auth', 'secure_auth', or 'logged_in'.
	 * @return string[]|false {
	 *     Authentication cookie components. None of the components should be assumed
	 *     to be valid as they come directly from a client-provided cookie value. If
	 *     the cookie value is malformed, false is returned.
	 *
	 *     @type string $username   User's username.
	 *     @type string $expiration The time the cookie expires as a UNIX timestamp.
	 *     @type string $token      User's session token used.
	 *     @type string $hmac       The security hash for the cookie.
	 *     @type string $scheme     The cookie scheme to use.
	 * }
	 */