tott/secure-auth-cookies.php

## secure-auth-cookies.php
<?php

function sav_encrypt_cookie( $decrypted ) {
	$encrypted = mcrypt_encrypt( MCRYPT_RIJNDAEL_256, substr( AUTH_SALT, 0, 32 ), $decrypted, MCRYPT_MODE_ECB, mcrypt_create_iv( mcrypt_get_iv_size( MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB ), MCRYPT_RAND ) );
	return trim( base64_encode( $encrypted ) );
}

function sav_decrypt_cookie( $encrypted ) {
	$decrypted = mcrypt_decrypt( MCRYPT_RIJNDAEL_256, substr( AUTH_SALT, 0, 32 ), base64_decode( $encrypted ), MCRYPT_MODE_ECB, mcrypt_create_iv( mcrypt_get_iv_size( MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB ), MCRYPT_RAND ) );
	return trim( $decrypted );
}

if ( !function_exists( 'wp_generate_auth_cookie' ) ) :
	/**
	 * Generate authentication cookie contents.
	 *
	 * @since 2.5
	 * @uses apply_filters() Calls 'auth_cookie' hook on $cookie contents, User ID
	 *  and expiration of cookie.
	 *
	 * @param int     $user_id    User ID
	 * @param int     $expiration Cookie expiration in seconds
	 * @param string  $scheme     Optional. The cookie scheme to use: auth, secure_auth, or logged_in
	 * @return string Authentication cookie contents
	 */
	function wp_generate_auth_cookie( $user_id, $expiration, $scheme = 'auth' ) {
		$user = get_userdata( $user_id );

		$pass_frag = substr( $user->user_pass, 8, 4 );

		$key = wp_hash( $user->user_login . $pass_frag . '|' . $expiration, $scheme );
		$hash = hash_hmac( 'md5', $user->user_login . '|' . $expiration, $key );

		$cookie = $user->user_login . '|' . $expiration . '|' . $hash;

		$cookie = sav_encrypt_cookie( $cookie );

		return apply_filters( 'auth_cookie', $cookie, $user_id, $expiration, $scheme );
	}
endif;

if ( !function_exists( 'wp_parse_auth_cookie' ) ) :
	/**
	 * Parse a cookie into its components
	 *
	 * @since 2.7
	 *
	 * @param string  $cookie
	 * @param string  $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in
	 * @return array Authentication cookie components
	 */
	function wp_parse_auth_cookie( $cookie = '', $scheme = '' ) {
		if ( empty( $cookie ) ) {
			switch ( $scheme ) {
			case 'auth':
				$cookie_name = AUTH_COOKIE;
				break;
			case 'secure_auth':
				$cookie_name = SECURE_AUTH_COOKIE;
				break;
			case "logged_in":
				$cookie_name = LOGGED_IN_COOKIE;
				break;
			default:
				if ( is_ssl() ) {
					$cookie_name = SECURE_AUTH_COOKIE;
					$scheme = 'secure_auth';
				} else {
					$cookie_name = AUTH_COOKIE;
					$scheme = 'auth';
				}
			}

			if ( empty( $_COOKIE[$cookie_name] ) )
				return false;
			$cookie = $_COOKIE[$cookie_name];
		}

		$cookie = sav_decrypt_cookie( $cookie );
		$cookie_elements = explode( '|', $cookie );
		if ( count( $cookie_elements ) != 3 )
			return false;

		list( $username, $expiration, $hmac ) = $cookie_elements;

		return compact( 'username', 'expiration', 'hmac', 'scheme' );
	}
endif;
	<?php

	function sav_encrypt_cookie( $decrypted ) {
	$encrypted = mcrypt_encrypt( MCRYPT_RIJNDAEL_256, substr( AUTH_SALT, 0, 32 ), $decrypted, MCRYPT_MODE_ECB, mcrypt_create_iv( mcrypt_get_iv_size( MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB ), MCRYPT_RAND ) );
	return trim( base64_encode( $encrypted ) );
	}

	function sav_decrypt_cookie( $encrypted ) {
	$decrypted = mcrypt_decrypt( MCRYPT_RIJNDAEL_256, substr( AUTH_SALT, 0, 32 ), base64_decode( $encrypted ), MCRYPT_MODE_ECB, mcrypt_create_iv( mcrypt_get_iv_size( MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB ), MCRYPT_RAND ) );
	return trim( $decrypted );
	}

	if ( !function_exists( 'wp_generate_auth_cookie' ) ) :
	/**
	* Generate authentication cookie contents.
	*
	* @since 2.5
	* @uses apply_filters() Calls 'auth_cookie' hook on $cookie contents, User ID
	* and expiration of cookie.
	*
	* @param int $user_id User ID
	* @param int $expiration Cookie expiration in seconds
	* @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in
	* @return string Authentication cookie contents
	*/
	function wp_generate_auth_cookie( $user_id, $expiration, $scheme = 'auth' ) {
	$user = get_userdata( $user_id );

	$pass_frag = substr( $user->user_pass, 8, 4 );

	$key = wp_hash( $user->user_login . $pass_frag . '\|' . $expiration, $scheme );
	$hash = hash_hmac( 'md5', $user->user_login . '\|' . $expiration, $key );

	$cookie = $user->user_login . '\|' . $expiration . '\|' . $hash;

	$cookie = sav_encrypt_cookie( $cookie );

	return apply_filters( 'auth_cookie', $cookie, $user_id, $expiration, $scheme );
	}
	endif;

	if ( !function_exists( 'wp_parse_auth_cookie' ) ) :
	/**
	* Parse a cookie into its components
	*
	* @since 2.7
	*
	* @param string $cookie
	* @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in
	* @return array Authentication cookie components
	*/
	function wp_parse_auth_cookie( $cookie = '', $scheme = '' ) {
	if ( empty( $cookie ) ) {
	switch ( $scheme ) {
	case 'auth':
	$cookie_name = AUTH_COOKIE;
	break;
	case 'secure_auth':
	$cookie_name = SECURE_AUTH_COOKIE;
	break;
	case "logged_in":
	$cookie_name = LOGGED_IN_COOKIE;
	break;
	default:
	if ( is_ssl() ) {
	$cookie_name = SECURE_AUTH_COOKIE;
	$scheme = 'secure_auth';
	} else {
	$cookie_name = AUTH_COOKIE;
	$scheme = 'auth';
	}
	}

	if ( empty( $_COOKIE[$cookie_name] ) )
	return false;
	$cookie = $_COOKIE[$cookie_name];
	}

	$cookie = sav_decrypt_cookie( $cookie );
	$cookie_elements = explode( '\|', $cookie );
	if ( count( $cookie_elements ) != 3 )
	return false;

	list( $username, $expiration, $hmac ) = $cookie_elements;

	return compact( 'username', 'expiration', 'hmac', 'scheme' );
	}
	endif;