Skip to content

Instantly share code, notes, and snippets.

@einkoro
Last active August 29, 2015 14:00
Show Gist options
  • Save einkoro/11241098 to your computer and use it in GitHub Desktop.
Save einkoro/11241098 to your computer and use it in GitHub Desktop.
Must-use plugin for a quick and dirty work around for HHVM indexing cookies by name and overwriting WordPress's logged_in and auth cookies.
<?php
/**
* Plugin Name: WP HHVM setcookie fix
* Plugin URI: http://bitpiston.com/
* Description: Quick n dirty alternative to setcookie() to work around HHVM indexing cookies by name and overwriting multiple cookies of the same name
* Author: BitPiston Studios
* Author URI: http://bitpiston.com/
* Version: 1.0
* Licence: BSD
*/
// Quick and dirty alternative to setcookie
function qnd_setcookie($name, $value = '', $max_age = 0, $path = '', $domain = '', $secure = false, $http_only = false) {
// Fail if the headers are sent unless output buffering is enabled
$output_buffering = ini_get('output_buffering');
if ( headers_sent() && (bool) $output_buffering === false || strtolower($output_buffering) == 'off' )
return false;
// Clean up the domain if set
if ( !empty($domain) ) {
// Fix the domain to accept domains with and without 'www.'.
if ( strtolower( substr( $domain, 0, 4 ) ) == 'www.' )
$domain = substr( $domain, 4 );
// Add the dot prefix to ensure compatibility with subdomains
if ( substr( $domain, 0, 1 ) != '.' )
$domain = '.' . $domain;
// Remove port
$port = strpos( $domain, ':' );
if ( $port !== false )
$domain = substr( $domain, 0, $port );
}
// Build and set the cookie header
$cookie_header = 'Set-Cookie: ' . rawurlencode($name) . '=' . rawurlencode($value);
$cookie_header .= empty($domain) ? '' : '; Domain=' . $domain;
$cookie_header .= empty($max_age) ? '' : '; Max-Age=' . $max_age;
$cookie_header .= empty($path) ? '' : '; Path=' . $path;
$cookie_header .= ! $secure ? '' : '; Secure';
$cookie_header .= ! $http_only ? '' : '; HttpOnly';
header($cookie_header, false);
return true;
}
/**
* Sets the authentication cookies based on user ID.
*
* The $remember parameter increases the time that the cookie will be kept. The
* default the cookie is kept without remembering is two days. When $remember is
* set, the cookies will be kept for 14 days or two weeks.
*
* @since 2.5.0
*
* @param int $user_id User ID
* @param bool $remember Whether to remember the user
*/
// Modified to use qnd_setcookie
function wp_set_auth_cookie($user_id, $remember = false, $secure = '') {
if ( $remember ) {
/**
* Filter the duration of the authentication cookie expiration period.
*
* @since 2.8.0
*
* @param int $length Duration of the expiration period in seconds.
* @param int $user_id User ID.
* @param bool $remember Whether to remember the user login. Default false.
*/
$expiration = time() + apply_filters( 'auth_cookie_expiration', 14 * DAY_IN_SECONDS, $user_id, $remember );
/*
* Ensure the browser will continue to send the cookie after the expiration time is reached.
* Needed for the login grace period in wp_validate_auth_cookie().
*/
$expire = $expiration + ( 12 * HOUR_IN_SECONDS );
} else {
/** This filter is documented in wp-includes/pluggable.php */
$expiration = time() + apply_filters( 'auth_cookie_expiration', 2 * DAY_IN_SECONDS, $user_id, $remember );
$expire = 0;
}
if ( '' === $secure )
$secure = is_ssl();
/**
* Filter whether the connection is secure.
*
* @since 3.1.0
*
* @param bool $secure Whether the connection is secure.
* @param int $user_id User ID.
*/
$secure = apply_filters( 'secure_auth_cookie', $secure, $user_id );
/**
* Filter whether to use a secure cookie when logged-in.
*
* @since 3.1.0
*
* @param bool $cookie Whether to use a secure cookie when logged-in.
* @param int $user_id User ID.
* @param bool $secure Whether the connection is secure.
*/
$secure_logged_in_cookie = apply_filters( 'secure_logged_in_cookie', false, $user_id, $secure );
if ( $secure ) {
$auth_cookie_name = SECURE_AUTH_COOKIE;
$scheme = 'secure_auth';
} else {
$auth_cookie_name = AUTH_COOKIE;
$scheme = 'auth';
}
$auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme);
$logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in');
/**
* Fires immediately before the authentication cookie is set.
*
* @since 2.5.0
*
* @param string $auth_cookie Authentication cookie.
* @param int $expire Login grace period in seconds. Default 43,200 seconds, or 12 hours.
* @param int $expiration Duration in seconds the authentication cookie should be valid.
* Default 1,209,600 seconds, or 14 days.
* @param int $user_id User ID.
* @param string $scheme Authentication scheme. Values include 'auth', 'secure_auth', or 'logged_in'.
*/
do_action( 'set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme );
/**
* Fires immediately before the secure authentication cookie is set.
*
* @since 2.6.0
*
* @param string $logged_in_cookie The logged-in cookie.
* @param int $expire Login grace period in seconds. Default 43,200 seconds, or 12 hours.
* @param int $expiration Duration in seconds the authentication cookie should be valid.
* Default 1,209,600 seconds, or 14 days.
* @param int $user_id User ID.
* @param string $scheme Authentication scheme. Default 'logged_in'.
*/
do_action( 'set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in' );
qnd_setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
qnd_setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
qnd_setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
if ( COOKIEPATH != SITECOOKIEPATH )
qnd_setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
}
/**
* Removes all of the cookies associated with authentication.
*
* @since 2.5.0
*/
// Modified to use qnd_setcookie
function wp_clear_auth_cookie() {
/**
* Fires just before the authentication cookies are cleared.
*
* @since 2.7.0
*/
do_action( 'clear_auth_cookie' );
qnd_setcookie( AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, ADMIN_COOKIE_PATH, COOKIE_DOMAIN );
qnd_setcookie( SECURE_AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, ADMIN_COOKIE_PATH, COOKIE_DOMAIN );
qnd_setcookie( AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN );
qnd_setcookie( SECURE_AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN );
qnd_setcookie( LOGGED_IN_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN );
qnd_setcookie( LOGGED_IN_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN );
// Old cookies
qnd_setcookie( AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN );
qnd_setcookie( AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN );
qnd_setcookie( SECURE_AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN );
qnd_setcookie( SECURE_AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN );
// Even older cookies
qnd_setcookie( USER_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN );
qnd_setcookie( PASS_COOKIE, ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN );
qnd_setcookie( USER_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN );
qnd_setcookie( PASS_COOKIE, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN );
}
Copy link

ghost commented Jun 14, 2014

Thanks! This works for now :)

@einkoro
Copy link
Author

einkoro commented Jul 21, 2014

As of HHVM 3.2 this shouldn't be required anymore.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment