ianchanning/wp-bcrypt.php

## wp-bcrypt.php
<?php
/**
  * Plugin Name: wp-bcrypt
  * Plugin URI:  http://wordpress.org/plugins/wp-bcrypt/
  * Description: wp-bcrypt switches WordPress's password hashes from MD5 to bcrypt, making it harder for them to be brute-forced if they are leaked.
  * Author:      dxw
  * Author URI:  http://dxw.com
  * Version:     1.0.2
  * Licence:     GPL2
  *
  * For more information, consult readme.txt
  */

require_once(ABSPATH . 'wp-includes/class-phpass.php');

class WpBcrypt {
  function __construct() {
    global $wp_hasher;

    // Replace the global wp_hasher class with one that we like.
    $wp_hasher = new PasswordHash(10, false);

    // Add a filter to change passwords when people log in.
    add_filter('check_password', array($this,'check_password'), 10, 4);

    // Check if CRYPT_BLOWFISH is available. If not, warn people.
    if(!defined('CRYPT_BLOWFISH') || CRYPT_BLOWFISH == 0) {
      add_action('admin_notices', array($this, 'dep_notice'));
    }

    add_action('init', array($this, 'load_plugin_textdomain'));
  }

  /**
   * Warn people that the plugin won't do anything until they upgrade.
   */
  function dep_notice() {
    ?>
      <div class="updated"><p><?php _e("<strong>wp-bcrypt</strong> requires PHP 5.3 or newer. Your site's passwords will continue to be stored as normal until PHP is upgraded.", 'wp-bcrypt'); ?></p></div>
    <?php
  }

  /**
   * If the password check succeeded, and the hash is an old-style one, change it.
   * @param  boolean $check    If the password check succeeded
   * @param  string  $password The plain text password being checked
   * @param  string  $hash     The password hash
   * @param  integer $user_id  WP User id
   * @return boolean           $check
   */
  function check_password($check='', $password='', $hash='', $user_id='') {
    if($check && substr($hash, 0, 3) == '$P$') {
      wp_set_password($password, $user_id);
    }

    return $check;
  }

  /**
   * Try loading translations from the core languages directory and then the plugins own translations directory
   * @link http://geertdedeckere.be/article/loading-wordpress-language-files-the-right-way
   */
  function load_plugin_textdomain() {
    $domain = 'wp-bcrypt';
    $locale = apply_filters('plugin_locale', get_locale(), $domain);

    load_textdomain($domain, WP_LANG_DIR."/$domain/$domain-$locale.mo");
    load_plugin_textdomain($domain, FALSE, dirname(plugin_basename(__FILE__)).'/languages/');
  }

};

new WpBcrypt();
	<?php
	/**
	* Plugin Name: wp-bcrypt
	* Plugin URI: http://wordpress.org/plugins/wp-bcrypt/
	* Description: wp-bcrypt switches WordPress's password hashes from MD5 to bcrypt, making it harder for them to be brute-forced if they are leaked.
	* Author: dxw
	* Author URI: http://dxw.com
	* Version: 1.0.2
	* Licence: GPL2
	*
	* For more information, consult readme.txt
	*/

	require_once(ABSPATH . 'wp-includes/class-phpass.php');

	class WpBcrypt {
	function __construct() {
	global $wp_hasher;

	// Replace the global wp_hasher class with one that we like.
	$wp_hasher = new PasswordHash(10, false);

	// Add a filter to change passwords when people log in.
	add_filter('check_password', array($this,'check_password'), 10, 4);

	// Check if CRYPT_BLOWFISH is available. If not, warn people.
	if(!defined('CRYPT_BLOWFISH') \|\| CRYPT_BLOWFISH == 0) {
	add_action('admin_notices', array($this, 'dep_notice'));
	}

	add_action('init', array($this, 'load_plugin_textdomain'));
	}

	/**
	* Warn people that the plugin won't do anything until they upgrade.
	*/
	function dep_notice() {
	?>
	<div class="updated"><p><?php _e("<strong>wp-bcrypt</strong> requires PHP 5.3 or newer. Your site's passwords will continue to be stored as normal until PHP is upgraded.", 'wp-bcrypt'); ?></p></div>
	<?php
	}

	/**
	* If the password check succeeded, and the hash is an old-style one, change it.
	* @param boolean $check If the password check succeeded
	* @param string $password The plain text password being checked
	* @param string $hash The password hash
	* @param integer $user_id WP User id
	* @return boolean $check
	*/
	function check_password($check='', $password='', $hash='', $user_id='') {
	if($check && substr($hash, 0, 3) == '$P$') {
	wp_set_password($password, $user_id);
	}

	return $check;
	}

	/**
	* Try loading translations from the core languages directory and then the plugins own translations directory
	* @link http://geertdedeckere.be/article/loading-wordpress-language-files-the-right-way
	*/
	function load_plugin_textdomain() {
	$domain = 'wp-bcrypt';
	$locale = apply_filters('plugin_locale', get_locale(), $domain);

	load_textdomain($domain, WP_LANG_DIR."/$domain/$domain-$locale.mo");
	load_plugin_textdomain($domain, FALSE, dirname(plugin_basename(__FILE__)).'/languages/');
	}

	};

	new WpBcrypt();