Skip to content

Instantly share code, notes, and snippets.

@ianchanning

ianchanning/wp-bcrypt.php

Last active May 11, 2016
Embed
What would you like to do?
internationalized version of wp-bcrypt
<?php
/**
* Plugin Name: wp-bcrypt
* Plugin URI: http://wordpress.org/plugins/wp-bcrypt/
* Description: wp-bcrypt switches WordPress's password hashes from MD5 to bcrypt, making it harder for them to be brute-forced if they are leaked.
* Author: dxw
* Author URI: http://dxw.com
* Version: 1.0.2
* Licence: GPL2
*
* For more information, consult readme.txt
*/
require_once(ABSPATH . 'wp-includes/class-phpass.php');
class WpBcrypt {
function __construct() {
global $wp_hasher;
// Replace the global wp_hasher class with one that we like.
$wp_hasher = new PasswordHash(10, false);
// Add a filter to change passwords when people log in.
add_filter('check_password', array($this,'check_password'), 10, 4);
// Check if CRYPT_BLOWFISH is available. If not, warn people.
if(!defined('CRYPT_BLOWFISH') || CRYPT_BLOWFISH == 0) {
add_action('admin_notices', array($this, 'dep_notice'));
}
add_action('init', array($this, 'load_plugin_textdomain'));
}
/**
* Warn people that the plugin won't do anything until they upgrade.
*/
function dep_notice() {
?>
<div class="updated"><p><?php _e("<strong>wp-bcrypt</strong> requires PHP 5.3 or newer. Your site's passwords will continue to be stored as normal until PHP is upgraded.", 'wp-bcrypt'); ?></p></div>
<?php
}
/**
* If the password check succeeded, and the hash is an old-style one, change it.
* @param boolean $check If the password check succeeded
* @param string $password The plain text password being checked
* @param string $hash The password hash
* @param integer $user_id WP User id
* @return boolean $check
*/
function check_password($check='', $password='', $hash='', $user_id='') {
if($check && substr($hash, 0, 3) == '$P$') {
wp_set_password($password, $user_id);
}
return $check;
}
/**
* Try loading translations from the core languages directory and then the plugins own translations directory
* @link http://geertdedeckere.be/article/loading-wordpress-language-files-the-right-way
*/
function load_plugin_textdomain() {
$domain = 'wp-bcrypt';
$locale = apply_filters('plugin_locale', get_locale(), $domain);
load_textdomain($domain, WP_LANG_DIR."/$domain/$domain-$locale.mo");
load_plugin_textdomain($domain, FALSE, dirname(plugin_basename(__FILE__)).'/languages/');
}
};
new WpBcrypt();
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment