Last active
August 29, 2015 14:02
-
-
Save scotto/578be8fca3bea4c9b214 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* Check if a user has a SHA1 password hash, allows login if password hashes match, then updates password hash to wp format | |
* | |
* This is a slight modification of https://gist.github.com/maxrice/3203636 | |
* | |
* Hooks into check_password filter, mostly copied from md5 upgrade function with pluggable.php/wp_check_password | |
* | |
* @param string $check | |
* @param string $password | |
* @param string $hash | |
* @param string $user_id | |
* @return results of sha1 hash comparison, or $check if $password is not a SHA1 hash | |
*/ | |
function check_osqa_sha1_password( $check, $password, $hash, $user_id ) { | |
if( is_osqa_sha1( $hash ) ) { | |
$hashparts = explode ( '$', $hash ); | |
$salt = $hashparts[1]; | |
$check = ( $hashparts[2] == sha1( $salt . $password ) ); | |
if ( $check && $user_id ) { | |
// Rehash using new proper WP hash | |
wp_set_password( $password, $user_id ); | |
$hash = wp_hash_password( $password ); | |
// Allow login | |
return true; | |
} else { | |
// SHA1 hash in db, but SHA1 has of provided $password did not match. Do not allow login. | |
return false; | |
} | |
} | |
//not SHA1 password, so return what was passed | |
return $check; | |
} | |
/** | |
* Check if provided string is a SHA1 hash | |
*/ | |
function is_osqa_sha1( $str ) { | |
return ( bool ) preg_match( '/^sha1\$[0-9a-f]{5}\$.*$/i', $str ); | |
} | |
// check if hashed password is SHA1 and update as necessary, see function comments | |
add_filter( 'check_password', 'check_osqa_sha1_password', 10, 4 ); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment