* @return string A hash of the session token (a verifier).
*/
final private function hash_token( $token ) {
- return hash( 'sha256', $token );
+ // If ext/hash is not present, use sha1() instead.
+ if ( function_exists( 'hash' ) ) {
+ return hash( 'sha256', $token );
+ } else {
+ return sha1( $token );
+ }
}
/**
$session = apply_filters( 'attach_session_information', array(), $this->user_id );
$session['expiration'] = $expiration;
+ // IP address.
+ if ( !empty( $_SERVER['REMOTE_ADDR'] ) ) {
+ $session['ip'] = $_SERVER['REMOTE_ADDR'];
+ }
+
+ // User-agent.
+ if ( ! empty( $_SERVER['HTTP_USER_AGENT'] ) ) {
+ $session['ua'] = wp_unslash( $_SERVER['HTTP_USER_AGENT'] );
+ }
+
+ // Timestamp
+ $session['login'] = time();
+
$token = wp_generate_password( 43, false, false );
$this->update( $token, $session );
* @param array $sessions Sessions.
*/
protected function update_sessions( $sessions ) {
- if ( ! has_filter( 'attach_session_information' ) ) {
- $sessions = wp_list_pluck( $sessions, 'expiration' );
- }
-
if ( $sessions ) {
update_user_meta( $this->user_id, 'session_tokens', $sessions );
} else {
* @static
*/
public static function drop_sessions() {
- delete_metadata( 'user', false, 'session_tokens', false, true );
+ delete_metadata( 'user', 0, 'session_tokens', false, true );
}
}
scripts.mit.edu / autoinstalls / wordpress.git / blobdiff