+ if ( empty($wp_hasher) ) {
+ require_once( ABSPATH . 'wp-includes/class-phpass.php');
+ // By default, use the portable hash from phpass
+ $wp_hasher = new PasswordHash(8, TRUE);
+ }
+
+ return $wp_hasher->HashPassword($password);
+}
+endif;
+
+if ( !function_exists('wp_check_password') ) :
+/**
+ * Checks the plaintext password against the encrypted Password.
+ *
+ * Maintains compatibility between old version and the new cookie authentication
+ * protocol using PHPass library. The $hash parameter is the encrypted password
+ * and the function compares the plain text password when encypted similarly
+ * against the already encrypted password to see if they match.
+ *
+ * For integration with other applications, this function can be overwritten to
+ * instead use the other package password checking algorithm.
+ *
+ * @since 2.5
+ * @global object $wp_hasher PHPass object used for checking the password
+ * against the $hash + $password
+ * @uses PasswordHash::CheckPassword
+ *
+ * @param string $password Plaintext user's password
+ * @param string $hash Hash of the user's password to check against.
+ * @return bool False, if the $password does not match the hashed password
+ */
+function wp_check_password($password, $hash, $user_id = '') {
+ global $wp_hasher;
+
+ // If the hash is still md5...
+ if ( strlen($hash) <= 32 ) {
+ $check = ( $hash == md5($password) );
+ if ( $check && $user_id ) {
+ // Rehash using new hash.
+ wp_set_password($password, $user_id);
+ $hash = wp_hash_password($password);
+ }
+
+ return apply_filters('check_password', $check, $password, $hash, $user_id);
+ }
+
+ // If the stored hash is longer than an MD5, presume the
+ // new style phpass portable hash.
+ if ( empty($wp_hasher) ) {
+ require_once( ABSPATH . 'wp-includes/class-phpass.php');
+ // By default, use the portable hash from phpass
+ $wp_hasher = new PasswordHash(8, TRUE);
+ }
+
+ $check = $wp_hasher->CheckPassword($password, $hash);
+
+ return apply_filters('check_password', $check, $password, $hash, $user_id);
+}
+endif;
+
+if ( !function_exists('wp_generate_password') ) :
+/**
+ * Generates a random password drawn from the defined set of characters.
+ *
+ * @since 2.5
+ *
+ * @param int $length The length of password to generate
+ * @param bool $special_chars Whether to include standard special characters
+ * @return string The random password
+ **/
+function wp_generate_password($length = 12, $special_chars = true) {
+ $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
+ if ( $special_chars )
+ $chars .= '!@#$%^&*()';
+
+ $password = '';
+ for ( $i = 0; $i < $length; $i++ )
+ $password .= substr($chars, wp_rand(0, strlen($chars) - 1), 1);
+ return $password;
+}
+endif;
+
+if ( !function_exists('wp_rand') ) :
+ /**
+ * Generates a random number
+ *
+ * @since 2.6.2
+ *
+ * @param int $min Lower limit for the generated number (optional, default is 0)
+ * @param int $max Upper limit for the generated number (optional, default is 4294967295)
+ * @return int A random number between min and max
+ */
+function wp_rand( $min = 0, $max = 0 ) {
+ global $rnd_value;
+
+ $seed = get_transient('random_seed');
+
+ // Reset $rnd_value after 14 uses
+ // 32(md5) + 40(sha1) + 40(sha1) / 8 = 14 random numbers from $rnd_value
+ if ( strlen($rnd_value) < 8 ) {
+ $rnd_value = md5( uniqid(microtime() . mt_rand(), true ) . $seed );
+ $rnd_value .= sha1($rnd_value);
+ $rnd_value .= sha1($rnd_value . $seed);
+ $seed = md5($seed . $rnd_value);
+ set_transient('random_seed', $seed);
+ }
+
+ // Take the first 8 digits for our value
+ $value = substr($rnd_value, 0, 8);
+
+ // Strip the first eight, leaving the remainder for the next call to wp_rand().
+ $rnd_value = substr($rnd_value, 8);
+
+ $value = abs(hexdec($value));
+
+ // Reduce the value to be within the min - max range
+ // 4294967295 = 0xffffffff = max random number
+ if ( $max != 0 )
+ $value = $min + (($max - $min + 1) * ($value / (4294967295 + 1)));
+
+ return abs(intval($value));
+}
+endif;
+
+if ( !function_exists('wp_set_password') ) :
+/**
+ * Updates the user's password with a new encrypted one.
+ *
+ * For integration with other applications, this function can be overwritten to
+ * instead use the other package password checking algorithm.
+ *
+ * @since 2.5
+ * @uses $wpdb WordPress database object for queries
+ * @uses wp_hash_password() Used to encrypt the user's password before passing to the database
+ *
+ * @param string $password The plaintext new user password
+ * @param int $user_id User ID
+ */
+function wp_set_password( $password, $user_id ) {
+ global $wpdb;
+
+ $hash = wp_hash_password($password);
+ $wpdb->update($wpdb->users, array('user_pass' => $hash, 'user_activation_key' => ''), array('ID' => $user_id) );
+
+ wp_cache_delete($user_id, 'users');
+}
+endif;
+
+if ( !function_exists( 'get_avatar' ) ) :
+/**
+ * Retrieve the avatar for a user who provided a user ID or email address.
+ *
+ * @since 2.5
+ * @param int|string|object $id_or_email A user ID, email address, or comment object
+ * @param int $size Size of the avatar image
+ * @param string $default URL to a default image to use if no avatar is available
+ * @param string $alt Alternate text to use in image tag. Defaults to blank
+ * @return string <img> tag for the user's avatar
+*/
+function get_avatar( $id_or_email, $size = '96', $default = '', $alt = false ) {
+ if ( ! get_option('show_avatars') )
+ return false;
+
+ if ( false === $alt)
+ $safe_alt = '';
+ else
+ $safe_alt = esc_attr( $alt );
+
+ if ( !is_numeric($size) )
+ $size = '96';
+
+ $email = '';
+ if ( is_numeric($id_or_email) ) {
+ $id = (int) $id_or_email;
+ $user = get_userdata($id);
+ if ( $user )
+ $email = $user->user_email;
+ } elseif ( is_object($id_or_email) ) {
+ if ( isset($id_or_email->comment_type) && '' != $id_or_email->comment_type && 'comment' != $id_or_email->comment_type )
+ return false; // No avatar for pingbacks or trackbacks
+
+ if ( !empty($id_or_email->user_id) ) {
+ $id = (int) $id_or_email->user_id;
+ $user = get_userdata($id);
+ if ( $user)
+ $email = $user->user_email;
+ } elseif ( !empty($id_or_email->comment_author_email) ) {
+ $email = $id_or_email->comment_author_email;
+ }
+ } else {
+ $email = $id_or_email;
+ }
+
+ if ( empty($default) ) {
+ $avatar_default = get_option('avatar_default');
+ if ( empty($avatar_default) )
+ $default = 'mystery';
+ else
+ $default = $avatar_default;
+ }
+
+ if ( is_ssl() )
+ $host = 'https://secure.gravatar.com';
+ else
+ $host = 'http://www.gravatar.com';
+
+ if ( 'mystery' == $default )
+ $default = "$host/avatar/ad516503a11cd5ca435acc9bb6523536?s={$size}"; // ad516503a11cd5ca435acc9bb6523536 == md5('unknown@gravatar.com')
+ elseif ( 'blank' == $default )
+ $default = includes_url('images/blank.gif');
+ elseif ( !empty($email) && 'gravatar_default' == $default )
+ $default = '';
+ elseif ( 'gravatar_default' == $default )
+ $default = "$host/avatar/s={$size}";
+ elseif ( empty($email) )
+ $default = "$host/avatar/?d=$default&s={$size}";
+ elseif ( strpos($default, 'http://') === 0 )
+ $default = add_query_arg( 's', $size, $default );
+
+ if ( !empty($email) ) {
+ $out = "$host/avatar/";
+ $out .= md5( strtolower( $email ) );
+ $out .= '?s='.$size;
+ $out .= '&d=' . urlencode( $default );
+
+ $rating = get_option('avatar_rating');
+ if ( !empty( $rating ) )
+ $out .= "&r={$rating}";
+
+ $avatar = "<img alt='{$safe_alt}' src='{$out}' class='avatar avatar-{$size} photo' height='{$size}' width='{$size}' />";