+/**
+ * Get hash of given string.
+ *
+ * @since 2.0.3
+ * @uses wp_salt() Get WordPress salt
+ *
+ * @param string $data Plain text to hash
+ * @return string Hash of $data
+ */
+function wp_hash($data, $scheme = 'auth') {
+ $salt = wp_salt($scheme);
+
+ return hash_hmac('md5', $data, $salt);
+}
+endif;
+
+if ( !function_exists('wp_hash_password') ) :
+/**
+ * Create a hash (encrypt) of a plain text password.
+ *
+ * For integration with other applications, this function can be overwritten to
+ * instead use the other package password checking algorithm.
+ *
+ * @since 2.5
+ * @global object $wp_hasher PHPass object
+ * @uses PasswordHash::HashPassword
+ *
+ * @param string $password Plain text user password to hash
+ * @return string The hash string of the password
+ */
+function wp_hash_password($password) {
+ global $wp_hasher;
+
+ if ( empty($wp_hasher) ) {
+ require_once( ABSPATH . 'wp-includes/class-phpass.php');
+ // By default, use the portable hash from phpass
+ $wp_hasher = new PasswordHash(8, true);
+ }
+
+ return $wp_hasher->HashPassword( trim( $password ) );
+}
+endif;
+
+if ( !function_exists('wp_check_password') ) :
+/**
+ * Checks the plaintext password against the encrypted Password.
+ *
+ * Maintains compatibility between old version and the new cookie authentication
+ * protocol using PHPass library. The $hash parameter is the encrypted password
+ * and the function compares the plain text password when encrypted similarly
+ * against the already encrypted password to see if they match.
+ *
+ * For integration with other applications, this function can be overwritten to
+ * instead use the other package password checking algorithm.
+ *
+ * @since 2.5
+ * @global object $wp_hasher PHPass object used for checking the password
+ * against the $hash + $password
+ * @uses PasswordHash::CheckPassword
+ *
+ * @param string $password Plaintext user's password
+ * @param string $hash Hash of the user's password to check against.
+ * @return bool False, if the $password does not match the hashed password
+ */
+function wp_check_password($password, $hash, $user_id = '') {
+ global $wp_hasher;
+
+ // If the hash is still md5...
+ if ( strlen($hash) <= 32 ) {
+ $check = ( $hash == md5($password) );
+ if ( $check && $user_id ) {
+ // Rehash using new hash.
+ wp_set_password($password, $user_id);
+ $hash = wp_hash_password($password);
+ }
+
+ return apply_filters('check_password', $check, $password, $hash, $user_id);
+ }
+
+ // If the stored hash is longer than an MD5, presume the
+ // new style phpass portable hash.
+ if ( empty($wp_hasher) ) {
+ require_once( ABSPATH . 'wp-includes/class-phpass.php');
+ // By default, use the portable hash from phpass
+ $wp_hasher = new PasswordHash(8, true);
+ }
+
+ $check = $wp_hasher->CheckPassword($password, $hash);
+
+ return apply_filters('check_password', $check, $password, $hash, $user_id);
+}
+endif;
+
+if ( !function_exists('wp_generate_password') ) :
+/**
+ * Generates a random password drawn from the defined set of characters.
+ *
+ * @since 2.5
+ *
+ * @param int $length The length of password to generate
+ * @param bool $special_chars Whether to include standard special characters. Default true.
+ * @param bool $extra_special_chars Whether to include other special characters. Used when
+ * generating secret keys and salts. Default false.
+ * @return string The random password
+ **/
+function wp_generate_password( $length = 12, $special_chars = true, $extra_special_chars = false ) {
+ $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
+ if ( $special_chars )
+ $chars .= '!@#$%^&*()';
+ if ( $extra_special_chars )
+ $chars .= '-_ []{}<>~`+=,.;:/?|';
+
+ $password = '';
+ for ( $i = 0; $i < $length; $i++ ) {
+ $password .= substr($chars, wp_rand(0, strlen($chars) - 1), 1);
+ }
+
+ // random_password filter was previously in random_password function which was deprecated
+ return apply_filters('random_password', $password);
+}
+endif;
+
+if ( !function_exists('wp_rand') ) :
+/**
+ * Generates a random number
+ *
+ * @since 2.6.2
+ *
+ * @param int $min Lower limit for the generated number
+ * @param int $max Upper limit for the generated number
+ * @return int A random number between min and max
+ */
+function wp_rand( $min = 0, $max = 0 ) {
+ global $rnd_value;
+
+ // Reset $rnd_value after 14 uses
+ // 32(md5) + 40(sha1) + 40(sha1) / 8 = 14 random numbers from $rnd_value
+ if ( strlen($rnd_value) < 8 ) {
+ if ( defined( 'WP_SETUP_CONFIG' ) )
+ static $seed = '';
+ else
+ $seed = get_transient('random_seed');
+ $rnd_value = md5( uniqid(microtime() . mt_rand(), true ) . $seed );
+ $rnd_value .= sha1($rnd_value);
+ $rnd_value .= sha1($rnd_value . $seed);
+ $seed = md5($seed . $rnd_value);
+ if ( ! defined( 'WP_SETUP_CONFIG' ) )
+ set_transient('random_seed', $seed);
+ }
+
+ // Take the first 8 digits for our value
+ $value = substr($rnd_value, 0, 8);
+
+ // Strip the first eight, leaving the remainder for the next call to wp_rand().
+ $rnd_value = substr($rnd_value, 8);
+
+ $value = abs(hexdec($value));
+
+ // Some misconfigured 32bit environments (Entropy PHP, for example) truncate integers larger than PHP_INT_MAX to PHP_INT_MAX rather than overflowing them to floats.
+ $max_random_number = 3000000000 === 2147483647 ? (float) "4294967295" : 4294967295; // 4294967295 = 0xffffffff