X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/48ab98cb1779cf2088c1351ac3dd3d0da6fb31d3..caeaf8dc94b5e3f75dc98ec92dc7b76049cdddb6:/wp-includes/session.php

diff --git a/wp-includes/session.php b/wp-includes/session.php
index dca4d94e..9b93d41d 100644
--- a/wp-includes/session.php
+++ b/wp-includes/session.php
@@ -61,7 +61,12 @@ abstract class WP_Session_Tokens {
 	 * @return string A hash of the session token (a verifier).
 	 */
 	final private function hash_token( $token ) {
-		return hash( 'sha256', $token );
+		// If ext/hash is not present, use sha1() instead.
+		if ( function_exists( 'hash' ) ) {
+			return hash( 'sha256', $token );
+		} else {
+			return sha1( $token );
+		}
 	}
 
 	/**
@@ -126,6 +131,19 @@ abstract class WP_Session_Tokens {
 		$session = apply_filters( 'attach_session_information', array(), $this->user_id );
 		$session['expiration'] = $expiration;
 
+		// IP address.
+		if ( !empty( $_SERVER['REMOTE_ADDR'] ) ) {
+			$session['ip'] = $_SERVER['REMOTE_ADDR'];
+		}
+
+		// User-agent.
+		if ( ! empty( $_SERVER['HTTP_USER_AGENT'] ) ) {
+			$session['ua'] = wp_unslash( $_SERVER['HTTP_USER_AGENT'] );
+		}
+
+		// Timestamp
+		$session['login'] = time();
+
 		$token = wp_generate_password( 43, false, false );
 
 		$this->update( $token, $session );
@@ -378,10 +396,6 @@ class WP_User_Meta_Session_Tokens extends WP_Session_Tokens {
 	 * @param array $sessions Sessions.
 	 */
 	protected function update_sessions( $sessions ) {
-		if ( ! has_filter( 'attach_session_information' ) ) {
-			$sessions = wp_list_pluck( $sessions, 'expiration' );
-		}
-
 		if ( $sessions ) {
 			update_user_meta( $this->user_id, 'session_tokens', $sessions );
 		} else {