[Bb-trac] Re: [bbPress] #1052: inconsistent authentication cookie value between WP 2.7.1 and BB 1.0-beta

Sun Mar 15 14:45:39 GMT 2009

#1052: inconsistent authentication cookie value between WP 2.7.1 and BB 1.0-beta
-------------------------------+--------------------------------------------
 Reporter:  Denis-de-Bernardy  |        Owner:                  
     Type:  defect             |       Status:  new             
 Priority:  normal             |    Milestone:  1.0-beta        
Component:  integration        |      Version:  1.0-beta (trunk)
 Severity:  normal             |   Resolution:                  
 Keywords:                     |  
-------------------------------+--------------------------------------------
Comment (by Denis-de-Bernardy):

 Just in case anyone else tries it, a temporary workaround is to add the
 following into the bbpress-integration plugin:


 {{{
 #
 # WP 2.8 auth functions
 #

 function wp_generate_auth_cookie($user_id, $expiration, $scheme = 'auth')
 {
         $user = get_userdata($user_id);

         $pass_frag = substr( $user->user_pass, 8, 4 );

         $key = wp_hash($user->user_login . $pass_frag . '|' . $expiration,
 $scheme);
         $hash = hash_hmac('md5', $user->user_login . '|' . $expiration,
 $key);

         $cookie = $user->user_login . '|' . $expiration . '|' . $hash;

         return apply_filters('auth_cookie', $cookie, $user_id,
 $expiration, $scheme);
 }

 function wp_validate_auth_cookie($cookie = '', $scheme = '') {
         if ( ! $cookie_elements = wp_parse_auth_cookie($cookie, $scheme) )
 {
                 do_action('auth_cookie_malformed', $cookie, $scheme);
                 return false;
         }

         extract($cookie_elements, EXTR_OVERWRITE);

         $expired = $expiration;

         // Allow a grace period for POST and AJAX requests
         if ( defined('DOING_AJAX') || 'POST' == $_SERVER['REQUEST_METHOD']
 )
                 $expired += 3600;

         // Quick check to see if an honest cookie has expired
         if ( $expired < time() ) {
                 do_action('auth_cookie_expired', $cookie_elements);
                 return false;
         }

         $user = get_userdatabylogin($username);
         if ( ! $user ) {
                 do_action('auth_cookie_bad_username', $cookie_elements);
                 return false;
         }

         $pass_frag = substr($user->user_pass, 8, 4);

         $key = wp_hash($username . $pass_frag . '|' . $expiration,
 $scheme);
         $hash = hash_hmac('md5', $username . '|' . $expiration, $key);

         if ( $hmac != $hash ) {
                 do_action('auth_cookie_bad_hash', $cookie_elements);
                 return false;
         }

         do_action('auth_cookie_valid', $cookie_elements, $user);

         return $user->ID;
 }
 }}}

-- 
Ticket URL: <http://trac.bbpress.org/ticket/1052#comment:2>
bbPress <http://bbpress.org/>
Innovative forum development