-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathwp-plugin-security.php
82 lines (72 loc) · 2.58 KB
/
wp-plugin-security.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
<?php declare(strict_types=1);
/**
* Copyright (C) 2019 CyberPear (https://www.cyberpear.co.uk) - All Rights Reserved
*
* Plugin Name: WP Security Plugin
* Description: Replaces WordPress password functions with native PHP password functions.
* Version: $_VERSION
*
* phpcs:disable SlevomatCodingStandard.TypeHints.TypeHintDeclaration.MissingReturnTypeHint
* phpcs:disable Generic.NamingConventions.CamelCapsFunctionName.NotCamelCaps
* phpcs:disable SlevomatCodingStandard.TypeHints.TypeHintDeclaration.MissingParameterTypeHint
*/
defined('ABSPATH') or die('Access denied');
use CyberPear\WpThemeSecurity\PHPPasswordHashingFeature;
use CyberPear\WpThemeSecurity\WpPluginSecurityException;
require_once __DIR__ . '/src/WpPluginSecurityException.php';
require_once __DIR__ . '/src/WPPasswordHashingFeature.php';
require_once __DIR__ . '/src/PHPPasswordHashingFeature.php';
if (function_exists('wp_hash_password') ||
function_exists('wp_check_password') ||
function_exists('wp_set_password')) {
add_action('admin_notices', function (): void {
?>
<div class="notice notice-error">
<h2>Important WP Plugin Security Notice</h2>
<p>
A password function is already defined. WP Plugin Security won't
be able to work properly, either resolve the issue (e.g. by removing the conflicting plugin)
or by removing the WP Plugin Security.
</p>
</div>
<?php
});
} else {
/**
*
* @param string $password
*
* @return string
*/
function wp_hash_password(string $password): string {
return PHPPasswordHashingFeature::getInstance()->hashPassword($password);
}
/**
*
* @param string $password
* @param string $hash
* @param string|int $userId
*
* @return bool
*/
function wp_check_password(string $password, string $hash, $userId = ''): bool {
if (empty($userId)) {
throw new WpPluginSecurityException("Missing user ID");
}
$userId = intval($userId);
return PHPPasswordHashingFeature::getInstance()->passwordCheck($password, $hash, $userId);
}
/**
*
* @param string $password
* @param string|int $userId
* @return bool
*/
function wp_set_password(string $password, $userId = ''): bool {
if (empty($userId)) {
throw new WpPluginSecurityException("Missing user ID");
}
$userId = intval($userId);
return PHPPasswordHashingFeature::getInstance()->setPassword($password, $userId);
}
}