function is_valid($token) { global $validargs, $failedarg; if ($token == "") { // empty token is valid too return true; } elseif (is_numeric($token)) { // numeric arguments do not harm return true; } elseif (is_sha1($token)) { // we usually apply sha1 as arguments return true; } foreach ($validargs as $va) { if ($va == $token) { return true; } } $failedarg = $token; return false; }
/** * Check if a user has a SHA1 password hash, * allows login if password hashes match, then * updates password hash to wp format. * * Hooks into check_password filter, mostly * copied from md5 upgrade function with * pluggable.php/wp_check_password * * @param string $check * @param string $password * @param string $hash * @param string $user_id * @return results of sha1 hash comparison, or $check if $password is not a SHA1 hash */ function check_sha1_password($check, $password, $hash, $user_id) { if (is_sha1($hash)) { $check = $hash == sha1($password); if ($check && $user_id) { // Rehash using new proper WP hash wp_set_password($password, $user_id); $hash = wp_hash_password($password); // Allow login return true; } else { // SHA1 hash in db, but SHA1 has of provided $password did not match. Do not allow login. // echo $password . ' did not match ' . $check; return false; } } // Not SHA1 password, so return what was passed return $check; }
function check_new_head_in_bundle($what, &$out1) { $repo = $_GET['p']; $cmd1 = "GIT_DIR=" . get_repo_path(basename($repo)) . " git bundle verify " . escapeshellarg($what) . " 2>&1 "; //echo $cmd1; $out1 = array(); $status = 1; exec($cmd1, &$out1, &$status); if ($status == 0) { foreach ($out1 as $line) { unset($d); $d = explode(" ", $line); if (is_sha1($d[0])) { if (!check_tag_in_repo($d[0])) { return true; } } } } $out1[] = "*** Error *** No new tag found in bundle!"; return false; }