Gets a form of wp_hash() specific to Recovery Mode.
We cannot use wp_hash() because it is defined in pluggable.php which is not loaded until after plugins are loaded, which is too late to verify the recovery mode cookie.
This tries to use the AUTH salts first, but if they aren’t valid specific salts will be generated and stored.
$datastringrequired
private function recovery_mode_hash( $data ) {
$default_keys = array_unique(
array(
'put your unique phrase here',
/*
* translators: This string should only be translated if wp-config-sample.php is localized.
* You can check the localized release package or
* https://i18n.svn.wordpress.org/<locale code>/branches/<wp version>/dist/wp-config-sample.php
*/
__( 'put your unique phrase here' ),
)
);
if ( ! defined( 'AUTH_KEY' ) || in_array( AUTH_KEY, $default_keys, true ) ) {
$auth_key = get_site_option( 'recovery_mode_auth_key' );
if ( ! $auth_key ) {
if ( ! function_exists( 'wp_generate_password' ) ) {
require_once ABSPATH . WPINC . '/pluggable.php';
}
$auth_key = wp_generate_password( 64, true, true );
update_site_option( 'recovery_mode_auth_key', $auth_key );
}
} else {
$auth_key = AUTH_KEY;
}
if ( ! defined( 'AUTH_SALT' ) || in_array( AUTH_SALT, $default_keys, true ) || AUTH_SALT === $auth_key ) {
$auth_salt = get_site_option( 'recovery_mode_auth_salt' );
if ( ! $auth_salt ) {
if ( ! function_exists( 'wp_generate_password' ) ) {
require_once ABSPATH . WPINC . '/pluggable.php';
}
$auth_salt = wp_generate_password( 64, true, true );
update_site_option( 'recovery_mode_auth_salt', $auth_salt );
}
} else {
$auth_salt = AUTH_SALT;
}
$secret = $auth_key . $auth_salt;
return hash_hmac( 'sha1', $data, $secret );
}
| Version | Description |
|---|---|
| 5.2.0 | Introduced. |
© 2003–2024 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/classes/wp_recovery_mode_cookie_service/recovery_mode_hash