W3cubDocs

/WordPress

WP_Recovery_Mode_Cookie_Service::recovery_mode_hash( string $data )

This function’s access is marked private. This means it is not intended for use by plugin or theme developers, only in other core functions. It is listed here for completeness.

Gets a form of wp_hash() specific to Recovery Mode.

Description

We cannot use wp_hash() because it is defined in pluggable.php which is not loaded until after plugins are loaded, which is too late to verify the recovery mode cookie.

This tries to use the AUTH salts first, but if they aren’t valid specific salts will be generated and stored.

Parameters

$data

(string) (Required) Data to hash.

Return

(string|false) The hashed $data, or false on failure.

Source

File: wp-includes/class-wp-recovery-mode-cookie-service.php

private function recovery_mode_hash( $data ) {
		if ( ! defined( 'AUTH_KEY' ) || AUTH_KEY === 'put your unique phrase here' ) {
			$auth_key = get_site_option( 'recovery_mode_auth_key' );

			if ( ! $auth_key ) {
				if ( ! function_exists( 'wp_generate_password' ) ) {
					require_once ABSPATH . WPINC . '/pluggable.php';
				}

				$auth_key = wp_generate_password( 64, true, true );
				update_site_option( 'recovery_mode_auth_key', $auth_key );
			}
		} else {
			$auth_key = AUTH_KEY;
		}

		if ( ! defined( 'AUTH_SALT' ) || AUTH_SALT === 'put your unique phrase here' || AUTH_SALT === $auth_key ) {
			$auth_salt = get_site_option( 'recovery_mode_auth_salt' );

			if ( ! $auth_salt ) {
				if ( ! function_exists( 'wp_generate_password' ) ) {
					require_once ABSPATH . WPINC . '/pluggable.php';
				}

				$auth_salt = wp_generate_password( 64, true, true );
				update_site_option( 'recovery_mode_auth_salt', $auth_salt );
			}
		} else {
			$auth_salt = AUTH_SALT;
		}

		$secret = $auth_key . $auth_salt;

		return hash_hmac( 'sha1', $data, $secret );
	}

Changelog

Version Description
5.2.0 Introduced.

© 2003–2019 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/classes/wp_recovery_mode_cookie_service/recovery_mode_hash