wp_salt
函数
wp_salt ( $scheme = 'auth' )
- 参数
-
-
(string)
$scheme
Authentication scheme (auth, secure_auth, logged_in, nonce).- Required: 否
- Default: ‘auth’
-
(string)
- 返回值
-
- (string) Salt value
- 定义位置
-
-
wp-includes/pluggable.php
, line 2389
-
wp-includes/pluggable.php
- 引入
- 2.5.0
- 弃用
- –
Returns a salt to add to hashes.
Salts are created using secret keys. Secret keys are located in two places:
in the database and in the wp-config.php file. The secret key in the database
is randomly generated and will be appended to the secret keys in wp-config.php.
The secret keys in wp-config.php should be updated to strong, random keys to maximize
security. Below is an example of how the secret key constants are defined.
Do not paste this example directly into wp-config.php. Instead, have a
{@link secret key created} just
for you.
define(‘AUTH_KEY’, ‘ Xakm
define(‘SECURE_AUTH_KEY’, ‘LzJ}op]mr|6+![P}Ak:uNdJCJZd>(Hx.-Mh#Tz)pCIU#uGEnfFz|f ;;eU%/U^O~’);
define(‘LOGGED_IN_KEY’, ‘|i|Ux`9
define(‘AUTH_SALT’, ‘eZyT)-Naw]F8CwA*VaW#q*|.)g@o}||wf~@C-YSt}(dh_r6EbI#A,y|nU2{B#JBW’);
define(‘SECURE_AUTH_SALT’, ‘!=oLUTXh,QW=H `}`L|9/^4-3 STz},T(w}W
define(‘LOGGED_IN_SALT’, ‘+XSqHc;@Q*K_b|Z?NC[3H!!EONbh.n*c(u`g~EJBf#8u#R{mUEZrozmm’);
define(‘NONCE_SALT’, ‘h`GXHhD>SLWVfg1(1(N{;.V!MoE(SfbA_ksP@&`+AycHcAV$+?@3q+rxV{%^VyKT’);
Salting passwords helps against tools which has stored hashed values of
common dictionary strings. The added values makes it harder to crack.
function wp_salt( $scheme = 'auth' ) { static $cached_salts = array(); if ( isset( $cached_salts[ $scheme ] ) ) { /** * Filters the WordPress salt. * * @since 2.5.0 * * @param string $cached_salt Cached salt for the given scheme. * @param string $scheme Authentication scheme. Values include 'auth', * 'secure_auth', 'logged_in', and 'nonce'. */ return apply_filters( 'salt', $cached_salts[ $scheme ], $scheme ); } static $duplicated_keys; if ( null === $duplicated_keys ) { $duplicated_keys = array( 'put your unique phrase here' => true, /* * translators: This string should only be translated if wp-config-sample.php is localized. * You can check the localized release package or * https://i18n.svn.wordpress.org//branches/ /dist/wp-config-sample.php */ __( 'put your unique phrase here' ) => true, ); foreach ( array( 'AUTH', 'SECURE_AUTH', 'LOGGED_IN', 'NONCE', 'SECRET' ) as $first ) { foreach ( array( 'KEY', 'SALT' ) as $second ) { if ( ! defined( "{$first}_{$second}" ) ) { continue; } $value = constant( "{$first}_{$second}" ); $duplicated_keys[ $value ] = isset( $duplicated_keys[ $value ] ); } } } $values = array( 'key' => '', 'salt' => '', ); if ( defined( 'SECRET_KEY' ) && SECRET_KEY && empty( $duplicated_keys[ SECRET_KEY ] ) ) { $values['key'] = SECRET_KEY; } if ( 'auth' === $scheme && defined( 'SECRET_SALT' ) && SECRET_SALT && empty( $duplicated_keys[ SECRET_SALT ] ) ) { $values['salt'] = SECRET_SALT; } if ( in_array( $scheme, array( 'auth', 'secure_auth', 'logged_in', 'nonce' ), true ) ) { foreach ( array( 'key', 'salt' ) as $type ) { $const = strtoupper( "{$scheme}_{$type}" ); if ( defined( $const ) && constant( $const ) && empty( $duplicated_keys[ constant( $const ) ] ) ) { $values[ $type ] = constant( $const ); } elseif ( ! $values[ $type ] ) { $values[ $type ] = get_site_option( "{$scheme}_{$type}" ); if ( ! $values[ $type ] ) { $values[ $type ] = wp_generate_password( 64, true, true ); update_site_option( "{$scheme}_{$type}", $values[ $type ] ); } } } } else { if ( ! $values['key'] ) { $values['key'] = get_site_option( 'secret_key' ); if ( ! $values['key'] ) { $values['key'] = wp_generate_password( 64, true, true ); update_site_option( 'secret_key', $values['key'] ); } } $values['salt'] = hash_hmac( 'md5', $scheme, $values['key'] ); } $cached_salts[ $scheme ] = $values['key'] . $values['salt']; /** This filter is documented in wp-includes/pluggable.php */ return apply_filters( 'salt', $cached_salts[ $scheme ], $scheme ); } endif; if ( ! function_exists( 'wp_hash' ) ) : /** * Gets hash of given string. * * @since 2.0.3 * * @param string $data Plain text to hash. * @param string $scheme Authentication scheme (auth, secure_auth, logged_in, nonce). * @return string Hash of $data. */