WP_Recovery_Mode_Cookie_Service::recovery_mode_hash()privateWP 5.2.0

Gets a form of wp_hash() to Recovery Mode.

We cannot use wp_hash() it is defined in pluggable.php which is not loaded until after plugins are loaded, which is too late to verify the recovery mode cookie.

This tries to use the AUTH salts first, but if they aren't valid specific salts will be generated and stored.

Method of the class: WP_Recovery_Mode_Cookie_Service{}

No Hooks.

Return

String|false. The hashed $data, or false on failure.

Usage

// private - for code of main (parent) class only
$result = $this->recovery_mode_hash( $data );
$data(string) (required)
Data to hash.

Changelog

Since 5.2.0 Introduced.

WP_Recovery_Mode_Cookie_Service::recovery_mode_hash() code WP 6.5.4

private function recovery_mode_hash( $data ) {
	$default_keys = array_unique(
		array(
			'put your unique phrase here',
			/*
			 * translators: This string should only be translated if wp-config-sample.php is localized.
			 * You can check the localized release package or
			 * https://i18n.svn.wordpress.org/<locale code>/branches/<wp version>/dist/wp-config-sample.php
			 */
			__( 'put your unique phrase here' ),
		)
	);

	if ( ! defined( 'AUTH_KEY' ) || in_array( AUTH_KEY, $default_keys, true ) ) {
		$auth_key = get_site_option( 'recovery_mode_auth_key' );

		if ( ! $auth_key ) {
			if ( ! function_exists( 'wp_generate_password' ) ) {
				require_once ABSPATH . WPINC . '/pluggable.php';
			}

			$auth_key = wp_generate_password( 64, true, true );
			update_site_option( 'recovery_mode_auth_key', $auth_key );
		}
	} else {
		$auth_key = AUTH_KEY;
	}

	if ( ! defined( 'AUTH_SALT' ) || in_array( AUTH_SALT, $default_keys, true ) || AUTH_SALT === $auth_key ) {
		$auth_salt = get_site_option( 'recovery_mode_auth_salt' );

		if ( ! $auth_salt ) {
			if ( ! function_exists( 'wp_generate_password' ) ) {
				require_once ABSPATH . WPINC . '/pluggable.php';
			}

			$auth_salt = wp_generate_password( 64, true, true );
			update_site_option( 'recovery_mode_auth_salt', $auth_salt );
		}
	} else {
		$auth_salt = AUTH_SALT;
	}

	$secret = $auth_key . $auth_salt;

	return hash_hmac( 'sha1', $data, $secret );
}