public function generate_auth_cookie($args)
 {
     /**
      * @var $nonce
      * @var $username
      * @var $password
      *
      */
     extract($args);
     if (!wp_verify_nonce($nonce, 'auth_gmapp')) {
         return array('error' => array('code' => 'nononce', 'message' => "Something goes wrong (nonce error)... try again."));
     }
     if (!$username) {
         return array('error' => array('code' => 'nologin', 'message' => "You must include a 'username' var in your request."));
     }
     if (!$password) {
         return array('error' => array('code' => 'nopassword', 'message' => "You must include a 'password' var in your request."));
     }
     $user = wp_authenticate($username, $password);
     if (is_wp_error($user)) {
         remove_action('wp_login_failed', $username);
         return array('error' => array('code' => 'passerror', 'message' => "Invalid username and/or password."));
     }
     $expiration = time() + apply_filters('auth_cookie_expiration', 1209600, $user->ID, true);
     $cookie = wp_generate_auth_cookie($user->ID, $expiration, 'logged_in');
     preg_match('|src="(.+?)"|', get_avatar($user->ID, 32), $avatar);
     if (!isset($avatar[1])) {
         $avatar[1] = '';
     }
     return array("cookie" => $cookie, "user" => array("id" => $user->ID, "username" => $user->user_login, "nicename" => $user->user_nicename, "email" => $user->user_email, "url" => $user->user_url, "registered" => $user->user_registered, "displayname" => $user->display_name, "firstname" => $user->user_firstname, "lastname" => $user->last_name, "nickname" => $user->nickname, "description" => $user->user_description, "capabilities" => $user->wp_capabilities, "avatar" => $avatar[1]));
 }

 public function generate_auth_cookie()
 {
     global $json_api;
     if (!$json_api->query->username) {
         $json_api->error("You must include a 'username' var in your request.");
     }
     if (!$json_api->query->password) {
         $json_api->error("You must include a 'password' var in your request.");
     }
     if ($json_api->query->seconds) {
         $seconds = (int) $json_api->query->seconds;
     } else {
         $seconds = 1209600;
     }
     //14 days
     $user = wp_authenticate($json_api->query->username, $json_api->query->password);
     if (is_wp_error($user)) {
         $json_api->error("Invalid username and/or password.", 'error', '401');
         remove_action('wp_login_failed', $json_api->query->username);
     }
     $expiration = time() + apply_filters('auth_cookie_expiration', $seconds, $user->ID, true);
     $cookie = wp_generate_auth_cookie($user->ID, $expiration, 'logged_in');
     preg_match('|src="(.+?)"|', get_avatar($user->ID, 32), $avatar);
     return array("cookie" => $cookie, "cookie_name" => LOGGED_IN_COOKIE, "user" => array("id" => $user->ID, "username" => $user->user_login, "nicename" => $user->user_nicename, "email" => $user->user_email, "url" => $user->user_url, "registered" => $user->user_registered, "displayname" => $user->display_name, "firstname" => $user->user_firstname, "lastname" => $user->last_name, "nickname" => $user->nickname, "description" => $user->user_description, "capabilities" => $user->wp_capabilities, "avatar" => $avatar[1]));
 }

 function test_auth_cookie_scheme()
 {
     // arbitrary scheme name
     $cookie = wp_generate_auth_cookie(self::$user_id, time() + 3600, 'foo');
     $this->assertEquals(self::$user_id, wp_validate_auth_cookie($cookie, 'foo'));
     // wrong scheme name - should fail
     $cookie = wp_generate_auth_cookie(self::$user_id, time() + 3600, 'foo');
     $this->assertEquals(false, wp_validate_auth_cookie($cookie, 'bar'));
 }

 /**
  * Sets the authentication cookies based User ID.
  *
  * The $remember parameter increases the time that the cookie will be kept. The
  * default the cookie is kept without remembering is two days. When $remember is
  * set, the cookies will be kept for 14 days or two weeks.
  *
  * @since 2.5
  *
  * @param int $user_id User ID
  * @param bool $remember Whether to remember the user
  */
 function wp_set_auth_cookie($user_id, $remember = false, $secure = '')
 {
     if ($remember) {
         $expiration = $expire = time() + apply_filters('auth_cookie_expiration', 1209600, $user_id, $remember);
     } else {
         $expiration = time() + apply_filters('auth_cookie_expiration', 172800, $user_id, $remember);
         $expire = 0;
     }
     if ('' === $secure) {
         $secure = is_ssl();
     }
     if ($secure) {
         $auth_cookie_name = SECURE_AUTH_COOKIE;
         $scheme = 'secure_auth';
     } else {
         $auth_cookie_name = AUTH_COOKIE;
         $scheme = 'auth';
     }
     $auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme);
     $logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in');
     do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme);
     do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in');
     $subdomain = get_option('rootcookie_subdomain');
     $rootcookie_subdomain_manual = get_option('rootcookie_subdomain_manual');
     if ($subdomain == 1) {
         # Use Scotts implementation
         $info = get_bloginfo('url');
         $info = parse_url($info);
         $info = $info['host'];
         $exp = explode('.', $info);
         if (count($exp) == 3) {
             $domain = '.' . $exp[1] . '.' . $exp[2];
         } elseif (count($exp) == 2) {
             $domain = '.' . $info;
         } elseif (3 < count($exp)) {
             $exp = array_reverse($exp);
             $domain = '.' . $exp[1] . '.' . $exp[0];
         } else {
             $domain = COOKIE_DOMAIN;
         }
     } elseif (!is_null($rootcookie_subdomain_manual)) {
         # Use manual domain name setting
         $domain = $rootcookie_subdomain_manual;
     } else {
         # Default
         $domain = COOKIE_DOMAIN;
     }
     setcookie($auth_cookie_name, $auth_cookie, $expire, ROOT_COOKIE, $domain, $secure, true);
     /** Duplicate of above - Created by Find & Replace
     	setcookie($auth_cookie_name, $auth_cookie, $expire, ROOT_COOKIE, $domain, $secure, true);
     	 **/
     setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, ROOT_COOKIE, $domain, $secure_logged_in_cookie, true);
     if (COOKIEPATH != SITECOOKIEPATH) {
         setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
     }
 }

 public function ajax_on()
 {
     if (!current_user_can('view_query_monitor') or !check_ajax_referer('qm-auth-on', 'nonce', false)) {
         wp_send_json_error(__('Could not set authentication cookie.', 'query-monitor'));
     }
     $expiration = time() + 2 * DAY_IN_SECONDS;
     $secure = self::secure_cookie();
     $cookie = wp_generate_auth_cookie(get_current_user_id(), $expiration, 'logged_in');
     setcookie(QM_COOKIE, $cookie, $expiration, COOKIEPATH, COOKIE_DOMAIN, $secure, false);
     $text = __('Authentication cookie set. You can now view Query Monitor output while logged out or while logged in as a different user.', 'query-monitor');
     wp_send_json_success($text);
 }

 public function generate_auth_cookie()
 {
     global $json_api;
     $nonce_id = $json_api->get_nonce_id('auth', 'generate_auth_cookie');
     if (!wp_verify_nonce($json_api->query->nonce, $nonce_id)) {
         $json_api->error("Your 'nonce' value was incorrect. Use the 'get_nonce' API method.");
     }
     if (!$json_api->query->username) {
         $json_api->error("You must include a 'username' var in your request.");
     }
     if (!$json_api->query->password) {
         $json_api->error("You must include a 'password' var in your request.");
     }
     $user = wp_authenticate($json_api->query->username, $json_api->query->password);
     if (is_wp_error($user)) {
         $json_api->error("Invalid username and/or password.", 'error', '401');
         remove_action('wp_login_failed', $json_api->query->username);
     }
     $expiration = time() + apply_filters('auth_cookie_expiration', 1209600, $user->ID, true);
     $cookie = wp_generate_auth_cookie($user->ID, $expiration, 'logged_in');
     return array("cookie" => $cookie, "user" => array("id" => $user->ID, "username" => $user->user_login, "nicename" => $user->user_nicename, "email" => $user->user_email, "url" => $user->user_url, "registered" => $user->user_registered, "displayname" => $user->display_name, "firstname" => $user->user_firstname, "lastname" => $user->last_name, "nickname" => $user->nickname, "description" => $user->user_description, "capabilities" => $user->wp_capabilities));
 }

 function testOldUserCookieAuthentication()
 {
     $admin = $this->testers['admin'];
     $editor = $this->testers['editor'];
     $expiry = time() + 172800;
     // A valid authentication cookie should pass authentication:
     $auth_cookie = wp_generate_auth_cookie($editor->ID, $expiry, 'auth');
     $_COOKIE[USER_SWITCHING_COOKIE] = json_encode(array($auth_cookie));
     $this->assertTrue(user_switching::authenticate_old_user($editor));
     $this->assertFalse(user_switching::authenticate_old_user($admin));
     // An expired but otherwise valid authentication cookie should not pass authentication:
     $auth_cookie = wp_generate_auth_cookie($editor->ID, time() - 1000, 'auth');
     $_COOKIE[USER_SWITCHING_COOKIE] = json_encode(array($auth_cookie));
     $this->assertFalse(user_switching::authenticate_old_user($editor));
     $this->assertFalse(user_switching::authenticate_old_user($admin));
     // A valid authentication cookie with the incorrect scheme should not pass authentication:
     $logged_in_cookie = wp_generate_auth_cookie($editor->ID, $expiry, 'logged_in');
     $_COOKIE[USER_SWITCHING_COOKIE] = json_encode(array($logged_in_cookie));
     $this->assertFalse(user_switching::authenticate_old_user($editor));
     $this->assertFalse(user_switching::authenticate_old_user($admin));
     $logged_in_cookie = wp_generate_auth_cookie($editor->ID, $expiry, 'secure_auth');
     $_COOKIE[USER_SWITCHING_COOKIE] = json_encode(array($logged_in_cookie));
     $this->assertFalse(user_switching::authenticate_old_user($editor));
     $this->assertFalse(user_switching::authenticate_old_user($admin));
     // A malformed cookie should not pass authentication and not trigger any PHP errors:
     $_COOKIE[USER_SWITCHING_COOKIE] = 'hello';
     $this->assertFalse(user_switching::authenticate_old_user($editor));
     $this->assertFalse(user_switching::authenticate_old_user($admin));
     // A non-JSON-encoded cookie should not pass authentication and not trigger any PHP errors:
     $auth_cookie = wp_generate_auth_cookie($editor->ID, $expiry, 'auth');
     $_COOKIE[USER_SWITCHING_COOKIE] = $auth_cookie;
     $this->assertFalse(user_switching::authenticate_old_user($editor));
     $this->assertFalse(user_switching::authenticate_old_user($admin));
     // No cookie should not pass authentication and not trigger any PHP errors:
     unset($_COOKIE[USER_SWITCHING_COOKIE]);
     $this->assertFalse(user_switching::authenticate_old_user($editor));
     $this->assertFalse(user_switching::authenticate_old_user($admin));
 }

/**
 * Sets the authentication cookies based User ID.
 *
 * The $remember parameter increases the time that the cookie will be kept. The
 * default the cookie is kept without remembering is two days. When $remember is
 * set, the cookies will be kept for 14 days or two weeks.
 *
 * @since 2.5
 *
 * @param int $user_id User ID
 * @param bool $remember Whether to remember the user
 */
function wp_set_auth_cookie($user_id, $remember = false, $secure = '') {
	if ( $remember ) {
		$expiration = time() + apply_filters('auth_cookie_expiration', 14 * DAY_IN_SECONDS, $user_id, $remember);
		// Ensure the browser will continue to send the cookie after the expiration time is reached.
		// Needed for the login grace period in wp_validate_auth_cookie().
		$expire = $expiration + ( 12 * HOUR_IN_SECONDS );
	} else {
		$expiration = time() + apply_filters('auth_cookie_expiration', 2 * DAY_IN_SECONDS, $user_id, $remember);
		$expire = 0;
	}

	if ( '' === $secure )
		$secure = is_ssl();

	$secure = apply_filters('secure_auth_cookie', $secure, $user_id);
	$secure_logged_in_cookie = apply_filters('secure_logged_in_cookie', false, $user_id, $secure);

	if ( $secure ) {
		$auth_cookie_name = SECURE_AUTH_COOKIE;
		$scheme = 'secure_auth';
	} else {
		$auth_cookie_name = AUTH_COOKIE;
		$scheme = 'auth';
	}

	$auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme);
	$logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in');

	do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme);
	do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in');

	setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
	setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
	setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
	if ( COOKIEPATH != SITECOOKIEPATH )
		setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
}

 /**
  * Set the $_COOKIE values for our custom authentication
  *
  * Certain areas of WordPress use the $_COOKIE value directly rather than
  * passing through the authentication filter, so we need to work
  * around this.
  *
  * @param int $user_id
  */
 protected static function set_fake_cookies($user_id)
 {
     $expiration = time() + apply_filters('auth_cookie_expiration', self::COOKIE_AGE * DAY_IN_SECONDS, $user_id, false);
     $expire = 0;
     $secure = apply_filters('secure_auth_cookie', is_ssl(), $user_id);
     $secure_logged_in_cookie = apply_filters('secure_logged_in_cookie', false, $user_id, $secure);
     if ($secure) {
         $auth_cookie_name = SECURE_AUTH_COOKIE;
         $scheme = 'secure_auth';
     } else {
         $auth_cookie_name = AUTH_COOKIE;
         $scheme = 'auth';
     }
     $auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme);
     $logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in');
     if (!isset($_COOKIE[$auth_cookie_name])) {
         $_COOKIE[$auth_cookie_name] = $auth_cookie;
     }
     if (!isset($_COOKIE[LOGGED_IN_COOKIE])) {
         $_COOKIE[LOGGED_IN_COOKIE] = $logged_in_cookie;
     }
 }

 /**
  * Sets the authentication cookies based User ID.
  *
  * The $remember parameter increases the time that the cookie will be kept. The
  * default the cookie is kept without remembering is two days. When $remember is
  * set, the cookies will be kept for 14 days or two weeks.
  *
  * @since 2.5
  *
  * @param int $user_id User ID
  * @param bool $remember Whether to remember the user or not
  */
 function wp_set_auth_cookie($user_id, $remember = false, $secure = '')
 {
     if ($remember) {
         $expiration = $expire = time() + 1209600;
     } else {
         $expiration = time() + 172800;
         $expire = 0;
     }
     if ('' === $secure) {
         $secure = is_ssl() ? true : false;
     }
     if ($secure) {
         $auth_cookie_name = SECURE_AUTH_COOKIE;
         $scheme = 'secure_auth';
     } else {
         $auth_cookie_name = AUTH_COOKIE;
         $scheme = 'auth';
     }
     $auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme);
     $logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in');
     do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme);
     do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in');
     // Set httponly if the php version is >= 5.2.0
     if (version_compare(phpversion(), '5.2.0', 'ge')) {
         setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
         setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
         setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, false, true);
         if (COOKIEPATH != SITECOOKIEPATH) {
             setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, false, true);
         }
     } else {
         $cookie_domain = COOKIE_DOMAIN;
         if (!empty($cookie_domain)) {
             $cookie_domain .= '; HttpOnly';
         }
         setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, $cookie_domain, $secure);
         setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, $cookie_domain, $secure);
         setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, $cookie_domain);
         if (COOKIEPATH != SITECOOKIEPATH) {
             setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, $cookie_domain);
         }
     }
 }

 /**
  * Sets the authentication cookies based User ID.
  * Override for WordPress' pluggable function wp_set_auth_cookie
  *
  * The $remember parameter increases the time that the cookie will be kept. The
  * default the cookie is kept without remembering is two days. When $remember is
  * set, the cookies will be kept for 14 days or two weeks.
  *
  * @param int $user_id User ID
  * @param bool $remember Whether to remember the user or not
  * @param bool $secure Whether or not cookie is secure
  */
 function wp_set_auth_cookie($user_id, $remember = false, $secure = '')
 {
     if ($remember) {
         $expiration = $expire = time() + apply_filters('auth_cookie_expiration', 1209600, $user_id, $remember);
     } else {
         $expiration = time() + apply_filters('auth_cookie_expiration', 172800, $user_id, $remember);
         $expire = 0;
     }
     if ($secure === '') {
         $secure = $this->is_ssl() ? true : false;
     }
     if ($secure) {
         $auth_cookie_name = SECURE_AUTH_COOKIE;
         $scheme = 'secure_auth';
     } else {
         $auth_cookie_name = AUTH_COOKIE;
         $scheme = 'auth';
     }
     $auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme);
     $logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in');
     do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme);
     do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in');
     // Cookie paths defined to accomodate Shared SSL
     $cookie_domain = '.' . parse_url($this->https_url, PHP_URL_HOST);
     $cookie_path = rtrim(parse_url($this->https_url, PHP_URL_PATH), '/') . COOKIEPATH;
     $cookie_path_site = rtrim(parse_url($this->https_url, PHP_URL_PATH), '/') . SITECOOKIEPATH;
     $cookie_path_plugins = rtrim(parse_url($this->https_url, PHP_URL_PATH), '/') . PLUGINS_COOKIE_PATH;
     $cookie_path_admin = $cookie_path_site . 'wp-admin';
     if ($this->shared_ssl && $this->is_ssl()) {
         setcookie($auth_cookie_name, $auth_cookie, $expire, $cookie_path_plugins, $cookie_domain, $secure, true);
         setcookie($auth_cookie_name, $auth_cookie, $expire, $cookie_path_admin, $cookie_domain, $secure, true);
         setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, $cookie_path, $cookie_domain, false, true);
         if ($cookie_path != $cookie_path_site) {
             setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, $cookie_path_site, $cookie_domain, false, true);
         }
     } else {
         setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
         setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
         setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
         if (COOKIEPATH != SITECOOKIEPATH) {
             setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
         }
     }
 }

 /**
  * Sets authorisation cookies containing the originating user information.
  *
  * @param int  $old_user_id The ID of the originating user, usually the current logged in user.
  * @param bool $pop         Optional. Pop the latest user off the auth cookie, instead of appending the new one. Default false.
  */
 function user_switching_set_olduser_cookie($old_user_id, $pop = false)
 {
     $secure_auth_cookie = user_switching::secure_auth_cookie();
     $secure_olduser_cookie = user_switching::secure_olduser_cookie();
     $expiration = time() + 172800;
     # 48 hours
     $auth_cookie = user_switching_get_auth_cookie();
     $olduser_cookie = wp_generate_auth_cookie($old_user_id, $expiration, 'logged_in');
     if ($secure_auth_cookie) {
         $auth_cookie_name = USER_SWITCHING_SECURE_COOKIE;
         $scheme = 'secure_auth';
     } else {
         $auth_cookie_name = USER_SWITCHING_COOKIE;
         $scheme = 'auth';
     }
     if ($pop) {
         array_pop($auth_cookie);
     } else {
         array_push($auth_cookie, wp_generate_auth_cookie($old_user_id, $expiration, $scheme));
     }
     setcookie($auth_cookie_name, json_encode($auth_cookie), $expiration, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_auth_cookie, true);
     setcookie(USER_SWITCHING_OLDUSER_COOKIE, $olduser_cookie, $expiration, COOKIEPATH, COOKIE_DOMAIN, $secure_olduser_cookie, true);
 }

 /**
  * Get auth cookies and start a session for a user
  *
  * This is not the security vulerability you think it is:
  * 1. anybody with access to WP:CLI can execute commands on behalf of a user without knowing the password
  * 2. the session is destroyed when done, so the cookie becomes invalid and useless if intercepted
  */
 private function get_auth_cookies($user_id)
 {
     $expiration = time() + DAY_IN_SECONDS;
     require_once ABSPATH . WPINC . '/session.php';
     $manager = WP_Session_Tokens::get_instance($user_id);
     $this->token = $manager->create($expiration);
     return array(SECURE_AUTH_COOKIE => wp_generate_auth_cookie($user_id, $expiration, 'secure_auth', $this->token), AUTH_COOKIE => wp_generate_auth_cookie($user_id, $expiration, 'auth', $this->token), LOGGED_IN_COOKIE => wp_generate_auth_cookie($user_id, $expiration, 'logged_in', $this->token));
 }

 /**
  * Sets the authentication cookies based on user ID.
  *
  * The $remember parameter increases the time that the cookie will be kept. The
  * default the cookie is kept without remembering is two days. When $remember is
  * set, the cookies will be kept for 14 days or two weeks.
  *
  * @since 2.5.0
  *
  * @param int $user_id User ID
  * @param bool $remember Whether to remember the user
  * @param mixed $secure  Whether the admin cookies should only be sent over HTTPS.
  *                       Default is_ssl().
  */
 function wp_set_auth_cookie($user_id, $remember = false, $secure = '')
 {
     if ($remember) {
         /**
          * Filter the duration of the authentication cookie expiration period.
          *
          * @since 2.8.0
          *
          * @param int  $length   Duration of the expiration period in seconds.
          * @param int  $user_id  User ID.
          * @param bool $remember Whether to remember the user login. Default false.
          */
         $expiration = time() + apply_filters('auth_cookie_expiration', 14 * DAY_IN_SECONDS, $user_id, $remember);
         /*
          * Ensure the browser will continue to send the cookie after the expiration time is reached.
          * Needed for the login grace period in wp_validate_auth_cookie().
          */
         $expire = $expiration + 12 * HOUR_IN_SECONDS;
     } else {
         /** This filter is documented in wp-includes/pluggable.php */
         $expiration = time() + apply_filters('auth_cookie_expiration', 2 * DAY_IN_SECONDS, $user_id, $remember);
         $expire = 0;
     }
     if ('' === $secure) {
         $secure = is_ssl();
     }
     // Frontend cookie is secure when the auth cookie is secure and the site's home URL is forced HTTPS.
     $secure_logged_in_cookie = $secure && 'https' === parse_url(get_option('home'), PHP_URL_SCHEME);
     /**
      * Filter whether the connection is secure.
      *
      * @since 3.1.0
      *
      * @param bool $secure  Whether the connection is secure.
      * @param int  $user_id User ID.
      */
     $secure = apply_filters('secure_auth_cookie', $secure, $user_id);
     /**
      * Filter whether to use a secure cookie when logged-in.
      *
      * @since 3.1.0
      *
      * @param bool $secure_logged_in_cookie Whether to use a secure cookie when logged-in.
      * @param int  $user_id                 User ID.
      * @param bool $secure                  Whether the connection is secure.
      */
     $secure_logged_in_cookie = apply_filters('secure_logged_in_cookie', $secure_logged_in_cookie, $user_id, $secure);
     if ($secure) {
         $auth_cookie_name = SECURE_AUTH_COOKIE;
         $scheme = 'secure_auth';
     } else {
         $auth_cookie_name = AUTH_COOKIE;
         $scheme = 'auth';
     }
     $manager = WP_Session_Tokens::get_instance($user_id);
     $token = $manager->create($expiration);
     $auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme, $token);
     $logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in', $token);
     /**
      * Fires immediately before the authentication cookie is set.
      *
      * @since 2.5.0
      *
      * @param string $auth_cookie Authentication cookie.
      * @param int    $expire      Login grace period in seconds. Default 43,200 seconds, or 12 hours.
      * @param int    $expiration  Duration in seconds the authentication cookie should be valid.
      *                            Default 1,209,600 seconds, or 14 days.
      * @param int    $user_id     User ID.
      * @param string $scheme      Authentication scheme. Values include 'auth', 'secure_auth', or 'logged_in'.
      */
     do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme);
     /**
      * Fires immediately before the secure authentication cookie is set.
      *
      * @since 2.6.0
      *
      * @param string $logged_in_cookie The logged-in cookie.
      * @param int    $expire           Login grace period in seconds. Default 43,200 seconds, or 12 hours.
      * @param int    $expiration       Duration in seconds the authentication cookie should be valid.
      *                                 Default 1,209,600 seconds, or 14 days.
      * @param int    $user_id          User ID.
      * @param string $scheme           Authentication scheme. Default 'logged_in'.
      */
     do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in');
     setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
     setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);
//.........这里部分代码省略.........

 /**
  * @depends test_bad_user
  */
 public function test_bad_pass()
 {
     $_SERVER['REQUEST_METHOD'] = 'GET';
     $_COOKIE[AUTH_COOKIE] = wp_generate_auth_cookie(1, time() + 10);
     $parts = explode('|', $_COOKIE[AUTH_COOKIE]);
     $parts[$this->cookie_key_pass] = 'badpassword';
     $_COOKIE[AUTH_COOKIE] = implode('|', $parts);
     $expected_error = 'Cannot modify header information';
     $this->expected_errors($expected_error);
     $result = wp_validate_auth_cookie();
     $this->assertFalse($result);
     $pass = self::$lss->md5($parts[$this->cookie_key_pass]);
     $this->check_fail_record($this->ip, $parts[0], $pass);
     $this->assertTrue($this->were_expected_errors_found(), "Expected error not found: '{$expected_error}'");
 }

 /**
  * Sets the authentication cookies based User ID.
  *
  * The $remember parameter increases the time that the cookie will be kept. The
  * default the cookie is kept without remembering is two days. When $remember is
  * set, the cookies will be kept for 14 days or two weeks.
  *
  * @since 2.5
  *
  * @param int $user_id User ID
  * @param bool $remember Whether to remember the user or not
  */
 function wp_set_auth_cookie($user_id, $remember = false, $secure = '')
 {
     if ($remember) {
         $expiration = $expire = time() + 1209600;
     } else {
         $expiration = time() + 172800;
         $expire = 0;
     }
     if ('' === $secure) {
         $secure = is_ssl() ? true : false;
     }
     if ($secure) {
         $auth_cookie_name = SECURE_AUTH_COOKIE;
         $scheme = 'secure_auth';
     } else {
         $auth_cookie_name = AUTH_COOKIE;
         $scheme = 'auth';
     }
     $auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme);
     $logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in');
     do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme);
     do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in');
     setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure);
     setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure);
     setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN);
     if (COOKIEPATH != SITECOOKIEPATH) {
         setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN);
     }
 }

/**
 * wp_set_auth_cookie() - Sets the authentication cookies based User ID
 *
 * The $remember parameter increases the time that the cookie will
 * be kept. The default the cookie is kept without remembering is
 * two days. When $remember is set, the cookies will be kept for
 * 14 days or two weeks.
 *
 * @since 2.5
 *
 * @param int $user_id User ID
 * @param bool $remember Whether to remember the user or not
 */
function wp_set_auth_cookie($user_id, $remember = false) {
	if ( $remember ) {
		$expiration = $expire = time() + 1209600;
	} else {
		$expiration = time() + 172800;
		$expire = 0;
	}

	$cookie = wp_generate_auth_cookie($user_id, $expiration);

	do_action('set_auth_cookie', $cookie, $expire);

	setcookie(AUTH_COOKIE, $cookie, $expire, COOKIEPATH, COOKIE_DOMAIN);
	if ( COOKIEPATH != SITECOOKIEPATH )
		setcookie(AUTH_COOKIE, $cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN);
}

function wc1c_mode_checkauth()
{
    foreach (array('HTTP_AUTHORIZATION', 'REDIRECT_HTTP_AUTHORIZATION') as $server_key) {
        if (!isset($_SERVER[$server_key])) {
            continue;
        }
        list(, $auth_value) = explode(' ', $_SERVER[$server_key], 2);
        $auth_value = base64_decode($auth_value);
        list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', $auth_value);
        break;
    }
    if (!isset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) {
        wc1c_error("No authentication credentials");
    }
    $user = wp_authenticate($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
    wc1c_check_wp_error($user);
    wc1c_check_permissions($user);
    $expiration = time() + apply_filters('auth_cookie_expiration', DAY_IN_SECONDS, $user->ID, false);
    $auth_cookie = wp_generate_auth_cookie($user->ID, $expiration);
    exit("success\nwc1c-auth\n{$auth_cookie}");
}

 /**
  *
  * Get a url to run a job of BackWPup
  *
  * @param string     $starttype Start types are 'runnow', 'runnowlink', 'cronrun', 'runext', 'restart', 'test'
  * @param int        $jobid     The id of job to start else 0
  * @return array|object [url] is the job url [header] for auth header or object form wp_remote_get()
  */
 public static function get_jobrun_url($starttype, $jobid = 0)
 {
     $wp_admin_user = get_users(array('role' => 'backwpup_admin', 'number' => 1));
     //get a user for cookie auth
     $url = site_url('wp-cron.php');
     $header = array();
     $authurl = '';
     $query_args = array('_nonce' => substr(wp_hash(wp_nonce_tick() . 'backwpup_job_run-' . $starttype, 'nonce'), -12, 10), 'doing_wp_cron' => sprintf('%.22F', microtime(true)));
     if (in_array($starttype, array('restart', 'runnow', 'cronrun', 'runext', 'test'))) {
         $query_args['backwpup_run'] = $starttype;
     }
     if (in_array($starttype, array('runnowlink', 'runnow', 'cronrun', 'runext')) && !empty($jobid)) {
         $query_args['jobid'] = $jobid;
     }
     if (get_site_option('backwpup_cfg_httpauthuser') && get_site_option('backwpup_cfg_httpauthpassword')) {
         $header['Authorization'] = 'Basic ' . base64_encode(get_site_option('backwpup_cfg_httpauthuser') . ':' . BackWPup_Encryption::decrypt(get_site_option('backwpup_cfg_httpauthpassword')));
         $authurl = get_site_option('backwpup_cfg_httpauthuser') . ':' . BackWPup_Encryption::decrypt(get_site_option('backwpup_cfg_httpauthpassword')) . '@';
     }
     if ($starttype == 'runext') {
         $query_args['_nonce'] = get_site_option('backwpup_cfg_jobrunauthkey');
         $query_args['doing_wp_cron'] = NULL;
         if (!empty($authurl)) {
             $url = str_replace('https://', 'https://' . $authurl, $url);
             $url = str_replace('http://', 'http://' . $authurl, $url);
         }
     }
     if ($starttype == 'runnowlink' && (!defined('ALTERNATE_WP_CRON') || !ALTERNATE_WP_CRON)) {
         $url = wp_nonce_url(network_admin_url('admin.php'), 'backwpup_job_run-' . $starttype);
         $query_args['page'] = 'backwpupjobs';
         $query_args['action'] = 'runnow';
         $query_args['doing_wp_cron'] = NULL;
         unset($query_args['_nonce']);
     }
     if ($starttype == 'runnowlink' && defined('ALTERNATE_WP_CRON') && ALTERNATE_WP_CRON) {
         $query_args['backwpup_run'] = 'runnowalt';
         $query_args['_nonce'] = substr(wp_hash(wp_nonce_tick() . 'backwpup_job_run-runnowalt', 'nonce'), -12, 10);
         $query_args['doing_wp_cron'] = NULL;
     }
     //Extra for WP-Cron control
     if (class_exists('WP_Cron_Control') && ($starttype == 'runext' || $starttype == 'runnow' || $starttype == 'restart')) {
         $wp_cron_control_settings = get_option('wpcroncontrol_settings', array());
         if (empty($wp_cron_control_settings['secret_string']) && file_exists(WP_PLUGIN_DIR . '/wp-cron-control/wp-cron-control.php')) {
             $wp_cron_control_settings['secret_string'] = md5(realpath(WP_PLUGIN_DIR . '/wp-cron-control/wp-cron-control.php') . get_current_blog_id());
             $wp_cron_control_settings['enable'] = 1;
         }
         if (isset($wp_cron_control_settings['enable']) && $wp_cron_control_settings['enable'] == 1) {
             if (defined('WP_CRON_CONTROL_SECRET')) {
                 $wp_cron_control_settings['secret_string'] = WP_CRON_CONTROL_SECRET;
             }
             $query_args[$wp_cron_control_settings['secret_string']] = '';
             $query_args['doing_wp_cron'] = NULL;
         }
     }
     $cron_request = apply_filters('cron_request', array('url' => add_query_arg($query_args, $url), 'key' => $query_args['doing_wp_cron'], 'args' => array('blocking' => FALSE, 'sslverify' => apply_filters('https_local_ssl_verify', true), 'timeout' => 0.01, 'headers' => $header, 'cookies' => array(new WP_Http_Cookie(array('name' => AUTH_COOKIE, 'value' => wp_generate_auth_cookie($wp_admin_user[0]->ID, time() + 300, 'auth'))), new WP_Http_Cookie(array('name' => LOGGED_IN_COOKIE, 'value' => wp_generate_auth_cookie($wp_admin_user[0]->ID, time() + 300, 'logged_in')))), 'user-agent' => BackWpup::get_plugin_data('User-Agent'))));
     if ($starttype == 'test') {
         $cron_request['args']['timeout'] = 15;
         $cron_request['args']['blocking'] = TRUE;
     }
     if (!in_array($starttype, array('runnowlink', 'runext'))) {
         set_transient('doing_cron', $query_args['doing_wp_cron']);
         return wp_remote_post($cron_request['url'], $cron_request['args']);
     }
     return $cron_request;
 }