Removing Passwords from WP

  • Steve

    (@srg-1)


    8 years ago

    I use a custom plugin to authenticate and login users, along the lines of:

    remove_all_filters('authenticate');
add_filter('authenticate', 'my_auth_function', 10, 3);
function my_auth_function($user, $username, $password) {
    // Do my login stuff, returning either a WP_Error or WP_User object.
}

    I use wp_insert_user() to either create a new WP user or sync data from our external source to a current WP user, then I log them in.

    $UserObj = get_user_by('login', $Username);
$InsertUserData = array(
    'user_pass'     => md5(microtime()),
    'user_login'    => $Username,
    'user_nicename' => $Username,
    'user_email'    => $Email,
    'nickname'      => $Username,
    'first_name'    => $FirstName,
    'last_name'     => $LastName
);
// If wp_insert_user() receives 'ID' in the array, it will update the user data
// of an existing account instead of creating a new account.
if (false !== $UserObj && is_numeric($UserObj->ID)) {
    $InsertUserData['ID'] = $UserObj->ID;
}
$NewUser = wp_insert_user($InsertUserData);

    As you can see above, one of the array elements for wp_insert_user() is “user_pass”. I do not want to store passwords in WordPress; we have an external auth system to do this. As you can see above, right now, I do 'user_pass' => md5(microtime()).

    Instead of storing a random md5 hash, can I set user_pass to null, false, or an empty string? Would that be better than storing random data in it?

    Thanks!

    • This topic was modified 8 years ago by Steve. Reason: typo
    • This topic was modified 8 years ago by Steve.
Viewing 1 replies (of 1 total)
  • Moderator bcworkz

    (@bcworkz)

    Have you tried null or whatever with WP_DEBUG defined true? If that value is accepted without throwing even a notice in all normal user related actions, then it’s something you could do. I have a feeling WP is not going to be happy with null somewhere, even though it’s ignored in your installation.

    I don’t think storing null is necessarily better than a hashed value, unless you think you may have millions of users where the storage space could become a factor. There’s possibly some advantage to storing some value. If your filter ever was removed for some reason, authentication would revert to the stored hash. If the hash of an empty string were stored, anyone could log in as any user. Storing a hash of micro time is a good fall back safety in my mind.

    FWIW, the password field when inserting a user is plain text, so you don’t really need to hash the micro time, you could just supply micro time type cast as a string.

Viewing 1 replies (of 1 total)
  • The topic ‘Removing Passwords from WP’ is closed to new replies.