How to add a user/password authentication as XML-RPC method

  • Dear friends,
    I am using the XML-RPC Server to implement a simple login authentication as a web service . So I wrote a function in wp-includes\class-wp-xmlrpc-server.php like

    function web_auth($host, $db, $dbuser, $dbpass, $username, $password)
    {
    $dbhandle = mysql_connect($host, $dbuser, $dbpass) or die(“Unable to connect to MySQL”);
    $selected = mysql_select_db($db,$dbhandle) or die(“Could not select database”);
    //$md5_password = md5($password);
    $md5_password = wp_hash_password($password);
    $result = mysql_query(“SELECT count(*) AS total FROM wp_users WHERE user_login=’$username’ AND user_pass=’$md5_password’ AND user_status=0”);
    $data=mysql_fetch_assoc($result);
    //echo “SELECT count(*) AS total FROM wp_users WHERE user_login=’$username’ AND user_pass=’$md5_password’ AND user_status=0”;
    //die($data[‘total’]);
    if($data[‘total’] == 1)
    {
    return true;
    }
    return false;
    }

    But the password hash mechanism is not make things proper. Please help me to find the exact password in line

    $md5_password = wp_hash_password($password);

    Waiting your fast reply

    Thanks,
    Anes

Viewing 1 replies (of 1 total)
  • Moderator bcworkz

    (@bcworkz)

    The exact code currently used to set the password hash in the DB:

    $hash = wp_hash_password( trim( $password ) );
$wpdb->update($wpdb->users, array('user_pass' => $hash, 'user_activation_key' => ''), array('ID' => $user_id) );

    So other than the trim() (which typically wouldn’t make any difference) you should have the correct code to match. It’s not that simple though. Older passwords were hashed using md5(). In order to accommodate that possibility, go ahead and get the user data without specifying the hash in the query. Once retrieved, use wp_check_password() to verify the password against the stored hash.

Viewing 1 replies (of 1 total)
  • The topic ‘How to add a user/password authentication as XML-RPC method’ is closed to new replies.