How to compare passwords the correct way? wp_hash_password
-
I seems that wordpress encrypt the password of the user in a MD5 custom way. As you can see in the code below i am trying to compare the password out of the database with the one the user entered.
I encrypting the posted password with md5 and wp_hash_password();
note that one each refresh or another formpost the posted md5 and wp_hash_password(); gets a random output.My problem is now that i can’t compare the passes. Anyone got a idea?
<?php include_once($_SERVER['DOCUMENT_ROOT'].'/wp-config.php'); include_once($_SERVER['DOCUMENT_ROOT'].'/wp-load.php'); include_once($_SERVER['DOCUMENT_ROOT'].'/wp-includes/wp-db.php'); global $userdata; global $wpdb; //get the posted values $posted_username = $_POST['username']; $posted_password = $_POST['password']; $user_name = htmlspecialchars($posted_username,ENT_QUOTES); $pass_word = wp_hash_password($posted_password); $pass_md5 = md5($posted_password); $pass = $pass_word; $userinfo = get_userdatabylogin($user_name); if ( $pass == $userinfo->user_pass){ echo "yes"; } else echo "no<br />:"; echo $pass; echo '<br />:'; echo $userinfo->user_pass; echo '<br />:'; echo $userinfo->ID; echo '<br />:'; echo $userinfo->user_login; echo '<br />:'; echo $pass_md5; echo '<br />:'; echo wp_hash_password('mypassword'); ?>
Returns the following values
no :$P$BJhGR7TPd771cFb6UFVSknys.MDjBw. :$P$B7g6c9b3YavlDCT41/1wNWxUqN5E4q1 :1 :myusername :8684854737c96012f1b6640fa1edf69d :$P$B0T9SE3Cnd3NM2iEPFJ.SxwqSCBFR8/
The random values on a refresh/rePOST
no :$P$Bhjs6fejE8OOb2P.jEFa3VbD0BLpb40 :$P$B7g6c9b3YavlDCT41/1wNWxUqN5E4q1 :1 :myusername :8684854737c96012f1b6640fa1edf69d :$P$BtWdkKKaw5DyXQmZ12CkX5ljyvZDv80
- The topic ‘How to compare passwords the correct way? wp_hash_password’ is closed to new replies.