Register / Log in WITHOUT hashes

  • Hey, people, I hope you can help me. I have recently started to learn PHP and unfortunately I can’t resolve this myself. I already posted this on the German Forum
     but no one replied since then.
    I would like to remove the whole hashing process of the login and registering system of WordPress – instead of md5($password).$salt I want only

    if( $password == $password_from_db)
    {
    *allow the user to access the password protected area*
    }

    The passwords should be saved as (readable) plain text so that I could read them in the database. I know that, it is very unsecure and the admin could manipulate too much but he can also manipulate everything without this information. It is just wanted for educational purposes and not for a public website. I already had the idea to look for all ‘functions’ that do anything with with md5() and delete them but I think, it could be easier to write a plugin for this purposes. I would like to program this by myself but unfortunately I do not have enough knowledge for this.

    Thank you for your usefull answers.

    Greetings

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter soniix

    (@soniix)

    Please, people, there is too much source code. Does anyone know where I could find the options of login system.

    First up, the use hashing adds security to the whole process. Just think what happens when some “bad guy” uses scripting to hack his way into your wordpress backend. Without the propper hashes, this will be more difficult.

    Also – especially for educational purposes – it is not wise to store or even transfer unencrypted data like passwords. Even MD5 can be hacked, but it’s way more difficult for “ye average script kid”.

    If you really want to look at the functionality and understand it, check the docs and then lookup the related functions in the sourcecode.

    Let me do your job and dive into the docs…

    And… after stumbling through the docs for about 60 seconds… doing YOUR job in finding the information you need:

    Check https://codex.www.ads-software.com/Function_Reference/wp_login_url and https://codex.www.ads-software.com/Function_Reference/wp_logout_url.

    Futhermore, this (new in 3.0) can enhance your endeavours: https://codex.www.ads-software.com/Function_Reference/wp_login_form

    Seems I just resolved your problems… what I can not do for you is to learn how it works. I know (being a PHP/MySQL pro) what magic goes on behind the screens. If you’re a willing learner and know how to “feel” the code, you will understand it too in a matter of minutes.

    Glück auf! ??

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Register / Log in WITHOUT hashes’ is closed to new replies.

Tags