admin管理员组

文章数量:1122832

I want to keep a check if the user has a particular password, so I have been trying it with wp_check_password but the account for which it is checked gets logged out and can't login again till there is a call of wp_check_password in the code.

Digging into the code, I found out that it sets the password by using the new hash. and moreover if I am using wp_check_password( 'hello', md5('hello'), 1 );, it doesn't even check what is inside the database and returns true. Isn't that a bug?

Any ideas how can I check the user's password?

I want to keep a check if the user has a particular password, so I have been trying it with wp_check_password but the account for which it is checked gets logged out and can't login again till there is a call of wp_check_password in the code.

Digging into the code, I found out that it sets the password by using the new hash. and moreover if I am using wp_check_password( 'hello', md5('hello'), 1 );, it doesn't even check what is inside the database and returns true. Isn't that a bug?

Any ideas how can I check the user's password?

  • password
Share Improve this question asked Mar 30, 2011 at 20:11 AshfameAshfame 3,7153 gold badges32 silver badges47 bronze badges
Add a comment  | 

3 Answers 3

Reset to default 14

Your example works correctly. You are checking if password hello matches hashed hello - which it naturally does.

Hadn't thought it through. Your example causes following issue:

  1. You check if hello matches md5 of hello (instead of hash from user's profile).
  2. It does and then WP thinks this is correct, but outdated md5 hash - that must be updated.
  3. It re-hashes hello and updates user with it, locking him out (since his password is now hello instead of whatever it was before).

See wp_authenticate_username_password() function for extensive example, but basic idea is:

$userdata = get_user_by('login', $username);
$result = wp_check_password($password, $userdata->user_pass, $userdata->ID);

You can grab their hashed password from the database, and compare it to the entry you want to check using wp_hash_password().

To check if the current user's password matches "hello", try this:

if ( $current_user->user_pass == wp_hash_password( 'hello' ) )

require_once ABSPATH . WPINC . '/class-phpass.php';
$wp_hasher = new PasswordHash(8, TRUE);

$password_hashed = '$P$BB3pP6fQAYa61ael0LNQlpB1NOyqNY0';
$plain_password = 'admin2';
if($wp_hasher->CheckPassword($plain_password, $password_hashed)) {
    print 'Password matched.';
}

Credits to: https://stackoverflow.com/a/37181662

本文标签: Check the password of a user

版权声明:本文标题:Check the password of a user 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736306539a1932993.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。