Forums

WordPress › Support » How-To and Troubleshooting

Use wordpress database for other script (12 posts)

  1. levani01
    Member
    Posted 1 year ago #

    My website used to work on wordpress engine but now I'm writing my own script. The problem is that users passwords in wp_users table are encoded in a strange way... Can anyone please tell how should I encode/decode it so that it worked on my new script?

  2. Mark / t31os
    Moderator
    Posted 1 year ago #

    You can't decrypt them, that's the whole point to encrypting them to begin with, else every admin could see his or her user's passwords.

    If you want to take a user entered password and compare it to that in the WP database, you simply need to encrypt the data in MD5..

    // Example only - you should always check a var is set and sanitize before doing anything else with it
$password = md5( $_POST['user_pass'] );

    Hope that helps... :)

  3. levani01
    Member
    Posted 1 year ago #

    This is an example of password from wordpress database:

    $P$BNi4kc8Klwg47LMl/JtBM9Tu6EGQR11

    It doesn't seem to be md5 encrypted, does it?

  4. Mark / t31os
    Moderator
    Posted 1 year ago #

    Yes, that could easily be an MD5 encrypted password.

  5. levani01
    Member
    Posted 1 year ago #

    It can be but it isn't unfortunately. Try md5 your current wordpress password and compare it to the database record :)

    http://www.miraclesalad.com/webtools/md5.php

  6. Mark / t31os
    Moderator
    Posted 1 year ago #

    I've just tested an MD5 password, and it works for me..

    However, something does seem to happen after i login using a newly generated password, i'd guess WordPress does something with it, i'm not sure what, but in any case, it still remains MD5 encrypted and login does work correctly.

    I tried two ways both via PhpMyAdmin..

    Edited a user, plonked in an MD5 string of a newly made password(taken from the result of echo md5('mypassword');, and saved..

    Then logged in successfully.

    Second approach, editted a user, removing the password, setting the field in phpmyadmin to MD5, typed in mypassword to the right, hit Save(Go in phpmyadmin).

    Then logged in successfully.

    I can repeat this over and over, MD5 is correct, and it does work.

  7. levani01
    Member
    Posted 1 year ago #

    WordPress automatically replaces the standard md5 hash with it's own when you log in. I found the code responsible on generating encrypted password:

    http://core.trac.wordpress.org/browser/branches/3.0/wp-includes/class-phpass.php

    It's clear that it's not a standard md5 hash!

  8. Mark / t31os
    Moderator
    Posted 1 year ago #

    Good find, then you should be set to go..

    Hash your password in the same manner WordPress does (you'll have to dig and play around with the class to figure how exactly to do that). I've not done it myself, so i can't be any less general than that unfortunately..

    Have a look at how it's used in wp-includes/pluggable.php.

    Namingly, have a look at the functions wp_check_password and wp_hash_password.

  9. levani01
    Member
    Posted 1 year ago #

    Well I tried it and as it seems everything works fine... Much easier than I thought :))

    Thanks for help!

  10. Mark / t31os
    Moderator
    Posted 1 year ago #

    Glad to hear it's all working for you..

    And i'm happy to help.. :)

  11. mediabros
    Member
    Posted 1 year ago #

    Hi guys, i am on the same roadblock at the moment.

    I can't figure out why the passwords does not match ecrypted with md5 as well as wp_hash_password();

    This is my code

    <?php 

include_once($_SERVER['DOCUMENT_ROOT'].'/wp-config.php');
include_once($_SERVER['DOCUMENT_ROOT'].'/wp-load.php');
include_once($_SERVER['DOCUMENT_ROOT'].'/wp-includes/wp-db.php');

global $userdata;
global $wpdb; 

//get the posted values

$posted_username = $_POST['username'];
$posted_password = $_POST['password'];

$user_name = htmlspecialchars($posted_username,ENT_QUOTES);

$pass_word = wp_hash_password($posted_password);

$pass_md5 = md5($posted_password);

$pass = $pass_word;

$userinfo = get_userdatabylogin($user_name);

if ( $pass == $userinfo->user_pass){

		echo "yes";

	} else 

		echo "no<br />:";

echo $pass;
echo '<br />:';
echo $userinfo->user_pass;
echo '<br />:';
echo $userinfo->ID;
echo '<br />:';
echo $userinfo->user_login;
echo '<br />:';
echo $pass_md5;
echo '<br />:';
echo wp_hash_password('mypassword');

?>

    it prints out the following:

    no
:$P$BJhGR7TPd771cFb6UFVSknys.MDjBw.
:$P$B7g6c9b3YavlDCT41/1wNWxUqN5E4q1
:1
:myusername
:8684854737c96012f1b6640fa1edf69d
:$P$B0T9SE3Cnd3NM2iEPFJ.SxwqSCBFR8/

    Another strange issue is that the passwords that come witch come from the formpost change on every refresh.

    So the following time i tryed this script it is printing out this.

    no
:$P$Bhjs6fejE8OOb2P.jEFa3VbD0BLpb40
:$P$B7g6c9b3YavlDCT41/1wNWxUqN5E4q1
:1
:myusername
:8684854737c96012f1b6640fa1edf69d
:$P$BtWdkKKaw5DyXQmZ12CkX5ljyvZDv80

    You have a clue what is wrong? it is giving me kopfsmertse for a while now.

  12. powers1
    Member
    Posted 1 year ago #

    The function to use when programmatically setting the password is wp_hash_password. I ran into a problem similar to mediabros - I'd update the user_pass column in the wp_users table to a wp_hash_password hashed string, but login with the new password was still just not working.

    The trick was to make a call to wp_cache_delete($ID, 'users') after setting the password programmatically, clearing the WordPress cache (which apparently stores hashed passwords along with other user details).

    Of course, this only applies if you have enabled the WordPress object cache using define('ENABLE_CACHE', true) in wp-config.php

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags