compare passwords against wordpress database (3 posts)

  1. Anonymous
    Posted 8 years ago #

    Hey, everyone. I've been searching and wrestling with this for a while, so I thought I'd post what I found out.
    If you need to see if a user entered the proper wordpress password OUTSIDE of the actual wordpress folder/application, you need to do an include and then use a few of wordpress' internal functions to see if the user/password combo results in a valid wp user object. Here's a rough draft of what I came up with...

    <?require('blog/wp-blog-header.php'); //must appear before any page content?>
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
      <TITLE> New Document </TITLE>
    $theUserObj=wp_authenticate("submittedPassword", $submittedUser);
    if(!empty($theUserObj->user_login) && !empty($theUserObj->user_pass))echo "Correct";
    else echo "Incorrect";
  2. You got the user and password backwards.

    $user = wp_authenticate($user_login, $user_password);

    Although a simpler way is this:

    if (!user_pass_ok($user_login, $user_password)) {
    echo 'incorrect';
    echo 'correct';
  3. Anonymous
    Posted 8 years ago #

    Good catch! And thanks for the simplification!
    I don't suppose usable functions like this are documented for the public anywhere, are they? I just found my solution by piecing together info from the actual wp code and other people's solutions to seperate problems.

Topic Closed

This topic has been closed to new replies.

About this Topic