Support » Plugins » compare passwords against wordpress database

  • Anonymous

    Hey, everyone. I’ve been searching and wrestling with this for a while, so I thought I’d post what I found out.
    If you need to see if a user entered the proper wordpress password OUTSIDE of the actual wordpress folder/application, you need to do an include and then use a few of wordpress’ internal functions to see if the user/password combo results in a valid wp user object. Here’s a rough draft of what I came up with…

    <?require('blog/wp-blog-header.php'); //must appear before any page content?>
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
      <TITLE> New Document </TITLE>
    $theUserObj=wp_authenticate("submittedPassword", $submittedUser);
    if(!empty($theUserObj->user_login) && !empty($theUserObj->user_pass))echo "Correct";
    else echo "Incorrect";
Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator Samuel Wood (Otto)


    You got the user and password backwards.

    $user = wp_authenticate($user_login, $user_password);

    Although a simpler way is this:

    if (!user_pass_ok($user_login, $user_password)) {
    echo 'incorrect';
    echo 'correct';


    Good catch! And thanks for the simplification!
    I don’t suppose usable functions like this are documented for the public anywhere, are they? I just found my solution by piecing together info from the actual wp code and other people’s solutions to seperate problems.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘compare passwords against wordpress database’ is closed to new replies.