Support » Plugins » Hacks » Generated passwords causing logouts

  • I’ve setup a new install of WordPress and I’m trying to import a load of users from another site (non wordpress). The existing users data is stored in a MySQL table and the passwords aren’t encrypted.

    I’ve created my own standalone script which loops through the old users data and then inserts it into the wp_users and wp_usermeta tables. All goes well when I run the script and all the data goes into the right places. The trouble I’m having though is that the passwords are working (allowing users to login) but logging the users out when they go to their ‘edit profile’ screens. I think it must have something to do with the way that they are generated using the built in ‘wp_hash_password()’ function.

    If I go into any of the users profiles and update their passwords, all starts to work fine and they aren’t logged out after that which leads me to believe that it’s something wrong with the way that I’m generating the passwords.

    Here’s the snippet of code that I’m using to generate the passwords:

    function wp_hash_password($password) {
    	global $wp_hasher;
    	if ( empty($wp_hasher) ) {
    		$wp_hasher = new PasswordHash(12, true);
    	return $wp_hasher->HashPassword($password);
    $new_pass = wp_hash_password($old_password);

    Anyone got any ideas on what could be going wrong?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Not sure why you’re trying to redefine the wp_hash_password function. Also not sure why you need to use a different global $wp_hasher setting. Also not sure why you need a separate function at all, but assuming you do, it seems like it should be as simple as:

    function hashMyPassword($plainPassword)
         $hash = wp_hash_password($plainPassword);
         return $hash;

    Then just pass the original, plaintext password into the function and insert the hashed result into your DB:

    $hashedPassword = hashMyPassword('origPlainPassword')

    But you should be able to do it simply with wp_hash_password($plainPassword)

    Thanks for your help so far redrocksrover2.

    It seems like I was trying to overcomplicate things so thanks for your help so far.

    The script I have created has been placed in the root folder of the install. If I am needing to make use of the wp_hash_password() function, what files need to be included at the top of the page?

    Moderator bcworkz


    You should require_once wp-admin/admin.php. You will have to login to run your page, which is good, otherwise anyone could do it. You should also add a if(!current_user_can('manage_users')) die(); line so only properly authorized users can run it.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Generated passwords causing logouts’ is closed to new replies.