Register / Log in WITHOUT hashes (4 posts)

  1. soniix
    Posted 6 years ago #

    Hey, people, I hope you can help me. I have recently started to learn PHP and unfortunately I can't resolve this myself. I already posted this on the German Forum
    but no one replied since then.
    I would like to remove the whole hashing process of the login and registering system of WordPress - instead of md5($password).$salt I want only

    if( $password == $password_from_db)
    *allow the user to access the password protected area*

    The passwords should be saved as (readable) plain text so that I could read them in the database. I know that, it is very unsecure and the admin could manipulate too much but he can also manipulate everything without this information. It is just wanted for educational purposes and not for a public website. I already had the idea to look for all 'functions' that do anything with with md5() and delete them but I think, it could be easier to write a plugin for this purposes. I would like to program this by myself but unfortunately I do not have enough knowledge for this.

    Thank you for your usefull answers.


  2. soniix
    Posted 6 years ago #

    Please, people, there is too much source code. Does anyone know where I could find the options of login system.

  3. e-sushi
    Posted 6 years ago #

    First up, the use hashing adds security to the whole process. Just think what happens when some "bad guy" uses scripting to hack his way into your wordpress backend. Without the propper hashes, this will be more difficult.

    Also - especially for educational purposes - it is not wise to store or even transfer unencrypted data like passwords. Even MD5 can be hacked, but it's way more difficult for "ye average script kid".

    If you really want to look at the functionality and understand it, check the docs and then lookup the related functions in the sourcecode.

    Let me do your job and dive into the docs...

  4. e-sushi
    Posted 6 years ago #

    And... after stumbling through the docs for about 60 seconds... doing YOUR job in finding the information you need:

    Check http://codex.wordpress.org/Function_Reference/wp_login_url and http://codex.wordpress.org/Function_Reference/wp_logout_url.

    Futhermore, this (new in 3.0) can enhance your endeavours: http://codex.wordpress.org/Function_Reference/wp_login_form

    Seems I just resolved your problems... what I can not do for you is to learn how it works. I know (being a PHP/MySQL pro) what magic goes on behind the screens. If you're a willing learner and know how to "feel" the code, you will understand it too in a matter of minutes.

    Gl├╝ck auf! ;)

Topic Closed

This topic has been closed to new replies.

About this Topic