Check the password of a user
-
16-10-2019 - |
문제
I want to keep a check if the user has a particular password, so I have been trying it with wp_check_password
but the account for which it is checked gets logged out and can't login again till there is a call of wp_check_password
in the code.
Digging into the code, I found out that it sets the password by using the new hash. and moreover if I am using wp_check_password( 'hello', md5('hello'), 1 );
, it doesn't even check what is inside the database and returns true. Isn't that a bug?
Any ideas how can I check the user's password?
해결책
Your example works correctly. You are checking if password hello
matches hashed hello
- which it naturally does.
Hadn't thought it through. Your example causes following issue:
- You check if
hello
matches md5 ofhello
(instead of hash from user's profile). - It does and then WP thinks this is correct, but outdated md5 hash - that must be updated.
- It re-hashes
hello
and updates user with it, locking him out (since his password is nowhello
instead of whatever it was before).
See wp_authenticate_username_password()
function for extensive example, but basic idea is:
$userdata = get_user_by('login', $username);
$result = wp_check_password($password, $userdata->user_pass, $userdata->ID);
다른 팁
You can grab their hashed password from the database, and compare it to the entry you want to check using wp_hash_password().
To check if the current user's password matches "hello", try this:
if ( $current_user->user_pass == wp_hash_password( 'hello' ) )