6

I am building a external application for which user login credentials will be taken from WordPress site database table 'users'

WordPress uses PHPass hashing , I am unable to validate username and password for my external application as the password in database table 'users' is hashed

I am trying to check plain password with hashed password using wp_check_password function but I am failing, nothing is written back with this code

<?php

$password = '965521425';
$hash = '$P$9jWFhEPMfI.KPByiNO9IyUzSTG7EZK0';

require_once('/home/nhtsoft/public_html/project/wp-includes/class-phpass.php');

function wp_check_password($password, $hash) {
    global $wp_hasher;

    if ( empty($wp_hasher) ) {
        $wp_hasher = new PasswordHash(8, true);
    }
    $check = $wp_hasher->CheckPassword($password, $hash);
    return apply_filters('check_password', $check, $password, $hash);
}    
?>

this code is giving me an empty page.

How to check this password so that I can use these WordPress credentials for external app login?

brasofilo
  • 25,496
  • 15
  • 91
  • 179
ManojGeek
  • 1,977
  • 2
  • 16
  • 23

6 Answers6

5

you have passed wrong hash value , hash value for 965521425 is $P$BmI5G.LOoEx1iH.naNqVhWnSh5sMp31 and you just need to write below code into your file:

require_once($_SERVER['DOCUMENT_ROOT']."/wp-load.php");
 $password = '965521425';
 $hash = '$P$BmI5G.LOoEx1iH.naNqVhWnSh5sMp31';
 var_dump(wp_check_password($password, $hash));

exit;
Bhumi Shah
  • 9,323
  • 7
  • 63
  • 104
  • yeah,i got output , you can place code into functions.php and var_dump(wp_check_password($password, $hash); exit; and check it. – Bhumi Shah Oct 30 '13 at 09:13
  • as i need this to be implemented in external application not releated to wordpress, i have included class-phpass.php file and wrote the above code. . . sorry but i didnt get you, where to place the code. . .can u please tell me in detail. . . – ManojGeek Oct 30 '13 at 09:17
  • if you are using external file, you need to load wp-load.php file. see code i have edited above. – Bhumi Shah Oct 30 '13 at 09:28
2

In your code, you include the wp library and it looks like you redefine a function named wp_check_password but you do not call any function at all. Add the following line before the closing php tag ("?>") and try again. 

echo (wp_check_password($password, $hash) ? 'TRUE' : 'FALSE');

Keep an eye on the error logs in case you miss some dependencies.

Stephan B
  • 3,671
  • 20
  • 33
1

i would simply do this <?php wp_check_password( $password, $hash, $user_id ) ?> Refer

user2092317
  • 3,226
  • 5
  • 24
  • 35
0
                $password_hashed = '$P$Bgf2Hpr5pOVOYAvQZUhUZeLIi/QuPr1';
                $plain_password = '123456';
                if ((wp_check_password($plain_password, $password_hashed)) == 1) {
                    echo "YES, Matched";
                } else {
                    echo "No, Wrong Password";
                }
Prashant
  • 1
  • 1
0

Try this...

I work's fine for me

require_once( ABSPATH . WPINC . '/class-phpass.php');
$wp_hasher = new PasswordHash(8, TRUE);
$plain_password     = trim($_POST['pass_current']); //user type password
$user               = get_user_by('id', get_current_user_id());
$password_hashed    =  $user->user_pass;

if($wp_hasher->CheckPassword($plain_password, $password_hashed)) {
     echo "YES, Matched";
}else{
    echo "No, Wrong Password";
}
Suganya Rajasekar
  • 685
  • 3
  • 14
  • 37
0

what Bhumi Shah wrote is correct you should add 

require_once($_SERVER['DOCUMENT_ROOT']."/wp-load.php");

to your code .

but hashed value for any password(number or text) is not one solid thing , it could be many things that's why they can be compared only with wp_check_password

Meisam
  • 358
  • 5
  • 14