-4

I want to make a custom login system in wordpress. Such that it asks for username & password. But it is not authenticating the user with the given password because it is different with the password stored in db (it is in hashed form).

I read the wordpress codex for validating password I found wp_check_password method. I tried to implement wp_check_password in the below code but it is not working. Is my code missing something??

The input provided by the user

username: admin & password: pass1q@.//aa

The hashed password stored in the database

$P$BY.HywWHy.bpgmBZzyV6RGxG/m6.3u/

Here is the code which I am using for validation

$password_hashed = '$P$BY.HywWHy.bpgmBZzyV6RGxG/m6.3u/';
$plain_password = 'pass1q@.//aa';

if($wp_check_password($plain_password, $password_hashed)) {
    echo "YES, Matched";
} else {
    echo "No, Wrong Password";
}

Can anyone plz help me with that. Thanks looking for a positive response from the developer community.

Sunmeet Singh
  • 47
  • 1
  • 10

1 Answers1

2

https://developer.wordpress.org/reference/functions/wp_check_password/

Remove the $ from the function call.

Also Don't forget to include the user ID 

$user = get_user_by( 'login', $username );
if ( $user && wp_check_password( $pass, $user->data->user_pass, $user->ID) )
   echo "That's it";
else
   echo "Nope";
Rafael
  • 7,605
  • 13
  • 31
  • 46
Ari Patwary
  • 80
  • 1
  • 8
  • I used the above snippet and remove the '$' symbol as well. But it is giving the error and saying 'www.mywebsite.com is currently unable to handle this request. HTTP ERROR 500' – Sunmeet Singh Oct 16 '18 at 05:38
  • Did you capture the user's username in the variable $username? – zipkundan Oct 16 '18 at 08:12