0

I have a problem with the way wordpress encrypts a password, When I encrypt a password I do it in the following way.

$wp_hasher = new PasswordHash(16, true);   // 16 digit hashing password
$pass = $wp_hasher->HashPassword( trim( $posted['password'] ) ); //$posted['password'] is your password
echo $pass;

With that code I encrypt a password, for example:

password: test

encrypted: $P$JofHzK55LaG8kpcQsVJ5j0AcnILN2o1

The problem is that this encrypted password is not the same as that stored in Wordpress

The password that is stored in WordPress already encrypted is this:

$P$BhbEVMLV6onULEfYLG3dsF5xuv9t9j0

I do not know how is encrypting the WordPress password

Enrique Espinosa
  • 175
  • 12
  • encryption value will always differ based on salt. Unless you know the salt, hashing algo and password, you can't get the same encrypted value. – Jigar Feb 20 '19 at 17:23
  • 1
    Hashing != encryption. They're supposed to look different each time. Also, without even taking a look, you probably shouldn't use Wordpresses password hashing, but [`password_hash`](http://php.net/password_hash) when possible. – mario Feb 20 '19 at 17:23
  • HASH.... not encrypt – RiggsFolly Feb 20 '19 at 17:23
  • @mario WordPress uses `password_hash` – andrew Feb 20 '19 at 17:24
  • 1
    `trim( $posted['password']` ????? See the [accepted answer here](https://stackoverflow.com/questions/36628418/cleansing-user-passwords) and dont fiddle with the users password – RiggsFolly Feb 20 '19 at 17:26
  • 2
    @andrew It does have a stench of plain MD5 to it, and that's what the [docs indicate](https://codex.wordpress.org/Function_Reference/wp_hash_password). pwhash/crypt wouldn't understand the non-standard `$P$` algo prefix. – mario Feb 20 '19 at 17:28
  • @mario I understand that Hash! = Encrypt, but I do not understand how I can match my password that I enter the system with which is in a database that has this format: $ P $ BhbEVMLV6onULEfYLG3dsF5xuv9t9j0 – Enrique Espinosa Feb 20 '19 at 17:45

0 Answers0