I have searched long for this answer, but it does not seem to be out there. I have a Wordpress (recent version) website with user accounts. I have a C++ program that users can use. The C++ program needs to authenticate users, and query some website data about them. As far as I can tell, that means the C++ program must get the clear password, encrypt it with the same algorithm as Wordpress, then compare the encrypted password from the Wordpress table. I can see the Wordpress user table, and the encrypted passwords there. I have also experimented with this simple script to verify this is the PHP algorithm that can do the exact WordPress encryption:
#!/usr/bin/php
<?php
include 'wp-includes/pluggable.php';
require_once 'wp-includes/class-phpass.php';
$wp_hasher = new PasswordHash(8, TRUE);
$plain_password = $argv[1];
$password_hashed = $argv[2];
if($wp_hasher->CheckPassword($plain_password, $password_hashed)) {
echo "yes\n";
} else {
echo "no\n";
}
?>
I can't do a system call from C++ to run this php script, because the app is on a client computer that may not have php. So, basically...how do I write this in C++, using some respected 3rd party encryption library? I have used openssl before, but anything will do as long as it is cross platform (mac/windows). After I have the encrypted password in C++, the plan is to URL a php script and post user and encrypted password. I can't have that script do the encryption, because then I would have to pass the clear password across the internet.
