3

I am building a external application for which user login credentials will be taken from WordPress site database table.In the table i can see that passwords are being hashed and resemble to something like this

$P$9jWFhEPMfI.KPByiNO9IyUzSTG7EZK0

My requirement is to check this password against the plain password in login.I am using a function $hashed=wp_hash_password($password); in order to generate a hash and compare it against the one stored in db.But this generated a random hash every time for the same password.So how can i compare the two passwords?Also i can see in my wp_config different salt values are defined like AUTH_SALT,SECURE_AUTH_SALT,LOGGED_IN_SALT,NONCE_SALT

Please suggest a way to compare the hashed passwords.Do we need to use any of these salts to get it right.If so please suggest some sample code

Thanks :-)

Improve this question

1 Answer 1

Reset to default
3

You should use wp_check_password( string $password, string $hash, string|int $user_id= '' )

$password (string) (Required) Plaintext user's password

$hash (string) (Required) Hash of the user's password to check against.

$user_id (string|int) (Optional) User ID.

https://developer.wordpress.org/reference/functions/wp_check_password/

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

what is $hash?is it retrieved from db or the hash we do using wp_hash_password(plain password)?
The hashed password that you take directly from the db.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.