WordPress的密码如何比较用户密码和WordPress的用户表密码？

Question

Custom Register user

wp_create_user (works)

    $username='balan';
    $user_pass ='balan';
    $user_email= 'random_email@email.com';
    $password = wp_hash_password( $user_pass );
    $user_id = wp_create_user( $user_name, $password, $user_email );

Custom Login user

    $username='balan';
    $user = get_user_by( 'login', $username );
    $pass ='balan';
    $hash = wp_hash_password($pass);
    if (wp_check_password( $pass, $user->data->user_pass, $user->ID ) ) {
        echo "<br>Correct";
    } else {
        echo "<br>Wrong";
    }
    **WordPress login function** 
    $creds = array();
    $creds['user_login'] = 'balan';
    $creds['user_password'] ='balan';
    $creds['remember'] = true;
    $user = wp_signon( $creds, false );

I get error when comparing login password. How to compare login password? wp_check_password() is not working. Please help me solve this problem.

Answer 1

Compare an already hashed password with its plain-text string, Here is the example.

<?php
$wp_hasher = new PasswordHash(8, TRUE);

$password_hashed = '$P$B55D6LjfHDkINU5wF.v2BuuzO0/XPk/';
$plain_password = 'test';

if($wp_hasher->CheckPassword($plain_password, $password_hashed)) {
    echo "YES, Matched";
} else {
    echo "No, Wrong Password";
}
?>

I guess instead of $user->data->user_pass you need to use $user->user_pass; as per the documentation here https://developer.wordpress.org/reference/functions/get_user_by/

I am only guessing because I don't know what print_r($user); returns

Hope it helps !

Answer 2

wp_create_user calls wp_insert_user which uses wp_hash_password internally.

In essence with your code you end up with

 wp_hash_password(wp_hash_password('balan'));

wp_create_user should be provided with the raw password.