stackoom
  简体   繁体   中英

How to fetch details from wp_users id don't know in which format wordpress store password

 原文  2016-07-13 07:42:40       php/ wordpress/ api

Question

How to fetch details from wp_users id don't know in which format wordpress store password 

$user_login = $_REQUEST['user_login'];
$pwd = md5($_REQUEST['user_pass']);


$sql = "SELECT * from wp_users where user_login='$user_login' and user_pass='$pwd'";
            $sqlQuery = mysql_query($sql);
            $numrows = mysql_num_rows($sqlQuery);
            if($numrows > 0)
            {
                while($loginResult = mysql_fetch_assoc($sqlQuery)){


                    $loginId = $loginResult['user_login'];
                    $email = $loginResult['user_email'];

                    $respond = array("id"=>$loginId,"email"=>$email);

                }

                 echo '{"response": {"message":{"message":"Login Successfully"},"userInfo":'.json_encode($respond).'},"success":true}';

                }else{
                $message = array("message"=> "Invalid Credentials");
                echo '{"success":false,"message":'.json_encode($message).'}';

            }

all the time when this hit it does not shows me Invalid Credentials because of password does not match i guess. please provide a good solution.

Thanks in advance

2 answers

solution1
 1 ACCPTED  2016-07-13 07:47:20

You can used wp_authenticate_username_password()

Authenticate a user, confirming the username and password are valid 

$userName = $_POST['user_login'];
$password = $_POST['user_pass'];
$check = wp_authenticate_username_password( NULL, $userName , $password );

You can then simply check the result with 

if(is_wp_error( $check ))
{
  echo 'Wrong'; 
}
else
{
  echo 'Correct';
}

solution2
 1  2016-07-13 07:49:42

one way is-

Wordpress stores the password using wp_hash_password() function.

You can pass the user password in the function and it will return the encrypted password.

keep in mind that function is written in wp-includes/pluggable.php

another way is- 

include '/wp-includes/class-phpass.php');
$hash = $user->user_pass;
$wp_hasher = new PasswordHash(8, TRUE);
$check = $wp_hasher->CheckPassword($password, $hash);

If $check is true, they match.

the reason you can't generate the same hash twice is because of the use of a salt. Salting the password when hashing makes the hash harder to hack using dictionary attacks. This is why generating the hash again and comparing won't work. The hash isn't the same every single time. The check function takes part of the hash (the salt) and the password and recomputes the hash with that salt, thus allowing it to check properly.

hope it helps

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question wordpress edit wp_users table field from admin how to get all user_nicename from wp_users table in wordpress? WordPress insert new user in wp_users Can i use username instead of user id in wordpress, ignoring wp_users table? how can I display all info on wp_users and wp_usermeta on user logged in wordpress Unable to Delete Wordpress Admin account from wp_users or Users Page on Dashboard How to use table wp_users as login? If user already exists in wp_users table of wordpress db? WordPress: SELECT wp_users and all associated meta data from wp_metadata into one row per user record Convert table wp_users(Wordpress) to table users(Java) - Security login
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM