stackoom
  简体   繁体   中英

Wordpress User Password Data as Plaintext / Export Wordpress User Password to Django

 原文  2017-04-12 08:26:46       php/ python/ django/ wordpress

Question

I have around 900 users in my wordpress, i am exporting these user data to my new platform that will be using Django.

My question is, how can i export these user's password as plaintext? if i cannot do it, i wanted to store it in "old_password" field in my new database, but i want to know how to "match" text with the old_password? because my plan is that when the user login, i will try to find the user with the same email and the hashed password, but i don't know what type of hashing function Wordpress used and the equivalent of that function in Python Django.

2 answers

solution1
 1  2017-04-12 08:38:54

Modern password controls are explicitly designed to make deterministic computation of the plain text impossible. The only way, therefore, to determine it is by a "brute force" attack (try hashing all possible passwords until you find one that hashes correctly) or more sophisticated techniques like the use of rainbow tables , which reduce compute time but use a lot of storage.

There's some information about WordPress password security in this article , which might help you, and this article contains PHP code you might repurpose by translating it into Python.

It sounds, though, like the simplest way to proceed would be to validate the users' existing passwords against old_password on first login to the new site, then force them (by redirecting them to a specific page) to change their password, clearing the old_password field once this is done.

solution2
 0 ACCPTED  2017-05-07 07:02:04

Use this library, https://github.com/jmoswalt/wp-to-django-users

Basically you add django the capability to re-hash the old wordpress password, so that your old wordpress user can now use their same & old password on the new django site

Within your settings.py file for your django project, add the following: 

PASSWORD_HASHERS = (
'django.contrib.auth.hashers.PBKDF2PasswordHasher',
'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher',
'django.contrib.auth.hashers.BCryptSHA256PasswordHasher',
'django.contrib.auth.hashers.BCryptPasswordHasher',
'django.contrib.auth.hashers.SHA1PasswordHasher',
'django.contrib.auth.hashers.MD5PasswordHasher',
'django.contrib.auth.hashers.CryptPasswordHasher',
'hashers_passlib.phpass',
)

then re-hash the password, and you are done. 

from django.contrib.auth.hashers import get_hasher
hasher = get_hasher('phpass')
user.password = hasher.from_orig(user.password)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Wordpress password how to compare user password to wordpress user table password? Change user password in the wordpress database Wordpress Send User's Password Using wordpress user password outside wordpress itself Register user with wordpress encryption password in PHP Wordpress Update User's Password with PHP How to sanitize user password information in WordPress? Wordpress reset password and log in user issue Need to request forget password in Wordpress for a user programatically Wordpress - mysql_query(): Access denied for user 'www-data'@'localhost' (using password: NO) error on production server
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM