Home / Questions / 239899
Accepted
Enrique Espinosa
Asked: 2020-02-22 10:41:56 +0800 CST 2020-02-22 10:41:56 +0800 CST

How to compare a password that is saved in WordPress with the password that the user enters?

  • 772

In my WordPress database the passwords are saved as follows: $P$BhbEVMLV6onULEfYLG3dsF5xuv9t9j0

What I have not been able to do is compare that password against the one that the user enters in an EditText, I have tried to use the password_verify() function but it does not work, this is the code that I have to do a test but I don't know what I am doing wrong when doing the validation:

if(password_verify($password, '$P$BhbEVMLV6onULEfYLG3dsF5xuv9t9j0')){
            echo "Las contraseñas son correctas";
        }else{
            echo "No funciona la validacion";
        }

As far as I've researched WordPress uses this for passwords:

$wp_hasher = new PasswordHash(8, true);  
$pass = $wp_hasher->HashPassword($_POST['password']);

But I have already tried converting the password that the user enters to the same WordPress format but the validation does not work either.

php

2 Answers

  1. Best Answer

    A quick search brings us to How to manage a PHP application's users and passwords . There we are told, among many other things, that to verify is:

    if( $hwp_hasher->CheckPassword( $password, '$P$BhbEVMLV6onULEfYLG3dsF5xuv9t9j0' ) ) {
  echo 'Autentificación correcta !';
} else {
  echo 'Error de autentificación';
}
    • 3

  2. You don't have to hash the password again to be able to log in.

    you have to use

    password_verify($contraseñaQueIngreso, $ContraseñaDeLaBd);

    that will return true if the password was verified and is correct

    The first parameter is an unhashed password, the second is the one you want to compare against that has to be hashed.

    • 0