Check the password of a user

Your example works correctly. You are checking if password hello matches hashed hello – which it naturally does.

Hadn’t thought it through. Your example causes following issue:

  1. You check if hello matches md5 of hello (instead of hash from user’s profile).
  2. It does and then WP thinks this is correct, but outdated md5 hash – that must be updated.
  3. It re-hashes hello and updates user with it, locking him out (since his password is now hello instead of whatever it was before).

See wp_authenticate_username_password() function for extensive example, but basic idea is:

$userdata = get_user_by('login', $username);
$result = wp_check_password($password, $userdata->user_pass, $userdata->ID);

Leave a Comment

Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)