How to validate WordPress generated password in DB using PHP?

Based on your other question … it sounds like you’re trying to validate a given plaintext password against what’s stored in the database. Here’s the function WordPress uses to do just that:

function wp_check_password($password, $hash, $user_id = '') {
    global $wp_hasher;

    // If the hash is still md5...
    if ( strlen($hash) <= 32 ) {
        $check = ( $hash == md5($password) );
        if ( $check && $user_id ) {
            // Rehash using new hash.
            wp_set_password($password, $user_id);
            $hash = wp_hash_password($password);
        }

        return apply_filters('check_password', $check, $password, $hash, $user_id);
    }

    // If the stored hash is longer than an MD5, presume the
    // new style phpass portable hash.
    if ( empty($wp_hasher) ) {
        require_once ( ABSPATH . 'wp-includes/class-phpass.php');
        // By default, use the portable hash from phpass
        $wp_hasher = new PasswordHash(8, TRUE);
    }

    $check = $wp_hasher->CheckPassword($password, $hash);

    return apply_filters('check_password', $check, $password, $hash, $user_id);
}

First, this plugin checks to see if the MD5 hash of the given password is the same as the stored (hashed) password for a user. It also checks to see if the PHPass hash of the given password is the same as the stored password for a user.

You can follow a similar pattern.

So let’s say you’re given a username and a password from the user and you want to validate them (my_password_validation( $username, $password )). You’ll use the given username to pull a hashed password from the database. Then you compare the hash of the given password to the stored value to see if it’s valid.

Here’s some untested psuedocode:

function my_password_validation( $username, $password ) {
    // Select the users's password hash from the database
    $stored = query( 'SELECT * FROM wp_customers WHERE email=" . $username );

    require_one( "class-phpass.php' );
    $hasher = new PasswordHash(8, TRUE);

    return $hasher->CheckPassword( $password, $stored );
}

If the password you pass in to the function hashes to the same as the stored value, the function will return true. Otherwise it will return false.

Looking at the comments you left on the other question, it seems like you have some other issues, though. To quote:

So I get:

$P$BqVYujC/jqNY4aylZpHi475jwcaSUs1
But how can I compare that with one in DB?

One in DB is:

fa063a4ed35e092a2d4e15c1b6a61871
How to compare those two with MySQL?

I can tell you right now that the password you’re getting from the database was not hashed using the PHPass utility. Those hashes will always resemble the $P$B starting because that’s what tells the system how it was hashed. PHPass is based on Blowfish which uses that kind of a prefix on encrypted strings.

Your fa063... hash looks more like a standard MD5 hash … so if your MD5 hash of the plaintext doesn’t match, then I think you might have the wrong password.

To answer your “how to I compare those two with MySQL” question … you don’t. MySQL is the data store … don’t do any business logic or comparison in the data store. Read data out, then use a PHP script to perform your comparison.

Related Posts:

  1. Undefined function mysql_connect()
  2. Fatal error: Call to undefined function mysql_connect()
  3. MySQL “Or” Condition
  4. the_date() not working
  5. How to return number of found rows from SELECT query
  6. Transaction when using WP functions rather than vanilla SQL?
  7. Can i use php sql functions instead of $wpdb?
  8. How to make WordPress plugin check for database changes and then do something?
  9. Custom SQL query to get List of posts with featured image url
  10. Jquery ajax to custom php file: returning blank data
  11. Add value to usermeta without removing previous values?
  12. Problems migrating WordPress to localhost
  13. How can I call a row of user specific data from a custom table added to the WP Database
  14. How to merge local and live databases?
  15. Successful or Error Message after running mysql code in functions.php
  16. Performance issues with large website [closed]
  17. Create a quick start wordpress installation [closed]
  18. theme options echoing multiple times
  19. PHP/MySQL issues when running WP on EC2 cloud [closed]
  20. WordPress 3 – how are passwords stored and how do I compare to them?
  21. WordPress get pagination on wpdb get_results
  22. How to create another version of my site based on the same database
  23. how to echo all tables that start with a prefix
  24. Looking for most performant way to execute several similar WP queries within shortcodes
  25. How to select WooCommerce products by post_meta and order them
  26. Stumped on migration
  27. PHP code inside shortcodes
  28. Show MySQL errors that occur when I excute $wpdb->insert()
  29. Is XAMPP faster than running LAMP in WSL on Windows 10? [closed]
  30. Remove one value in dismissed_wp_pointers?
  31. WordPress Site Running Extremely Slow on Dedicated Server
  32. Accessing data from a non-WP database/table within a page content
  33. Get updated query results on page after insert in database
  34. WordPress not reflecting changed of the database
  35. How can I fix WordPress installation errors?
  36. How can I save unique user data on my site? [closed]
  37. Ordering users by custom user meta
  38. How to split links generated into an xml sitemap to avoid exceeding 30 sec maximum execution time?
  39. Hacked WordPress website /Homepage redirect [closed]
  40. Refresh table data with Ajax
  41. Database query works fine outside WordPress
  42. Large Woocommerce Site (83,000 items), What Can I Do? [closed]
  43. Using custom tables for old posts
  44. Help with a $wpdb MySQL Query
  45. How i can obtain all the post meta for a specific post as an array?
  46. Multiple meta_key in one global $wpdb;
  47. WordPress member notification
  48. Can’t Query Custom Table Using $wpdb Method
  49. Moving wordpress site from localhost to live server using GoDaddy cPanel
  50. How does WP work in conjunction with a web server?
  51. $wpdb returns duplicate posts
  52. Update postmeta after theme switch
  53. Location of core code for database connection and get_header
  54. Creating Database Table vs. Adding MetaData to Post & User
  55. WordPress and MySQL: trying to print data using PHP from user_meta custom field data
  56. Most commented posts by time period (last 12h, last 24h and etc)
  57. How can I add a new row in a separate database when someone registers via WordPress?
  58. Hide posts if user is added to it WP_query
  59. How to unserialize data from MySQL
  60. How to use mysql LIKE with wpdb?
  61. Submitting a form, using Ajax, to run a SQL Select query based on user input from the form
  62. WordPress WP_Query without query GET parameters
  63. Known Issues in WordPress When Upgrading PHP to ver 7
  64. Processing ajax call to php to insert into mysql database
  65. Get the id of the row from database on click of a button [closed]
  66. WPDB secure custom form
  67. Query the links Database
  68. WordPress Custom Query: Combining Two Functions
  69. SQL error with custom query
  70. Modify WooCommerce used to get all orders in dashboard
  71. Display Results of SQL Query on WP site
  72. Weird fonts showing which are coming from database
  73. PHP Warning: mysqli_query(): after updating my websites php from 5.6 to 7.2
  74. Inside Array – “unidentified index” error with “prepare was called incorrectly” despite not calling the prepared statement with wordpress [closed]
  75. How to optimize and reduce excessive database queries
  76. WordPress Bad Request Error 400
  77. I am facing this error Your PHP installation appears to be missing the MySQL extension which is required by WordPress
  78. How to display MySQL table data which is stored as an array?
  79. What is the correct way to search 3 custom fields only in WordPress?
  80. cant insert data in a custom table in phpmyadmin
  81. How to import woocommerce custom fields data into another site?
  82. PHP 7.2.18 | Your PHP installation appears to be missing the MySQL extension which is required by WordPress
  83. autocomplete in wordpress using ajax with json-data
  84. New database entry to trigger runing PHP/SQL query through link with token, without logging into the website
  85. Inserting other fields to existing registration form in a WordPress theme
  86. Query doesn’t display text data with apostrophes
  87. I want show only data for today
  88. Splitting table data to pages with numbers
  89. WordPress WPDB::insert 13th param is always blank (only if format)
  90. Ajax not updating to database
  91. SQL Query Search page
  92. MySQL query in WordPress with AJAX
  93. MySQL queries in WordPress
  94. retrieve wordpress post-meta using php not wordpress functions
  95. Let users register weight each day and save it in DB
  96. How to pass username into form that sends data to database
  97. Your PHP installation appears to be missing the MySQL … After deleting and restarting from cpanel
  98. How to set variable to specific field when querying
  99. How to get a database field value from a WordPress table? [closed]
  100. Error resetting database index using ALTER TABLE in $wpdb->query

Leave a Comment