Here is the library: http://www.zer7.com/software/cryptsharp And this is “howtouse”: public override bool ValidateUser(string name, string password) { if (string.IsNullOrWhiteSpace(name)) return false; if (string.IsNullOrWhiteSpace(password)) return false; // this is just fetching the hash from the WP-database using BLToolkit. You can use any other way to get the hash from db 😉 UserData ud = null; using … Read more
If wp_generate_password() was called with the third parameter $extra_special_chars = true a space might be part of the password: function wp_generate_password( $length = 12, $special_chars = true, $extra_special_chars = false ) { $chars=”abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789″; if ( $special_chars ) $chars .= ‘!@#$%^&*()’; if ( $extra_special_chars ) $chars .= ‘-_ []{}<>~`+=,.;:/?|’; $password = ”; for ( $i = … Read more
What about considering a specific template that tests to see if the user is logged in using something like: if ( is_user_logged_in() ) { // your code for logged in user } else { // your code for logged out user (e.g. a “you must be logged in” message) } You could go so far … Read more
As of WordPress 4.4, the action lostpassword_post passes the $errors object: function wpse_185243_lastpassword_post( $errors ) { if ( ! $captcha_valid /* The result of your captcha */ ) { $errors->add( ‘invalid_captcha’, ‘<strong>ERROR:</strong> Try again sonny.’ ); } } add_action( ‘lostpassword_post’, ‘wpse_185243_lastpassword_post’ ); Pre 4.4 legacy answer Here’s the relevant code you’re referring to (retrieve_password() in … Read more
Your example works correctly. You are checking if password hello matches hashed hello – which it naturally does. Hadn’t thought it through. Your example causes following issue: You check if hello matches md5 of hello (instead of hash from user’s profile). It does and then WP thinks this is correct, but outdated md5 hash – … Read more
The check for a post password happens (for some reason) inside get_the_content(), which seems legit, but actually mixes together two separate concerns. You were right with the statement that there is no way to work around get_the_content() displaying the password form. Here’s what the check for the password does in core in detail: if ( … Read more
You could use if(!empty($post->post_password)){ // do some stuff } which is what the post_password_required() code does before checking the user’s credentials against the password itself.
No the passwords won’t break (those are in the database and aren’t changed by changing the salt). However all logged-in users will have to login again. More on Salts here. Note: Updating your keys & salts will force all logged in users to log in again, because changing them automatically invalidates the login of any … Read more
Just figured it out. So thought to leave the solution here, if someone else need it: To change the default hashing system, need to overwrite wp_hash_password() function: (can be done in a plugin) if ( !function_exists(‘wp_hash_password’) ){ function wp_hash_password($password) { //apply your own hashing structure here return $password; } } Now you will need to … Read more
You can save this information on your wp-config.php file: define(‘FTP_HOST’, ‘ftp_host’); define(‘FTP_USER’, ‘ftp_username’); define(‘FTP_PASS’, ‘ftp_password’); More info (WordPress Codex)