Members Authentication

  • a form accepts fusername and fpassword and compares them with wp_users in order to admit certain roles to restricted pages.

     $sql = "SELECT ID, user_login FROM wp_users
                WHERE user_login = '$_POST[fusername]'
                AND user_pass = md5('$_POST[fpassword]');";

    however the values in user_pass do not match md5(userpassword). Manually applying md5 to the passwords worked for one day and then not the next. ????

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)

  • Did you change the password again?

    Thread Starter hsysgrp

    (@hsysgrp)

    If a password is MYPassword to log into a wordpress website, how does one verify MYPassword typed into a form with the hashed version stored in wp_users?

    Thread Starter hsysgrp

    (@hsysgrp)

    Trying to verify a login: Typing in a correct fusername nd fpassword does not work.
    $sqlpass = "SELECT user_pass FROMwp_users` WHERE user_login = ‘admin’;”;

    $resultPass = mysqli_query($link,$sqlpass) or die(“Query died: fpassword: ” . mysqli_error($link) );
    $row = mysqli_fetch_assoc($resultPass);
    $hash = $row[‘user_pass’];
    echo $hash;
    if (password_verify($_POST[fpassword],$hash)){
    echo ‘password is valid’;
    } else {
    echo ‘Invalid password’;
    }

    Thread Starter hsysgrp

    (@hsysgrp)

    Just wanted to show the solution I found.
    $sqlpass = "SELECT user_pass FROMwp_users` WHERE user_login = ‘$_POST[fusername]’;”;
    } else {
    $message_1 = “The User Name you entered does not exist! Please try again.”;
    include(“login_form.php”);
    }
    $resultPass = mysqli_query($link,$sqlpass) or die(“Query died: fpassword: ” . mysqli_error($link) );
    $row = mysqli_fetch_assoc($resultPass);
    $hash = $row[‘user_pass’];
    echo $hash;
    echo “<br>”;
    $passwordHash = password_hash($_POST[fpassword],PASSWORD_DEFAULT);
    $passwordCandidate = $_POST[fpassword];

    if (password_verify($passwordCandidate,$passwordHash)){
    echo ‘password is valid’;`

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Members Authentication’ is closed to new replies.