how to compare (entered password) with (encrypted password in wordpress database) by php code

Question

I have an android app of wordpress website
in the codes in sever side I have added this code to compare between entered user,password and the user,pass that stored in the db
the problem is that the pass in user_pass table was encrypted in wordpress ...
what can I do ?

    "connect.php" for connecting to db
    <?php
    include "connect.php";
    $name=$_POST["name"];
    $pass=$_POST["pass"];
$query="SELECT * FROM wp_users WHERE user_login=:name AND user_pass=:pass";    
    $result=$connect->prepare($query);
    $result->bindParam(":name",$name);
    $result->bindParam(":pass",$pass);
    $result->execute();
    $row=$result->fetch(PDO::FETCH_ASSOC);
    if($row==false)
    {
    echo "you are not signing in";
    }
    else
    {
    echo $row["display_name"];
    }
    ?>

**Never store plain text passwords!** Please use ***PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html)*** to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). ***It is not necessary to [escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. — Jay Blanchard, Oct 02 '17 at 20:52
Show us how the wp_users row is added. Show us how the account is created. — GrumpyCrouton, Oct 02 '17 at 20:53
encrypted how? was it "hashed"? which algo was used? this question's unclear. Too many tags for not enough code/information. — Funk Forty Niner, Oct 02 '17 at 20:54
I hope you know the difference between encryption and hashing. They're two different animals altogether. — Funk Forty Niner, Oct 02 '17 at 20:55
This guy's AWOL. Ok, well if you left the question then that doesn't help you. You came here asking for help, we asked for clarification. If you are present, then respond to comments and edit your post respectively. Good luck with this, I'm out. — Funk Forty Niner, Oct 02 '17 at 21:00
Ok...when creating a WordPress site WordPress says "Your password will be encrypted using the MD5 hash and then it will be stored in the database" ....I want to acsess the user pass of this WordPress site from my android app ...how can edit my code to compare inputs value ($name,$pass) with (user_login,user_pass) that are stored in the WordPress database.... — K_nalis, Oct 03 '17 at 00:40
Possible duplicate of [Wordpress password how to compare user password to wordpress user table password?](https://stackoverflow.com/questions/37181282/wordpress-password-how-to-compare-user-password-to-wordpress-user-table-password) — wp78de, Oct 03 '17 at 04:45

score 0 · Answer 1 · answered Oct 03 '17 at 00:10

0

You must know how the stored password was encrypted. Then encrypt the input password with the same algorithm and keys. That is when you can compare the 2 passwords.

answered Oct 03 '17 at 00:10

Davi

663
6
19

how to compare (entered password) with (encrypted password in wordpress database) by php code

1 Answers1