[wp-hackers] Default Password ... or test two "hashed" passwords for match
jon at lionsgoroar.co.uk
Tue Jun 21 19:27:41 UTC 2011
On Tue, Jun 21, 2011 at 8:19 PM, Robert Lusby <nanogwp at gmail.com> wrote:
> $password = "test";
> $hash1 = wp_hash_password($password);
> $hash2 = echo wp_hash_password($password);
> will echo two different values, despite the password being the same.
This is because WordPress passwords are hashed with salts to help
defend against rainbow tables. This makes the same password hash to
> Is there a way to compare the two hashes to see if they came from the same
> Or the actual question - need to see if a user is using the "default"
> password we supply them with?
Use wp_check_password -
http://codex.wordpress.org/Function_Reference/wp_check_password - and
input your default and the hash of the user's password.
More information about the wp-hackers