• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
WordPress core a2z

WordPress core a2z

WordPress core only

  • Home
  • Plugins
  • Blocks
  • Shortcodes
  • APIs
  • Classes
  • Files
  • Hooks
  • Sitemap
  • Blog
Home / APIs / wp_check_password() – Checks the plaintext password against the encrypted Password.

You appear to be a bot. Output may be restricted

Description

Checks the plaintext password against the encrypted Password.

Maintains compatibility between old version and the new cookie authentication protocol using PHPass library. The $hash parameter is the encrypted password and the function compares the plain text password when encrypted similarly against the already encrypted password to see if they match. For integration with other applications, this function can be overwritten to instead use the other package password checking algorithm.

Usage

$bool = wp_check_password( $password, $hash, $user_id );

Parameters

$password
( string ) required – Plaintext user's password
$hash
( string ) required – Hash of the user's password to check against.
$user_id
( string|int ) optional – Optional. User ID.

Returns

bool False, if the $password does not match the hashed password

Source

File name: wordpress/wp-includes/pluggable.php
Lines:

1 to 38 of 38
  function wp_check_password( $password, $hash, $user_id = '' ) {
    global $wp_hasher;

    // If the hash is still md5...
    if ( strlen( $hash ) <= 32 ) {
      $check = hash_equals( $hash, md5( $password ) );
      if ( $check && $user_id ) {
        // Rehash using new hash.
        wp_set_password( $password, $user_id );
        $hash = wp_hash_password( $password );
      }

      
/**
 * Filters whether the plaintext password matches the encrypted password.
 *
 * @since 2.5.0
 *
 * @param bool       $check    Whether the passwords match.
 * @param string     $password The plaintext password.
 * @param string     $hash     The hashed password.
 * @param string|int $user_id  User ID. Can be empty.
 */
      return apply_filters( 'check_password', $check, $password, $hash, $user_id );
    }

    // If the stored hash is longer than an MD5,
    // presume the new style phpass portable hash.
    if ( empty( $wp_hasher ) ) {
      require_once ABSPATH . WPINC . '/class-phpass.php';
      // By default, use the portable hash from phpass.
      $wp_hasher = new PasswordHash( 8, true );
    }

    $check = $wp_hasher->CheckPassword( $password, $hash );

    
/** This filter is documented in wp-includes/pluggable.php */
    return apply_filters( 'check_password', $check, $password, $hash, $user_id );
  }
 

 View on GitHub View on Trac

Published: 25th November 2019 | Last updated: 2nd April 2020

Primary Sidebar

Information

Function name: wp_check_password
Plugin ref: WordPress
Version: 5.6
Sourcefile: wp-includes/pluggable.php
File ref: wp-includes/pluggable.php
Deprecated?: No
API Letters: C,P,W

Footer

WP-a2z
WordPress core a2z
WordPress core only
WordPress 5.6
WordPress a2z
WordPress core a2z
Genesis Theme Framework a2z
Jetpack a2z
WordPress develop tests
Easy Digital Downloads a2z
WooCommerce a2z
Yoast SEO a2z
WordPress Blocks

Site:  core.wp-a2z.org
© Copyright WP-a2z 2014-2021. All rights reserved.


Website designed and developed by Herb Miller
Proudly powered by WordPress and oik plugins

  • Home
  • Blog
  • Sitemap
  • Sites