For reasons I can’t go into right now, I’m creating a form that will allow users to change their passwords for WordPress by entering their current password and then entering the new password.
I want to do a databse lookup to see if the password they entered was the correct one already stored in the DB. However, in WP the passwords are encrypted somehow, so doing a simple SQL comparison on this column wont work. I tried using md5() on the password for the lookup but it doesn’t seem to work either.
Here’s my sql:
SELECT ID, user_pass
FROM wp_users
WHERE ID = '$current_user->ID'
AND user_pass = 'md5($currentpassword)'
LIMIT 1
You can ignore most of this, but what I need to know is how I can do a comparison against the user_pass column?
I’ve tested this method above and it results in 0 rows returned – with or without the md5()
Please help!
Much appreciated.
Michael.
WordPress appears to have a built in function called wp_hash_password that will hash the given password and then you can compare it in the db.