WordPress wp_create_user password doesn’t work

2 Views

This problem seems to be old enough, I’ve searched over the internet for possible solutions but nothing seems to conclude in a successful way to do it.

Here is what I got:

Read More

In the theme I have a custom form which postos username, password and email to a script using the following function: 

function createSubscriberUser($username, $email, $password) {
        $user_id = username_exists( $username );
        if ( !$user_id and email_exists($email) == false ) {
            $user_id = wp_create_user( $username, $password, $email );
        } else {
            $hash = __('User already exists.  Password inherited.');
        }
    }

This works great! the user is succesfully created as a subscriber. However When I try to login the newly created user using wp-login.php, I always get that credentials are invalid.

So I used the following snippet just to see what was going on: 

$username = $_POST['user'];
                $pass = $_POST['pass'];
                $user = get_user_by( 'login', $username );
                if ( $user && wp_check_password( $pass, $user->data->user_pass, $user->ID) )
                   echo " That's it";
                else
                   echo " Nope";

I’m always getting a “Nope”… but if I use a user created from the dashboard, I get the “That’s it” message. So my wild guess is that the hashes being generated by wp_create_user are always different from the ones generated by wp_check_password when passing a plain text password as input from the user.

Is there a way to get the same hash? to login from wp-login.php and programmatically as well?

Thanks a lot for your help.

Post Views: 2

Related posts

Leave a Reply

2 comments

  1. Make sure you are supplying the ‘plain text’ password to the wp_create_user function. I had faced the same issue. I was hashing the password and using it in the wp_create_user.

    wp_create_user is much like a wrapper function for wp_insert_user. See the below source code:

    function wp_create_user($username, $password, $email = '') {
   $user_login = wp_slash( $username );
   $user_email = wp_slash( $email    );
   $user_pass = $password;

   $userdata = compact('user_login', 'user_email', 'user_pass');
   return wp_insert_user($userdata);
}

    wp_insert_user will generate its own md5 hash.

    Alternatively you can directly call the wp_insert_user like this:

    $user_login = wp_slash( $user_name );
$user_email = wp_slash( $user_email    );
$user_pass = $user_password;

$userdata = compact('user_login', 'user_email', 'user_pass');
$user_id = wp_insert_user($userdata);

  2. Prev answer from 2015… I had the similar issue. Upon creating a user, “password” worked fine, but not on updating user.

    The reason is that I was tempted to use wp_insert_user() that can also update user data

    BUT here is the catch: upon update you need to provide hashed password and NOT plain text as in initial creation case. Its not well docmented, but you can see it in the code

    There are two ways to go ON UPADTING an exiting user:

    1. Do not update password (i.e. remove it from arguments, or leave it empty), let the user have full control over his/hers password.
    2. If you wish to modify existing user password, use: wp_hash_password('plain-text-pass')