I’m creating my first plugin for WordPress and I’m also just starting to use PHP. There’s been a lot of bumps along the way, but so far everything is looking great! I just want something cleared up about how passwords are stored in mysql.
I’m transferring some user information from one database to another using the following code:
$userdata = array(
'user_pass' => 'password'
);
Right now I’m just manually entering in a password, but ideally, I want to store the password from one database into a variable, then plug that into the array shown above.
I’m assuming (correct me if I’m wrong) that I can’t just use sql to select that encrypted password, then put it in a variable and expect it to work. Is there a way to use the same user password on the new database from the old database?
I know this is probably a pretty elementary question, but again I’m new to all this. I haven’t really delved into the security functions of PHP yet. Thanks for any help!
you can use sql to select an encrypted password and use that result as a variable. it’s the same as getting any other information from a database.
You will be able to select the encrypted password and store it into a PHP variable using SQL commands just like any other database element. However, you should keep in mind, if you plan on decrypting the passwords on the new server/database that you are storing them on, be sure you take note of any hashing/salting algorithms that were in place on the old PHP script that was used to encrypt them.
For security reasons, the passwords should be not be stored plain-text, but hashed, for example using
hash_pbkdf2.From a code and DB point of view, a hashed password is still just a long, fancy string. Reading them from the DB to your data structure, then writing them back to another DB, should not affect them in any way. Whatever method you used to authenticate users against the old DB will still work with the new DB.