How do I encrypt a password in Wordpress using Wordpress salt? in WordPress

I want to encrypt the password being sent into the database, with the standard WordPress salt, just like WordPress does it when you create a new user. I know I can find my salt in the wp-config.php. So I don’t need to generate the salt; I just need to encrypt the password.

So that when I create mypassword0, what is sent to the database is the string of text encrypted by my WordPress salt.

Here is my original code that works. (thank you Yadav Chetan for your help!) Now I just need to add the salt encryption code.

  <?php
        if(isset($_POST['submit'])){

        $query = "INSERT INTO mytable_one
          (user, pass)
          VALUES
          ('".$_POST['user']."', '".$_POST['pass']."')";

        $query = "INSERT INTO mytable_two
          (fname, lname)
          VALUES
          ('".$_POST['fname']."', '".$_POST['lname']."')";

        mysql_query($query);

         }else{
    ?>
    <div class="content">
        <form method="post">
            <div><strong>First Name:</strong><span class="errortext">*</span></div>
            <div><input id="first-name" name="fname" type="text" /></div>

            <div><strong>Last Name:</strong><span class="errortext">*</span></div>
            <div><input id="last-name" name="lname" type="text" /></div>

            <div><strong>User:</strong><span class="errortext">*</span></div>
            <div><input id="user-login" name="user" type="text" /></div>

            <div><strong>Password:</strong><span class="errortext">*</span></div>
            <div><input id="user-pass" name="pass" type="text" /></div>

            <div><input id="submit-button" value="submit" type="submit" />
        </div>          
        </form>
    <?php }?>

UPDATED:

RRikesh suggested I change the mysql_* to WPDB code. So I tried to change it over to wpdb, and also I need to integrate it in with the other code. So can you help me fix this updated code?

<?php
    if(isset($_POST['submit'])){


    $firstname = $_POST['fname'];
    $lastname = $_POST['lname'];
    $username = $_POST['user'];
    $password = $_POST['pass'];

    $wpdb->query( 
        $wpdb->prepare( 
           "INSERT INTO  mytable_one
          (user, pass) VALUES (%s, %s)",
             $username,
             wp_hash_password($password)
      )
    );
    $wpdb->query( 
        $wpdb->prepare( 
            "INSERT INTO  mytable_two
            (fname, lname) VALUES (%s, %s)",
               $firstname,
               $lastname,
        )
    );

    }else{
?>
<div class="content">
    <form method="post">
                <div><strong>First Name:</strong><span class="errortext">*</span></div>
                <div><input id="first-name" name="fname" type="text" /></div>

                <div><strong>Last Name:</strong><span class="errortext">*</span></div>
                <div><input id="last-name" name="lname" type="text" /></div>

                <div><strong>Username:</strong><span class="errortext">*</span></div>
                <div><input id="user-login" name="user" type="text" /></div>

                <div>Password:</div>
                <div><input id="user-pass" name="pass" type="text" /></div>

        <div><input id="submit-button" value="submit" name="submit" type="submit" /></div>          
    </form>
<?php }?>

UPDATE2

I was unable to get the WPDB method to work. however, using my otd method I was able to has the password. Here is the working code:

    <?php
        if(isset($_POST['submit'])){

            $password = $_POST['user_pass'];
            $hash = wp_hash_password('$password');

            $query = "INSERT INTO wp_users
              (fname, lname, user, pass) VALUES ('".$_POST['fname']."', '".$_POST['lname']."', '".$_POST['user']."', '".$hash."')";

            mysql_query($query);

        }else{
    ?>

Perhaps I should open a new question about the WPDB because this question was about hashing the password, which is solved.

Post Views: 1

2 comments

Use wp_hash_password() to hash your password.

Don’t use mysql_* functions as they were deprecated in PHP 5.5.0, and were removed in PHP 7.0.0.

Use the WPDB Class instead.

$wpdb->query( 
    $wpdb->prepare( 
        "
        INSERT INTO  mytable_one
        ( fname, lname, user, pass )
        VALUES ( %s, %s, %s, %s )
        ",
           $firstname,
           $lastname,
           $username,
           wp_hash_password( $password )
        )
);

you should use bcrypt for securing passwords

here is an example class that use for my projects.

<?php

    // How to use it

    // $bcrypt = new Bcrypt(15);
    // $hash = $bcrypt->hash('password');
    // $isGood = $bcrypt->verify('password', $hash);

    class Bcrypt {
      private $rounds;
      public function __construct($rounds = 12) {
        if(CRYPT_BLOWFISH != 1) {
          throw new Exception("bcrypt not supported in this installation. See http://php.net/crypt");
        }

        $this->rounds = $rounds;
      }

      public function hash($input) {
        $hash = crypt($input, $this->getSalt());

        if(strlen($hash) > 13)
          return $hash;

        return false;
      }

      public function verify($input, $existingHash) {
        $hash = crypt($input, $existingHash);

        return $hash === $existingHash;
      }

      private function getSalt() {
        $salt = sprintf('$2a$%02d$', $this->rounds);

        $bytes = $this->getRandomBytes(16);

        $salt .= $this->encodeBytes($bytes);

        return $salt;
      }

      private $randomState;
      private function getRandomBytes($count) {
        $bytes = '';

        if(function_exists('openssl_random_pseudo_bytes') &&
            (strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN')) { // OpenSSL slow on Win
          $bytes = openssl_random_pseudo_bytes($count);
        }

        if($bytes === '' && is_readable('/dev/urandom') &&
           ($hRand = @fopen('/dev/urandom', 'rb')) !== FALSE) {
          $bytes = fread($hRand, $count);
          fclose($hRand);
        }

        if(strlen($bytes) < $count) {
          $bytes = '';

          if($this->randomState === null) {
            $this->randomState = microtime();
            if(function_exists('getmypid')) {
              $this->randomState .= getmypid();
            }
          }

          for($i = 0; $i < $count; $i += 16) {
            $this->randomState = md5(microtime() . $this->randomState);

            if (PHP_VERSION >= '5') {
              $bytes .= md5($this->randomState, true);
            } else {
              $bytes .= pack('H*', md5($this->randomState));
            }
          }

          $bytes = substr($bytes, 0, $count);
        }

        return $bytes;
      }

      private function encodeBytes($input) {
        // The following is code from the PHP Password Hashing Framework
        $itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';

        $output = '';
        $i = 0;
        do {
          $c1 = ord($input[$i++]);
          $output .= $itoa64[$c1 >> 2];
          $c1 = ($c1 & 0x03) << 4;
          if ($i >= 16) {
            $output .= $itoa64[$c1];
            break;
          }

          $c2 = ord($input[$i++]);
          $c1 |= $c2 >> 4;
          $output .= $itoa64[$c1];
          $c1 = ($c2 & 0x0f) << 2;

          $c2 = ord($input[$i++]);
          $c1 |= $c2 >> 6;
          $output .= $itoa64[$c1];
          $output .= $itoa64[$c2 & 0x3f];
        } while (1);

        return $output;
      }
    }



    ?>

How do I encrypt a password in WordPress using WordPress salt?

Leave a Reply Cancel reply

2 comments

Social Network

Related posts

Leave a Reply Cancel reply

2 comments

Social Network