WordPress 3 – how are passwords stored and how do I compare to them?

For reasons I can’t go into right now, I’m creating a form that will allow users to change their passwords for WordPress by entering their current password and then entering the new password.

I want to do a databse lookup to see if the password they entered was the correct one already stored in the DB. However, in WP the passwords are encrypted somehow, so doing a simple SQL comparison on this column wont work. I tried using md5() on the password for the lookup but it doesn’t seem to work either.

Read More

Here’s my sql:
SELECT ID, user_pass
FROM wp_users
WHERE ID = '$current_user->ID'
AND user_pass = 'md5($currentpassword)'
LIMIT 1

You can ignore most of this, but what I need to know is how I can do a comparison against the user_pass column?

I’ve tested this method above and it results in 0 rows returned – with or without the md5()

Please help!

Much appreciated.

Michael.

Related posts

Leave a Reply

1 comment