How to hash a password to compare

artcoder · January 25, 2010, 6:37am

I was able to retrieve the hashed or encrypted password value for the admin user in the Wordpress database.

I’m writing a login form and need to compare the password entered with the stored hashed password.

Something like…


if ( md5hash($_POST['password']) == $correctHashedPassword ) {
   // you are in 
} else {
  // bad password
}

Can someone fill in the correct function for me? I don’t think “md5hash” is correct. In fact, I don’t know how the Wordpress database encrypts their passwords.

Dan_Grossman · January 25, 2010, 6:39am

It’s md5(). You’ll probably want to actually call WordPress’s function for checking passwords since it’s a bit more than just hashing. Storing an md5 hash of the password itself is not at all secure, so they don’t do that.