February 12, 2011 
Definition:
function wp_check_password($password, $hash, $user_id = '') {}
Checks the plaintext password against the encrypted Password.
Maintains compatibility between old version and the new cookie authentication protocol using PHPass library. The $hash parameter is the encrypted password and the function compares the plain text password when encrypted similarly against the already encrypted password to see if they match.
Parameters
- string $password: Plaintext user’s password
- string $hash: Hash of the user’s password to check against.
- $user_id
Return values
returns:False, if the $password does not match the hashed password
Defined filters
- check_password
apply_filters('check_password', $check, $password, $hash, $user_id) - check_password
apply_filters('check_password', $check, $password, $hash, $user_id)
Source code
function wp_check_password($password, $hash, $user_id = '') {
global $wp_hasher;
// If the hash is still md5...
if ( strlen($hash) <= 32 ) {
$check = ( $hash == md5($password) );
if ( $check && $user_id ) {
// Rehash using new hash.
wp_set_password($password, $user_id);
$hash = wp_hash_password($password);
}
return apply_filters('check_password', $check, $password, $hash, $user_id);
}
// If the stored hash is longer than an MD5, presume the
// new style phpass portable hash.
if ( empty($wp_hasher) ) {
require_once( ABSPATH . 'wp-includes/class-phpass.php');
// By default, use the portable hash from phpass
$wp_hasher = new PasswordHash(8, TRUE);
}
$check = $wp_hasher->CheckPassword($password, $hash);
return apply_filters('check_password', $check, $password, $hash, $user_id);
}
3469
A HitchHackers guide through WordPress 
No comments yet... Be the first to leave a reply!