wp_check_password

函数


      wp_check_password ( $password, $hash, $user_id = '' )

参数

(string) $password Plaintext user's password.

Required: 是
(string) $hash Hash of the user's password to check against.

Required: 是
(string|int) $user_id Optional. User ID.

Required: 否

Default: (empty)

返回值

(bool) False, if the $password does not match the hashed password.

定义位置

wp-includes/pluggable.php , line 2535

相关方法: wp_set_password wp_hash_password wp_generate_password wp_get_password_hint check_password_reset_key

引入: 2.5.0

弃用: -

wp_check_password：这是一个检查密码是否正确的函数。它可以用来在登录或更改密码时验证用户的密码。

根据加密的密码检查明文密码。

保持旧版本和使用PHPass库的新cookie认证协议之间的兼容性。$hash参数是加密的密码，该函数将加密后的纯文本密码与已经加密的密码进行类似的比较，看它们是否匹配。

对于与其他应用程序的整合，这个函数可以被覆盖，而使用其他包的密码检查算法。

function wp_check_password( $password, $hash, $user_id = '' ) {
		global $wp_hasher;

		// If the hash is still md5...
		if ( strlen( $hash ) <= 32 ) {
			$check = hash_equals( $hash, md5( $password ) );
			if ( $check && $user_id ) {
				// Rehash using new hash.
				wp_set_password( $password, $user_id );
				$hash = wp_hash_password( $password );
			}

			/**
			 * Filters whether the plaintext password matches the encrypted password.
			 *
			 * @since 2.5.0
			 *
			 * @param bool       $check    Whether the passwords match.
			 * @param string     $password The plaintext password.
			 * @param string     $hash     The hashed password.
			 * @param string|int $user_id  User ID. Can be empty.
			 */
			return apply_filters( 'check_password', $check, $password, $hash, $user_id );
		}

		// If the stored hash is longer than an MD5,
		// presume the new style phpass portable hash.
		if ( empty( $wp_hasher ) ) {
			require_once ABSPATH . WPINC . '/class-phpass.php';
			// By default, use the portable hash from phpass.
			$wp_hasher = new PasswordHash( 8, true );
		}

		$check = $wp_hasher->CheckPassword( $password, $hash );

		/** This filter is documented in wp-includes/pluggable.php */
		return apply_filters( 'check_password', $check, $password, $hash, $user_id );
	}
endif;

if ( ! function_exists( 'wp_generate_password' ) ) :
	/**
	 * Generates a random password drawn from the defined set of characters.
	 *
	 * Uses wp_rand() is used to create passwords with far less predictability
	 * than similar native PHP functions like `rand()` or `mt_rand()`.
	 *
	 * @since 2.5.0
	 *
	 * @param int  $length              Optional. The length of password to generate. Default 12.
	 * @param bool $special_chars       Optional. Whether to include standard special characters.
	 *                                  Default true.
	 * @param bool $extra_special_chars Optional. Whether to include other special characters.
	 *                                  Used when generating secret keys and salts. Default false.
	 * @return string The random password.
	 */

wp_check_password

WP开发教程