[wp-hackers] Password Generation
Brian Layman
wp-hackers at thecodecave.com
Thu Oct 6 14:34:00 UTC 2011
On 10/6/2011 5:14 AM, Scott Wilcox wrote:
> Hello,
>
> I've written a script to process a complex import of users from one system into wordpress. The only part I'm having issue with is generating each users password, as from the database they don't' appear to be straight MD5 hashes of passwords.
>
> Can anyone shed any light on the correct way to generate passwords?
>
> Are they concatenated salt and hashes?
>
> --
> Scott Wilcox
hah I just wrote the same thing, importing from a CSV file, creating the
user and assigning password if needed, an then associating with a blog
if it does not already exist.
I simply used wp_generate_password( 12, false ) to create a new random
password:
http://hitchhackerguide.com/2011/02/12/wp_generate_password/
One thing to note is that you CAN use a straight md5 of a text value in
the password field. That's the original password encryption method for
WordPress and it will be recognized. The upgrade code is still in place
in the core so the password encryption will be upgraded to the new
method the next time the person logs in. (It has to be done when a
person is logging in so that the unhashed text is known.)
-- Brian Layman
More information about the wp-hackers
mailing list