[wp-testers] wp 2.5.rc1 causes passwords to break on pre 2.5
releases using shared user table
Ryan Boren
ryan at boren.nu
Thu Mar 27 23:02:24 GMT 2008
On Thu, Mar 27, 2008 at 3:13 PM, Ryan Boren <ryan at boren.nu> wrote:
> On Thu, Mar 27, 2008 at 2:33 PM, Austin Matzko <if.website at gmail.com> wrote:
> > On Thu, Mar 27, 2008 at 5:26 PM, Jeff Sherk Forerunner Ministries
> > <jeff at forerunnertv.com> wrote:
> > > Anybody know why it's doing this?
> >
> > Yes, the password authentication has changed for WordPress 2.5 to
> > improve security.
>
> The hash functions are pluggable so a plugin can force use of the old
> MD5 hashes. I think someone already wrote such a plugin, but I can't
> find it. I can write one if their isn't one out there.
I found one for bbPress, but not WP.
Here's basically what is needed:
function wp_check_password($password, $hash, $user_id = '') {
$check = ( $hash == md5($password) );
return apply_filters('check_password', $check, $password, $hash, $user_id);
}
function wp_hash_password($password) {
return md5($password);
}
More information about the wp-testers
mailing list