[wp-testers] wp 2.5.rc1 causes passwords to break on pre 2.5 releases using shared user table

Ryan Boren ryan at boren.nu
Thu Mar 27 23:02:24 GMT 2008


On Thu, Mar 27, 2008 at 3:13 PM, Ryan Boren <ryan at boren.nu> wrote:
> On Thu, Mar 27, 2008 at 2:33 PM, Austin Matzko <if.website at gmail.com> wrote:
>  > On Thu, Mar 27, 2008 at 5:26 PM, Jeff Sherk Forerunner Ministries
>  >  <jeff at forerunnertv.com> wrote:
>  >  >  Anybody know why it's doing this?
>  >
>  >  Yes, the password authentication has changed for WordPress 2.5 to
>  >  improve security.
>
>  The hash functions are pluggable so a plugin can force use of the old
>  MD5 hashes.  I think someone already wrote such a plugin, but I can't
>  find it.  I can write one if their isn't one out there.

I found one for bbPress, but not WP.

Here's basically what is needed:

function wp_check_password($password, $hash, $user_id = '') {
	$check = ( $hash == md5($password) );

	return apply_filters('check_password', $check, $password, $hash, $user_id);
}

function wp_hash_password($password) {
	return md5($password);
}


More information about the wp-testers mailing list