I've made a custom user registration and login screen for a plugin that I'm making and it all seems to work ok. The user gets created and is assigned a randomly generated password.
The problem I'm having is when somewhere along the way, the login process (the default Wordpress wp-login.php) rejects the password.
I started tracing around the programming code, and it looks like the hashing of the password which gets stored in the database is for some reason different from hash that is created when the password entered in the login screen.
This suggests the bug is in how I hash & store the password during user creation but the code looks right and relies on standard WP functions.
Can anyone offer any suggestions.
/** Adds the user to the Wordpress system
* It is a cut down version wp-includes/registration.php wp_insert_user
*/
private function createUser( $user_login, $password, $user_email) {
global $wpdb;
$user_login = esc_html( trim( $user_login ));
$user_email = esc_html( trim( $user_email ));
$update = false;
// Hash the password
$user_pass = wp_hash_password($password);
$user_login = sanitize_user($user_login, true);
$user_login = apply_filters('pre_user_login', $user_login);
$user_email = apply_filters('pre_user_email', $user_email);
$rich_editing = 'true';
$comment_shortcuts = 'false';
$admin_color = 'fresh';
$admin_color = preg_replace('|[^a-z0-9 _.\-@]|i', '', $admin_color);
$use_ssl = 0;
$user_registered = gmdate('Y-m-d H:i:s');
$data = compact( 'user_pass', 'user_email', 'user_registered' );
$data = stripslashes_deep( $data );
$wpdb->insert( $wpdb->users, $data + compact( 'user_login' ) );
$user_id = (int) $wpdb->insert_id;
update_usermeta( $user_id, 'rich_editing', $rich_editing);
update_usermeta( $user_id, 'comment_shortcuts', $comment_shortcuts);
update_usermeta( $user_id, 'admin_color', $admin_color);
update_usermeta( $user_id, 'use_ssl', $use_ssl);
$user = new WP_User($user_id);
$user->set_role(TACS_AFFILIATE_ROLE);
wp_cache_delete($user_id, 'users');
wp_cache_delete($user_login, 'userlogins');
do_action('user_register', $user_id);
return $user_id;
}
Example:
Plain text password passed to the code above:
wWFNJ5WVItDj
Stored password, hashed by the code above: $P$Bux0eEtTqlP/PYoyVRgNYnudssLFhd/
What wp-login via class-phpass.php -> CheckPassword thinks the hash of the plain text password should be:
$P$Bux0eEtTq78PqC77J2i4LFT.ggSDa81
As the two hashes are different, the login process fails but I cannot see why this difference exists.
What am I missing?
Search 
Forum
Print this Post 
Topic RSS 
