mrplantplant/wordpress-auth

Use WordPress password authentication on other PHP projects, for instance when migrating to another platform

Maintainers

Details

gitlab.com/mrplantplant/wordpress-auth

Source

Issues

Installs: 3

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Forks: 0

v1.0 2024-02-12 15:36 UTC

MIT b8f1e90cf535499065569aa3b0661d8f386eed1d

  • Adrian Plantenga <info.woop@mrplantplant.com>

This package is not auto-updated.

Last update: 2025-07-02 00:08:13 UTC

README

Use this package to compare a given password to a WordPress hashed string. My personal use case is when migrating away from WordPress, but don't want our users to have to reset their password. I'd import the users from the WordPress database into my new data structure, with a user type identifier (so we know which user requires which authentication method). On a successful login, the code knows the correct password and can be passed through to your new hashing method.

Should you need inspiration for a new password hashing method, look at password_hash(). Take particular note at this comment to add additional security.

Usage

Very simple, create a new instance of WPAuth\WordPressAuth and use the authenticate() method on it as per the following:

<?php
    $authManager = new MrPlantPlant\WPAuth\WordPressAuth();
    
    // Returns true on a successful match, false on mismatch 
    if ($authManager->authenticate($givenPassword, $storedHash)) {
        // Now rehash $givenPassword with your new auth method and save it in your data source!
        echo 'success!'
    } else {
        echo 'password mismatch';
    }
?>