The MU forums have moved to WordPress.org

WordPress MU Forums » How-To and Troubleshooting

How to disable encrypting the password? (9 posts)

  1. jamessketch
    Member
    Posted 16 years ago #

    Hello there,

    it is easy to disable encrypting new password that is going to be stored in database but than you also have to disable decrypting it through login.

    Does anybody know how?

    Thank you for anyu ideas.
    James

  2. andrewbillits
    Member
    Posted 16 years ago #

    Let me get this strait, you want to store the passwords in the database as non-hashed plain text?

    Thanks,
    Andrew

  3. jamessketch
    Member
    Posted 16 years ago #

    That is exactly what I wanted. But as I see you beeing a bit aghast I have a new question:

    How can I use the 'decrypting mechanism' in another 'nonwordpress' service?

    Thanks,
    James

  4. andrewbillits
    Member
    Posted 16 years ago #

    The data stored in the db is an md5 hash of the users password. There really isn't a "decrypt" option available.

    Basically WP takes whatever pass the user enters into the login form, grabs the md5 hash of that and then compares it to the hash in the db for that user.

    Edit: Oh and yes, i'm completely against just storing the passwords as non-hashed or encrypted plain text.

    Thanks,
    Andrew

  5. theapparatus
    Member
    Posted 16 years ago #

    You may want to keep an eye on that part of the code if you do decide to do that. There's a plan to modify how wordpress in general handles passwords.

    http://trac.mu.wordpress.org/ticket/528

  6. jaredbangs
    Member
    Posted 16 years ago #

    James, you don't want to do that.

    What you want to do instead (for syncing with the other application you mentioned) is have your other application hash the password the same way WP does, and then compare that hashed value to the DB value.

    The point of hashing is that you never need to decrypt the stored password, you only verify that the password the user entered hashes to the same value that you have stored, and then you know it's correct.

  7. jamessketch
    Member
    Posted 16 years ago #

    You are right guys. There is no need to disable it but I should rather know how to use the encrypted password in my other application instead. Thank you.

    And sorry for asking another thing but you have obviously met the problem of sending something private through url. How do you for example send password to another php site different way than using GET?

    I was thinking about cURL, but I want to have the second page (the one where the first one sent the password to) visible and functionaly workable. Would cURL still work?

    Thank you.
    James

  8. jaredbangs
    Member
    Posted 16 years ago #

    I'm not quite sure what you're asking with that one.

    Could you provide more detail? Also, how does the question relate to WPMU or WordPress?

  9. jamessketch
    Member
    Posted 16 years ago #

    Thank you, jaredbangs, for reminding that I am asking for something that should not be in this forum at all.

    Thank you all.
    James

About this Topic

  • Started 16 years ago by jamessketch
  • Latest reply from jamessketch