Hello there,
it is easy to disable encrypting new password that is going to be stored in database but than you also have to disable decrypting it through login.
Does anybody know how?
Thank you for anyu ideas.
James
Hello there,
it is easy to disable encrypting new password that is going to be stored in database but than you also have to disable decrypting it through login.
Does anybody know how?
Thank you for anyu ideas.
James
Let me get this strait, you want to store the passwords in the database as non-hashed plain text?
Thanks,
Andrew
That is exactly what I wanted. But as I see you beeing a bit aghast I have a new question:
How can I use the 'decrypting mechanism' in another 'nonwordpress' service?
Thanks,
James
The data stored in the db is an md5 hash of the users password. There really isn't a "decrypt" option available.
Basically WP takes whatever pass the user enters into the login form, grabs the md5 hash of that and then compares it to the hash in the db for that user.
Edit: Oh and yes, i'm completely against just storing the passwords as non-hashed or encrypted plain text.
Thanks,
Andrew
You may want to keep an eye on that part of the code if you do decide to do that. There's a plan to modify how wordpress in general handles passwords.
James, you don't want to do that.
What you want to do instead (for syncing with the other application you mentioned) is have your other application hash the password the same way WP does, and then compare that hashed value to the DB value.
The point of hashing is that you never need to decrypt the stored password, you only verify that the password the user entered hashes to the same value that you have stored, and then you know it's correct.
You are right guys. There is no need to disable it but I should rather know how to use the encrypted password in my other application instead. Thank you.
And sorry for asking another thing but you have obviously met the problem of sending something private through url. How do you for example send password to another php site different way than using GET?
I was thinking about cURL, but I want to have the second page (the one where the first one sent the password to) visible and functionaly workable. Would cURL still work?
Thank you.
James
I'm not quite sure what you're asking with that one.
Could you provide more detail? Also, how does the question relate to WPMU or WordPress?
Thank you, jaredbangs, for reminding that I am asking for something that should not be in this forum at all.
Thank you all.
James