CheckPassword example

/* * If the stored hash is longer than an MD5, * presume the new style phpass portable hash. */
        if ( empty( $wp_hasher ) ) {
            require_once ABSPATH . WPINC . '/class-phpass.php';
            // By default, use the portable hash from phpass.             $wp_hasher = new PasswordHash( 8, true );
        }

        $check = $wp_hasher->CheckPassword( $password$hash );

        /** This filter is documented in wp-includes/pluggable.php */
        return apply_filters( 'check_password', $check$password$hash$user_id );
    }
endif;

if ( ! function_exists( 'wp_generate_password' ) ) :
    /** * Generates a random password drawn from the defined set of characters. * * Uses wp_rand() to create passwords with far less predictability * than similar native PHP functions like `rand()` or `mt_rand()`. * * @since 2.5.0 * * @param int $length Optional. The length of password to generate. Default 12. * @param bool $special_chars Optional. Whether to include standard special characters. * Default true. * @param bool $extra_special_chars Optional. Whether to include other special characters. * Used when generating secret keys and salts. Default false. * @return string The random password. */
list( $pass_request_time$pass_key ) = explode( ':', $user->user_activation_key, 2 );
        $expiration_time                      = $pass_request_time + $expiration_duration;
    } else {
        $pass_key        = $user->user_activation_key;
        $expiration_time = false;
    }

    if ( ! $pass_key ) {
        return new WP_Error( 'invalid_key', __( 'Invalid key.' ) );
    }

    $hash_is_correct = $wp_hasher->CheckPassword( $key$pass_key );

    if ( $hash_is_correct && $expiration_time && time() < $expiration_time ) {
        return $user;
    } elseif ( $hash_is_correct && $expiration_time ) {
        // Key has an expiration time that's passed.         return new WP_Error( 'expired_key', __( 'Invalid key.' ) );
    }

    if ( hash_equals( $user->user_activation_key, $key ) || ( $hash_is_correct && ! $expiration_time ) ) {
        $return  = new WP_Error( 'expired_key', __( 'Invalid key.' ) );
        $user_id = $user->ID;

        
$this->remove_key( $token );

        if ( ! is_array( $record ) || ! isset( $record['hashed_key']$record['created_at'] ) ) {
            return new WP_Error( 'invalid_recovery_key_format', __( 'Invalid recovery key format.' ) );
        }

        if ( empty( $wp_hasher ) ) {
            require_once ABSPATH . WPINC . '/class-phpass.php';
            $wp_hasher = new PasswordHash( 8, true );
        }

        if ( ! $wp_hasher->CheckPassword( $key$record['hashed_key'] ) ) {
            return new WP_Error( 'hash_mismatch', __( 'Invalid recovery key.' ) );
        }

        if ( time() > $record['created_at'] + $ttl ) {
            return new WP_Error( 'key_expired', __( 'Recovery key expired.' ) );
        }

        return true;
    }

    /** * Removes expired recovery mode keys. * * @since 5.2.0 * * @param int $ttl Time in seconds for the keys to be valid for. */
/** This filter is documented in wp-includes/post-template.php */
        return apply_filters( 'post_password_required', true, $post );
    }

    require_once ABSPATH . WPINC . '/class-phpass.php';
    $hasher = new PasswordHash( 8, true );

    $hash = wp_unslash( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] );
    if ( ! str_starts_with( $hash, '$P$B' ) ) {
        $required = true;
    } else {
        $required = ! $hasher->CheckPassword( $post->post_password, $hash );
    }

    /** * Filters whether a post requires the user to supply a password. * * @since 4.7.0 * * @param bool $required Whether the user needs to supply a password. True if password has not been * provided or is incorrect, false if password has been supplied or is not required. * @param WP_Post $post Post object. */
    
Home | Imprint | This part of the site doesn't use cookies.