Wordpress $P$B hashed password

I’m trying to replace a Wordpress-based system with Xojo, and would like to be able to keep/migrate usernames and passwords from Wordpress to ease the user transition. I can read the Wordpress MySQL tables and can get the salt values from the config files if needed.

Does anyone have any pointers (or better still, example code) on how to create WP password hashes that begin $P$B?

I’d like to be able to get the password from my user login form, hash it and compare with the WP table user_pass value to let the user into the app…

Thanks in anticipation

Steve

What hash algorithm is being used?

(Google tells me that Wordpress uses unsalted MD5. Which is… bad, to say the least. I’m assuming that info is out of date, because using unsalted MD5 is criminal negligence at this point.)

Wordpress uses the Portable PHP password hashing framework.

It looks like it uses bcrypt. In which case, any bcrypt implementation should suffice. @Kem_Tekinay’s M_Crypto module has bcrypt support, as does MonkeyBread.

1 Like