I have one website in WordPress but I need to create another in other framework (ASP.NET).
I want to give users the ability to login with the same login and password to second website without the need to create account once again.
How to calculate the password hash outside WordPress? I want to generate hash in my second website, then connect to WordPress database and authenticate user. So it should work without WordPress help, only direct connection to the database.
I tried WordPress password hasher, but every time it gives me another hash. Why it is not deterministic like SHA?
I don't also see any password salt here.
I have one website in WordPress but I need to create another in other framework (ASP.NET).
I want to give users the ability to login with the same login and password to second website without the need to create account once again.
How to calculate the password hash outside WordPress? I want to generate hash in my second website, then connect to WordPress database and authenticate user. So it should work without WordPress help, only direct connection to the database.
I tried WordPress password hasher, but every time it gives me another hash. Why it is not deterministic like SHA?
I don't also see any password salt here.
Share Improve this question edited Aug 22, 2017 at 22:14 Johansson 15.4k11 gold badges43 silver badges79 bronze badges asked Aug 22, 2017 at 21:37 Some OneSome One 212 bronze badges 2- Without seeing the code for that site it's not possible to say, but, it's probably intentionally adding a random salt. Have you considered other alternatives? Such as OAuth, or sharing the cookie and redirecting to WordPress for logins? – Tom J Nowell ♦ Commented Aug 22, 2017 at 21:46
- You can create proxy script as API loading wordpress and checking your password – Anton Lukin Commented Aug 22, 2017 at 22:09
1 Answer
Reset to default 1While the answer to your question could be long and complex, but since you are developing another website using ASP, I assume you know how to integrate with database too.
I'm going to add some useful information for your case.
WordPress Salts
WordPress uses different salts for different purposes, as asked here. These salts are located at wp-config.php. You might want to take a look into that to generate your hashes.
Manual Hash Generation
The PasswordHash class allows you to generate and customize hashed passwords. You can use it to create hashes based on your strings, and then compare them with the original hashes from database, by using its CheckPassword() method.
Location of Password Hashes in Database
Hashed password for a every user is stored under user_pass row, located at wp_users table. You can use it to make hash comparisons, using the $wpdb class. This can be done by a REST API.
When a user tries to log in, you can send a REST request to your WordPress installation, grab the hashes, then compare it and pass it back to your ASP installation if it's correct.