Usually a salt is just prepended to a password before encrypting it. The same as the salt is prepended to the encrypted string. Really simple
To call the php function from perl you probably would have to write a php script with command line parameters and using this function to output the result to STDOUT. Then calling this script with the `` operator from perl. Or use the php equivalent to exit() to confer the result and use system() to call the script from perl
| [reply] |
The WordPress Codex function you want is wp_login_form. What you could do is create a simple one-off PHP file that includes the WordPress API file (wp-blog-header.php) and calls the function. Set the redirect URL of the wp_login_form function to be your Perl code that provides files. Or perhaps create some mishmash where your Perl code is doing the interface generation and you use something like LWP::Simple to scrape the information into a Perl string.
To be honest, I would create a custom script completely in PHP to do what you're trying to do. You could perhaps delve into the WordPress API to create a plugin that allows users to see the files you're trying to deliver. Perl, for all its power, is sometimes not the right tool for the job.
| [reply] |
Maybe this is the best solution. I'm going to try this as well. Thanks.
| [reply] |
Actually, in this way I believe I cannot prevent that anyone who knows the redirect link can get the files, while I want to deliver them only to WP users that have a specific permission set in WP. Or am I wrong ?
| [reply] |
WP uses the PHPass library for password hashing. The above page mentions a Perl port called Authen::Passphrase::PHPass; if that supports everything WP needs (haven't looked) that would be the easiest and fastest solution. Otherwise I'd use jethro's.
| [reply] |
Thanks, I went through using the WordPress hashing functions.
So from a Perl CGI I execute this kind of php code (I will have to pass user and password in the call) that I saved into an .htaccess-protected directory so that it can only be called from the Perl script:
<?php
$username = 'myuser';
$plain_password = 'mypassword';
require_once('/path/to/wp-blog-header.php');
require_once('/path/to/class-phpass.php');
$userdata = get_user_by('login', $username);
$result = wp_check_password($plain_password, $userdata->user_pass, $us
+erdata->ID);
if ( $result ) {
echo "1";
} else {
echo "0";
}
?>
Then the Perl CGI calls it as
$ok = `php /path/to/check_password.php`;
The problem is that when I call the php from the browser it gives 1 or 0 back, but apparently from Perl it gives back an empty space.
Thanks you for any hint.
| [reply] [d/l] [select] |
First you should call the php script from the command line and check if you see the result output.
Then call the perl script from the command line (or an abbreviated test script). If it works, the malfunction comes from calling it in the browsers environment
Then try to call it like this:
@ok= `php /path/to/check_password.php`;
and check if you get back more than one line (although I don't see where an additional line could come from)
| [reply] [d/l] |
I was looking for this exact same thing. Honestly, I do not like the solutions that require CGI calls or invoking php to do this. Therefore, I found a way to do this entirely in perl using the Authen::Passphrase::PHPass module.
Very quickly, the idea when using this module is to pass into the module a copy of the existing hashed password from user_pass from the user you want to verify the password for. The reason you do this is because encoded in the hashed password are some parameters you need to verify with, such as the salt, and the 'cost' value used by the Authen::Passphrase::PHPass module.
So, the following should work:
sub verify_wordpress_pass {
my ($wordpress_hashed_pw, $passphrase) = @_;
use Authen::Passphrase::PHPass;
my $ppr = Authen::Passphrase::PHPass->from_crypt($wordpress_hashed
+_pw);
# Note, $passphrase is the unencrypted password you want to verify
return $ppr->match($passphrase); # Returns 1 if matched, undef if
+failed
}
If you want to check manually, you can also print a copy of the hashed password; also useful for generating a new password, from perl:
sub print_wordpress_pass {
my ($wordpress_hashed_pw, $passphrase) = @_;
use Authen::Passphrase::PHPass;
my $ppr = Authen::Passphrase::PHPass->from_crypt($wordpress_hashed
+_pw);
# Note, $passphrase is the unencrypted password you want to verify
my $set_ppr = Authen::Passphrase::PHPass->new(
cost => $ppr->cost,
salt => $ppr->salt,
passphrase => $passphrase
);
print $wordpress_hashed_pw . "\n" . $set_ppr->as_crypt . "\n";
}
I know this thread is old, but this topic may not be and this is the only thread I've seen it addressed. I hope it helps someone else out. | [reply] [d/l] [select] |