I need to insert users into a Wordpress blog via a PHP script or MySQL, and I have a plain text password. I thought I could do something like this:
$query = "INSERT INTO $new_db.wp_users (user_login, user_pass, user_nicename)
select user_email, md5(user_password), user_name from $source_db.users";
But the passwords all look different from what the Wordpress passwords look like now. All the passwords all start with $P$B
From reading it says there is a salt... is there a way to take a password like test123 and turn it into the encrypted password that Wordpress expects?
The most sensible solution would simply be to use the relevant WordPress function (wp_generate_password) itself.
However, if this isn't an option, you could simply extract the wp_generate_password
function (it's in /wp-includes/pluggable.php) and relevant support functions.
Wordpress uses phpass hashing, which is different from MD5.
The easiest way to create the password is ...
- to use any rubbish as entry in the MySQL table for user_pass, but a
correct email.
- Use the "forgot password" function in the login panel to generate a correct password (or activate this link automatically to notify the user).
Don't forget to copy a "wp_capabilities" and a "wp_user_level" from another account.
This function will do what you described to transform the password:
<?
function encrypt_for_wordpress($plain_text_password) {
return md5("\$P\$B" . $plain_text_password);
}
You'll need to select it from source_db
, transform it in PHP, then insert it into new_db
.
WordPress used to use MD5 passwords, and still can. Setting the passwords as MD5 hashes should work fine. As each user logs in for the first time, WordPress will rehash their password based on the stronger security it now uses.