Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Wordpress password reset hook

Tags:

passwords

wordpress

hook

I'm trying to do something with wordpress passwords that may or maynot be considered kosher.

Situation:
Basically I have two different services both requiring passwords. One of these services is a simple wordpress account and one is another app, having nothing to do with wordpress. I would like to sync usernames and passwords across the two, meaning that every time a wordpress username changes, the app's username changes and every time the wordpress password changes, the app's password changes.

Problem/Question:
There are several ways I could deal with the username, but the password is the tricky one. I 'm looking to exploit a hook from the wordpress password reset interface so that any time a new password is set, it grabs it in its plain-text form (before it's hashed) and sends it to an API that I'm using to hash/store the passwords separately for this non-wordpress app. Is there a way to accomplish this?

Any shots at a solution are much appreciated.

like image 592
neanderslob Avatar asked Oct 03 '13 19:10

neanderslob

People also ask

How do I create a password reset link in WordPress?

Using the Lost Password Link to Reset Your Password Then click on the Lost your password? link at the bottom. On the next screen, enter your username or the email address you used for your WordPress account. Click on Get New Password and you will receive a link to create a new password via email.

How do I fix my WordPress password reset key?

To fix this error you need to access your cPanel account or connect your website with an FTP client. Now you need to delete some files from your database to free some space. You can download the files on your device and then delete some unnecessary files.

1 Answers

Yes, there are hooks for this in /wp-login.php (password reset) and /wp-admin/includes/user.php (password change in user page).

# When reseting password in wp-login
add_action( 'password_reset', function( $user, $pass ) 
{
    var_dump( $pass );
    die();
}, 10, 2 );

and 

# When checking if passwords match
add_action( 'check_passwords', function( $user, $pass1, $pass2 ) 
{
    var_dump( $pass1 );
    die();
}, 10, 3 );
like image 64
brasofilo Avatar answered Oct 03 '22 12:10

brasofilo
Sign in to Comment

Related questions

My applications need to send emails, where and how should I store the SMTP password?
How to implement password strength like in gmail registration in YII php?
Incorporating Devise Authentication into an already existing user structure?
Changing the password of a java keystore programmatically
how to set password as pixels of image in android(cued click point or grapical password)
How to store secure string in Android?
How to eliminate usernames and passwords from source code in Test Automation?
Checking password complexity: different from last X passwords
How to store and search list of 'Banned Passwords'
ASP.NET MVC - How to safely persist password of a user for SQL Server Authentication?
Guidelines for a Password Strength Meter (Password checker) Design [closed]
Encrypting powershell passwords
What is the most appropriate use of StandardPasswordEncoder for salting passwords in spring security 3.1?
Is there a way to change user password on IBM System i (aka iSeries / AS400) using SQL?
Why doesn't OWASP recommend to bcrypt the password both on the client and the server?
How can I change the dots to another character on password field in iOS Swift
Storing passwords with python
Using ruby to generate SHA512 crypt-style hashes formatted for /etc/shadow?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!