Password not syncing

luismotv77
(@luismotv77)

1 year ago

Hello,

I’ve installed the plugin on both sites and confirmed that user synchronization is working, except for passwords. All other user data is transferring correctly.

In the main site I have this configuration:

https://snipboard.io/60EQJa.jpg

In the secondary site I have this configuration

https://snipboard.io/c1lJZF.jpg

Please let me know if I can provide more information.

Kind regards.

Viewing 3 replies - 1 through 3 (of 3 total)

Pablo Hernández (OtakuPahp)

(@otakupahp)

1 year ago

I have the same error. Could it be because WP is no longer using MD5 to hash passwords??

Plugin Author

Alexandre Froger

(@frogerme)

1 year ago

Hello,

I have tested with the following steps (with actions create, update, password, login, logout on both sites):
– create a user on site A, with [password 0]
– user is created on site B, with [password 0], and login on site B and site A successfully
– change password to [password 1] on site B, logout
– login on site A with the [password 1] successfully
– change password to [password 2] on site A, logout
– login with [password 2] on site B successfully
– delete the user on site A, successfully deleted on site B

I then changed and tested according to the provided screenshots:
– site A: create, update, password, login, logout
– site B: login, logout
– created a user on site A with [password 0] – and login on site B and site A successfully
– changed password to [password 1] on site A, logout
– login with [password 1] on site B successfully

Please advise how to replicate the issue.

Plugin Author

Alexandre Froger

(@frogerme)

1 year ago

I have the same error. Could it be because WP is no longer using MD5 to hash passwords??

if ( ! function_exists( 'wp_hash_password' ) ) {
	function wp_hash_password(
		#[\SensitiveParameter]
		$password
	) {
		global $wp_hasher;

		if ( version_compare( $GLOBALS['wp_version'], '6.8', '<' ) ) {

			if ( empty( $wp_hasher ) ) {
				require_once ABSPATH . WPINC . '/class-phpass.php';

				$wp_hasher = new PasswordHash( 8, true ); // @codingStandardsIgnoreLine
			}

			do_action( 'wprus_password', $password );

			return $wp_hasher->HashPassword( trim( $password ) );
		}

		if ( ! empty( $wp_hasher ) ) {
			do_action( 'wprus_password', $password );

			return $wp_hasher->HashPassword( trim( $password ) );
		}

		if ( strlen( $password ) > 4096 ) {
			do_action( 'wprus_password', '*' );

			return '*';
		}

		$algorithm = apply_filters( 'wp_hash_password_algorithm', PASSWORD_BCRYPT );
		$options   = apply_filters( 'wp_hash_password_options', array(), $algorithm );

		do_action( 'wprus_password', $password );

		if ( PASSWORD_BCRYPT !== $algorithm ) {
			return password_hash( $password, $algorithm, $options );
		}

		$password_to_hash = base64_encode( hash_hmac( 'sha384', trim( $password ), 'wp-sha384', true ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode

		return '$wp' . password_hash( $password_to_hash, $algorithm, $options );
	}
}

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Password not syncing’ is closed to new replies.