Home > Net >  Create React application using password from database of a deleted Wordpress website
Create React application using password from database of a deleted Wordpress website

Time:10-01

I am in the process of deleting my Wordpress website to replace it with a React application. I have several hundred registered users on my wordpress website and I would like to use these credentials on my React application.

The problem is that in the database I have the user passwords generated by Wordpress and that I cannot decrypt them... My question is: in my React application how can I use the identifiers and password created under Wordpress and stored in my database by deleting my wordpress website? I have already looked at wordpress-hash-node or even md5 but nothing works...

Please help me, I don't know what to do. Thank you in advance for your help

CodePudding user response:

You can use an npm library to verify the password hash from WordPress's wp_users table, or from any table containing the user_login and user_pass column data from that table. This works for me, against wp_users on a WordPress 6.1 beta site. So it should be good.

import mysql from 'mysql2/promise'
import PasswordHash from 'wordpress-password-js'

const wordpressHasher = new PasswordHash()

const conn = mysql.createPool({
  host: 'mysql.example.com',
  user: 'databaseuser',
  password: 'redacted',
  database: 'wordpress'
})

const loginFromUser = 'administrator'
const passwordFromUser = 'redacted'

const [rows, _] = await conn.query(
  'SELECT * FROM wp_users WHERE user_login = ?',
  [loginFromUser])

let userData
for (const row of rows) {
  if (wordpressHasher.check(passwordFromUser, row.user_pass)) {
    userData = row
  }
}
if (userData) {
  console.log('Login Successful', userData)
} else {
  console.error('Login Failure')
}

You will, of course, have to do this operation in the back end of your React app.

Don't use that 'wordpress-password-js' package to create password hashes. It seems to have far too little randomness in the salt, so the hashes it creates will be too easy to crack. It's fine for validating them.

CodePudding user response:

Its good !!! We adapted the code a bit but it works, thank you again for your help.

Here is the modified code :

const mysql = require('mysql')
const PasswordHash = require('wordpress-password-js')

const wordpressHasher = new PasswordHash()

const pool  = mysql.createPool({
  host: 'mysql.example.com',
  user: 'databaseuser',
  password: 'redacted',
  database: 'wordpress'
})
const user_login = "administrator";
const password = 'redacted!';

pool.query('SELECT * from wpv2_users WHERE user_login = ? ', [user_login], function(error, results, fields) {
    if (error) throw error;
      if (results.length > 0) {
        for(const row of results) {
        console.log(wordpressHasher.check(password, row.user_pass));
        }
        if(wordpressHasher.check(password, results.user_pass)){
          userData = results
          console.log(userData)

        }else{  
          console.log('Login Successful',)
        }
    } else {
      console.log('Login Failure')

    }           
});
  • Related