根据加密密码检查明文密码。

原型

wp_check_password( string $password, string $hash, string|int $user_id = '' )

描述

使用PHPass库维护旧版本和新cookie身份验证协议之间的兼容性。 $ hash参数是加密密码,该函数将加密后的纯文本密码与已加密的密码进行比较,以查看它们是否匹配。

参数

$password (string) (Required) 明文用户的密码

$hash (string) (Required) 用于检查的用户密码的哈希值。

$user_id (string|int) (Optional)  用户身份。

返回值

(bool)  如果$ password与哈希密码不匹配,则为false

源文件

路径:wp-includes/pluggable.php

<?php
...
function wp_check_password($password, $hash, $user_id = '') {
	global $wp_hasher;
	// If the hash is still md5...
	if ( strlen($hash) <= 32 ) {
		$check = hash_equals( $hash, md5( $password ) );
		if ( $check && $user_id ) {
			// Rehash using new hash.
			wp_set_password($password, $user_id);
			$hash = wp_hash_password($password);
		}
		/**
		 * Filters whether the plaintext password matches the encrypted password.
		 *
		 * @since 2.5.0
		 *
		 * @param bool       $check    Whether the passwords match.
		 * @param string     $password The plaintext password.
		 * @param string     $hash     The hashed password.
		 * @param string|int $user_id  User ID. Can be empty.
		 */
		return apply_filters( 'check_password', $check, $password, $hash, $user_id );
	}
	// If the stored hash is longer than an MD5, presume the
	// new style phpass portable hash.
	if ( empty($wp_hasher) ) {
		require_once( ABSPATH . WPINC . '/class-phpass.php');
		// By default, use the portable hash from phpass
		$wp_hasher = new PasswordHash(8, true);
	}
	$check = $wp_hasher->CheckPassword($password, $hash);
	/** This filter is documented in wp-includes/pluggable.php */
	return apply_filters( 'check_password', $check, $password, $hash, $user_id );
}
...
?>

其他

英文文档:https://developer.wordpress.org/reference/functions/wp_check_password/