WP_Application_Passwords::check_password() – Method

WP_Application_Passwords::check_password( string $password, string $hash ): bool

Checks a plaintext application password against a hashed password.

Parameters

$passwordstringrequired: Plaintext password.
$hashstringrequired: Hash of the password to check against.

Return

bool Whether the password matches the hashed password.

Source

public static function check_password(
	#[\SensitiveParameter]
	string $password,
	string $hash
): bool {
	if ( ! str_starts_with( $hash, '$generic$' ) ) {
		/*
		 * If the hash doesn't start with `$generic$`, it is a hash created with `wp_hash_password()`.
		 * This is the case for application passwords created before 6.8.0.
		 */
		return wp_check_password( $password, $hash );
	}

	return wp_verify_fast_hash( $password, $hash );
}

View all references View on Trac View on GitHub

Uses	Description
wp_verify_fast_hash()`wp-includes/functions.php`	Checks whether a plaintext message matches the hashed value. Used to verify values hashed via wp_fast_hash() .
wp_check_password()`wp-includes/pluggable.php`	Checks a plaintext password against a hashed password.

Used by	Description
wp_authenticate_application_password()`wp-includes/user.php`	Authenticates the user using an application password.

Changelog

Version	Description
6.8.0	Introduced.

User Contributed Notes

You must log in before being able to contribute a note or feedback.