Check remote credentials

[marko001]

Hi all,

I'm using a MySQL DB on an hosting where people can subscribe and create their username/password.

I'm now building a tool that, first of all, wants to check if credentials are correct.

Using

#include <mysql.au3>

I can easily connect to DB.

I can see tables and WP_Users table.

What I wanted to to is check username & password, but, found the username, I can't convert password to hashed Wordpress method.

Using

MsgBox(0, "Decrypted data", BinaryToString(_Crypt_DecryptData("$P$BliO2IAijM.ouBc2.BqypXV4683OdB0", "", $CALG_MD5)))

and

MsgBox(0,"",BinaryToString(_Crypt_HashData("testpw",$CALG_MD5)))

gives me different results.

I see, looking in DB, that Wordpress saves pw in this kind of format: "$P$BliO2IAijM.ouBc2.BqypXV4683OdB0" (example of password)

There is also http://codex.wordpress.org/Function_Reference/wp_hash_password but I can't imagine how to use it inside AutoIt.

Is there a solution for this?

Thanks,

M.

[spudw2k]

It appears that it uses either Base64, DES or Blowfish.

It would take me some time to convert this to au3, but I'm no expert.

http://core.trac.wordpress.org/browser/tags/3.2.1/wp-includes/class-phpass.php

[marko001]

And there is no way to send to mysql the clean password letting it to do the dirty work? It's mandatory to send it the hashed pw? (so I need to know algorithm autoit-side)

M.