Passwords Vanilla, not matching with Wordpress
I've been using a Vanilla embedded forum for a while now. Its using the Wordpress plugin, embedded on a Wordpress page, and is working with single sign on.
I'd like to disconnect the two as some users have problems visiting on mobile. When making the switch, I dont want my users to notice.
The tests I've run the last two days, show that Vanilla, is not up to date with the latest passwords. So when I disconnect Vanilla from Wordpress, some users wont be able to log in anymore.
Is there a way I can force the Wordpress passwords in to the Vanilla DB? Or make Vanilla pick up the passwords from Wordpress?
Somewhat related, when a user updates the password on a Wordpress page, they cant log in on Vanilla anymore (with the sign in button) because they use the new password, that is not in the Vanilla database. The single sign on feature works of course.
The simple answer is no, you can't retrieve the passwords from WP.
WP, like all modern applications, do not store the passwords themselves. It stores a hash. When a user enters a password, the password is hashed and compared against the stored hash. If they match, the user gains access.
You could extend the garden password class with the system WP uses for hashing and copy the hashes over to your Vanilla db. WP checks passwords with this code: https://core.trac.wordpress.org/browser/tags/4.5.3/src/wp-includes/pluggable.php#L2015
Check out the Documentation! We are always looking for new content and pull requests.
Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.
You can discontinue using embed (the mobile problem) while continuing to use SSO, which it sounds like you still want.
Thanks for the help @hgtonight and @Linc I've got a vacation now. After that I'll look in to your suggestions.