kierzniak · February 26, 2019 19:29
diff --git a/functions.php b/functions.php
 <?php
 /**
 * Migrate passwords from old password hash algorithm to WordPress algorithm.
 * 
 * When your client has existing and working application with database of users
 * and you want to import them to your brand new WordPress application, you can
 * not import passwords because they are probably hashed using different algorithm.
 * 
 * Solution for that is to save old user passwords in meta column `_old_password`
 * and compare user typed password using old hashing algorithm with meta column
 * every time user want to log in to the application. If passwords match you can
 * save user typed password in WordPress using wp_set_password function and delete
 * old password.
 * 
 * Now user can login using old password but hashed using WordPress algorithm.
 *
 * @author    Motivast motivast.com
 * @copyright 2019 - present, Motivast
 *
 * @license   https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt GPL-2.0-or-later
 *
 * @link      https://gist.github.com/kierzniak/0009adafc9b11fb3d6ad3c0fa0c3666d
 */

 /**
  * Old password meta key
  *
  * @var string
  */
 define( MOTIVAST_OLD_PASSWORD_META_KEY, '_old_password' );

 /**
 * Compare user typed password with old imported password value and if it is
 * correct update current WordPress random user password.
 *
 * @param boolean $check    Status of comparing passwords
 * @param string  $password User typed password
 * @param string  $hash     User typed password hashed by WordPress
 * @param int     $user_id  Current user id
 *
 * @return boolean Status of comparing passwords
 */
 function motivast_maybe_migrate_password( $check, $password, $hash, $user_id ) {

    $password_old_hash = get_user_meta( $user_id, MOTIVAST_OLD_PASSWORD_META_KEY, true );
    $password_hashed_old_way = motivast_hash_password_in_old_way( $password );

    // If there is no old hashed password do not interfere in the process
    if( !$password_old_hash ) {
        return $check;
    }

    // Password from imported database match user typed password
    if( $password_old_hash === $password_hashed_old_way ) {

        // Update WordPress user password to match old user password
        wp_set_password( $password, $user_id );

        // Delete old user password to not compare password again
        delete_user_meta( $user_id, MOTIVAST_OLD_PASSWORD_META_KEY );

        return true;
    }

    return $check;
 }

 add_filter( 'check_password', 'motivast_maybe_migrate_password', 10, 4 );

 /**
 * Hash password in old way to compare passwords
 * 
 * IMPORTANT! Change this function to your needs. In my case I have to only
 * generate hash using mysql PASSWORD function. You would probably needs
 * something different.
 *
 * @param string $password User typed password
 *
 * @return string Hashed password
 */
 function motivast_hash_password_in_old_way( $password ) {
    global $wpdb;

    $password_sql    = "SELECT PASSWORD( %s ) AS password";
    $password_hashed = $wpdb->get_var( $wpdb->prepare($password_sql, $password) );

    return $password_hashed;
 }
	<?php
	/**
	* Migrate passwords from old password hash algorithm to WordPress algorithm.
	*
	* When your client has existing and working application with database of users
	* and you want to import them to your brand new WordPress application, you can
	* not import passwords because they are probably hashed using different algorithm.
	*
	* Solution for that is to save old user passwords in meta column `_old_password`
	* and compare user typed password using old hashing algorithm with meta column
	* every time user want to log in to the application. If passwords match you can
	* save user typed password in WordPress using wp_set_password function and delete
	* old password.
	*
	* Now user can login using old password but hashed using WordPress algorithm.
	*
	* @author Motivast motivast.com
	* @copyright 2019 - present, Motivast
	*
	* @license https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt GPL-2.0-or-later
	*
	* @link https://gist.github.com/kierzniak/0009adafc9b11fb3d6ad3c0fa0c3666d
	*/

	/**
	* Old password meta key
	*
	* @var string
	*/
	define( MOTIVAST_OLD_PASSWORD_META_KEY, '_old_password' );

	/**
	* Compare user typed password with old imported password value and if it is
	* correct update current WordPress random user password.
	*
	* @param boolean $check Status of comparing passwords
	* @param string $password User typed password
	* @param string $hash User typed password hashed by WordPress
	* @param int $user_id Current user id
	*
	* @return boolean Status of comparing passwords
	*/
	function motivast_maybe_migrate_password( $check, $password, $hash, $user_id ) {

	$password_old_hash = get_user_meta( $user_id, MOTIVAST_OLD_PASSWORD_META_KEY, true );
	$password_hashed_old_way = motivast_hash_password_in_old_way( $password );

	// If there is no old hashed password do not interfere in the process
	if( !$password_old_hash ) {
	return $check;
	}

	// Password from imported database match user typed password
	if( $password_old_hash === $password_hashed_old_way ) {

	// Update WordPress user password to match old user password
	wp_set_password( $password, $user_id );

	// Delete old user password to not compare password again
	delete_user_meta( $user_id, MOTIVAST_OLD_PASSWORD_META_KEY );

	return true;
	}

	return $check;
	}

	add_filter( 'check_password', 'motivast_maybe_migrate_password', 10, 4 );

	/**
	* Hash password in old way to compare passwords
	*
	* IMPORTANT! Change this function to your needs. In my case I have to only
	* generate hash using mysql PASSWORD function. You would probably needs
	* something different.
	*
	* @param string $password User typed password
	*
	* @return string Hashed password
	*/
	function motivast_hash_password_in_old_way( $password ) {
	global $wpdb;

	$password_sql = "SELECT PASSWORD( %s ) AS password";
	$password_hashed = $wpdb->get_var( $wpdb->prepare($password_sql, $password) );

	return $password_hashed;
	}