Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
+2 votes
373 views
in Plugins by
edited by
I am currently working on WP Escape plugin to separeate running Q2A from WordPress. Everything is done so far just stuck on password area.

Can you please guide me to import password from WP to Q2A

Thanks..
Q2A version: 1.6

1 Answer

0 votes
by
selected by
 
Best answer
I'm pretty sure that Wordpress stores passwords securely, which means that the password itself can't be retrieved from the information in the database, only checked after it is entered.

This means you simply can't automate the transfer of passwords from WP's database to Q2A's.

The best that can be done in this sort of situation is to copy across the password information at the moment the user is logging in. You can check it against the WP database using WP's hashing scheme, and then if it matches, insert in into Q2A's database using Q2A's hashing scheme.

In practice this means intercepting requests to the login page (can be done via a process module) and doing the right thing. It also means the user can't delete their WP users table as long as some users aren't migrated across.
by
Thanks a lot for reply,

So this means if I am making q2a apart from wp than only way to retrieve the password by resting.

Just curious to know:
Isn't it possible to keep all q2a tables while integrating with wp just for records so if in future we want to make apart still we can use without any losse?
by
"WordPress use MD5 and Q2A Passsalt and SHA1" → Unfortunately you cannot convert from one to the other, as far as I know. You need an extra db table, see http://stackoverflow.com/questions/1381448/how-do-i-convert-password-hashing-from-md5-to-sha

If there are not too many users from the WP install, why not reset all their passwords and let each assign a new one? (this is not harakiri as long as we speak of <100 users) =)
by
@Kai,

Yes I thought the same, especially after Gideon's reply. However the problem is I am developing a plugin and so the volume of user is depending on the respective site.

So I think all user has to reset them password in anyway. So I can just add note using custom layer to display to the visitor to reset them password.

I don't think so I can do much than this..?
by
As I am lazy, I would do so. It is a one-time-thing for all users. Advantage: Users who do not set a new password are inactive obsolete users. That is also kind of sorting out :)
by
edited by
Yes you are right! Also no solution I could found for this so I think no alternative..
...