Word Press

[supertrucker]

I have installed Wordpress on my server and was wondering if anybody could give me any advice. I would like to use the the same logons that wordpress uses for my website. In other words, I would like users to be able to create one account that they can use to access the wordpress portion of my web site, and the rest of my web site. Wordpress encrypts the passwords, and I don't even want to start taking apart the wordpress code to figure out what they do. If anybody has any advice, it would be greatly appreciated!Regards,Supertrucker

[supertrucker]

To answer my own question again, for others that are interested in this topic, WordPress uses a very simple password encyption process, utilizing the md5() function in php. Here's an example using the md5() function straight from php.net:

<?php$str = 'apple';if (md5($str) === '1f3870be274f6c49b3e31a0c6728957f') {   echo "Would you like a green or red apple?";   exit;}?>

I don't entirely understand the underlying purpose of the md5() function, but the above code is enough for somebody to make use of their WordPress user database in their applications. If anybody can give me a better explanation of what the md5() function is really for, I'd like to know!----------------------WordPress uses MySQL to store it's user data. The users are stored in a table called wp_users. Here are the column fields that are in the wp_users table:

1. user_login
2. user_pass
3. user_nicename
4. user_url
5. user_registered
6. user_activation_key
7. user_status
8. display_name

If you don't yet have WordPress installed on your server, you can get it from www.wordpress.com. Installation is a snap, and it's well worth it if you want a good blogging solution for your website. It's 100% free, and there are tons of free plug-ins available for it.I hope this helps somebody out!Regards,Supertrucker

[justsomeguy]

MD5 is a hash algorithm. Another hash is SHA-1. The purpose of a hash is to deterministically produce a string. Deterministic pretty much means non-random. The hash that is calculated for a given string should always be the same.An important characteristic of hashes is the fact that they are one-way. You can calculate the MD5 hash of the string "apple" to always be "1f3870be274f6c49b3e31a0c6728957f", but you can never reverse-engineer the hash to get back the string "apple". There is not an algorithm that maps the hash back to the source.Hashes are used a lot for programming certain things. There is a common data structure called a hash table that is used to store many values. For example, say you have a dictionary of words, and you want to create a data structure to hold all of them that makes it quick to jump to a specific word. You may set it up as a hash table. So, the hash table might have 26 entries, one for each letter. Each entry in the table would be another table, say another 26 entries. Each entry of that table would be a list of words. To put a word in the table, such as "apple", you would go into the entry for the first letter, so the "a" entry, and then the entry for the second letter, so the "p" entry, and store the word in that list. So the "a" entry holds all words that start with an "a", and the "p" entry inside of that holds all words that start with "ap". In this case, it's really easy to calculate the hash for the word, because it is just the first two characters.So, hashes are useful to generate a key or index for any given thing to fit into a certain size. With the example above, the hash size was 2 characters, so there are 26^2 possible hashes. All words, even though there are possibly an infinite number of words, will fit into one of those 2^26 possible hashes. An MD5 hash is 32 bytes, or 128 bits, so the total number of MD5 hashes possible is 2^128, which is a number that has 39 digits. The SHA-1 hash is 40 bytes, or 160 bits, which is a number with 49 digits. So, there are a lot of hashes possible. All possible files or strings will map to one of the hashes.Hashes are used in security because of their one-way nature. When you create a user account and ask the user for their password, you store the hash of that password in the database, not the password itself. To check the password, you take what the user typed in, calculate the hash, and check if the hash is the same as the one in the database. Since hashes are deterministic, the same word will always map to the same hash. And, since they are one-way, if someone gets access to the database they will not be able to see anyone's passwords, only the hashes. And they will not be able to calculate the password from the hash.And this concludes Hashes 101.