id summary reporter owner description type status priority milestone component version severity resolution keywords cc focuses 17830 [patch] The extension mechanisms related to hashing and storing passwords could be improved monperrus "Hi, I've just written a plugin which allows storing passwords in a way that is compatible with HTTP digest (see http://www.monperrus.net/martin/wp-http-digest). The advantages of this approach is that it enables me to build services using HTTP digest authentication on top of standard wordpress accounts. The hash of HTTP digest passwords is md5(username:realm:password). Since it requires the username, overriding wp_hash_password($password) is not enough. Eventually, I had to override: - wp_check_password to concatenate username:realm:password - wp_set_password to correctly update the password - wp_new_user_notification to intercept newly created passwords - add_action('profile_update', 'action_profile_update' ); to intercept updated passwords. The last two changes are somehow hacks, if wp_insert_user and wp_update_user would use wp_set_password instead of wp_hash_password directly, I would only have to override wp_check_password and wp_set_password, and it would be fine. Thus, I suggest to add a call to wp_set_password in wp_insert_user. Regards, --Martin " enhancement closed normal General normal invalid