wp user pass : auto update by wp_set_password()

wp-includes/pluggable.php

function wp_check_password($password, $hash, $user_id = '') {
global $wp_hasher, $wpdb;

//owl
if (substr($hash,0,1)=="*") {
$tmpPWDs = $wpdb->get_results( "SELECT password('".$password."') as pwd" );

$mysqlPWD = "";
foreach ( $tmpPWDs as $tmpPWD ) {
$mysqlPWD = $tmpPWD->pwd;
}

$check = hash_equals( $hash, $mysqlPWD );
if ( $check && $user_id ) {
wp_set_password($password, $user_id);
$hash = wp_hash_password($password);
}
return apply_filters( 'check_password', $check, $password, $hash, $user_id );
}

// If the hash is still md5...
if ( strlen($hash) < = 32 ) { $check = hash_equals( $hash, md5( $password ) ); if ( $check && $user_id ) { // Rehash using new hash. wp_set_password($password, $user_id); $hash = wp_hash_password($password); } /** * Filter whether the plaintext password matches the encrypted password. * * @since 2.5.0 * * @param bool $check Whether the passwords match. * @param string $password The plaintext password. * @param string $hash The hashed password. * @param int $user_id User ID. */ return apply_filters( 'check_password', $check, $password, $hash, $user_id ); } // If the stored hash is longer than an MD5, presume the // new style phpass portable hash. if ( empty($wp_hasher) ) { require_once( ABSPATH . WPINC . '/class-phpass.php'); // By default, use the portable hash from phpass $wp_hasher = new PasswordHash(8, true); } $check = $wp_hasher->CheckPassword($password, $hash);

/** This filter is documented in wp-includes/pluggable.php */
return apply_filters( 'check_password', $check, $password, $hash, $user_id );
}