I'm working on someone's WP site and one of the bugs they have is that as long as the user is registered and exists in the wp_users table they can log in to the site without entering a password or even if they enter an incorrect password.
I have looked at pluggable.php, user.php, function.php and even wp-login.php and I can't see that anything was changed in any of those files.
wp_check_password() looks fine and how it's supposed to be, so does wp_authenticate_username_password(). So far anywhere I look that does a user authentication it appears to be looking at the password to make sure it's not empty and that it matches what's in the database.
So now I'm completely stumped as to why it's just letting anyone with a valid user account log in with either no password or a bad password. Anyone can help shed some light on this I would be very grateful.
Thanks!
Aucun commentaire:
Enregistrer un commentaire