First of all, let me define the ultimate goal:
I would like to use Wordpress (version 2.8) to manage authentication data / credentials and access control for a website. Wordpress will be used for most of the site, but some pages will be created outside of the Wordpress environment. These pages should be able to use the user authentication data stored in the Wordpress database as a link to make their own access decisions.
So the question is:
How exactly does Wordpress store user authentication data in its database?
The first part of this answer is simple, there is a table inside the Wordpress database containing the main user data. I believe the default name for this table is "wp_users", but this may change depending on how Wordpress is installed. This table contains the fields "user_login" and "user_pass", which contain the username and password data, respectively.
"user_login" is just a text field, so access to it is quite simple, but the password is salty and hashed. This leads to the first thing that still needs to be determined: what is the salting and hashing process used by Wordpress to generate the lines that it stores in user_pass?
, , - / Wordpress "". : Administrator, Editor, Author, Contributor Subscriber. , . , ?
, , :
1) Wordpress , "user_pass" "wp_users"?
2) "" Wordpress?
3) "" Wordpress, / / ?
. , , , Wordpress, cookie Wordpress . , , Wordpress Wordpress .