Getting Started

Minimal Steps

Installation:

composer require mikemclin/laravel-wp-password

Add the service provider to config/app.php:

MikeMcLin\WpPassword\WpPasswordProvider::class

First Use Case: Use the facade to generate a WordPress-compatible hash:

use MikeMcLin\WpPassword\Facades\WpPassword;

$hash = WpPassword::make('plaintext_password');

Verify a Password:

$isValid = WpPassword::check('plaintext_password', $stored_hash);

Where to Look First

Facade API: MikeMcLin\WpPassword\Facades\WpPassword (for quick usage).
Service Container Binding: wp-password (for dependency injection).
Source Code: MikeMcLin\WpPassword\WpPassword (for custom logic).

Implementation Patterns

Core Workflows

Password Hashing in Registration/Profile Updates:

$user = User::create([
    'name' => 'John Doe',
    'password' => WpPassword::make(request('password')),
]);

Login Validation:

if (WpPassword::check($request->password, $user->password)) {
    // Authenticate user
}

Migrating Legacy WordPress Users:

$legacyUsers = User::where('password_type', 'wp')->get();
$legacyUsers->each(function ($user) {
    $user->password = WpPassword::make($user->plain_password);
    $user->save();
});

Integration Tips

Laravel Auth: Replace Hash::make() with WpPassword::make() in app/User.php:

use MikeMcLin\WpPassword\Facades\WpPassword;

public function setPasswordAttribute($password) {
    $this->attributes['password'] = WpPassword::make($password);
}

APIs with WordPress Backends: Use WpPassword::check() in API endpoints to validate passwords against WordPress hashes.

Testing: Mock the facade for unit tests:

$this->app->instance('wp-password', Mockery::mock('MikeMcLin\WpPassword\WpPassword'));

Gotchas and Tips

Pitfalls

Version Mismatch:
- The package supports Laravel 4–7 but may behave differently across versions. Test thoroughly if upgrading Laravel.
- Fix: Pin the package version in composer.json if stability is critical:
```
"mikemclin/laravel-wp-password": "2.0.1"
```
Plaintext Password Exposure:
- Avoid logging or exposing plaintext passwords. Always use WpPassword::make() before storage.
- Tip: Use Laravel’s Hash::needsRehash() equivalent for WordPress hashes:
```
if (WpPassword::needsRehash($hash)) { // Hypothetical; check docs for actual method
    $user->password = WpPassword::make($user->password);
    $user->save();
}
```
Performance:
- WordPress hashes are slower than Laravel’s default bcrypt. Cache hashes if regenerating frequently (e.g., during migrations).

Debugging

Invalid Hashes:
- If WpPassword::check() returns false unexpectedly, verify the hash format. WordPress hashes start with $P$ or $W$ .
- Debug: Compare hashes manually:
```
var_dump(substr($hash, 0, 3)); // Should output $P$ or $W$
```
Deprecation Warnings:
- Laravel 8+ may trigger warnings if the package isn’t updated. Use a wrapper or fork if needed.

Extension Points

Custom Hashing Logic:

Extend the MikeMcLin\WpPassword\WpPassword class to add pre/post-processing:

class CustomWpPassword extends WpPassword {
    public function make($password) {
        $hash = parent::make($password);
        return $this->customTransform($hash);
    }
}

Bind your class in a service provider:

$this->app->bind('wp-password', function () {
    return new CustomWpPassword();
});

Laravel Hashing Integration:

Override Laravel’s Hash facade to delegate to WpPassword:

Hash::extend('wp', function () {
    return new MikeMcLin\WpPassword\WpPassword();
});

Usage:
```
Hash::wp()->make('password');
```

Configuration:
- The package has no public config options, but you can override the underlying PasswordHash class (used by WordPress) by binding it in your service provider:
```
$this->app->bind('wp-password-hash', function () {
    return new CustomPasswordHash(); // Implement WordPressPasswordHash interface
});
```

Laravel Wp Password Laravel Package