<?php //Get API POST Action$action = '';if(isset($_POST['action'])){

1. <?php
2.  
3. //Get API POST Action
4. $action = '';
5. if(isset($_POST['action']))
6. {
7.         $action = $_POST['action'];
8. }
9. //Execute Action
10. switch ($action)
11. {
12.         case 'auth':
13.                 auth();
14.         break;
15.         }
16.  
17. /*
18. We need to include the config file
19. to make use of the database.
20. */
21. include_once("../wp-config.php");
22.  
23. /*
24. We need to include the PasswordHass class
25. to make use of the methods and to check
26. if the passwords are matching.
27. */
28.  
29. include_once("../wp-includes/class-phpass.php");
30.  
31. function auth()
32. {
33.  
34.      //Check Required Vars
35.         if(!isset($_POST['username']) || !isset($_POST['password']))
36.         {
37.                 return 0;
38.         }
39.  
40.  
41.     $username = mysql_escape_string($_POST['username']);
42.     $password = mysql_escape_string($_POST['password']);
43.  
44.     $query = mysql_query("SELECT * FROM ".$table_prefix."users
45.                              WHERE user_login = '$username'");
46.     $row = mysql_fetch_array($query);
47.  
48.     $wp_hasher = new PasswordHash(8, TRUE);
49.  
50.     $password_hashed = $row['user_pass'];
51.  
52.         /*
53.         Check if the password matches
54.         - Check if md5 matches
55.         - or Check if PasswordHash class matches
56.         */
57.  
58.     if($wp_hasher->CheckPassword($password, $password_hashed)
59.            || $password_hashed == md5($password)) {
60.         $_SESSION["logged_in"] = true;
61.         echo 'you logged in succesfull';
62.     }
63.     else {
64.         }
65. }
66.     ?>