So I am making a basic browser game that I will be embedding on my website, I’d like to use the wordpress user database for the game user database so I can display game stats and so that users don’t have to create 2 user accounts. Before you say that it is insecure to use mysql I’m sending the log in data to the server and the server will be preforming the query after it sanitizes it then the server tells the client if it was successful or not, the user won’t be dealing with any of the database directly. Anyway… I face the problem that the wordpress database encrypts the user passwords and I don’t know what it is using, I was wondering if there was a plugin for wordpress (I don’t mean the one to upload a unity file) or if there was a way for the game to tell if you are logged in on the wordpress site. Any help would be greatly appreciated.
As opposed to trying to decrypt or accept the password from the user, it would probably be best to just pass the information about login state between wordpress and your unity application. I have not done this myself, but I can think of 3 possible solutions.
If you are hosting directly on WordPress.com you can leverage their OAuth servers, which is the closest approximation to what you want to do. It’s a lot of work, and I don’t think it’s the best way to do it unless there’s additional data about the user’s wordpress account that you want to manipulate. However, it’s an options.
You will need to sign up for an application id and secret, then use an oauth client library in your application.
Essentially they are storing a custom cookie when the user logs in, which their external application can query to check the login state. If you are using your own cookie and not using the one created automatically by wordpress, make sure you also invalidate it when the user logs out of Wordpress.
Using Browser Interop
By modifying the Wordpress page that you are using to embed the web-player you can add addiitonal markup to notify your application via SendMessage whether or not the user is logged in, as well as notify them instantly of login changes.
I am leaving this answer open for commenting in case someone more familiar with the Wordpress API has more information about these techniques.