我有一个自定义应用程序,其中有数千名用户已经存储了密码。我想建立一个自我托管的wordpress站点来支持该应用程序,并使用该数据库中已经存在的用户名和加密密码。
有没有办法将Wordpress配置为不使用普通的用户列表,而是根据另一台服务器上的另一个数据库验证用户名和密码?
我们有一个开发团队,因此,如果有一种方法可以编写代码来连接到登录过程中,这是可以接受的。有没有人有过这样的经验,或者对去哪里找有什么建议?
替换WordPress密码验证
4 个回复
最合适的回答,由SO网友:brasofilo 整理而成
调查过滤器authenticate, 我们可以发现它被称为inside 功能wp_authenticate, 这是一个pluggable function.
这意味着它可以被我们自己制造的替代。
这是original function, 加上标记的入口点:
function wp_authenticate($username, $password) {
$username = sanitize_user($username);
$password = trim($password);
$user = apply_filters(\'authenticate\', null, $username, $password);
/* ENTRY POINT */
if ( $user == null ) {
// TODO what should the error message be? (Or would these even happen?)
// Only needed if all authentication handlers fail to return anything.
$user = new WP_Error(\'authentication_failed\', __(\'<strong>ERROR</strong>: Invalid username or incorrect password.\'));
}
$ignore_codes = array(\'empty_username\', \'empty_password\');
if (is_wp_error($user) && !in_array($user->get_error_code(), $ignore_codes) ) {
do_action(\'wp_login_failed\', $username);
}
return $user;
}
Thetest was done 创建
wp_authenticate a中的函数Must Use plugin. 在这个切入点上,我提出了以下内容:global $wpdb;
$table = $wpdb->prefix . \'my_users\';
$parent = $wpdb->get_row(
$wpdb->prepare(
"SELECT * FROM $table WHERE name=\'$username\'"
)
);
if( $username == $parent->name && $password == $parent->password )
$user = get_user_by( \'id\', $parent->id );
桌子
wp_my_users 是一个简单的测试表,密码甚至是纯文本
<小时>The matter 是如何构建$user 对象完全基于自定义表。或者如果可行或可取。。。
因为在这个测试中,用户的ID是相同的,所以我们正在回馈(get_user_by) 从用户自己的表中按WordPresswp_users, 但在自定义表中检查凭据wp_my_users.
<小时>Notes:
这个答案并不超出对函数的分析和黑客攻击wp_authenticate. 未考虑安全性、密码管理或wp_usermeta 桌子
作为参考,这是$user:
user | WP_User Object
(
[data] => stdClass Object
(
[ID] => 1
[user_login] => rod
[user_pass] => $P$BQ8qnb3iYPRzisxYHUKq5X/GCQqhoz1
[user_nicename] => rod
[user_email] => name@email.com
[user_url] =>
[user_registered] => 2012-09-21 14:39:01
[user_activation_key] =>
[user_status] => 0
[display_name] => rod
)
[ID] => 1
[caps] => Array
(
[administrator] => 1
)
[cap_key] => wp_capabilities
[roles] => Array
(
[0] => administrator
)
[allcaps] => Array
(
[switch_themes] => 1
[edit_themes] => 1
[activate_plugins] => 1
[edit_plugins] => 1
[edit_users] => 1
[edit_files] => 1
[manage_options] => 1
[moderate_comments] => 1
[manage_categories] => 1
[manage_links] => 1
[upload_files] => 1
[import] => 1
[unfiltered_html] => 1
[edit_posts] => 1
[edit_others_posts] => 1
[edit_published_posts] => 1
[publish_posts] => 1
[edit_pages] => 1
[read] => 1
[level_10] => 1
[level_9] => 1
[level_8] => 1
[level_7] => 1
[level_6] => 1
[level_5] => 1
[level_4] => 1
[level_3] => 1
[level_2] => 1
[level_1] => 1
[level_0] => 1
[edit_others_pages] => 1
[edit_published_pages] => 1
[publish_pages] => 1
[delete_pages] => 1
[delete_others_pages] => 1
[delete_published_pages] => 1
[delete_posts] => 1
[delete_others_posts] => 1
[delete_published_posts] => 1
[delete_private_posts] => 1
[edit_private_posts] => 1
[read_private_posts] => 1
[delete_private_pages] => 1
[edit_private_pages] => 1
[read_private_pages] => 1
[delete_users] => 1
[create_users] => 1
[unfiltered_upload] => 1
[edit_dashboard] => 1
[update_plugins] => 1
[delete_plugins] => 1
[install_plugins] => 1
[update_themes] => 1
[install_themes] => 1
[update_core] => 1
[list_users] => 1
[remove_users] => 1
[add_users] => 1
[promote_users] => 1
[edit_theme_options] => 1
[delete_themes] => 1
[export] => 1
[administrator] => 1
)
[filter] =>
)
SO网友:Roman
实际上,您可以通过登录用户自动绕过wordpress的登录机制(例如,在他们成功地从另一个网站传递凭据之后),使用此功能:wp\\u set\\u auth\\u cookie($user\\u id);
例如,您可以登录admin(id=1的用户)
wp_set_auth_cookie(1); //after this admin is logged in
SO网友:Oleg Butuzov
Simplest method
add_filter( \'authenticate\', \'my_auth\', 10, 3 );
function my_auth( $user, $username, $password ){
// your validation here.
return $user;
}
SO网友:grosshat
我认为这个插件External Database Authentication 适合您的需要。从那里,您可以启用已登录用户在登录时仅使用wp_set_auth_cookie 正如@Roman所说。
结束