Wordpress用户密码数据为纯文本/将Wordpress用户密码导出到Django
[英]Wordpress User Password Data as Plaintext / Export Wordpress User Password to Django
问题描述
I have around 900 users in my wordpress, i am exporting these user data to my new platform that will be using Django. 
我的wordpress中有大约900个用户,我正在将这些用户数据导出到将使用Django的新平台中。
My question is, how can i export these user's password as plaintext? 我的问题是,如何将这些用户的密码导出为纯文本? if i cannot do it, i wanted to store it in "old_password" field in my new database, but i want to know how to "match" text with the old_password? 如果我做不到,我想将其存储在新数据库的“ old_password”字段中,但是我想知道如何将文本与old_password“匹配”? because my plan is that when the user login, i will try to find the user with the same email and the hashed password, but i don't know what type of hashing function Wordpress used and the equivalent of that function in Python Django. 因为我的计划是,当用户登录时,我将尝试查找具有相同电子邮件和哈希密码的用户,但我不知道Wordpress使用哪种类型的哈希函数以及Python Django中该函数的等效形式。
2 个解决方案
解决方案1
1 2017-04-12 08:38:54
Modern password controls are explicitly designed to make deterministic computation of the plain text impossible. 现代密码控件经过明确设计,以使得无法确定性地计算纯文本。 The only way, therefore, to determine it is by a "brute force" attack (try hashing all possible passwords until you find one that hashes correctly) or more sophisticated techniques like the use of rainbow tables , which reduce compute time but use a lot of storage. 因此,确定它的唯一方法是通过“蛮力”攻击(尝试对所有可能的密码进行哈希处理,直到找到正确的哈希值为止)或更复杂的技术(例如使用彩虹表) ,这会减少计算时间,但使用很多的存储。
There's some information about WordPress password security in this article , which might help you, and this article contains PHP code you might repurpose by translating it into Python. 本文提供了有关WordPress密码安全性的一些信息,可能会对您有所帮助,并且本文包含您可以通过将PHP代码转换为Python来重新利用的PHP代码。
It sounds, though, like the simplest way to proceed would be to validate the users' existing passwords against old_password on first login to the new site, then force them (by redirecting them to a specific page) to change their password, clearing the old_password field once this is done. 但是,听起来,最简单的方法是在首次登录新站点时针对old_password验证用户的现有密码,然后强制他们(通过将其重定向到特定页面)更改其密码,清除old_password一旦完成此字段。
解决方案2
0 已采纳 2017-05-07 07:02:04
Use this library, https://github.com/jmoswalt/wp-to-django-users 使用此库, https://github.com/jmoswalt/wp-to-django-users
Basically you add django the capability to re-hash the old wordpress password, so that your old wordpress user can now use their same & old password on the new django site 基本上,您添加了django的功能,以重新散列旧的wordpress密码,以便您的旧wordpress用户现在可以在新的django网站上使用相同的旧密码
Within your settings.py file for your django project, add the following: 在您的django项目的settings.py文件中,添加以下内容:
PASSWORD_HASHERS = (
'django.contrib.auth.hashers.PBKDF2PasswordHasher',
'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher',
'django.contrib.auth.hashers.BCryptSHA256PasswordHasher',
'django.contrib.auth.hashers.BCryptPasswordHasher',
'django.contrib.auth.hashers.SHA1PasswordHasher',
'django.contrib.auth.hashers.MD5PasswordHasher',
'django.contrib.auth.hashers.CryptPasswordHasher',
'hashers_passlib.phpass',
)
then re-hash the password, and you are done. 然后重新哈希密码,即可完成操作。
from django.contrib.auth.hashers import get_hasher
hasher = get_hasher('phpass')
user.password = hasher.from_orig(user.password)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.