堆栈内存溢出
  繁体   English   中英

从另一个站点自动登录到 wordpress 仪表板

[英]automatic login to wordpress dashboard from another site

 原文  2013-05-29 06:51:15       php/ wordpress/ login/ automation

问题描述

我想从另一个站点自动登录到 WP admin/dashboard 而不通过登录过程..我尝试了以下但没有运气:

<?php

$username="admin";
$password="mypasw";
$url="http://example.com/";
$cookie="cookie.txt";

$postdata = "log=". $username ."&pwd=". $password ."&wp-submit=Log%20In&redirect_to=". $url ."wp-admin/&testcookie=1";
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url . "wp-login.php");
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt ($ch, CURLOPT_REFERER, $url . "wp-admin/");
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt ($ch, CURLOPT_POST, 1);
$result = curl_exec ($ch);
curl_close($ch);
echo $result;
exit;


?>

这有点像只向我显示仪表板页面,但我并没有真正登录,因为单击管理页面上的任何按钮只会重定向到与站点页面相同的页面.. :(

2 个解决方案

解决方案1
 14 已采纳  2013-05-29 10:15:01

如果您有权访问您尝试登录的网站的文件。 您可以添加一个自动登录 php 脚本并将用户名和密码 $_POST 添加到此脚本中,例如:

if ($_POST) {

    $errors = array();

    $username = esc_sql($_REQUEST['username']);
    $password = esc_sql($_REQUEST['password']);
    $remember = esc_sql($_REQUEST['rememberme']);
    $remember = ($remember) ? "true" : "false";

    $login_data = array();
    $login_data['user_login'] = $username;
    $login_data['user_password'] = $password;
    $login_data['remember'] = $remember;
    $user_verify = wp_signon($login_data, true);

    if (is_wp_error($user_verify)) {
        $errors[] = 'Invalid username or password. Please try again!';
    } else {
        wp_set_auth_cookie($user_verify->ID);
        wp_redirect(admin_url());
        exit;
    }

}

Wordpress 代码参考:

希望能帮助到你。

编辑: $wpdb->e​​scape 自 Wordpress 3.6 版起已弃用,请改用 wpdb::prepare() 或 esc_sql()! 我已将代码更改为使用 esc_sql()。

解决方案2
 0  2020-09-15 11:27:33

试试这个完整的代码它工作 100% 第一个网站: http : //firstwebsite.com和第二个网站: http : //secondwebsite.com

现在,首先在您的第一个网站上创建一个链接,我们希望以登录用户的身份单击该链接以转到我们的第二个网站。 因此,在您的第一个网站中,在您想要的位置创建一个链接,如下所述:

<?php   global $current_user;
$second_website_url = 'http://secondwebsite.com'; // put your second website url
$user_email = $current_user->user_email;
$user_login = $current_user->user_login;
if($user_email != ''){

$email_encoded = rtrim(strtr(base64_encode($user_email), '+/', '-_'), '='); 
$user_login_encoded = rtrim(strtr(base64_encode($user_login), '+/', '-_'), '='); 
echo '<a href="'.$second_website_url.'/sso.php? 
key='.$email_encoded.'&detail='.$user_login_encoded.'" target="_blank">Link to 
second website</a>';
}?>

现在,打开我们的第二个网站并创建一个新的 php 文件并将其命名为“sso.php”。 将此文件放在您的 root 安装中,只需将下面提到的代码复制粘贴到此文件中:

<?php

require_once( 'wp-load.php' ); //put correct absolute path for this file


global $wpdb;

if(isset($_GET['key']) && !empty($_GET['key'])){

$email_decoded = base64_decode(strtr($_GET['key'], '-_', '+/'));   
$username_decoded = base64_decode(strtr($_GET['detail'], '-_', '+/')); 

$received_email = sanitize_text_field($email_decoded);
$received_username = sanitize_text_field($username_decoded);


if( email_exists( $received_email )) {

        //get the user id for the user record exists for received email from database 
        $user_id = $wpdb->get_var($wpdb->prepare("SELECT * FROM ".$wpdb->users." WHERE user_email = %s", $received_email ) );

        wp_set_auth_cookie( $user_id); //login the previously exist user

        wp_redirect(site_url()); // put the url where you want to redirect user after logged in

}else {

        //register those user whose mail id does not exists in database 

        if(username_exists( $received_username )){

            //if username coming from first site exists in our database for any other user,
            //then the email id will be set as username
            $userdata = array(
            'user_login'  =>  $received_email,
            'user_email'  =>  $received_email, 
            'user_pass'   =>  $received_username,   // password will be username always
            'first_name'  =>  $received_username,  // first name will be username
            'role'        =>  'subscriber'     //register the user with subscriber role only
        );

        }else {

            $userdata = array(
            'user_login'  =>  $received_username,
            'user_email'  =>  $received_email, 
            'user_pass'   =>  $received_username,   // password will be username always
            'first_name'  =>  $received_username,  // first name will be username
            'role'        =>  'subscriber'     //register the user with subscriber role only
        );

        }


        $user_id = wp_insert_user( $userdata ) ; // adding user to the database

        //On success
        if ( ! is_wp_error( $user_id ) ) {
             
            wp_set_auth_cookie( $user_id); //login that newly created user
            wp_redirect(site_url()); // put the url where you want to redirect user after logged in

        }else{

            echo "There may be a mismatch of email/username with the existing record.
                  Check the users with your current email/username or try with any other account.";die;
        }


}

 die;

 } ?>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 从我的网站登录到wordpress网站 WordPress自动登录 从Wordpress仪表板中删除网站统计信息和Elementor小部件 PHP,Cookie,Wordpress-如何在一个站点上自动登录,在另一个站点上登录 WordPress网站损坏-无法访问仪表板 WordPress网站和仪表板404错误 从Wordpress页面登录Drupal网站 强制登录到Wordpress网站 从另一个WordPress网站提取帖子 显示来自另一个WordPress网站的帖子
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM