[英]updating wordpress with pure php but user password need to be unchanged
我想將我的小網站更新為純 PHP。 但是,用戶將嘗試使用他們的舊密碼登錄。
但是,我不能再使用 wordpress 認證 function 了。 怎么樣,我能做到嗎?
如何驗證我的用戶? 我想,我需要弄清楚 wordpress 的散列和加鹽過程。 我在哪里可以找到?
WordPress 的默認散列機制是 MD5。 用戶數據存儲在 db 中的表wp_users中。
因此,您首先要考慮的是,如何存儲當前網站(非 WordPress)的密碼。 如您所知,PHP 具有內置的md5() function。
如果您以純文本格式存儲它(根本不推薦),那么您可以簡單地遍歷當前數據庫中的這些密碼並將它們插入wp_users表(在您的新 WordPress 站點中),將密碼傳遞給md5() function。
如果您以加密形式存儲它,即。 可以稍后解密(不推薦),然后您也可以遍歷密碼,解密它,然后像上面的方式插入到wp_users表中。
但是,如果您使用的是單向加密(哈希),並且它是 MD5,那么您可以立即將存儲在當前數據庫中的哈希密碼插入 WordPress 數據庫,它應該可以工作!
但如果不是MD5,那將是一項艱巨的任務。 在這種情況下,我建議在 WordPress db 中插入用戶數據,並在user_pass字段中插入臨時隨機密碼。 然后向用戶發送帶有鏈接的 email 以編程方式重置密碼。 ZFDE31686817FE502902586D51B35861Z具有內置的ZC1C1C1C1C425268E68385D1AB5074C174C174C174C174F14F174C174F14Z稱為Get_pass_pass_passet_key ()
我找到了我正在尋找的確切解決方案。 如果你遇到同樣的問題,我把它放在這里。
我只想用我的 wordpress 站點 hash 驗證我的密碼。 干得好!!
您想使用 Core PHP 來做到這一點,對吧? 這是給你的代碼:首先你需要添加一個類: -> 只需從wp-includes/class-phpass.php復制它 -> 不用擔心。 它寫在核心 PHP 中。
class PasswordHash {
var $itoa64;
var $iteration_count_log2;
var $portable_hashes;
var $random_state;
/**
* PHP5 constructor.
*/
function __construct( $iteration_count_log2, $portable_hashes )
{
$this->itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31)
$iteration_count_log2 = 8;
$this->iteration_count_log2 = $iteration_count_log2;
$this->portable_hashes = $portable_hashes;
$this->random_state = microtime() . uniqid(rand(), TRUE); // removed getmypid() for compatibility reasons
}
/**
* PHP4 constructor.
*/
public function PasswordHash( $iteration_count_log2, $portable_hashes ) {
self::__construct( $iteration_count_log2, $portable_hashes );
}
function get_random_bytes($count)
{
$output = '';
if ( @is_readable('/dev/urandom') &&
($fh = @fopen('/dev/urandom', 'rb'))) {
$output = fread($fh, $count);
fclose($fh);
}
if (strlen($output) < $count) {
$output = '';
for ($i = 0; $i < $count; $i += 16) {
$this->random_state =
md5(microtime() . $this->random_state);
$output .=
pack('H*', md5($this->random_state));
}
$output = substr($output, 0, $count);
}
return $output;
}
function encode64($input, $count)
{
$output = '';
$i = 0;
do {
$value = ord($input[$i++]);
$output .= $this->itoa64[$value & 0x3f];
if ($i < $count)
$value |= ord($input[$i]) << 8;
$output .= $this->itoa64[($value >> 6) & 0x3f];
if ($i++ >= $count)
break;
if ($i < $count)
$value |= ord($input[$i]) << 16;
$output .= $this->itoa64[($value >> 12) & 0x3f];
if ($i++ >= $count)
break;
$output .= $this->itoa64[($value >> 18) & 0x3f];
} while ($i < $count);
return $output;
}
function gensalt_private($input)
{
$output = '$P$';
$output .= $this->itoa64[min($this->iteration_count_log2 +
((PHP_VERSION >= '5') ? 5 : 3), 30)];
$output .= $this->encode64($input, 6);
return $output;
}
function crypt_private($password, $setting)
{
$output = '*0';
if (substr($setting, 0, 2) == $output)
$output = '*1';
$id = substr($setting, 0, 3);
# We use "$P$", phpBB3 uses "$H$" for the same thing
if ($id != '$P$' && $id != '$H$')
return $output;
$count_log2 = strpos($this->itoa64, $setting[3]);
if ($count_log2 < 7 || $count_log2 > 30)
return $output;
$count = 1 << $count_log2;
$salt = substr($setting, 4, 8);
if (strlen($salt) != 8)
return $output;
# We're kind of forced to use MD5 here since it's the only
# cryptographic primitive available in all versions of PHP
# currently in use. To implement our own low-level crypto
# in PHP would result in much worse performance and
# consequently in lower iteration counts and hashes that are
# quicker to crack (by non-PHP code).
if (PHP_VERSION >= '5') {
$hash = md5($salt . $password, TRUE);
do {
$hash = md5($hash . $password, TRUE);
} while (--$count);
} else {
$hash = pack('H*', md5($salt . $password));
do {
$hash = pack('H*', md5($hash . $password));
} while (--$count);
}
$output = substr($setting, 0, 12);
$output .= $this->encode64($hash, 16);
return $output;
}
function gensalt_extended($input)
{
$count_log2 = min($this->iteration_count_log2 + 8, 24);
# This should be odd to not reveal weak DES keys, and the
# maximum valid value is (2**24 - 1) which is odd anyway.
$count = (1 << $count_log2) - 1;
$output = '_';
$output .= $this->itoa64[$count & 0x3f];
$output .= $this->itoa64[($count >> 6) & 0x3f];
$output .= $this->itoa64[($count >> 12) & 0x3f];
$output .= $this->itoa64[($count >> 18) & 0x3f];
$output .= $this->encode64($input, 3);
return $output;
}
function gensalt_blowfish($input)
{
# This one needs to use a different order of characters and a
# different encoding scheme from the one in encode64() above.
# We care because the last character in our encoded string will
# only represent 2 bits. While two known implementations of
# bcrypt will happily accept and correct a salt string which
# has the 4 unused bits set to non-zero, we do not want to take
# chances and we also do not want to waste an additional byte
# of entropy.
$itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
$output = '$2a$';
$output .= chr(ord('0') + $this->iteration_count_log2 / 10);
$output .= chr(ord('0') + $this->iteration_count_log2 % 10);
$output .= '$';
$i = 0;
do {
$c1 = ord($input[$i++]);
$output .= $itoa64[$c1 >> 2];
$c1 = ($c1 & 0x03) << 4;
if ($i >= 16) {
$output .= $itoa64[$c1];
break;
}
$c2 = ord($input[$i++]);
$c1 |= $c2 >> 4;
$output .= $itoa64[$c1];
$c1 = ($c2 & 0x0f) << 2;
$c2 = ord($input[$i++]);
$c1 |= $c2 >> 6;
$output .= $itoa64[$c1];
$output .= $itoa64[$c2 & 0x3f];
} while (1);
return $output;
}
function HashPassword($password)
{
if ( strlen( $password ) > 4096 ) {
return '*';
}
$random = '';
if (CRYPT_BLOWFISH == 1 && !$this->portable_hashes) {
$random = $this->get_random_bytes(16);
$hash =
crypt($password, $this->gensalt_blowfish($random));
if (strlen($hash) == 60)
return $hash;
}
if (CRYPT_EXT_DES == 1 && !$this->portable_hashes) {
if (strlen($random) < 3)
$random = $this->get_random_bytes(3);
$hash =
crypt($password, $this->gensalt_extended($random));
if (strlen($hash) == 20)
return $hash;
}
if (strlen($random) < 6)
$random = $this->get_random_bytes(6);
$hash =
$this->crypt_private($password,
$this->gensalt_private($random));
if (strlen($hash) == 34)
return $hash;
# Returning '*' on error is safe here, but would _not_ be safe
# in a crypt(3)-like function used _both_ for generating new
# hashes and for validating passwords against existing hashes.
return '*';
}
function CheckPassword($password, $stored_hash)
{
if ( strlen( $password ) > 4096 ) {
return false;
}
$hash = $this->crypt_private($password, $stored_hash);
if ($hash[0] == '*')
$hash = crypt($password, $stored_hash);
return $hash === $stored_hash;
}
}
你快完成了。
$password = 'binary1001';//password you want to verify
$hasher = new PasswordHash(8, TRUE);
$passnya = '$P$BFG8I1k171qgRKqZvj0K3tn3bBSrsW/';//hash of that password from wp db
// compare plain password with hashed password
if ($hasher->CheckPassword( $password, $passnya )){
echo "MATCHED";
} else {
echo "NO MATCHED";
}
我在這里反復試驗。 現在,是時候進入正題了。 快樂編碼!!!
需要以編程方式為用戶請求Wordpress中的忘記密碼
[英]Need to request forget password in Wordpress for a user programatically
PHP:Wordpress update_user_meta無法正確更新數組
[英]PHP: Wordpress update_user_meta not updating array correctly
WordPress的密碼如何比較用戶密碼和WordPress的用戶表密碼?
[英]Wordpress password how to compare user password to wordpress user table password?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.