在自定义查询php中匹配用户密码
我想在我的定制php应用程序中使用我的WordPress用户表。现在的问题是,如果我试图根据在自定义查询php中匹配用户密码,php,mysql,wordpress,algorithm,Php,Mysql,Wordpress,Algorithm,我想在我的定制php应用程序中使用我的WordPress用户表。现在的问题是,如果我试图根据md5('password')检查密码-它不起作用。我该如何解决这个问题。我的问题是 if($stmt = $mysqli -> prepare(" SELECT user_login, display_name FROM wp_users WHERE user_login=? AND user_pass=? ")){ /* Bind parameters
md5('password')检查密码代码>-它不起作用。我该如何解决这个问题。我的问题是
if($stmt = $mysqli -> prepare("
SELECT user_login, display_name
FROM wp_users
WHERE user_login=? AND user_pass=?
")){
/* Bind parameters
s - string, b - boolean, i - int, etc */
$stmt -> bind_param("ss", $username, md5($password));
如何将密码与WordPress加密密码匹配?
更新Wp类
function wp_hash_password($password) {
global $wp_hasher;
if ( empty($wp_hasher) ) {
require_once('class-phpass.php');
// By default, use the portable hash from phpass
$wp_hasher = new PasswordHash(8, true);
}
return $wp_hasher->HashPassword( trim( $password ) );
}
if(isset($_POST['login']))
{
$username = clean($_POST['login']['username']);
$password = wp_hash_password($_POST['login']['password']);
echo $password;
exit();
/* Create a new mysqli object with database connection parameters */
$mysqli = mysqli_connect('localhost', 'root', '', 'C347278_wordpress2');
if(mysqli_connect_errno())
{
echo "Connection Failed: " . mysqli_connect_errno();
exit();
}
if($stmt = $mysqli -> prepare("
SELECT user_login, display_name
FROM wp_users
WHERE user_login=? AND user_pass=?
")){
/* Bind parameters
s - string, b - boolean, i - int, etc */
$stmt -> bind_param("ss", $username, $password);
/* Execute it */
$result = $stmt -> execute();
//Check whether the query was successful or not
if ($result === false) {
die("Query failed");
}
/* Bind results to variables that will be used within the fetch() loop. */
$stmt -> bind_result($login_id, $display_name);
/* Check the number of rows returned. */
if ($stmt->num_rows != 1) {
//Login failed
$_SESSION['error_message'] = 'wrong User name OR Password';
}
/* Iterate over the results of the query. */
while ($stmt->fetch())
{
//Login Successful
session_regenerate_id();
/* We can use $login_id, $firstname and $lastname cause we binded the result to those variables above. */
$_SESSION['SESS_MEMBER_ID'] = $login_id;
$_SESSION['SESS_DISP_NAME'] = $display_name;
//$_SESSION['SESS_LAST_NAME'] = $lastname;
session_write_close();
header('Location:http://'.$_SERVER['SERVER_NAME'].'/app/'.$to);
exit();
}//main if close
/* Close statement */
$stmt -> close();
}
/* Close connection */
$mysqli -> close();
}
您可以使用wordpress本机函数
$hash = wp_hash_password( $password );
像
参考:
wp\u hash\u password()
位于wp includes/pluggable.php中 像这样尝试CheckPassword()
:
if($stmt = $mysqli -> prepare("
SELECT ID, user_login, user_pass, display_name
FROM wp_users
WHERE user_login=?
")){
$stmt -> bind_param("s", $username);
/* Execute it */
$result = $stmt -> execute();
//Check whether the query was successful or not
if ($result === false) {
die("Query failed");
}
/* Bind results to variables that will be used within the fetch() loop. */
$stmt -> bind_result($id,$login_id,$hash, $display_name);
/* Check the number of rows returned. */
if ($stmt->num_rows != 1) {
//Login failed
$_SESSION['error_message'] = 'Wrong User name OR Password';
}
/* Iterate over the results of the query. */
while ($stmt->fetch())
{
$wp_hasher = new PasswordHash(8, TRUE);
$check = $wp_hasher->CheckPassword($password, $hash);
if($check){ echo "Password matched" }
在较新的版本中,WordPress不再使用md5():可能您正在寻找的函数:@jOpacic我正在尝试访问自定义php应用程序中的密码,而不是WP中的密码。但我没有WP类。我正在自定义php应用程序中尝试代码。明白我的意思吗?好吧,WP\u hash\u password()
位于WP includes/pluggable.php中。打开该文件并获取该函数。在自定义应用程序中使用相同的函数。希望有帮助!我导入了类并包含了wp\u hash\u password()
方法,但是对于相同的密码,我得到了不同的结果。
if($stmt = $mysqli -> prepare("
SELECT ID, user_login, user_pass, display_name
FROM wp_users
WHERE user_login=?
")){
$stmt -> bind_param("s", $username);
/* Execute it */
$result = $stmt -> execute();
//Check whether the query was successful or not
if ($result === false) {
die("Query failed");
}
/* Bind results to variables that will be used within the fetch() loop. */
$stmt -> bind_result($id,$login_id,$hash, $display_name);
/* Check the number of rows returned. */
if ($stmt->num_rows != 1) {
//Login failed
$_SESSION['error_message'] = 'Wrong User name OR Password';
}
/* Iterate over the results of the query. */
while ($stmt->fetch())
{
$wp_hasher = new PasswordHash(8, TRUE);
$check = $wp_hasher->CheckPassword($password, $hash);
if($check){ echo "Password matched" }