WP 登录方法具体步骤
从wp-login.php中wp_signon 调用登录方法
wp-includes/user.php
中wp_signon 调用wp_set_auth_cookie设置用户cookie
wp-includes/pluggable.php
中wp_set_auth_cookie
调用wp_generate_auth_cookie->wp_hash来给cookie撒盐加密
wp_hash($data,$scheme=’auth’)
后台的$scheme为auth 前台为logged_in
后 台加密后字符串为|R|H.>6nd90=_oOOkK+24_Rw]%~Jgy4,U<}_M19t& e2cvUsS7SF9zRw8z,xNOvCs6/RjS?o!3]r`u6Q/4{mk{h*,Uf V2Im=p8vMLx-:“?}qBZv<~Scq#%2Gq3C)*r2
前台为 4>UNF;2|$j2BieVSYsI|L!PC=OJM$e|0qfiPrXEa)0Ly6bT~/6z{wl@;8b1,<Jd97TKi|hkFB)Za[`(_iC@:DY|I;$6QJn3+`UP0d)%zFFXjd1&{kbK=[26}TjO(+pFI
前台登录文件 加入此方法即可:
public function wplogin($username,$pass_frag) {//用户名和密码。
$time = time()+100000;
$pass_frag = substr($pass_frag,8,4);
$keystr = $username.$pass_frag.’|’.$time;
$key = hash_hmac('md5',$keystr,'4>UNF;2|$j2BieVSYsI|L!PC=OJM$e|0qfiPrXEa)0Ly6bT~/6}TjO(+pFI');//自己查看文件中哦的加密字符串。 $hash = hash_hmac('md5',$username.'|'.$time,$key); $cookie = $username.'|'.$time.'|'.$hash;$keyAdmin = hash_hmac('md5',$keystr,'|R|H.>6nd90=_oOOkK+24_Rw]%~Jgy4,U<}_M19t&e2cvUsS7SF9zRw8`?}qBZv<~Scq#%2Gq3C)*r2'); $hashAdmin = hash_hmac('md5',$username.'|'.$time,$keyAdmin); $cookieAdmin = $username.'|'.$time.'|'.$hashAdmin;setcookie('wordpress_logged_in_7e2199cac7f85b01a2e5f4f5ef9d6d93f',$cookie,time()+86400,'/',".shanmao.me",0);//前台cookie setcookie('wordpress_7e2199cac7f85b01a2e5f4f5ef9d6d93f',$cookieAdmin,time()+86400,'/wp-admin',".shanmao.me",0);//后台cookiesetcookie('wordpress_7e2199cac7f85b01a2e5f4f5ef9d6d93f',$cookieAdmin,time()+86400,'/wp-content/plugins',".shanmao.me",0); }
还需要更改(统一后台cookie名称,写死掉。):include文件夹下的default-constants.php
修改:
define(‘AUTH_COOKIE’, ‘wordpress_’ . COOKIEHASH);
define(‘LOGGED_IN_COOKIE’, ‘wordpress_logged_in_’ . COOKIEHASH);
为:
define(‘AUTH_COOKIE’, ‘wordpress_7e2199cac7f85b01a2e5f4f5ef9d6d93f’);
define(‘LOGGED_IN_COOKIE’, ‘wordpress_logged_in_7e2199cac7f85b01a2e5f4f5ef9d6d93f’);