我正在尝试在我的Wordpress网站上创建用户特定的链接,它看起来像
<a href="http://example.com/dir/index.php?email=un@example.com&pass=foo!"> link </a>
当用户点击link自动登录http://example.com/dir/index.php (在Wordpress之外)时。
这是index.php或登录页面的样子:
<?php
session_start();
include_once 'dbconnect.php';
if(isset($_SESSION['user'])!="") {
header("Location: home.php");
}
if(isset($_POST['btn-login'])) {
$email = mysql_real_escape_string($_POST['email']);
$upass = mysql_real_escape_string($_POST['pass']);
$res=mysql_query("SELECT * FROM users WHERE email='$email'");
$row=mysql_fetch_array($res);
if($row['password']==md5($upass)) {
$_SESSION['user'] = $row['user_id'];
header("Location: home.php");
}
else {
?>
<script>alert('wrong details');</script>
<?php
}
}
答案 0 :(得分:1)
要做你正在尝试的事情,你可能想要做一个更复杂的过程,这可能是使用AJAX,cURL(我正在使用cURL库)和MySQLi。
<强>解释
您的推荐页面包含的按钮仅包含data字段中的用户名或唯一ID。当用户单击用户名按钮(从用户表中检索,在这种情况下 rasclatt )时,ajax将触发,查询本地数据库只是为了验证用户是否合法。如果好,将向您的第二个站点发送cURL查询。第二个站点将生成一个令牌(首先可以检查用户名是否有效),然后将其与用户名一起保存到数据库中。然后,它将发回新令牌,其中站点A将在ajax成功时跳转到站点B并填充令牌。最后(此处未说明),SiteB将获取令牌并搜索令牌表验证它是否有效(您可以发回用户名,因此必须有两个要匹配的部分)。如果有效,它将使用存储的用户名为SiteB创建用户会话。我有什么工作,但需要错误报告和所有这些。
无论如何,有很多方法可以做到这一点,但这可能是一种更简单的方法:
网站A - 客户端:login.php
<script type="text/javascript" src="http://code.jquery.com/jquery-1.9.1.js"></script>
<script type="text/javascript" src="http://code.jquery.com/ui/1.9.2/jquery-ui.js"></script>
<h2>User Name</h2>
<div class="remoteLogin" data-username="rasclatt">rasclatt<div>
<script>
jQuery(document).ready(function() {
jQuery(".remoteLogin").click(function(e) {
var username = jQuery(this).data('username');
jQuery.ajax({
type: 'POST',
url: 'verify.php',
data: { username: username },
success: function(response) {
var user = JSON.parse(response);
if(user.servertoken != undefined)
window.location.href = "http://www.SiteB.com/login.php?token="+user.servertoken;
},
error: function(err){
console.log(err);
}
});
});
});
</script>
网站A - 服务器端:verify.php
class cURL
{
public $response;
public $ch;
protected $sendHeader;
protected $PostFields;
private $query;
public function __construct($query = '')
{
$this->sendHeader = false;
$this->query = $query;
// Remote Connect
$this->initConnect();
if(!empty($this->query)) {
if(!is_array($this->query))
$this->response = $this->Connect($this->query);
else
$this->encode();
}
}
public function initConnect()
{
$this->ch = curl_init();
return $this;
}
public function SendPost($array = array())
{
$this->PostFields['payload'] = $array;
$this->PostFields['query'] = http_build_query($array);
return $this;
}
public function setAttr($attr = false,$val = false)
{
if(!empty($attr))
curl_setopt($this->ch, $attr, $val);
return $this;
}
public function Connect($_url,$deJSON = true)
{
curl_setopt($this->ch, CURLOPT_URL, $_url);
curl_setopt($this->ch, CURLOPT_RETURNTRANSFER, 1);
if(strpos($_url,"https://") !== false) {
curl_setopt($this->ch, CURLOPT_SSL_VERIFYPEER,2);
curl_setopt($this->ch, CURLOPT_SSL_VERIFYHOST,2);
}
if(!empty($this->PostFields['payload'])) {
curl_setopt($this->ch, CURLOPT_POST, count($this->PostFields['payload']));
curl_setopt($this->ch, CURLOPT_POSTFIELDS, $this->PostFields['query']);
}
if(!empty($this->sendHeader))
curl_setopt($this->ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11) AppleWebKit/601.1.56 (KHTML, like Gecko) Version/9.0 Safari/601.1.56');
$decode = curl_exec($this->ch);
$_response = ($deJSON)? json_decode($decode, true) : $decode;
$error = curl_error($this->ch);
curl_close($this->ch);
return (empty($error))? $_response: $error;
}
public function emulateBrowser()
{
$this->sendHeader = true;
return $this;
}
public function encode($_filter = 0)
{
foreach($this->query as $key => $value) {
$string[] = urlencode($key).'='.urlencode($value);
}
if($_filter == true)
$string = array_filter($string);
return implode("&",$string);
}
}
if(!empty($_POST['username'])) {
$mysqli = new mysqli('host', 'username', 'password', 'database');
$stmt = $mysqli->prepare("SELECT COUNT(*) as count from users where `username` = ?");
$stmt->bind_param("s",$_POST['username']);
$stmt->execute();
$result = $stmt->get_result();
$row = $result->fetch_assoc();
if($row['count'] == 1) {
$apikey = 'b5714832ac3444be183252c6ac260f87';
$cURL = new cURL();
$response = $cURL->connect("http://www.SiteB.com/api.php?apikey={$apikey}&username=".urlencode($_POST['username'])."&action=get_token",false);
echo $response;
}
exit;
}
网站B - 服务器端:api.php
if(!empty($_REQUEST['action']) && $_REQUEST['action'] == 'get_token') {
if(!empty($_REQUEST['apikey'])) {
if($_REQUEST['apikey'] != 'b5714832ac3444be183252c6ac260f87') {
echo json_encode(array("error"=>"key invalid"));
exit;
}
else {
$token = base64_encode(microtime().mt_rand().".".$_REQUEST['username']);
// write to database the $token
// write username to database in same row, different column
echo json_encode(array("servertoken"=>urlencode($token)));
exit;
}
}
}
对于这一切的一个注意事项,您需要确保用户能够使用Wordpress&#39;检查用户会话的版本。