我制作了一个用于登录的Wordpress页面模板,并使用API验证了一些外部登录。这是我正在使用的代码。
<?php
/*
Template Name: Login
*/
if(isset($_POST['username']) && !empty($_POST['username'])){
global $wpdb;
//We shall SQL escape all inputs
$username = $wpdb->escape($_REQUEST['username']);
$password = $wpdb->escape($_REQUEST['password']);
$remember = $wpdb->escape($_REQUEST['rememberme']);
if($remember) $remember = "true";
else $remember = "false";
$login_data = array();
$login_data['user_login'] = $username;
$login_data['user_password'] = $password;
$login_data['remember'] = $remember;
$user_verify = wp_signon($login_data, false);
if(is_wp_error($user_verify)){
$token = '';
$url = "URL";
$cookie = "h8gkh8.txt";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_COOKIEJAR, '/tmp/' . $cookie);
curl_setopt($ch, CURLOPT_COOKIEFILE, '/tmp/' . $cookie);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
if (curl_errno($ch))
die(curl_error($ch));
$doc = new DOMDocument();
$doc->loadHTML($response);
$el = $doc->getElementsByTagName("input");
for ($i = 0; $i < $el->length; $i++) {
$attr = $el->item($i)->getAttribute('name');
if ($attr == '_csrfhash') {
$token = $el->item($i)->getAttribute('value');
}
}
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 0);
curl_setopt($ch, CURLOPT_POST, 1);
$params = array(
'scemail' => $username,
'scpassword' => $password,
'_csrfhash' => $token
);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($params));
$r = curl_exec($ch);
if (curl_errno($ch)){
print curl_error($ch);
}else{
$login_data = array();
$login_data['user_login'] = "Custom username";
$login_data['user_password'] = "Custom password";
$login_data['remember'] = $remember;
$user_verify = wp_signon( $login_data, false );
echo "<script type='text/javascript'>window.location='". home_url() ."'</script>";
exit();
}
curl_close($ch);
header("Location: " . home_url() . "/login/error/");
//Note, I have created a page called "Error" that is a child of the login page to handle errors. This can be anything, but it seemed a good way to me to handle errors.*/
}else{
echo "<script type='text/javascript'>window.location='". home_url() ."'</script>";
exit();
}
}
else{
// No login details entered - you should probably add some more user feedback here, but this does the bare minimum
echo "Invalid login details";
};
?>
<form id="login" name="form" action="<?php echo home_url(); ?>/login/" method="post">
<input id="username" type="text" placeholder="Username" name="username">
<input id="password" type="password" placeholder="Password" name="password">
<input id="submit" type="submit" name="submit" value="Submit">
</form>
我的问题是PHP代码部分在我点击Submit按钮之前运行,你能帮我解决一下吗?
由于
PS:如果您在我的代码中看到任何其他错误,请随时报告它们!
答案 0 :(得分:0)
您的代码工作正常。只需删除其他部分
即可<<答案 1 :(得分:0)
如果/ else语句你必须调整你。您正在检查$_POST['username']是否已设置且不为空。如果其中一个不正确,则生成消息无效登录详细信息。
如果用户访问该网站,则无法设置$_POST['username']。您可以使用elseif语句来捕获这种情况,如:
if(isset($_POST['username']) && !empty($_POST['username'])){
/* your code */
} elseif(isset($_POST['username']) && empty($_POST['username'])) {
echo "Invalid login details";
}
此外,还会检查$_POST['username']是否设置为,是否为空。如果是,则显示消息。