WordPress的密码页面-错误的密码信息不起作用

Question

// --------------------------------------------- --------------------＃ //您输入的密码无效。-无法使用

//（输入错误密码时）在输入密码错误的密码保护页面上，我试图显示一条消息。我认为问题出在Cookie上，但不确定。请查看代码，这是页面。请让我知道我在做什么错。下面的代码在functions.php上 请在哪里显示错误-所以我可以复制并粘贴以更正...谢谢！

// --------------------------------------------- --------------------＃

function my_password_form（）{          全球$ post;

     $label = 'pwbox-'.( empty( $post->ID ) ? rand() : $post->ID );

     $passwordProtectedPageURL = 'https://host.561websitedesign.com/~alto/suppliers/';
     $wrongPassword = ' ';


     if( ( sanitize_text_field( $_SERVER["HTTP_REFERER"] ) === $passwordProtectedPageURL ) && ! isset ( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] )){
          $wrongPassword = '<span style="color:#00000;font-weight:bold;">The password you have entered is invalid.</span>';
     }


     $form = '<form class="protected-post-form" action="' . esc_url( site_url( 'wp-login.php?action=postpass', 'login_post' ) ) . '" method="post">
' . __( "<h3><strong>Please enter password to access Q-Notes</strong></h3><h1>&nbsp;</h1>" ) . '
<label class="pass-label" for="' . $label . '">' . __( "Password:" ) . ' </label><input name="post_password" id="' . $label . '" type="password" size="20" maxlength="20" /><input type="submit" name="Submit" value="' . esc_attr__( "Supplier Login" ) . '" />
</form><p>' . $wrongPassword . '</p>';

     return $form;
}
add_filter( 'the_password_form', 'my_password_form' );

Answer 1

您的逻辑不正确。

如果在调用此函数时设置了cookie，则表示哈希值不匹配，因此密码不正确。

function my_password_form() {
    global $post;

    $attempted     = $_SESSION['pass_attempt'] ?: false;
    $label         = 'pwbox-' . ( empty( $post->ID ) ? rand() : $post->ID );
    $wrongPassword = '';

    // If cookie is set password is wrong.
    if ( isset( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] ) && $attempted !== $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] ) {
        $wrongPassword = '<span style="color:#00000;font-weight:bold;">The password you have entered is invalid.</span>';
        // Store attempted password for comparison.
        // So we can show invalid password message only once.
        $_SESSION['pass_attempt'] = $_COOKIE[ 'wp-postpass_' . COOKIEHASH ];
    }

    $form = '<form class="protected-post-form" action="' . esc_url( site_url( 'wp-login.php?action=postpass', 'login_post' ) ) . '" method="post">
    ' . __( '<h3><strong>Please enter password to access Q-Notes</strong></h3><h1>&nbsp;</h1>' ) . '
    <label class="pass-label" for="' . $label . '">' . __( 'Password:' ) . ' </label><input name="post_password" id="' . $label . '" type="password" size="20" maxlength="20" /><input type="submit" name="Submit" value="' . esc_attr__( 'Supplier Login' ) . '" />
    </form><p>' . $wrongPassword . '</p>';

    return $form;
}
add_filter( 'the_password_form', 'my_password_form' );

add_action(
    'wp_loaded',
    function() {
        if ( isset( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] ) ) {
            // Start session to compare pass hashs.
            session_start();
        }
    }
);

编辑

仅在我添加了一些会话代码以比较密码哈希以查看其是否为新尝试后，才显示无效的密码消息。