我想从另一个站点自动登录到WP admin/dashboard,而不需要通过登录过程。我尝试了以下方法,但没有成功:
<?php
$username="admin";
$password="mypasw";
$url="http://example.com/";
$cookie="cookie.txt";
$postdata = "log=". $username ."&pwd=". $password ."&wp-submit=Log%20In&redirect_to=". $url ."wp-admin/&testcookie=1";
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url . "wp-login.php");
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt ($ch, CURLOPT_REFERER, $url . "wp-admin/");
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt ($ch, CURLOPT_POST, 1);
$result = curl_exec ($ch);
curl_close($ch);
echo $result;
exit;
?>
这有点像只显示我的仪表板页面,但我并没有真正登录,因为点击管理页面上的任何按钮只会重定向到相同的页面,这是网站页面。(
如果您可以访问您试图登录的网站的文件。您可以添加一个自动登录php脚本,并在此脚本中添加$_POST用户名和密码,例如:
if ($_POST) {
$errors = array();
$username = esc_sql($_REQUEST['username']);
$password = esc_sql($_REQUEST['password']);
$remember = esc_sql($_REQUEST['rememberme']);
$remember = ($remember) ? "true" : "false";
$login_data = array();
$login_data['user_login'] = $username;
$login_data['user_password'] = $password;
$login_data['remember'] = $remember;
$user_verify = wp_signon($login_data, true);
if (is_wp_error($user_verify)) {
$errors[] = 'Invalid username or password. Please try again!';
} else {
wp_set_auth_cookie($user_verify->ID);
wp_redirect(admin_url());
exit;
}
}
Wordpress codex参考:
- 登录功能:http://codex.wordpress.org/Function_Reference/wp_signon
- 设置管理员登录cookie http://codex.wordpress.org/Function_Reference/wp_set_auth_cookie
- 获取管理页面url: http://codex.wordpress.org/Function_Reference/admin_url
希望有帮助。
Edit: $wpdb->escape自Wordpress 3.6版起已弃用,请使用wpdb::prepare()或esc_sql()代替!我已经将代码更改为使用esc_sql()。
- esc_sql (): http://codex.wordpress.org/Function_Reference/esc_sql
试试这个完整的代码,它100%工作第一个网站:http://firstwebsite.com和第二网站:http://secondwebsite.com
现在,首先在您的第一个网站上创建一个链接,我们希望以登录用户的身份点击该链接以进入我们的第二个网站。所以,在你的第一个网站上,在你想要的地方创建一个链接,如下所述:
<?php global $current_user;
$second_website_url = 'http://secondwebsite.com'; // put your second website url
$user_email = $current_user->user_email;
$user_login = $current_user->user_login;
if($user_email != ''){
$email_encoded = rtrim(strtr(base64_encode($user_email), '+/', '-_'), '=');
$user_login_encoded = rtrim(strtr(base64_encode($user_login), '+/', '-_'), '=');
echo '<a href="'.$second_website_url.'/sso.php?
key='.$email_encoded.'&detail='.$user_login_encoded.'" target="_blank">Link to
second website</a>';
}?>
现在,打开我们的第二个网站,创建一个新的php文件,并将其命名为"sso.php"。将此文件放在根安装位置,然后复制粘贴下面提到的代码到该文件中:
<?php
require_once( 'wp-load.php' ); //put correct absolute path for this file
global $wpdb;
if(isset($_GET['key']) && !empty($_GET['key'])){
$email_decoded = base64_decode(strtr($_GET['key'], '-_', '+/'));
$username_decoded = base64_decode(strtr($_GET['detail'], '-_', '+/'));
$received_email = sanitize_text_field($email_decoded);
$received_username = sanitize_text_field($username_decoded);
if( email_exists( $received_email )) {
//get the user id for the user record exists for received email from database
$user_id = $wpdb->get_var($wpdb->prepare("SELECT * FROM ".$wpdb->users." WHERE user_email = %s", $received_email ) );
wp_set_auth_cookie( $user_id); //login the previously exist user
wp_redirect(site_url()); // put the url where you want to redirect user after logged in
}else {
//register those user whose mail id does not exists in database
if(username_exists( $received_username )){
//if username coming from first site exists in our database for any other user,
//then the email id will be set as username
$userdata = array(
'user_login' => $received_email,
'user_email' => $received_email,
'user_pass' => $received_username, // password will be username always
'first_name' => $received_username, // first name will be username
'role' => 'subscriber' //register the user with subscriber role only
);
}else {
$userdata = array(
'user_login' => $received_username,
'user_email' => $received_email,
'user_pass' => $received_username, // password will be username always
'first_name' => $received_username, // first name will be username
'role' => 'subscriber' //register the user with subscriber role only
);
}
$user_id = wp_insert_user( $userdata ) ; // adding user to the database
//On success
if ( ! is_wp_error( $user_id ) ) {
wp_set_auth_cookie( $user_id); //login that newly created user
wp_redirect(site_url()); // put the url where you want to redirect user after logged in
}else{
echo "There may be a mismatch of email/username with the existing record.
Check the users with your current email/username or try with any other account.";die;
}
}
die;
} ?>