在jQuery Mobile的使用Word preSS进行身份验证,PhoneGap的应用身份验证、Mobile、jQuery、Word
我已经建立了使用jQuery Mobile和PhoneGap的一个应用程序。 从Word preSS网站使用Ajax和一个Word preSS JSON插件的应用程序获取的内容。
I have built an app using jQuery mobile and PhoneGap. The app fetches content from a Wordpress website using ajax and a Wordpress json plugin.
现在我想扩展应用程序的功能,给用户posibility更新内容。
Now i wish to extend the functionality of the app to give users the posibility to update content.
为此,他们将不得不在口头preSS登录。
For this they would have to login in wordpress.
我打算它的工作事端是这样的:
I intend it to work somethin like this:
在用户名和放大器;密码从客户端发送到服务器使用Ajax 返回令牌返回到客户端从服务器 在客户端存储令牌(本地存储) 发送令牌,每个请求服务器,并验证它 服务器端。 Username & password sent from client to server with ajax Return token back to client from server Store token in client (local storage) Send that token with each requests to server and validate it serverside.编辑: 到目前为止,我得到这个创建令牌,并返回它:
So far I got this to create the token and return it:
add_action( 'wp_ajax_nopriv_ajaxlogin', 'ajax_login' );
add_action( 'wp_ajax_priv_ajaxlogin', 'ajax_login' );
function ajax_login(){
$info = array();
$info['user_login'] = $_POST['username'];
$info['user_password'] = $_POST['password'];
$info['remember'] = true;
$user = wp_signon( $info, false );
if ( is_wp_error($user) ){
echo json_encode(array('loggedin'=>false, 'message'=>__('Invalid username or password.')));
} else {
$expiration = $expire = time() + (14 * 24 * 60 * 60);
$pass_frag = substr($user->user_pass, 8, 4);
$key = wp_hash($user->user_login . $pass_frag . '|' . $expiration, $scheme);
$hash = hash_hmac('md5', $user->user_login . '|' . $expiration, $key);
$token = $user->user_login . '|' . $expiration . '|' . $hash;
echo json_encode(array('loggedin'=>true, 'token'=>$token, 'message'=>__('Login successful...')));
}
die();
}
这验证令牌:
And this to verify the token:
function token_auth($token){
list($username, $expiration, $hmac) = $token;
$expired = $expiration;
// Allow a grace period for POST and AJAX requests
if ( defined('DOING_AJAX') || 'POST' == $_SERVER['REQUEST_METHOD'] )
$expired += HOUR_IN_SECONDS;
// Quick check to see if an honest cookie has expired
if ( $expired < time() ) {
return false;
}
$user = get_user_by('login', $username);
if ( ! $user ) {
return false;
}
$pass_frag = substr($user->user_pass, 8, 4);
$key = wp_hash($username . $pass_frag . '|' . $expiration, $scheme);
$hash = hash_hmac('md5', $username . '|' . $expiration, $key);
if ( $hmac != $hash ) {
return false;
}
if ( $expiration < time() ) // AJAX/POST grace period set above
$GLOBALS['login_grace_period'] = 1;
return true;
wp_set_current_user( $user->ID );
}
和继承人的JS:
$('form#login').submit( function(e){
$('form#login p.status').show().text('Sending user info, please wait...');
$.ajax({
type: 'POST',
dataType: 'json',
url: 'http://example.com/wp-admin/admin-ajax.php',
username: $('form#login #username').val(),
password: $('form#login #password').val(),
data: {
'action': 'ajaxlogin',
'username': $('form#login #username').val(),
'password': $('form#login #password').val() },
success: function(data){
$('form#login p.status').text(data.message);
if (data.loggedin == true){
$.mobile.changePage( "/blog.html", { changeHash: false });
}
}
});
e.preventDefault();
});
工作仍然在进行中。
Still work in progress.
有没有一些方法来加密口令以防有人不使用HTTPS?
Is there some way to encrypt passwords incase someone is not using https?
推荐答案
您需要使用 wp_set_auth_cookie($用户自&GT; ID); 如果登录成功设置认证的cookie,将被所有后续请求。
You need to use wp_set_auth_cookie( $user->ID ); if login is successful to set the authentication cookies which will be used by all subsequent requests.
