什么是那样的话preSS存储用户鉴权数据背后的细节? [英] What are the details behind the way Wordpress stores user authentication data?
问题描述
首先,让我定义的最终目标:
我想字preSS(2.8版本)来管理一个网站的验证数据/凭证和访问控制。字preSS将用于大部分的网站,但有些页面将话语preSS环境之外建立。这些网页应该能够使用存储字preSS数据库中的用户数据authenticaion作为参考,使有关访问自己的决定。
因此,问题:
如何,究竟是否在其数据库中的Word preSS存储用户认证数据?
这个答案的第一部分是容易的,话语preSS数据库里面,有一个保存主要用户数据的表。我相信,此表的默认名称为wp_users,但可以改变基础上,那样的话preSS的设置。该表格包含分别持有的用户名和密码数据,字段USER_LOGIN和user_pass
在USER_LOGIN是一个简单的纯文本字段,这样是很容易访问,但密码咸鱼和散列。这导致仍然需要确定的第一件事情:?什么是盐和哈希处理的Word preSS用途产生,它存储在user_pass字符串
这是保持开放的另一部分就是/字preSS如何存储它的角色。在我的安装中,这些角色默认为:管理员,编辑,作者,投稿者和用户。我没有看到的是这些角色如何与个人用户相关联。此外,可以将这些角色改变?
因此,要回顾一下,真正的问题是三个部分:
1)什么是具体的方法字preSS使用移调用户的明文密码存储在wp_users数据库表user_pass列中的字符串?
2)凡个人用户和他们各自的话语preSS角色之间的联系储存?
3)可以在Word preSS角色进行修改,以改变他们的名称和/或添加/删除它们?
注:我知道,另一种方法就是让非Word preSS页检字preSS cookie来确定访问。我要创造沿着这些线路的另一个问题,但这个问题的目的,重点是在非Word preSS页面如何利用实际的话语preSS对访问控制决策数据库。
- 字preSS使用便携式PHP的密码哈希框架。又见这个问题:什么类型的哈希确实字preSS使用?
- 默认情况下这个协会是在
wp_user_level项下wp_usermeta 表 - 不无插件(或不编辑Word中编辑preSS'code或数据库)
您可能想看看code为 BB preSS 因为它将共享Word preSS'用户数据库。
First off, let me define the end goal:
I'd like to Wordpress (version 2.8) to manage the authentication data/credentials and access control for a web site. Wordpress will be used for most of the site, but some pages will be built outside of the Wordpress environment. These pages should be able to use the user authenticaion data stored Wordpress database as a reference to make their own decisions about access.
So, the question:
How, exactly, does Wordpress store user authentication data in its database?
The first part of this answer is easy, inside the Wordpress database, there is a table that holds the primary user data. I believe the default name for this table is "wp_users" but that can change based on the way Wordpress is setup. This table contains the fields "user_login" and "user_pass" which hold the username and password data, respectively.
The "user_login" is simply a plain text field, so that is easy enough to access, but the password is salted and hashed. This leads to the first thing that still needs to be determined: what is the salting and hashing process Wordpress uses for generating the strings that it stores in "user_pass"?
The other portion that remains open is where/how Wordpress stores its "roles". In my install, these roles default to: Administrator, Editor, Author, Contributor and Subscriber. What I don't see is how these roles are associated with individual users. Also, can these role altered?
So, to recap, the real question is in three parts:
1) What is the specific method Wordpress uses to transpose users' plain-text passwords to the strings that are stored in the "user_pass" column of the "wp_users" database table?
2) Where are the links between individual users and their respective Wordpress "roles" stored?
3) Can "roles" in Wordpress be modified to change their names and/or add/remove them?
Note: I realize that another approach would be to have non-Wordpress pages check the Wordpress cookie to determine access. I'm going to create another question along those lines, but for purposes of this question the focus is on how non-Wordpress pages can utilize the actual Wordpress database for decisions on access control.
- Wordpress uses the Portable PHP password hashing framework. See also this question: What type of hash does wordpress use?
- By default this association is in the
wp_usermetatable under thewp_user_levelkey - Not without a plug-in (or without editing editing Wordpress' code or database)
You might want to look at the code for bbPress because it will share Wordpress' user database.
这篇关于什么是那样的话preSS存储用户鉴权数据背后的细节?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
