在jQuery Mobile的使用Word preSS进行身份验证,PhoneGap的应用 [英] Using wordpress for authentication in jQuery Mobile, PhoneGap app
问题描述
我已经建立了使用jQuery Mobile和PhoneGap的一个应用程序。 从Word preSS网站使用Ajax和一个Word preSS JSON插件的应用程序获取的内容。
I have built an app using jQuery mobile and PhoneGap. The app fetches content from a Wordpress website using ajax and a Wordpress json plugin.
现在我想扩展应用程序的功能,给用户posibility更新内容。
Now i wish to extend the functionality of the app to give users the posibility to update content.
为此,他们将不得不在口头preSS登录。
For this they would have to login in wordpress.
我打算它的工作事端是这样的:
I intend it to work somethin like this:
- 在用户名和放大器;密码从客户端发送到服务器使用Ajax
- 返回令牌返回到客户端从服务器
- 在客户端存储令牌(本地存储)
- 发送令牌,每个请求服务器,并验证它 服务器端。
- Username & password sent from client to server with ajax
- Return token back to client from server
- Store token in client (local storage)
- Send that token with each requests to server and validate it serverside.
编辑: 到目前为止,我得到这个创建令牌,并返回它:
So far I got this to create the token and return it:
add_action( 'wp_ajax_nopriv_ajaxlogin', 'ajax_login' );
add_action( 'wp_ajax_priv_ajaxlogin', 'ajax_login' );
function ajax_login(){
$info = array();
$info['user_login'] = $_POST['username'];
$info['user_password'] = $_POST['password'];
$info['remember'] = true;
$user = wp_signon( $info, false );
if ( is_wp_error($user) ){
echo json_encode(array('loggedin'=>false, 'message'=>__('Invalid username or password.')));
} else {
$expiration = $expire = time() + (14 * 24 * 60 * 60);
$pass_frag = substr($user->user_pass, 8, 4);
$key = wp_hash($user->user_login . $pass_frag . '|' . $expiration, $scheme);
$hash = hash_hmac('md5', $user->user_login . '|' . $expiration, $key);
$token = $user->user_login . '|' . $expiration . '|' . $hash;
echo json_encode(array('loggedin'=>true, 'token'=>$token, 'message'=>__('Login successful...')));
}
die();
}
这验证令牌:
And this to verify the token:
function token_auth($token){
list($username, $expiration, $hmac) = $token;
$expired = $expiration;
// Allow a grace period for POST and AJAX requests
if ( defined('DOING_AJAX') || 'POST' == $_SERVER['REQUEST_METHOD'] )
$expired += HOUR_IN_SECONDS;
// Quick check to see if an honest cookie has expired
if ( $expired < time() ) {
return false;
}
$user = get_user_by('login', $username);
if ( ! $user ) {
return false;
}
$pass_frag = substr($user->user_pass, 8, 4);
$key = wp_hash($username . $pass_frag . '|' . $expiration, $scheme);
$hash = hash_hmac('md5', $username . '|' . $expiration, $key);
if ( $hmac != $hash ) {
return false;
}
if ( $expiration < time() ) // AJAX/POST grace period set above
$GLOBALS['login_grace_period'] = 1;
return true;
wp_set_current_user( $user->ID );
}
和继承人的JS:
$('form#login').submit( function(e){
$('form#login p.status').show().text('Sending user info, please wait...');
$.ajax({
type: 'POST',
dataType: 'json',
url: 'http://example.com/wp-admin/admin-ajax.php',
username: $('form#login #username').val(),
password: $('form#login #password').val(),
data: {
'action': 'ajaxlogin',
'username': $('form#login #username').val(),
'password': $('form#login #password').val() },
success: function(data){
$('form#login p.status').text(data.message);
if (data.loggedin == true){
$.mobile.changePage( "/blog.html", { changeHash: false });
}
}
});
e.preventDefault();
});
工作仍然在进行中。
Still work in progress.
有没有一些方法来加密口令以防有人不使用HTTPS?
Is there some way to encrypt passwords incase someone is not using https?
推荐答案
您需要使用 wp_set_auth_cookie($用户自&GT; ID);
如果登录成功设置认证的cookie,将被所有后续请求。
You need to use wp_set_auth_cookie( $user->ID );
if login is successful to set the authentication cookies which will be used by all subsequent requests.
这篇关于在jQuery Mobile的使用Word preSS进行身份验证,PhoneGap的应用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!