Wordpress密码页面-错误密码消息不起作用
Wordpress密码页面-错误密码消息不起作用
提问于 2019-05-21 02:06:17
// -----------------------------------------------------------------# //您输入的密码无效。-无效
//(当输入了错误的密码时)在受密码保护的页面上当您输入错误的密码时,我会尝试显示一条消息。我认为问题出在cookie上,但不确定。请看代码,这是页面。请告诉我我做错了什么。下面的代码是在functions.php上,请指出哪里有错误-这样我就可以复制和粘贴来更正...谢谢!
// -----------------------------------------------------------------#
函数my_password_form() {全局$post;
$label = 'pwbox-'.( empty( $post->ID ) ? rand() : $post->ID );
$passwordProtectedPageURL = 'https://host.561websitedesign.com/~alto/suppliers/';
$wrongPassword = ' ';
if( ( sanitize_text_field( $_SERVER["HTTP_REFERER"] ) === $passwordProtectedPageURL ) && ! isset ( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] )){
$wrongPassword = '<span style="color:#00000;font-weight:bold;">The password you have entered is invalid.</span>';
}
$form = '<form class="protected-post-form" action="' . esc_url( site_url( 'wp-login.php?action=postpass', 'login_post' ) ) . '" method="post">
' . __( "<h3><strong>Please enter password to access Q-Notes</strong></h3><h1> </h1>" ) . '
<label class="pass-label" for="' . $label . '">' . __( "Password:" ) . ' </label><input name="post_password" id="' . $label . '" type="password" size="20" maxlength="20" /><input type="submit" name="Submit" value="' . esc_attr__( "Supplier Login" ) . '" />
</form><p>' . $wrongPassword . '</p>';
return $form;
}
add_filter( 'the_password_form', 'my_password_form' );回答 1
Stack Overflow用户
回答已采纳
发布于 2019-05-21 06:55:33
你的逻辑不正确。
如果cookie是在调用此函数时设置的,这意味着散列不匹配,因此它是一个错误的密码。
function my_password_form() {
global $post;
$attempted = $_SESSION['pass_attempt'] ?: false;
$label = 'pwbox-' . ( empty( $post->ID ) ? rand() : $post->ID );
$wrongPassword = '';
// If cookie is set password is wrong.
if ( isset( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] ) && $attempted !== $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] ) {
$wrongPassword = '<span style="color:#00000;font-weight:bold;">The password you have entered is invalid.</span>';
// Store attempted password for comparison.
// So we can show invalid password message only once.
$_SESSION['pass_attempt'] = $_COOKIE[ 'wp-postpass_' . COOKIEHASH ];
}
$form = '<form class="protected-post-form" action="' . esc_url( site_url( 'wp-login.php?action=postpass', 'login_post' ) ) . '" method="post">
' . __( '<h3><strong>Please enter password to access Q-Notes</strong></h3><h1> </h1>' ) . '
<label class="pass-label" for="' . $label . '">' . __( 'Password:' ) . ' </label><input name="post_password" id="' . $label . '" type="password" size="20" maxlength="20" /><input type="submit" name="Submit" value="' . esc_attr__( 'Supplier Login' ) . '" />
</form><p>' . $wrongPassword . '</p>';
return $form;
}
add_filter( 'the_password_form', 'my_password_form' );
add_action(
'wp_loaded',
function() {
if ( isset( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] ) ) {
// Start session to compare pass hashs.
session_start();
}
}
);编辑
为了只显示一次无效密码消息,我添加了一些会话代码来比较密码散列,看看这是否是新的尝试。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/56226077
复制相关文章
相似问题