我的登录插件有问题
我的登录插件有问题
提问于 2019-10-19 05:44:26
我正在尝试用下面的代码创建我的测试登录插件,它没有给我任何错误,但不想工作。我是个初学者,谁能帮我找到正确的方向。谢谢
Email address:
Password:
Forgot Password?
get_col("SELECT email.users , pass.users FROM users WHERE email.users = $email && pass.users = $pass");
if($check->num_rows == 1){
header("Location: https://dhetcodesigns.000webhostapp.com/?page_id=5");
exit;
}else{
$errMessage = "Incorrect username/password";
}
}
?>回答 1
WordPress Development用户
发布于 2019-10-21 14:54:57
您有许多问题,必须加以纠正,以使其发挥作用。
- 短代码应该返回内容-而不是回显/打印到屏幕上。
- 在使用之前,应该对检索到的$_POST值进行净化。
- 不能在db中查询纯文本密码。密码是散列的。
- 不要在函数之外进行表单处理。为此设置一个函数,并将该函数挂钩到类似于
init的东西上。 - 您的“错误”消息
$errMessage是在您的短代码函数之外定义的,因此它的值在函数中不可用,除非声明为全局的。 - 不要用关闭PHP分隔符('?>')关闭文件。如果你在它之后得到了意料之外的空格,它可能会引起问题。
- 不要简单地检查是否设置了
$_POST['submit']。也检查它的价值。否则,您将运行对任何提交按钮的检查。
下面是针对上述每一项的代码:
/**
* Plugin Name: LD Login Form
* Plugin URI: https://testsite.co.za
* Description: Empire Investment Login Form
* Version: 1.0
* Author: Luthando
* Author URI: https://testsite.co.za
*/
// Hooks, etc.
add_action( 'init', 'luecustom_form_process' );
add_shortcode('luthandoLog', 'luecustom_form');
function luecustom_form( $atts, $content, $tag ) {
// Make sure you pick up the global $errMessage
global $errMessage;
// Don't echo/print your HTML in a shortcode.
// Instead put your HTML into $content to return at the end.
$content = '
Email address:
Password:
Forgot Password?
' . $errMessage . '
';
return $content;
}
function luecustom_form_process() {
/*
* You don't need $wpdb because you don't need to query the db directly
* You DO need to globalize $errMessage so it can be used in your shortcode.
* Do this before the "if" so that you have a defined variable
* regardless of whether post is submitted or not. Otherwise
* you may get an undefined variable notice in the shortcode result.
*/
global $errMessage;
$errMessage = "";
if(isset($_POST['submit']) && 'Login' == $_POST['submit'] ) {
// Sanitize email
$email = sanitize_email( $_POST['email'] );
// Don't sanitize password because it may contain characters that would be removed.
// It's going to be hashed for comparison anyway.
$pass = $_POST['pass'];
// Get the user by their email address
$user = get_user_by( 'email', $email );
// Check if the posted password is the same as the user's hashed password.
$validate_pass = wp_check_password( $pass, $user->user_pass );
// If the user validates (wp_check_password() returns true), then...
if( $validate_pass ){
header("Location: https://dhetcodesigns.000webhostapp.com/?page_id=5");
exit;
}else{
$errMessage = "Incorrect username/password";
}
}
}页面原文内容由WordPress Development提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://wordpress.stackexchange.com/questions/350830
复制相关文章
相似问题
腾讯云开发者
