javascript - 需要密码/密码短语才能使用 Wordpress 查看类别内容

Question

我正在尝试设置一些内容，当用户单击导航栏中的类别链接时，它会要求他们输入密码/密码短语才能查看该类别帖子。我已经做了很多挖掘，但似乎找不到解决方案。有人能指出我正确的方向吗？我想我可以通过一些脚本工作来解决这个问题，但我什至找不到让我开始的东西。帮忙？

Answer 1

我认为这不需要插件。在这种情况下，我会写一些类似的内容。

此脚本假设用户正在向此页面发出 http POST 请求，可能是通过在网站上的某个位置提交表单来实现的。

如果您对其中任何内容感到陌生，请随时询问，我很乐意澄清:)

<?php
//Create new database connection
$idForPassword = 5;
$mysqli = new mysqli("localhost", "DBusername", "DBpassword", "DBName");

//Create new prepared statement
$stmt = $mysqli->prepare("SELECT password FROM sometable WHERE id = ?");
$stmt->bind_param("i", $idForPassword);

// execute query
$stmt->execute();

// bind result variables
$stmt->bind_result($result);

$stmt->fetch();

// Hash the password so we aren't storing a password as plain text in the database
// ideally you also add a salt to your password but since this is just an example
// I'll leave that part out
$password = md5($_POST['password']);

if($password == $result)
{
    //allow user access
}
else
{
    //deny user access
}

编辑:有关 Salting and Hasing passwords 的更多信息。我建议您一有机会就阅读它，因为如果您计划将密码存储在数据库中，这是实现基本安全级别的相当简单的方法。

The security issue with simple hashing (md5 et al) isn't really the speed, so much as the fact that it's idempotent; two different people with the same password will have the same hash, and so if one person's hash is brute-forced, the other one will as well. This facilitates rainbow attacks. Simply slowing the hash down isn't a very useful tactic for improving security. It doesn't matter how slow and cumbersome your hash algorithm is - as soon as someone has a weak password that's in a dictionary, EVERYONE with that weak password is vulnerable.

Also, hash algorithms such as md5 are for the purpose of generating a digest and checking if two things are probably the same as each other; they are not intended to be impossible to generate a collision for. Even if an underlying password itself requires a lot of brute forcing to determine, that doesn't mean it will be impossible to find some other bit pattern that generates the same hash in a trivial amount of time.

As such: please, please, PLEASE only use salted hashes for password storage. There is no reason to implement your own salted hash mechanism, either, as crypt() already does an excellent job of this.