我正在尝试设置一些内容,当用户单击导航栏中的类别链接时,它会要求他们输入密码/密码短语才能查看该类别帖子。我已经做了很多挖掘,但似乎找不到解决方案。有人能指出我正确的方向吗?我想我可以通过一些脚本工作来解决这个问题,但我什至找不到让我开始的东西。帮忙?
最佳答案
我认为这不需要插件。在这种情况下,我会写一些类似的内容。
此脚本假设用户正在向此页面发出 http POST 请求,可能是通过在网站上的某个位置提交表单来实现的。
如果您对其中任何内容感到陌生,请随时询问,我很乐意澄清:)
<?php
//Create new database connection
$idForPassword = 5;
$mysqli = new mysqli("localhost", "DBusername", "DBpassword", "DBName");
//Create new prepared statement
$stmt = $mysqli->prepare("SELECT password FROM sometable WHERE id = ?");
$stmt->bind_param("i", $idForPassword);
// execute query
$stmt->execute();
// bind result variables
$stmt->bind_result($result);
$stmt->fetch();
// Hash the password so we aren't storing a password as plain text in the database
// ideally you also add a salt to your password but since this is just an example
// I'll leave that part out
$password = md5($_POST['password']);
if($password == $result)
{
//allow user access
}
else
{
//deny user access
}
编辑:有关 Salting and Hasing passwords 的更多信息。我建议您一有机会就阅读它,因为如果您计划将密码存储在数据库中,这是实现基本安全级别的相当简单的方法。
The security issue with simple hashing (md5 et al) isn't really the speed, so much as the fact that it's idempotent; two different people with the same password will have the same hash, and so if one person's hash is brute-forced, the other one will as well. This facilitates rainbow attacks. Simply slowing the hash down isn't a very useful tactic for improving security. It doesn't matter how slow and cumbersome your hash algorithm is - as soon as someone has a weak password that's in a dictionary, EVERYONE with that weak password is vulnerable.
Also, hash algorithms such as md5 are for the purpose of generating a digest and checking if two things are probably the same as each other; they are not intended to be impossible to generate a collision for. Even if an underlying password itself requires a lot of brute forcing to determine, that doesn't mean it will be impossible to find some other bit pattern that generates the same hash in a trivial amount of time.
As such: please, please, PLEASE only use salted hashes for password storage. There is no reason to implement your own salted hash mechanism, either, as crypt() already does an excellent job of this.
关于javascript - 需要密码/密码短语才能使用 Wordpress 查看类别内容,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/20406782/