WordPress - HackMD

# WordPress ###### tags: `puli_foodmap` - [安裝及架設WordPress](https://www.youtube.com/watch?v=-pg4af7TvoA&ab_channel=BritaDTW) - [WordPress如何加密](https://t.codebug.vip/questions-1243910.htm) - [下載WordPress檔案](https://tw.wordpress.org/download/) - [學姊寫的wordpress-找安妮](http://foodmap.nuageservice.tw/2021/03/27/%e6%89%be%e5%ae%89%e5%a6%ae/) - [關於wordpress密碼的破解思路](https://www.itread01.com/content/1549282886.html) - [wordpress的用户驗證以及密碼加密 =>"phpass"](https://www.jianshu.com/p/e36c56050a8c) - [[WordPress] 後台登入網址修改(wp-login.php) ](https://code.yidas.com/wordpress-rename-wp-login/) - [ (實作)使用者登入與密碼驗證](https://ithelp.ithome.com.tw/articles/10196601) - [學姊完整wordpress](http://foodmap.nuageservice.tw/) ## login.php ``` php= <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <?php session_start(); ?>  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <?php //連接資料庫 //只要此頁面上有用到連接MySQL就要include connect.php include("connect.php"); // 取得使用者輸入的帳號、密碼 // @$userLogin = $_POST['userLogin']; // @$userPass = $_POST['userPass']; @$userLogin = $_POST['userLogin']; @$userPass = $_POST['userPass']; // 搜尋資料庫資料 $sql = "SELECT * FROM wp_users Where user_login = '$userLogin'"; // 執行查詢 mysqli_query(連接要使用的MySQL, 要查詢的資料) $result = mysqli_query($link, $sql); require_once ('C:\xampp\htdocs\wordpress\wp-includes\class-phpass.php'); $wp_hasher= new PasswordHash(8, TRUE); // // $userPass = 'gr4D4xr^pxgOZnqngY'; // $db_password='$P$BXok5v0T8sxcnq6BZEoDa4tevsya1H.'; // // 解密驗證 check CheckPassword(使用者輸入密碼,資料庫加密過後的密碼); // $checkPassword = $wp_hasher -> CheckPassword($userPass,$db_password); // echo ($checkPassword); // require_once ('C:\xampp\htdocs\wordpress\wp-includes\pluggable.php'); // echo(wp_hash_password($userPass)); // if($rows){ while($row = mysqli_fetch_assoc($result)){ // $userPass = 'gr4D4xr^pxgOZnqngY'; $db_password = $row['user_pass']; // 解密驗證 check CheckPassword(使用者輸入密碼,資料庫加密過後的密碼); $checkPassword = $wp_hasher -> CheckPassword($userPass,$db_password); // 登入成功 // 判斷帳號與密碼是否為空白以及確認是否為MySQL資料庫裡是否有這個會員 if($userLogin != null && $userPass != null && $row['user_login'] == $userLogin && $checkPassword == 1) { // 將帳號寫入session，方便驗證使用者身份 // session 內儲存 user-login(帳號) $_SESSION['userLogin'] = @$userLogin; // 將user_status改成1 $sql_online = "UPDATE wp_users SET user_status = 1 Where user_login = '$userLogin'"; mysqli_query($link,$sql_online); echo $row["user_login"]; // $row["userPass"]; echo '登入成功!'; // echo '<meta http-equiv=REFRESH CONTENT=1;url=member.php>'; } else // 登入失敗 { echo $row["user_login"]. $row["user_pass"]; echo '登入失敗!'; // echo '<meta http-equiv=REFRESH CONTENT=1;url=index.php>'; } } ?> ``` ## logout.php ``` php=   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <?php include('connect.php'); include('login.php'); // 如果網頁關掉， 1:連線由使用者或是網路終止 echo $_SESSION['userLogin']; $userLogin = $_SESSION['userLogin']; // 把狀態改成不再線上 // 將user_status改成0 $sql_offline = "UPDATE wp_users SET user_status = 0 Where user_login = '$userLogin'"; mysqli_query($link,$sql_offline); //將session清空 unset($_SESSION['userLogin']); echo '登出中......'; // echo '<meta http-equiv=REFRESH CONTENT=1;url=index.php>'; ?> ``` ## connect.php ``` php=  <?php $link = mysqli_connect("localhost","root","","wordpress"); // db_host, db_username, db_password, db_name // $link = mysqli_connect("localhost","foodmap","foodmap@puli#ncnu","wordpress"); if ($link == false) { die("連接失敗: " .mysqli_connect_error()); } // $sql 加入sql語法從 user 的資料表中選擇所有欄位 $sql = "SELECT * FROM `wp_users`"; // 以下程式是將DB中的資料印出來 // $result 從DB中取出結果集 $result = $link->query($sql); $row = mysqli_fetch_assoc($result); // if ($result->num_rows >= 0) { // // 輸出數據 // // echo "id: "." "."Name: "." "."username: ". "<br>"; // while($row = $result->fetch_assoc()) { // // id name username password // echo " id: " . $row["ID"]. // " 帳號: " . $row["user_login"]. // " 密碼: " . $row["user_pass"]. // " 姓名: " . $row["user_nicename"]. // " 信箱: " . $row["user_email"]. // " userUrl: " . $row["user_url"]. // " userRegisterd: " . $row["user_registered"]. // " userActivationKey: " . $row["user_activation_key"]. // " userStatus: " . $row["user_status"]. // " displayName: " . $row["display_name"]. "<br>"; // } // } else { // echo "0 結果"; // } mysqli_query($link, "SET NAMES 'utf8'"); //設定資料庫編碼 utf8 // $link->close(); ?> ``` # 整理後 ## login.php ```php= <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <?php session_start(); ?>  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <?php //連接資料庫 //只要此頁面上有用到連接MySQL就要include connect.php include("connect.php"); // 取得使用者輸入的帳號、密碼 @$userLogin = $_POST['userLogin']; @$userPass = $_POST['userPass']; // 搜尋資料庫資料 $sql = "SELECT * FROM wp_users Where user_login = '$userLogin'"; // 執行查詢 mysqli_query(連接要使用的MySQL, 要查詢的資料) $result = mysqli_query($link, $sql); require_once ('C:\xampp\htdocs\wordpress\wp-includes\class-phpass.php'); $wp_hasher= new PasswordHash(8, TRUE); while($row = mysqli_fetch_assoc($result)){ // 資料庫加密過後的密碼 $db_password = $row['user_pass']; // 解密驗證 check CheckPassword(使用者輸入密碼,資料庫加密過後的密碼); $checkPassword = $wp_hasher -> CheckPassword($userPass,$db_password); // 登入成功 // 判斷帳號與密碼是否為空白以及確認是否為MySQL資料庫裡是否有這個會員 if($userLogin != null && $userPass != null && $row['user_login'] == $userLogin && $checkPassword == 1) { // 將帳號寫入session，方便驗證使用者身份 // session 內儲存 user-login(帳號) $_SESSION['userLogin'] = @$userLogin; // 將user_status改成1 $sql_online = "UPDATE wp_users SET user_status = 1 Where user_login = '$userLogin'"; mysqli_query($link,$sql_online); echo $row["user_login"]; echo '登入成功!'; } else // 登入失敗 { echo $row["user_login"]; echo '登入失敗!'; } } ?> ``` ## connect.php ```php=  <?php $link = mysqli_connect("localhost","foodmap","foodmap@puli#ncnu","wordpress"); // db_host, db_username, db_password, db_name if ($link == false) { die("連接失敗: " .mysqli_connect_error()); } // $sql 加入sql語法從 user 的資料表中選擇所有欄位 $sql = "SELECT * FROM `wp_users`"; // 以下程式是將DB中的資料印出來 // $result 從DB中取出結果集 $result = $link->query($sql); $row = mysqli_fetch_assoc($result); mysqli_query($link, "SET NAMES 'utf8'"); //設定資料庫編碼 utf8 ?> ```