我正在执行自定义脚本来限制私有网站,用户需要访问代码及其姓氏才能访问该网站。当限制凭证来自外部php应用程序时,使用WordPress制作的Webiste。
我有两个文件,一个是home.php,另一个是autho.php。登录表单位于home.php中,该表单和Ajax代码是在其中编写的。 autho.php是服务器端脚本,用于创建会话以限制WordPress网站。
会话验证发生在/wp-content/themes/twentynineteen/header.php文件中。在wordpress网站区域,我无法找到在autho.php中创建的会话数据。请提出建议。
home.php(登录表单)
<script type='text/javascript'>
$(document).ready(function(){
$('#login_error').hide();
$('#accessform').on('submit', function(event){
event.preventDefault();
$.ajax({
url:"doctor_autho.php?action=login&type=login",
method:"POST",
data:$(this).serialize(),
dataType:"json",
beforeSend:function(){
$('#submit').attr('disabled', 'disabled');
},
success:function(data)
{
if(data.result = 'false')
{
$('#login_error').show();
$('#login_error').html("<strong> Doctors last name or code is invalid </strong>");
$('#submit').prop('disabled', false);
}
if(data.result = 'true')
{
$('#login_error').show();
$('#login_error').html("<strong> Access Granted !!! </strong>");
window.location.href = "/index.php");
}
$('#submit').attr('disabled', false);
},
error: function (response) {
$('#login_error').show();
$('#login_error').html("<strong> Doctors last name or code is invalid </strong>");
$('#submit').prop('disabled', false);
}
})
});
});
</script>
autho.php PHP文件
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error){
die("Connection failed: " . $conn->connect_error);
}
$type = isset($_GET['type'])?$_GET['type']:"";
$action = isset($_GET['action'])?$_GET['action']:"";
if(isset($_POST) && $action == "login" && $type=="login"){
$doctor_invitation_code= isset($_POST['doctor_invitation_code'])?$_POST['doctor_invitation_code']:"";
$doctor_last_name= isset($_POST['doctor_last_name'])?$_POST['doctor_last_name']:"";
if($doctor_invitation_code =="" OR $doctor_last_name ==""){
$data = array("result" => "false", "msg" => "Parameter is required");
die(json_encode($data));
}else{
check_login($doctor_invitation_code,$doctor_last_name);
}
}else{
$data = array("result" => "false", "msg" => "Parameter wrong used!");
die(json_encode($data));
}
function check_login($doctor_invitation_code,$doctor_last_name){
Global $conn;
$doct_auto_query ="SELECT * FROM `tbl_user_master` WHERE patient_invition_code='".$doctor_invitation_code."' AND user_lname='".$doctor_last_name."' AND user_type='2' and is_deleted=0 limit 1";
//echo $doct_auto_query;
$result = $conn->query($doct_auto_query);
if($result->num_rows > 0){
$data = array("result" => "true", "msg" => "Access Granted !!!");
session_start();
$_SESSION['invitation_code'] = $doctor_invitation_code;
$_SESSION['last_name'] = $doctor_last_name;
die(json_encode($data));
}else{
$data = array("result" => "false", "msg" => "The Invitation code or Last Name is wrong used!");
header ("Location: home.php");
die(json_encode($data));
}
}
主题的header.php文件的会话验证
session_start();
if (!isset($_SESSION['invitation_code']) && !isset($_SESSION['last_name']) ) {
header("Location: https://www.website.com/home.php");
}
在主题标题文件下的WordPress网站上,我无法访问$ _SESSION ['invitation_code']和$ _SESSION ['last_name'],请提出解决方法。
首先放置session_start();在wp-config.php文件中。
define( 'WP_SESSION_USE_OPTIONS', true );
session_start();
您的JQuery像这样的东西
<script type='text/javascript'>
$(document).ready(function(){
$('#login_error').hide();
$('#accessform').on('submit', function(event){
event.preventDefault();
$.ajax({
url:"autho.php?action=login&type=login",
method:"POST",
data:$(this).serialize(),
dataType:"json",
beforeSend:function(){
$('#submit').attr('disabled', 'disabled');
},
success:function(data)
{ console.log(data);
if(data.result =="true") {
$('#login_error').show();
$('#login_error').html("<strong> "+data.msg+" </strong>");
window.location.href = "index.php";
return false;
}
if(data.result == "false") {
$('#login_error').show();
$('#login_error').html("<strong> "+data.msg+" </strong>");
$('#submit').prop('disabled', false);
return false;
}
$('#submit').attr('disabled', false);
},
error: function (response) {
$('#login_error').show();
$('#login_error').html("<strong> There is an error! </strong>");
$('#submit').prop('disabled', false);
}
})
});
});
</script>
您的PHP代码类似这样
<?php
$con = mysqli_connect("127.0.0.1","dbuser","dbpassword","dbname");
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
exit();
}
$doctor_last_name = mysqli_real_escape_string($con, $_POST['doctor_last_name']);
$password = mysqli_real_escape_string($con, $_POST['doctor_invitation_code']);
if($doctor_last_name !="" && $password !=""){
$query ="SELECT * FROM `tbl_user_master` WHERE is_deleted=0 AND user_type='2' ";
if($doctor_last_name !=""){
$query .=" AND user_lname='".$doctor_last_name."' ";
$data=mysqli_query($con, $query);
if ($data){
if (mysqli_num_rows($data) == 0){
$data = array("result" => "false", "msg" => "The Last Name is invalid.");
}
}
}
//end
//validation for invitation code
if($password !=""){
$query .=" AND patient_invition_code='".$password."' ";
$data=mysqli_query($con, $query);
if ($data){
if (mysqli_num_rows($data) == 0){
$data = array("result" => "false", "msg" => "The Invitation Code is invalid.");
}
}
}
$data=mysqli_query($con, $query);
if ($data){
if (mysqli_num_rows($data) > 0){
session_start();
$_SESSION['invitation_code'] = $password;
$_SESSION['last_name'] = $doctor_last_name;
$data = array("result" => "true", "msg" => "Access Granted !!!");
echo json_encode($data);
exit();
}else {
//validation of code and lastname only
$data = array("result" => "false", "msg" => "The Last name & Invitation Code is invalid.");
echo json_encode($data);
exit();
}
}
}else{
$data = array("result" => "false", "msg" => "Parameter is required.");
echo json_encode($data);
exit;
}
reset($doctor_last_name);
reset($password);
mysqli_close($con);
exit;
?>
最后,您可以将会话验证放在WordPress主题的任何头文件中。
session_start();
if(!isset($_SESSION['invitation_code']) || $_SESSION['invitation_code'] == '') {
header('location:home.php');
}