cookies - WordPress-based authentication from other webapp -


work

I probably want to create a webpage in Wadin, and I want to have a WordPress site They want to use it within the admin area. Most things are clear:

  • I can create a WP plugin, which will display the Widin app in an iframe inside the WP admin.
  • Plugin be able to create menu inside WP admin

But

I am not completely convinced, how can I authenticate my user? I want to use WordPress's athletic system if my users are logged on to WP site, and there are rights to administer them, I want to show them their site. Otherwise, I would like to throw HTTP404, or whatever.

I have already done

I have checked the cookies, makes WordPress when I have logged into my site, so I have 2 cookies:

  • wordpress_HASH
  • wordpress_logged_in_HASH

where hash > The site's URL is MD5 hash.

These cookies look like this:

  • wordpress_HASH :
    admin% 7C1422101199% 7Ckd5Qp39eAQc4JNZTUBxlSjAMKeQqdCX00l6bnc64dxu% 7C3f19a3dd6e12f7c342059a40c7ffe64b923dc9f46707d67d303b0a8333344818
  • wordpress_logged_in_HASH :
    admin% 7C1422101199% 7Ckd5Qp39eAQc4JNZTUBxlSjAMKeQqdCX00l6bnc64dxu% 7Cdf8a63d871c0830ef98732e7deb68b28b58a8618bc7c42e36a1e26a13494f1ae

I found it Is:

  • the 7C% is a delimiter, which means | .
  • The first part of this value is the name of the user, it is called admin in the present case.
  • The second part ( 1422101199 ) is a Unix timestamp, it is the cookie experienced date.
  • The third part ( kd5Qp39eAQc4JNZTUBxlSjAMKeQqdCX00l6bnc64dxu ) is a session ID
    • I'm not sure how this is random, is it random?
    • I have found a sha256 hash in DH under the WP_urmeta table, with a foreign key for my user (in this case of the administrator), a meta_'s session_tokens with. This value is a JSON-like string, and contains some data about the user: its browser, experience time, and all the hashes of session EDS currently used. What is this string? How can I parse it? This is not completely JSON.
    • And one fourth, which is different in two cookies. I do not know what the heck is.

    My thoughts

    My idea is to parse this cookie from this app, and compare it to data for data in DB but I have a lot of questions Are there.

    • Is it safe?
    • Is there a better way?
    • Why are two cookies? What is the difference between them?

    Thank you!

If you are just reading the cookie username, a bad user can find the user's name and address That's fake and can get access to your Wadien based piece.

If you want a simple and secure solution, you can check your WordPress hosting on JVM using Quarks. I am working on a site and doing it very well, you can make a hook in your WP faster than the original lamp stack (without PHP accelerator).

Another simple and safest way to use PHP is to use a PHP session. I do not know how easy it is to read basic PHP session data from JVM, but there are some types of optional xml (WDDX) formats in it. It should be easy to handle in Java - assuming that you can read a session cookie from your servlet, the last option is to random randomly create another related data (at least username) stored in some flatfile or WP database (Which you are probably using anyway).


Comments

Post a Comment

Popular posts from this blog

python - Overriding the save method in Django ModelForm -

I'm having trouble overriding a ModelForm save method. I get this error I'm: Exception type: TypeErier Exception Value: Save () found an unexpected keyword argument 'committed' My intentions include a form 3 fields Submit several values ​​for, then create an object for each combination of those areas, and to save each object file models.py class collarsult type (models.Model): id = model. AutoField (db_column = 'icontact_result_code_type_id', primary_key = true) callResult = models.ForeignKey ( 'CallResult', db_column = 'icontact_result_code_id') campaign = models.ForeignKey ( 'campaign', db_column = 'icampaign_id') CALLTYPE = models.ForeignKey ( 'CALLTYPE', db_column = 'icall_type_id') agent = models.BooleanField (db_column = 'bagent', default = true) teamLeader = models.BooleanField (db_column = 'bTeamLeader', default = true) active = models.BooleanField (db_column = Django.form...
Read more

html - CSS autoheight, but fit content to height of div -

I have a div in which there are three children- div in the left and middle div: float: left while true: float: true because it is my layout Actually will spoil, I've used ClearFix Hack: .cf {zoom: 1; }. Cf: First,. Cf: {content: ""; Display: Table; }. Cf: After {clear: both; } It still works, but I want to be the right div an indicator. So it should fill 100% of the parent unit of height. How can I complete this? PS is the full code: & Lt; / Div & gt; & Lt; Div class = "mobile_content" & gt; & Lt; H5 & gt; {{Data.titel}} & lt; / H5> & Lt; Table & gt; & Lt; TR & gt; & Lt; Th & gt; Komponist: & lt; / Th & gt; & Lt; TD & gt; {{Data.komponist}} & lt; / TD & gt; & Lt; / TR & gt; & Lt; TR & gt; & Lt; Th & gt; Instrument: & lt; / Th & gt; & Lt; TD & gt; {{Data.instrumente}} & lt; / TD & gt; & Lt; / TR & gt;...
Read more

qt - How to prevent QAudioInput from automatically boosting the master volume to 100%? -

I have been trying to use Qt5 multimedia to record audio with QAudioInput, however, when I see If QAudioInput is started, it increases the master volume of my sound device to 100%. How can I prevent QAudioInput from changing the master volume? My current development platform is Linux with PalsAdio (with flat audio disabled). How can I use QAudioInput : QAudioDeviceInfo device_info = QAudioDeviceInfo :: defaultInputDevice (); QAudio format format; Format.setSampleRate (44100); Format.setChannelCount (1); Format.setSampleSize (16); Format.setCodec ("Audio / PCM"); Format.setSampleType (QAudioFormat :: SignedInt); Format.setByteOrder (QAudioFormat :: LittleEndian); Std :: cout & lt; & Lt; Device_info.deviceName (). ToUtf8 (). ConstData () & lt; & Lt; Std :: endl; QAudioInput * default_device = new QAudioInput (device_info, format); QIODevice * default_io_device = default_device-> Start (); a QAudioInput.setVolume () method is not you I ...
Read more