First off, let me define the end goal:
首先,让我来定义最终目标:
I'd like to Wordpress (version 2.8) to manage the authentication data/credentials and access control for a web site. Wordpress will be used for most of the site, but some pages will be built outside of the Wordpress environment. These pages should be able to use the user authenticaion data stored Wordpress database as a reference to make their own decisions about access.
我想使用Wordpress(2.8版)来管理网站的身份验证数据/凭据和访问控制。 Wordpress将用于大部分网站,但有些页面将在Wordpress环境之外构建。这些页面应该能够使用存储在Wordpress数据库中的用户身份数据作为参考来做出自己的访问决策。
So, the question:
那么,问题是:
How, exactly, does Wordpress store user authentication data in its database?
Wordpress究竟如何在其数据库中存储用户身份验证数据?
The first part of this answer is easy, inside the Wordpress database, there is a table that holds the primary user data. I believe the default name for this table is "wp_users" but that can change based on the way Wordpress is setup. This table contains the fields "user_login" and "user_pass" which hold the username and password data, respectively.
这个答案的第一部分很简单,在Wordpress数据库中,有一个表保存主要用户数据。我相信这个表的默认名称是“wp_users”,但可以根据Wordpress的设置方式进行更改。该表包含分别包含用户名和密码数据的字段“user_login”和“user_pass”。
The "user_login" is simply a plain text field, so that is easy enough to access, but the password is salted and hashed. This leads to the first thing that still needs to be determined: what is the salting and hashing process Wordpress uses for generating the strings that it stores in "user_pass"?
“user_login”只是一个纯文本字段,因此很容易访问,但密码是盐渍和散列的。这导致了第一件事仍然需要确定:Wordpress用于生成存储在“user_pass”中的字符串的salting和散列过程是什么?
The other portion that remains open is where/how Wordpress stores its "roles". In my install, these roles default to: Administrator, Editor, Author, Contributor and Subscriber. What I don't see is how these roles are associated with individual users. Also, can these role altered?
保持开放的另一部分是Wordpress存储其“角色”的地方/方式。在我的安装中,这些角色默认为:管理员,编辑,作者,贡献者和订阅者。我没看到的是这些角色如何与个人用户相关联。此外,这些角色可以改变吗?
So, to recap, the real question is in three parts:
因此,回顾一下,真正的问题分为三个部分:
1) What is the specific method Wordpress uses to transpose users' plain-text passwords to the strings that are stored in the "user_pass" column of the "wp_users" database table?
1)Wordpress使用什么方法将用户的纯文本密码转换为存储在“wp_users”数据库表的“user_pass”列中的字符串?
2) Where are the links between individual users and their respective Wordpress "roles" stored?
2)个人用户与其各自的Wordpress“角色”之间的链接存储在哪里?
3) Can "roles" in Wordpress be modified to change their names and/or add/remove them?
3)可以修改Wordpress中的“角色”以更改其名称和/或添加/删除它们吗?
Note: I realize that another approach would be to have non-Wordpress pages check the Wordpress cookie to determine access. I'm going to create another question along those lines, but for purposes of this question the focus is on how non-Wordpress pages can utilize the actual Wordpress database for decisions on access control.
注意:我意识到另一种方法是让非Wordpress页面检查Wordpress cookie以确定访问权限。我将按照这些方式创建另一个问题,但出于这个问题的目的,重点是非Wordpress页面如何利用实际的Wordpress数据库来进行访问控制决策。
1 个解决方案
#1
- Wordpress uses the Portable PHP password hashing framework. See also this question: What type of hash does WordPress use?
- By default this association is in the
wp_usermeta
table under thewp_user_level
key - Not without a plug-in (or without editing editing Wordpress' code or database)
Wordpress使用Portable PHP密码哈希框架。另请参阅此问题:WordPress使用什么类型的哈希?
默认情况下,此关联位于wp_user_level键下的wp_usermeta表中
不是没有插件(或没有编辑Wordpress的代码或数据库编辑)
You might want to look at the code for bbPress because it will share Wordpress' user database.
您可能希望查看bbPress的代码,因为它将共享Wordpress的用户数据库。
#1
- Wordpress uses the Portable PHP password hashing framework. See also this question: What type of hash does WordPress use?
- By default this association is in the
wp_usermeta
table under thewp_user_level
key - Not without a plug-in (or without editing editing Wordpress' code or database)
Wordpress使用Portable PHP密码哈希框架。另请参阅此问题:WordPress使用什么类型的哈希?
默认情况下,此关联位于wp_user_level键下的wp_usermeta表中
不是没有插件(或没有编辑Wordpress的代码或数据库编辑)
You might want to look at the code for bbPress because it will share Wordpress' user database.
您可能希望查看bbPress的代码,因为它将共享Wordpress的用户数据库。