I have a website which is being developed using Zend Framework. I also have a Wordpress site placed on the same server. Is it possible to login to Wordpress site using any (e:g AJAX call) when i login to my Zend site.
我有一个使用Zend Framework开发的网站。我也有一个Wordpress网站放在同一台服务器上。当我登录Zend站点时,是否可以使用任何(e:g AJAX调用)登录Wordpress站点。
Reason:
原因:
I have a link to word press blog on Zend site, and when i click on that link, it takes me to Wordpress login page.
我在Zend网站上有一个word press blog的链接,当我点击该链接时,它会带我到Wordpress登录页面。
I want the user to be taken to word press blog page link as a logged in user.
我希望用户将其作为登录用户的新闻博客页面链接。
I researched a lot on this, but not finding the correct path.
我对此进行了很多研究,但没有找到正确的路径。
Thanks.
谢谢。
3 个解决方案
#1
0
Using AJAX between 2 different domain names is forbidden, you can use the Curl function in PHP. http://bit.ly/RBGgfp
禁止在两个不同的域名之间使用AJAX,您可以在PHP中使用Curl函数。 http://bit.ly/RBGgfp
#2
0
There is a security concern over your problem. How to pass the credentials from one website to another without actually passing them…
您的问题存在安全问题。如何将凭证从一个网站传递到另一个网站而不实际传递它们...
You need some sort of authorisation process which will tell WP that the user which is being logged in to WP is actually the same user which is already logged to Zend. For this purpose you can’t just pass username and passwords in an Ajax call from ZF to WP, because everybody will be able to get users’ passwords from the cached JS source code. Also you can’t pass just username in ajax call because then everybody could make such ajax call to sign in as someone else.
您需要某种授权过程,告诉WP,登录到WP的用户实际上是已经登录到Zend的用户。为此,您不能只是在从ZF到WP的Ajax调用中传递用户名和密码,因为每个人都可以从缓存的JS源代码中获取用户的密码。此外,你不能只在ajax调用中传递用户名,因为这样每个人都可以进行这样的ajax调用以其他人身份登录。
In general you should limit passing of authorisation through client side requests (Ajax) as much as possible.
通常,您应该尽可能地限制通过客户端请求(Ajax)传递授权。
One way of doing this is a mechanism used by many social networks (i.e. Facebook) called OAuth. Facebook uses special tokens for authorisation and no credentials are passed between the Facebook and a website which uses Facebook connect mechanism. Also Facebook uses PHP’s curl function to make cross server calls behind the curtain so no trace is left on client side about the authorisation process.
这样做的一种方式是许多称为OAuth的社交网络(即Facebook)使用的机制。 Facebook使用特殊令牌进行授权,并且在Facebook和使用Facebook连接机制的网站之间不传递凭据。 Facebook也使用PHP的curl函数来进行跨服务器调用,因此在客户端没有关于授权过程的任何痕迹。
You can but you don’t have to use OAuth but it will be a good experience gain if you do.
你可以,但你不必使用OAuth,但如果你这样做,这将是一个很好的经验。
Another problem you are facing is that probably your ZF and WP use different authorisation cookies on client side. So when authorising user on ZF website you need to make also Ajax call to WP page responsible for login to make sure proper cookies are set.
您面临的另一个问题是,您的ZF和WP可能在客户端使用不同的授权Cookie。因此,当在ZF网站上授权用户时,您还需要对负责登录的WP页面进行Ajax调用,以确保设置正确的cookie。
Summa summarum the process flow will be something similar to this (assuming that user account is already created on both sites):
Summa summarum流程将类似于此(假设已在两个站点上创建用户帐户):
- Login user on ZF site.
- 在ZF网站上登录用户。
- From ZF make curl call containing user id (for example) to WP page which will return some sort of randomly generated token (if user with given ID exists).
- 从ZF进行包含用户id(例如)的curl调用到WP页面,该页面将返回某种随机生成的令牌(如果存在给定ID的用户)。
- Once your curl call receives the token from WP, generate the ZF web page with JS which makes Ajax call to WP (How to send Ajax call to WP is explained here: http://codex.wordpress.org/AJAX_in_Plugins) This Ajax call should contain something like md5 hashed user id and the token.
- 一旦你的curl调用从WP收到令牌,生成带有JS的ZF网页,这使得Ajax调用WP(如何向WP发送Ajax调用解释如下:http://codex.wordpress.org/AJAX_in_Plugins)这个Ajax调用应包含类似md5哈希用户ID和令牌的内容。
- Now on the WP side, WP will receive ZF’s Ajax call with the hashed value. So, check if this value is the same as the value after hashing user id and token which WP returned before (in step 2). If yes then login user on the WP site.
- 现在在WP方面,WP将以散列值接收ZF的Ajax调用。因此,请检查此值是否与WP之前返回的用户ID和令牌之后的值相同(在步骤2中)。如果是,则在WP站点上登录用户。
Now, because we don’t send user password from ZF to WP (and we don’t know it on WP side either – because it’s encrypted) you can’t use wp_signon to sign in user. But you can use wp_set_auth_cookie which for this particular purpose should be sufficient.
现在,因为我们没有将用户密码从ZF发送到WP(我们在WP方面也不知道它 - 因为它是加密的)你不能使用wp_signon来登录用户。但是你可以使用wp_set_auth_cookie,为了这个特殊目的,它应该足够了。
It is a rough explanation but I hope it will be of help.
这是一个粗略的解释,但我希望它会有所帮助。
P.S. wp_login is deprecated and you should avoid using it.
附:不推荐使用wp_login,您应该避免使用它。
Also wp_login action doesn’t call wp_set_auth_cookie which can be a reason why your user didn’t appear as logged in a first place.
此外,wp_login操作不会调用wp_set_auth_cookie,这可能是您的用户未首先显示为登录状态的原因。
Try your solution with wp_set_auth_cookie in it. I’m saying this at the end so you don’t miss the security concerns above.
使用wp_set_auth_cookie尝试您的解决方案。我最后这样说,所以你不要错过上面的安全问题。
#3
0
Since both sites are on the same server, presumable you can access files form both Zend and WordPress. When you user is loggin into Zend based site, you can add a call to load basic wordpress files, and then use the function wp_set_auth_cookie() to log the user into wordpress.
由于两个站点都在同一台服务器上,因此您可以从Zend和WordPress访问文件。当用户登录到基于Zend的站点时,您可以添加一个调用来加载基本的wordpress文件,然后使用函数wp_set_auth_cookie()将用户登录到wordpress。
require_once 'wordpress-directory/wp-load.php';
wp_set_auth_cookie( $wp_user_id );
In your users table on your Zend site, you could have an additional column wp_user_id to store the wordpress user id's for your users, so that you know what user id to pass the wp_set_auth_cookie() function.
在Zend站点的用户表中,您可以使用额外的列wp_user_id来存储用户的wordpress用户ID,以便了解传递wp_set_auth_cookie()函数的用户ID。
I wrote up a blog article in a bit more general terms if you want to check it out as well here
如果你想在这里查看它,我会用一些更一般的术语写一篇博客文章
#1
0
Using AJAX between 2 different domain names is forbidden, you can use the Curl function in PHP. http://bit.ly/RBGgfp
禁止在两个不同的域名之间使用AJAX,您可以在PHP中使用Curl函数。 http://bit.ly/RBGgfp
#2
0
There is a security concern over your problem. How to pass the credentials from one website to another without actually passing them…
您的问题存在安全问题。如何将凭证从一个网站传递到另一个网站而不实际传递它们...
You need some sort of authorisation process which will tell WP that the user which is being logged in to WP is actually the same user which is already logged to Zend. For this purpose you can’t just pass username and passwords in an Ajax call from ZF to WP, because everybody will be able to get users’ passwords from the cached JS source code. Also you can’t pass just username in ajax call because then everybody could make such ajax call to sign in as someone else.
您需要某种授权过程,告诉WP,登录到WP的用户实际上是已经登录到Zend的用户。为此,您不能只是在从ZF到WP的Ajax调用中传递用户名和密码,因为每个人都可以从缓存的JS源代码中获取用户的密码。此外,你不能只在ajax调用中传递用户名,因为这样每个人都可以进行这样的ajax调用以其他人身份登录。
In general you should limit passing of authorisation through client side requests (Ajax) as much as possible.
通常,您应该尽可能地限制通过客户端请求(Ajax)传递授权。
One way of doing this is a mechanism used by many social networks (i.e. Facebook) called OAuth. Facebook uses special tokens for authorisation and no credentials are passed between the Facebook and a website which uses Facebook connect mechanism. Also Facebook uses PHP’s curl function to make cross server calls behind the curtain so no trace is left on client side about the authorisation process.
这样做的一种方式是许多称为OAuth的社交网络(即Facebook)使用的机制。 Facebook使用特殊令牌进行授权,并且在Facebook和使用Facebook连接机制的网站之间不传递凭据。 Facebook也使用PHP的curl函数来进行跨服务器调用,因此在客户端没有关于授权过程的任何痕迹。
You can but you don’t have to use OAuth but it will be a good experience gain if you do.
你可以,但你不必使用OAuth,但如果你这样做,这将是一个很好的经验。
Another problem you are facing is that probably your ZF and WP use different authorisation cookies on client side. So when authorising user on ZF website you need to make also Ajax call to WP page responsible for login to make sure proper cookies are set.
您面临的另一个问题是,您的ZF和WP可能在客户端使用不同的授权Cookie。因此,当在ZF网站上授权用户时,您还需要对负责登录的WP页面进行Ajax调用,以确保设置正确的cookie。
Summa summarum the process flow will be something similar to this (assuming that user account is already created on both sites):
Summa summarum流程将类似于此(假设已在两个站点上创建用户帐户):
- Login user on ZF site.
- 在ZF网站上登录用户。
- From ZF make curl call containing user id (for example) to WP page which will return some sort of randomly generated token (if user with given ID exists).
- 从ZF进行包含用户id(例如)的curl调用到WP页面,该页面将返回某种随机生成的令牌(如果存在给定ID的用户)。
- Once your curl call receives the token from WP, generate the ZF web page with JS which makes Ajax call to WP (How to send Ajax call to WP is explained here: http://codex.wordpress.org/AJAX_in_Plugins) This Ajax call should contain something like md5 hashed user id and the token.
- 一旦你的curl调用从WP收到令牌,生成带有JS的ZF网页,这使得Ajax调用WP(如何向WP发送Ajax调用解释如下:http://codex.wordpress.org/AJAX_in_Plugins)这个Ajax调用应包含类似md5哈希用户ID和令牌的内容。
- Now on the WP side, WP will receive ZF’s Ajax call with the hashed value. So, check if this value is the same as the value after hashing user id and token which WP returned before (in step 2). If yes then login user on the WP site.
- 现在在WP方面,WP将以散列值接收ZF的Ajax调用。因此,请检查此值是否与WP之前返回的用户ID和令牌之后的值相同(在步骤2中)。如果是,则在WP站点上登录用户。
Now, because we don’t send user password from ZF to WP (and we don’t know it on WP side either – because it’s encrypted) you can’t use wp_signon to sign in user. But you can use wp_set_auth_cookie which for this particular purpose should be sufficient.
现在,因为我们没有将用户密码从ZF发送到WP(我们在WP方面也不知道它 - 因为它是加密的)你不能使用wp_signon来登录用户。但是你可以使用wp_set_auth_cookie,为了这个特殊目的,它应该足够了。
It is a rough explanation but I hope it will be of help.
这是一个粗略的解释,但我希望它会有所帮助。
P.S. wp_login is deprecated and you should avoid using it.
附:不推荐使用wp_login,您应该避免使用它。
Also wp_login action doesn’t call wp_set_auth_cookie which can be a reason why your user didn’t appear as logged in a first place.
此外,wp_login操作不会调用wp_set_auth_cookie,这可能是您的用户未首先显示为登录状态的原因。
Try your solution with wp_set_auth_cookie in it. I’m saying this at the end so you don’t miss the security concerns above.
使用wp_set_auth_cookie尝试您的解决方案。我最后这样说,所以你不要错过上面的安全问题。
#3
0
Since both sites are on the same server, presumable you can access files form both Zend and WordPress. When you user is loggin into Zend based site, you can add a call to load basic wordpress files, and then use the function wp_set_auth_cookie() to log the user into wordpress.
由于两个站点都在同一台服务器上,因此您可以从Zend和WordPress访问文件。当用户登录到基于Zend的站点时,您可以添加一个调用来加载基本的wordpress文件,然后使用函数wp_set_auth_cookie()将用户登录到wordpress。
require_once 'wordpress-directory/wp-load.php';
wp_set_auth_cookie( $wp_user_id );
In your users table on your Zend site, you could have an additional column wp_user_id to store the wordpress user id's for your users, so that you know what user id to pass the wp_set_auth_cookie() function.
在Zend站点的用户表中,您可以使用额外的列wp_user_id来存储用户的wordpress用户ID,以便了解传递wp_set_auth_cookie()函数的用户ID。
I wrote up a blog article in a bit more general terms if you want to check it out as well here
如果你想在这里查看它,我会用一些更一般的术语写一篇博客文章