worldpress开启反向代理后打开密码文章无法正确跳转
-
找到自定义验证密码的function或者在wp-includes/post-template.php 中的 get_the_password_form()中找到亦可
-
此为修改后的代码,获取请求url判断是否有message,显示message
-
//重定义密码保护页面,配合wp-login.php postpass function fb\\\_the\\\_password_form() { global $post; // $\\\_request\\\_uri=substr($\\\_SERVER\\\['REQUEST\\\_URI'\\\],strpos($\\\_SERVER\\\['REQUEST\\\_URI'\\\],'/',1)); $\\\_request\\\_uri=$\\\_SERVER\\\['REQUEST\\\_URI'\\\]; $message = explode('message=',$\\\_request\\\_uri)\\\[1\\\]; $label = 'pwbox-' . ( empty( $post->ID ) ? rand() : $post->ID ); $output = '' . __( '此内容受密码保护。如需查阅,请在下列字段中输入您的密码。' ) . '' . __( 'Password:' ) . ' '.''.$message.''.' '; return $output; } add\\\_filter('the\\\_password\\\_form', 'fb\\\_the\\\_password\\\_form'); -
将密码提交到site_url( ‘wp-login.php?action=postpass’ . ‘&requri=’ . $_request_uri,并且带上当前页的url
-
wp-login.php处理,此为修改后的代码,获取请求参数,并安全跳转请求参数,即当前url,若登录成功,已经吧密码加密存到cookies,再次跳转到此页面不会验证密码,若登录失败,无cookies则还需要继续登录并且有一个message提示密码错误
-
case 'postpass': //获取前端传入的地址,如果有message截取 $request\\\_uri=explode('?',$\\\_REQUEST\\\['requri'\\\])\\\[0\\\]; if ( ! array\\\_key\\\_exists( 'post\\\_password', $\\\_POST ) ) { wp\\\_safe\\\_redirect($request_uri ); exit; } require_once ABSPATH . WPINC . '/class-phpass.php'; $hasher = new PasswordHash( 8, true ); /** * Filters the life span of the post password cookie. * * By default, the cookie expires 10 days from creation. To turn this * into a session cookie, return 0. * * @since 3.7.0 * * @param int $expires The expiry time, as passed to setcookie(). */ $expire = apply\\\_filters( 'post\\\_password\\\_expires', time() + 10 * DAY\\\_IN_SECONDS ); //nsk 2023年1月8日13:22:53修改,为了在文章输入密码后能正确跳转 $referer = wp\\\_get\\\_referer(); setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( wp\\\_unslash( $\\\_POST\\\['post\\\_password'\\\] ) ), $expire, COOKIEPATH, COOKIE\\\_DOMAIN, $secure ); //nsk 2023年1月8日13:25:26添加 $request\\\_uri = $request\\\_uri.'?message=wrong_password'; wp\\\_safe\\\_redirect( $request_uri); //nsk 2023年1月8日13:25:26添加 exit(); case 'logout':