Creating an auto-login page

Hi,

(I first posted this to a WordPress forum but got no response)

I just downloaded the latest version of WordPress, which I'm running
on Fedora Linux (apache 2 web server, php 4.4.4). My question is, how
can I programatically auto-login to the admin site? I understand there
is a "Remember Me" box, but looking for something to where I click a
link from my site's normal content admin and go straight into
WordPress, without having to enter the WP admin username and password.

Thanks, - Dave
laredotornado [ Di, 31 Juli 2007 22:55 ] [ ID #1783013 ]

Re: Creating an auto-login page

On Jul 31, 1:55 pm, "laredotorn... [at] zipmail.com"
<laredotorn... [at] zipmail.com> wrote:
>
> I just downloaded the latest version of WordPress, which
> I'm running on Fedora Linux (apache 2 web server, php
> 4.4.4). My question is, how can I programatically auto-
> login to the admin site? I understand there is a
> "Remember Me" box, but looking for something to where I
> click a link from my site's normal content admin and go
> straight into WordPress, without having to enter the WP
> admin username and password.

OK, here's what your script could do:

1. POST the following name-value pairs to
[WordPress_root]/wp-login.php:

log=[your_login_name]&pwd=[your_password]&submit=Login+
%C2%BB&redirect_to=wp-admin%2F

2. Obtain the following cookies from
[WordPress_root]/wp-login.php:

wordpressuser_[hash]=[your_login_name]; path=[WordPress_root]
wordpresspass_[hash]=[pwd_hash]; path=[WordPress_root]

where
[hash] is a sequence of 32 hex digits, and
[pwd_hash] is another sequence of 32 hex digits, and

3. Send these cookies to the client and then redirect the client
to [WordPress_root]/wp-admin/

Also, you might consider the possibility of going about your task
in reverse: instead of building WordPress into your site's "normal
content admin", build your "normal content admin" into WordPress
as one or more plugins.

Cheers,
NC
nc [ Mi, 01 August 2007 01:03 ] [ ID #1783962 ]

Re: Creating an auto-login page

On Jul 31, 6:03 pm, NC <n... [at] iname.com> wrote:
> On Jul 31, 1:55 pm, "laredotorn... [at] zipmail.com"
>
> <laredotorn... [at] zipmail.com> wrote:
>
> > I just downloaded the latest version of WordPress, which
> > I'm running on Fedora Linux (apache 2 web server, php
> > 4.4.4). My question is, how can I programatically auto-
> > login to the admin site? I understand there is a
> > "Remember Me" box, but looking for something to where I
> > click a link from my site's normal content admin and go
> > straight into WordPress, without having to enter the WP
> > admin username and password.
>
> OK, here's what your script could do:
>
> 1. POST the following name-value pairs to
> [WordPress_root]/wp-login.php:
>
> log=[your_login_name]&pwd=[your_password]&submit=Login+
> %C2%BB&redirect_to=wp-admin%2F
>
> 2. Obtain the following cookies from
> [WordPress_root]/wp-login.php:
>
> wordpressuser_[hash]=[your_login_name]; path=[WordPress_root]
> wordpresspass_[hash]=[pwd_hash]; path=[WordPress_root]
>
> where
> [hash] is a sequence of 32 hex digits, and
> [pwd_hash] is another sequence of 32 hex digits, and
>
> 3. Send these cookies to the client and then redirect the client
> to [WordPress_root]/wp-admin/
>
> Also, you might consider the possibility of going about your task
> in reverse: instead of building WordPress into your site's "normal
> content admin", build your "normal content admin" into WordPress
> as one or more plugins.
>
> Cheers,
> NC

Thanks for your well thought out reply. I do have a follow up. When
you say

> 2. Obtain the following cookies from
> [WordPress_root]/wp-login.php:

what do you mean by "obtain". Am I supposed to be parsing this file
using "fread"?

Thanks, - Dave
laredotornado [ Mi, 01 August 2007 22:39 ] [ ID #1783992 ]

Re: Creating an auto-login page

On Aug 1, 1:39 pm, "laredotorn... [at] zipmail.com"
<laredotorn... [at] zipmail.com> wrote:
>
> When you say
>
> > 2. Obtain the following cookies from
> > [WordPress_root]/wp-login.php:
>
> what do you mean by "obtain". Am I supposed to be parsing
> this file using "fread"?

No. You're supposed to parse HTTP headers returned by that file.
Something like this:

$host = 'www.yourWordPresshost.com';
$path = 'WordPress_root'; // NO OPENING OR TRAILING SLASHES!!!
$login = 'your_WordPress_login';
$password = 'your_WordPress_password';
$post_query = 'log=' . rawurlencode($login) .
'&pwd=. rawurlencode($password) .
'&submit=Login+%C2%BB&redirect_to=wp-admin%2F';
$fp = fsockopen($host, "80");
if ($fp) {
fputs($fp, "POST /".$path." HTTP/1.0\r\nHost: ".$host."\r\n");
fputs($fp, "Content-type: application/x-www-form-urlencoded\r\n");
fputs($fp, "Content-length: ". strlen($post_query) ."\r\n\r\n");
fputs($fp, $post_query);
while (!feof($fp)) {
$line = fgets($fp, 10240);
if (strlen(trim($line)) < 1) {
header('Location: http://' . $host . '/' . $path . '/wp-
admin/');
die();
} else {
list($name, $value) = explode(':' ,$line);
if (strtoupper(trim($name))) == 'SET-COOKIE' {
header($line);
}
}
}
} else {
echo "<p>Sorry, WordPress is not accessible at the moment...</p>";
}

Cheers,
NC
nc [ Do, 02 August 2007 03:18 ] [ ID #1785226 ]
PHP » alt.php » Creating an auto-login page

Vorheriges Thema: Error Reporting - Where to Start?
Nächstes Thema: remote include doesn't work with class

[ Startseite ] [ Administrator ] [ Suche ] [ Hinweise ] [ Impressum ]

Powered by FudForum