在jQuery Mobile的使用Word preSS进行身份验证,PhoneGap的应用身份验证、Mobile、jQuery、Word

由网友(野荷的香馥)分享简介:我已经建立了使用jQuery Mobile和PhoneGap的一个应用程序。从Word preSS网站使用Ajax和一个Word preSS JSON插件的应用程序获取的内容。I have built an app using jQuery mobile and PhoneGap.The app fetches...

我已经建立了使用jQuery Mobile和PhoneGap的一个应用程序。 从Word preSS网站使用Ajax和一个Word preSS JSON插件的应用程序获取的内容。

I have built an app using jQuery mobile and PhoneGap. The app fetches content from a Wordpress website using ajax and a Wordpress json plugin.


Now i wish to extend the functionality of the app to give users the posibility to update content.


For this they would have to login in wordpress.


I intend it to work somethin like this:

在用户名和放大器;密码从客户端发送到服务器使用Ajax 返回令牌返回到客户端从服务器 在客户端存储令牌(本地存储) 发送令牌,每个请求服务器,并验证它 服务器端。 Username & password sent from client to server with ajax Return token back to client from server Store token in client (local storage) Send that token with each requests to server and validate it serverside.

编辑: 到目前为止,我得到这个创建令牌,并返回它:

So far I got this to create the token and return it:

add_action( 'wp_ajax_nopriv_ajaxlogin', 'ajax_login' );
add_action( 'wp_ajax_priv_ajaxlogin', 'ajax_login' );

function ajax_login(){

    $info = array();
    $info['user_login'] = $_POST['username'];
    $info['user_password'] = $_POST['password'];
    $info['remember'] = true;

    $user = wp_signon( $info, false );
    if ( is_wp_error($user) ){
        echo json_encode(array('loggedin'=>false, 'message'=>__('Invalid username or password.')));
    } else {

        $expiration = $expire = time() + (14 * 24 * 60 * 60);

        $pass_frag = substr($user->user_pass, 8, 4);

        $key = wp_hash($user->user_login . $pass_frag . '|' . $expiration, $scheme);
        $hash = hash_hmac('md5', $user->user_login . '|' . $expiration, $key);

        $token = $user->user_login . '|' . $expiration . '|' . $hash;

        echo json_encode(array('loggedin'=>true, 'token'=>$token, 'message'=>__('Login successful...')));




And this to verify the token:

function token_auth($token){

    list($username, $expiration, $hmac) = $token;

    $expired = $expiration;

    // Allow a grace period for POST and AJAX requests
    if ( defined('DOING_AJAX') || 'POST' == $_SERVER['REQUEST_METHOD'] )
        $expired += HOUR_IN_SECONDS;

    // Quick check to see if an honest cookie has expired
    if ( $expired < time() ) {
        return false;

    $user = get_user_by('login', $username);
    if ( ! $user ) {
        return false;

    $pass_frag = substr($user->user_pass, 8, 4);

    $key = wp_hash($username . $pass_frag . '|' . $expiration, $scheme);
    $hash = hash_hmac('md5', $username . '|' . $expiration, $key);

    if ( $hmac != $hash ) {
        return false;

    if ( $expiration < time() ) // AJAX/POST grace period set above
        $GLOBALS['login_grace_period'] = 1;

    return true;

    wp_set_current_user( $user->ID );



$('form#login').submit( function(e){
                    $('form#login p.status').show().text('Sending user info, please wait...');
                        type: 'POST',
                        dataType: 'json',
                        url: 'http://example.com/wp-admin/admin-ajax.php',
                        username: $('form#login #username').val(),
                        password: $('form#login #password').val(),
                        data: { 
                            'action': 'ajaxlogin',
                            'username': $('form#login #username').val(), 
                            'password': $('form#login #password').val() },
                        success: function(data){
                            $('form#login p.status').text(data.message);
                            if (data.loggedin == true){
                                $.mobile.changePage( "/blog.html", { changeHash: false });


Still work in progress.


Is there some way to encrypt passwords incase someone is not using https?


您需要使用 wp_set_auth_cookie($用户自&GT; ID); 如果登录成功设置认证的cookie,将被所有后续请求。

You need to use wp_set_auth_cookie( $user->ID ); if login is successful to set the authentication cookies which will be used by all subsequent requests.


