i simply installed wordpress (the most recent) and im attempting to study wordpress to create my masterpieces secure like wordpress does in order to its level.
I observed upon logging into wordpress, it produced 3 snacks.
what I am trying to puzzle out is - after logging into wordpress and after it produced the snacks for that user. the hash values which are placed in to the cookie, so how exactly does that value authenticate who the consumer is? i matched up the values saved within the cookie from the values saved within the databases table known as wordpress_customers also it does not match..
things i usually do when authenticating a person is upon registration is i'll possess a column inside a table say tbl_customers known as hash and also the value that will use this column will be a sha1 conversion from the user title (the consumer produced upon registration). and upon signing in on the login page and after authenticating the consumer by checking if he is available within the db and so on. I'd produce a cookie for your user. within the cookie i'd place the hash that been around within the db and store it within the cookie. that's the way i monitored the consumer with the pages. anybody understand how wordpress does it? or possibly im doing the work the wrong manner? i'm not sure..
thanks ahead of time.
When the user authentication hash is within a cookie then it may be read, and also, since it already matches what is incorporated in the database directly it may be utilized by anybody who understands how to consider the snacks. Wordpress is applicable some publish-processing towards the user hash, I believe it's in wordpress_configurations.php.
It combines the consumer hash using the unique key you are writing into among the variables in wordpress_config.php. After that you've a unique key developed from something openly available such as the username hash or anything and from something only accessible within the script ie. not openly available. It's that combination which in turn matches what is incorporated in the db and authenticates the consumer.
Hope which makes sense. Another people may have the ability to provide you with better assistance with PHP security so you might want to build your question more general.
I'd take a look at MD5 file encryption and merely attempt to validate inside your wordPress db by using their. I've not attempted it but I wish to perform the same factor.
Only a note for you. After I was faced with similar problem while creating web applications I prevented coping with might just made the decision to make use of wordpress like a wrapper for my applications. You could have the login direct for your selected template which may be a PHP page so once inside that you can do anything however your application is going to be protected by Wordpress plus they update their security as things change. To date for me personally this is a mutually beneficial win arrangement.
I validate my customers using wordPress itself. You are able to call functions which exist in Wordpress to ensure who's drenched in and taking advantage of your application. After that you can take benefits of everything wordpress needs to offer. I really like getting PHPMyAdmin right within the wordPress Admin panel. It has made my existence increasingly simple lately and that i don't need to bother about what I'm not sure about security. In case your developing with no security expert this can be an excellent choice for you. Tell me if you wish to learn more about how exactly I am configuring it.