WP 模板代码在操作之前运行

Question

我制作了一个 Wordpress 页面模板，用于登录并使用 API 验证一些外部登录。这是我正在使用的代码。

<?php
/*
Template Name: Login
*/
if(isset($_POST['username']) && !empty($_POST['username'])){

    global $wpdb;

    //We shall SQL escape all inputs
    $username = $wpdb->escape($_REQUEST['username']);
    $password = $wpdb->escape($_REQUEST['password']);
    $remember = $wpdb->escape($_REQUEST['rememberme']);

    if($remember) $remember = "true";
    else $remember = "false";

    $login_data = array();
    $login_data['user_login'] = $username;
    $login_data['user_password'] = $password;
    $login_data['remember'] = $remember;

    $user_verify = wp_signon($login_data, false);

        if(is_wp_error($user_verify)){
            $token = '';
            $url = "URL";
            $cookie = "h8gkh8.txt";
            $ch = curl_init();

            curl_setopt($ch, CURLOPT_URL, $url);
            curl_setopt($ch, CURLOPT_COOKIEJAR, '/tmp/' . $cookie);
            curl_setopt($ch, CURLOPT_COOKIEFILE, '/tmp/' . $cookie);

            curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

            $response = curl_exec($ch);
            if (curl_errno($ch))
                die(curl_error($ch));

            $doc = new DOMDocument();
            $doc->loadHTML($response);
            $el = $doc->getElementsByTagName("input");

            for ($i = 0; $i < $el->length; $i++) {
                $attr = $el->item($i)->getAttribute('name');
                if ($attr == '_csrfhash') {
                    $token = $el->item($i)->getAttribute('value');
                }
            }

            curl_setopt($ch, CURLOPT_RETURNTRANSFER, 0);
            curl_setopt($ch, CURLOPT_POST, 1);

            $params = array(
                'scemail' => $username,
                'scpassword' => $password,
                '_csrfhash' => $token
            );

            curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($params));

            $r = curl_exec($ch);

            if (curl_errno($ch)){
                print curl_error($ch);
            }else{
                $login_data = array();
                $login_data['user_login'] = "Custom username";
                $login_data['user_password'] = "Custom password";
                $login_data['remember'] = $remember;
                $user_verify = wp_signon( $login_data, false );
                echo "<script type='text/javascript'>window.location='". home_url() ."'</script>";
                exit();
            }
            curl_close($ch);

            header("Location: " . home_url() . "/login/error/");
            //Note, I have created a page called "Error" that is a child of the login page to handle errors. This can be anything, but it seemed a good way to me to handle errors.*/
        }else{
            echo "<script type='text/javascript'>window.location='". home_url() ."'</script>";
            exit();
        }

}
else{
        // No login details entered - you should probably add some more user feedback here, but this does the bare minimum
        echo "Invalid login details";

    };

?>
<form id="login" name="form" action="<?php echo home_url(); ?>/login/" method="post">
        <input id="username" type="text" placeholder="Username" name="username">
        <input id="password" type="password" placeholder="Password" name="password">
        <input id="submit" type="submit" name="submit" value="Submit">
</form>

我的问题是 PHP 代码部分在我点击提交按钮之前运行，你们能帮我解决这个问题吗？

谢谢

PS：如果您在我的代码中发现任何其他错误，也请随时报告！

Answer 1

您的代码工作正常。只需删除 else 部分

        <?php
        /*
        Template Name: Login
        */
        if((isset($_POST['username'])) && (!empty($_POST['username']))){

           //We shall SQL escape all inputs
            $username = $wpdb->escape($_REQUEST['username']);
            $password = $wpdb->escape($_REQUEST['password']);
            $remember = $wpdb->escape($_REQUEST['rememberme']);

            if($remember) $remember = "true";
            else $remember = "false";

            $login_data = array();
            $login_data['user_login'] = $username;
            $login_data['user_password'] = $password;
            $login_data['remember'] = $remember;

            $user_verify = wp_signon($login_data, false);

                if(is_wp_error($user_verify)){
                    $token = '';
                    $url = "URL";
                    $cookie = "h8gkh8.txt";
                    $ch = curl_init();

                    curl_setopt($ch, CURLOPT_URL, $url);
                    curl_setopt($ch, CURLOPT_COOKIEJAR, '/tmp/' . $cookie);
                    curl_setopt($ch, CURLOPT_COOKIEFILE, '/tmp/' . $cookie);

                    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

                    $response = curl_exec($ch);
                    if (curl_errno($ch))
                        die(curl_error($ch));

                    $doc = new DOMDocument();
                    $doc->loadHTML($response);
                    $el = $doc->getElementsByTagName("input");

                    for ($i = 0; $i < $el->length; $i++) {
                        $attr = $el->item($i)->getAttribute('name');
                        if ($attr == '_csrfhash') {
                            $token = $el->item($i)->getAttribute('value');
                        }
                    }

                    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 0);
                    curl_setopt($ch, CURLOPT_POST, 1);

                    $params = array(
                        'scemail' => $username,
                        'scpassword' => $password,
                        '_csrfhash' => $token
                    );

                    curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($params));

                    $r = curl_exec($ch);

                    if (curl_errno($ch)){
                        print curl_error($ch);
                    }else{
                        $login_data = array();
                        $login_data['user_login'] = "Custom username";
                        $login_data['user_password'] = "Custom password";
                        $login_data['remember'] = $remember;
                        $user_verify = wp_signon( $login_data, false );
                        echo "<script type='text/javascript'>window.location='". home_url() ."'</script>";
                        exit();
                    }
                    curl_close($ch);

                    header("Location: " . home_url() . "/login/error/");
                    //Note, I have created a page called "Error" that is a child of the login page to handle errors. This can be anything, but it seemed a good way to me to handle errors.*/
                }else{
        echo "<script type='text/javascript'>window.location='". home_url() ."'</script>";
        exit();
    }

        }

        ?>
        <form id="login" name="form" action="<?php echo home_url(); ?>/login/" method="post">
                <input id="username" type="text" placeholder="Username" name="username">
                <input id="password" type="password" placeholder="Password" name="password">
                <input id="submit" type="submit" name="submit" value="Submit">
        </form>

Answer 2

你必须调整你的 if/else 语句。您正在检查 $_POST['username'] 是否已设置且不为空。如果其中一项不正确，您将生成消息无效的登录详细信息。

pronlem 是，如果用户访问该站点，则永远不会设置 $_POST['username']。您可以使用 elseif 语句来捕捉这种情况，例如：

if(isset($_POST['username']) && !empty($_POST['username'])){
    /* your code */
} elseif(isset($_POST['username']) && empty($_POST['username'])) {
    echo "Invalid login details";
}

这还会检查$_POST['username'] 是否设置并且是否为空。如果为真，则会显示消息。