使用带有 php 脚本的 Wordpress 用户凭据将数据发送到 iOS 应用程序

所以我一直在工作我的 *%&过去两天关闭以尝试使这项工作，但我总是卡在同一部分:将从 iOS 应用程序收到的计算机密码与存储在 Wordpress DB 中的散列密码进行比较.

So I've been working my *%& off for the past two days to try to make this work but I always get stuck at the same part : Comparing the computer password received from the iOS App with the hashed password stored in Wordpress DB.

一点背景:基本上只是 ios 故事板上的一个登录页面，将用户输入的电子邮件和密码发送到 php 脚本，该脚本检查链接到已发送电子邮件的哈希密码是否与已发送密码的哈希版本相同.

A little background : Basically just a login page on an ios storyboard sending the email and password the user inputs to a php script that checks if the hashed password linked to the sent email is the same as the hashed version of the sent password.

斯威夫特&iOS 不是这里的问题，所以我会省去那些代码.我正在使用 PostMan 进行测试以发送带有正确参数的 HTTP POST 请求:

Swift & iOS is't the problem here, so I'll spare you that code. I'm doing my testing using PostMan to send the HTTP POST Request with the correct parameters :

• 标题 --> 内容类型:application/x-www-form-urlencoded
• 正文 --> 电子邮件:email@email.com &密码:testpasswd

现在这是登录页面的原始代码:

Now here is the original code for the login page :

<?php

require("Connection.php");
require("SQLDao.php");
$email = htmlentities($_POST["email"]);
$password = htmlentities($_POST["password"]);
$returnValue = array();

echo json_encode("Hello World");

if(empty($email) || empty($password))
{
$returnValue["status"] = "error";
$returnValue["message"] = "There is a missing field";
echo json_encode($returnValue);
return;
}

$dao = new MySQLDao();
$dao->openConnection();
$userDetails = $dao->getUserDetailsWithPassword($email,$password);

if($userDetails) {
  $returnValue["status"] = "Success";
  $returnValue["message"] = "User logged in !";
  echo json_encode($returnValue);
} else {
  $returnValue["status"] = "error";
  $returnValue["message"] = "User not found";
  echo json_encode($returnValue);
}

$dao->closeConnection();

?>

大部分SQLDao.php 基本上处理SQL连接函数，但也处理这个函数:

Most of SQLDao.php basically handles the SQL connection functions but also this function :

public function getUserDetailsWithPassword($email, $userPassword)
{
$returnValue = array();
$sql = "select id,user_email from vswp_users where user_email='" . $email . "' and user_pass='" .$userPassword . "'";

$result = $this->conn->query($sql);
  if ($result != null && (mysqli_num_rows($result) >= 1)) {
    $row = $result->fetch_array(MYSQLI_ASSOC);
    if (!empty($row)) {
      $returnValue = $row;
    }
  }
  return $returnValue;
}

但是这段代码显然会检查发送到 Wordpress Hashed 版本的密码，所以它总是返回 false.

But this code obviously checks the sent password to the Wordpress Hashed version, so it always returns false.

通过我的研究，我找到了这个，但它没有给我一个可行的解决方案:

Through my research, I found this, but it didn't gave me a working solution :

研究编号1 : include(phpass.php) + CheckPassword 函数我会有类似的东西:

Research no. 1 : include(phpass.php) + CheckPassword function Where I would have something similar to this :

public function getUserDetailsWithHashedPassword($email, $userPassword)
{
  include_once("../wp-config.php");
  include_once("../wp-includes/class-phpass.php");
  $returnValue = array();
  $query = mysql_query("SELECT * FROM vswp_users WHERE user_email = '$email'");
  $row = mysql_fetch_array($query);

  $wp_hasher = new PasswordHash(8, TRUE);

  $password_hashed = $row['user_pass'];

  $passwordMatch = $wp_hasher->CheckPassword($userPassword, $password_hashed) || $password_hashed == md5($userPassword);

  if ($passwordMatch) {
    echo json_encode("Passwords match");
    $returnValue = TRUE;
  } else {
    echo json_encode("Passwords do not match");
    $returnValue = FALSE;
  }
  return $passwordMatch;
}

但这只是返回Hello World"，但没有显示 if($passwordMatch) 选项.

But this simply returns the "Hello World" but neither options of the if($passwordMatch) are shown.

对于这个长问题，我深表歉意，希望有人能指出我解决这个问题的正确方向.

I apologize for this long question, hopefully someone can point me towards the right direction to fix this.

感谢您的帮助！！

EDIT 1:通过使用 echo json_encode("Hello World"); 的一些测试，我发现脚本基本上在行之后停止 --> ERASED SINCE NON-RELEVANT ANYMORE

EDIT 1 : Through some testing using echo json_encode("Hello World"); I was able find that basically the script stops after the line --> ERASED SINCE NON-RELEVANT ANYMORE

编辑 2:我越来越接近了，感谢 CBroe 的想法，我能够通过适当的 PHP 报告找到更多信息.我能够通过将存储在数据库中的散列密码作为 $storedPassword 的值直接放在登录文件中来使其工作，并且它起作用了.但是现在我面临的唯一问题是，在使用 mysql 执行此操作时，出现以下错误:substr() 期望参数 1 是一个字符串，数组在/[...]/class-phpass.php 中给出.似乎我只是缺少一些东西来将密码从 mysql 数据库转换为它的字符串版本.这是我的功能:

EDIT 2 : I'm getting close, thanks to CBroe idea, I was able to find more information with proper PHP Reporting. I was able to make it work by putting the hashed password stored in the database directly in the login file as a value of $storedPassword and it worked. But now the only problem I'm facing is that while doing this with mysql, I'm getting the following error : substr() expects parameter 1 to be a string, array given in /[...]/class-phpass.php. It seems like I'm only missing a little something to convert the password from the mysql database to a string version of it. Here is my function :

public function getUserDetailsWithHashedPassword($email, $userPassword)
{
  require_once("/home/[hosting provider directories]/public_html/wp-includes/class-phpass.php");
  $returnValue = array();

  $sql = "select user_pass from vswp_users where user_email='" . $email . "'";
  $result = $this->conn->query($sql);
  if ($result != null && (mysqli_num_rows($result) >= 1)) {
    $row = $result->fetch_array(MYSQLI_ASSOC);
    if (!empty($row)) {
      $storedPassword = $row;
    }
  }
  $wp_hasher = new PasswordHash(8, TRUE);
  $passwordMatch = $wp_hasher->CheckPassword($userPassword, $storedPassword);

  if($passwordMatch === TRUE) {
    $returnValue = TRUE;
  } else {
    $returnValue = FALSE;
  }
  return $returnValue;
}

再次感谢！！