Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- require '/var/www/store/wp-includes/user.php';
- $credentials = array();
- $credentials['user_login'] = $_POST['username'];
- $credentials['user_password'] = $_POST['password'];
- $credentials['remember'] = true;
- $autologin_user = wp_signon( $credentials, is_ssl() );
- $url_wp = 'https://domain.tld/store/';
- //$postdata = "log=" . $username . "&pwd=" . $password . "&wp-submit=Log%20In&redirect_to=" . $url_wp . "wp-admin/&testcookie=1";
- $postdata = "log=" . $username . "&pwd=" . $password . "&wp-submit=Log%20In&redirect_to=" . $url_wp;
- $ch = curl_init();
- curl_setopt ($ch, CURLOPT_URL, $url_wp . "wp-login.php");
- curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
- curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36");
- curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
- curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 0);
- curl_setopt ($ch, CURLOPT_REFERER, $url_wp . "wp-login.php");
- curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);
- curl_setopt ($ch, CURLOPT_POST, 1);
- $result = curl_exec ($ch);
- curl_close($ch);
- $curl = curl_init();
- curl_setopt_array($curl, array(
- CURLOPT_URL => "https://domain.tld/store/wp-json/jwt-auth/v1/token?username=ambro&password=123456789012345",
- CURLOPT_RETURNTRANSFER => true,
- CURLOPT_ENCODING => "",
- CURLOPT_MAXREDIRS => 10,
- CURLOPT_TIMEOUT => 30,
- CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
- CURLOPT_CUSTOMREQUEST => "POST",
- CURLOPT_POSTFIELDS => "",
- ));
- $response = curl_exec($curl);
- $err = curl_error($curl);
- curl_close($curl);
- // get the token and other data
- $wp_api_response = json_decode($response, true);
- // $wp_api_response['token'];
- // $wp_api_response['user_email'];
- // $wp_api_response['user_nicename'];
- // $wp_api_response['user_display_name'];
- // with the token now we need to send a request to login
- // "Authorization: Bearer ".$wp_api_response['token']
- // "Authorization: Bearer " . $wp_api_response['user_display_name'].$wp_api_response['token']
- // store the token in a cookie
- setcookie(
- 'office_wp_auth',
- $wp_api_response['token'], // cookie value
- time() + (86400 * 30), // 30 days
- '/', // the cookie will be available within the entire domain.
- '',
- TRUE, // Only send cookie over HTTPS, never unencrypted HTTP
- TRUE // Don't expose the cookie to JavaScript
- );
Add Comment
Please, Sign In to add comment