问题描述

我将Wordpress用于特定的客户端，因为他们需要自己编辑内容.以此，我可以根据客户的请求使用他们的页面密码保护.问题是，似乎设置的cookie永远不会超时.因此，客户端输入密码后，无需再通过同一台计算机上的同一浏览器再次输入密码.这为所有人敞开大门进入提供了方便.因此，我认为解决此问题的最佳方法是在Cookie上设置超时.但是，我不确定如何使用php函数来做到这一点.这是整个功能:

I'm using wordpress for a specific client because of their need to edit content themselves. With this, I'm using their page password protection, per client's request. The problem is, it seems that the cookie being set never times out. So, once the client enters the password, nobody ever has to enter the password again through the same browser on the same machine. This leaves it wide open for anybody to walk up to and enter. So, I assume the best way to address this is to set a timeout on the cookie. However, I'm not sure how to do that with the php function. Here's the whole function:

function post_password_required( $post = null ) {
    $post = get_post($post);

    if ( empty( $post->post_password ) )
        return false;

    if ( ! isset( $_COOKIE['wp-postpass_' . COOKIEHASH] ) )
        return true;

    require_once ABSPATH . WPINC . '/class-phpass.php';
    $hasher = new PasswordHash( 8, true );

    $hash = wp_unslash( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] );
    if ( 0 !== strpos( $hash, '$P$B' ) )
        return true;

    return ! $hasher->CheckPassword( $post->post_password, $hash );
}

真的，我希望Cookie在浏览器关闭时过期，否则每隔几个小时过期一次.在设置cookie后要添加什么使cookie过期的任何建议?

Really, I'd like to have the cookie expire when the browser closes, and otherwise every few hours. Any advice on what to add to make the cookie expire after it's set?

我认为可能必须将其添加到此行:

I believe it would probably have to be added to this line:

$hash = wp_unslash( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] );

提前感谢您的任何建议.

Thanks ahead of time for any advice.

推荐答案

使用 post_password_expires 过滤器.默认情况下，Cookie会在创建后的10天后失效. 要将其转换为会话Cookie，请返回0.应将以下内容添加到主题的 functions.php 中:

There's a much, much easier way to do this, using the post_password_expires filter. By default, the cookie expires 10 days from creation. To turn this into a session cookie, return 0. The following should be added to your theme's functions.php:

function custom_password_cookie_expiry( $expires ) {
    return 0;  // Make it a session cookie
}
add_filter( 'post_password_expires', 'custom_password_cookie_expiry' );

这篇关于退出带有Cookie timout的受Wordpress密码保护的页面?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！