tzkmx
3/10/2020 - 10:22 PM
WIP: verify wordpress cookie "outside" wordpress
WIP: verify wordpress cookie "outside" wordpress
<?php
add_action('admin_footer', function () {
echo '<script>var tzk_nonce = "' . wp_create_nonce( 'wp_rest' ) . '";</script>';
});
add_filter('wp_verify_nonce_failed', function ($_nonce, $_action, $user, $token) {
$auth = wp_parse_auth_cookie( '', 'logged_in' );
var_dump($auth); echo "\n";
$username = $auth['username'];
$pass_frag = substr($user->user_pass, 8, 4);
$expiration = $auth['expiration'];
$token = $auth['token'];
$hmac = $auth['hmac'];
// validar expiración de cookie o no
$userdata = $username . '|' . $pass_frag . '|' . $expiration . '|' . $token;
$salt = wp_salt('logged_in'); // concatenar LOGGED_IN_KEY . LOGGED_IN_SALT
$keyhash = hash_hmac('md5', $userdata, $salt);
$hashnopass = hash_hmac('sha256', $username . '|' . $expiration . '|' . $token, $keyhash );
$equals = hash_equals($hashnopass, $hmac);
var_export(compact('username', 'pass_frag', 'expiration', 'token', 'salt', 'keyhash', 'hashnopass', 'equals', 'hmac'));
// validar token
// en user meta, con hash_hmac
return $uid;
}, 400, 4);