最近打算开发个个人博客网站,网上做博客的框架有很多,记得之前捣腾过wordpress框架,本打算拿出来继续捣腾,没想到忘记后台密码了,因为框架在本地服务器上无法通过邮箱验证,于是乎网上各种找方法,什么修改数据库md5,password,命令行,什么5种修改方式,七种修改方式,通通不奏效。本打算重新安装,但作为一名开发人员,源码在手,还能找不回来密码?于是乎开始了我的wordpress源码找密码之旅。
问题来了,该从哪里入手?头脑闪现了一个单词install(安装),于是打开目录查找含这个单词的文件,没想到在框架根目录下的/wp-admin目录下真有个install.php文件,有了安装入口文件,还能不知道是怎么配置的吗?于是继续顺藤摸瓜,寻寻觅觅。
最终找到两个函数:
wp_generate_password( 12, false );//生成12位随机密码
wp_hash_password( $pwd );//对生成的密码进行加密
index.php中调用这两个函数,将生成的加密密码替换掉数据库中的加密密码,再次登录,搞定。
接下来,阐述下捣腾的过程,涉及到源码,感兴趣的小伙伴可以继续往下看。
一、入口文件(index.php)查找安装流程入口(install.php)
访问域名或IP,默认会访问到index文件,这是做网站开发都知道的。经过载入关系(从上到下)的查找,(说明:以下斜杆“/”表示框架根目录)
入口文件(/index.php)中 载入 //加载 头部文件,以下依次载入
头部文件(/wp-blog-header.php) 中载入 //作用:加载框架环境和模板
加载文件(/wp-load.php)中载入 //作用:加载框架库
配置文件(/wp-config.php)中载入 //作用:做配置,如数据库配置、常量配置等
设置文件(/wp-settings.php)//作用:加载相关文件,调用相关函数,开始走不同流程
在根目录下的wp-settings.php文件中调用了判断是否安装框架的函数
// Run the installer if WordPress is not installed.
wp_not_installed();
通过wp-settings.php中的载入关系查找到该函数在
/wp-includes目录下的load.php文件中,函数中代码如下:
function wp_not_installed() {
if ( is_multisite() ) {
if ( ! is_blog_installed() && ! wp_installing() ) {
nocache_headers();
wp_die( __( 'The site you have requested is not installed properly. Please contact the system administrator.' ) );
}
} elseif ( ! is_blog_installed() && ! wp_installing() ) {
nocache_headers();
require ABSPATH . WPINC . '/kses.php';
require ABSPATH . WPINC . '/pluggable.php';
$link = wp_guess_url() . '/wp-admin/install.php'; //载入安装文件
wp_redirect( $link );
die();
}
}
二、进入wp-admin/install.php
该文件为前端安装页面,根据页面表单查找到关键词password,根据该关键词进行追踪,
(1)提交表单处理:
/*接收前端提交的参数*/
$weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : '';
$user_name = isset( $_POST['user_name'] ) ? trim( wp_unslash( $_POST['user_name'] ) ) : '';
$admin_password = isset( $_POST['admin_password'] ) ? wp_unslash( $_POST['admin_password'] ) : '';
$admin_password_check = isset( $_POST['admin_password2'] ) ? wp_unslash( $_POST['admin_password2'] ) : '';
$admin_email = isset( $_POST['admin_email'] ) ? trim( wp_unslash( $_POST['admin_email'] ) ) : '';
$public = isset( $_POST['blog_public'] ) ? (int) $_POST['blog_public'] : 1;
/*参数做合法性校验*/
// Check email address.
$error = false;
if ( empty( $user_name ) ) {
// TODO: Poka-yoke.
display_setup_form( __( 'Please provide a valid username.' ) );
$error = true;
} elseif ( sanitize_user( $user_name, true ) !== $user_name ) {
display_setup_form( __( 'The username you provided has invalid characters.' ) );
$error = true;
} elseif ( $admin_password !== $admin_password_check ) {
// TODO: Poka-yoke.
display_setup_form( __( 'Your passwords do not match. Please try again.' ) );
$error = true;
} elseif ( empty( $admin_email ) ) {
// TODO: Poka-yoke.
display_setup_form( __( 'You must provide an email address.' ) );
$error = true;
} elseif ( ! is_email( $admin_email ) ) {
// TODO: Poka-yoke.
display_setup_form( __( 'Sorry, that isn’t a valid email address. Email addresses look like <code>username@example.com</code>.' ) );
$error = true;
}
if ( false === $error ) {
$wpdb->show_errors();
//调用框架安装函数
$result = wp_install( $weblog_title, $user_name, $admin_email, $public, '', wp_slash( $admin_password ), $loaded_language );
根据提交表单处理流程,最终调用了wp_install()函数处理表单数据,进入该函数查看流程。
(2)、根据载入关系,在/wp-admin\includes\upgrade.php文件中查找到该函数,代码如下:
function wp_install( $blog_title, $user_name, $user_email, $is_public, $deprecated = '', $user_password = '', $language = '' ) {
if ( ! empty( $deprecated ) ) {
_deprecated_argument( __FUNCTION__, '2.6.0' );
}
wp_check_mysql_version();
wp_cache_flush();
make_db_current_silent();
populate_options();
populate_roles();
update_option( 'blogname', $blog_title );
update_option( 'admin_email', $user_email );
update_option( 'blog_public', $is_public );
// Freshness of site - in the future, this could get more specific about actions taken, perhaps.
update_option( 'fresh_site', 1 );
if ( $language ) {
update_option( 'WPLANG', $language );
}
$guessurl = wp_guess_url();
update_option( 'siteurl', $guessurl );
// If not a public site, don't ping.
if ( ! $is_public ) {
update_option( 'default_pingback_flag', 0 );
}
/*
* Create default user. If the user already exists, the user tables are
* being shared among sites. Just set the role in that case.
*/
$user_id = username_exists( $user_name );
$user_password = trim( $user_password );
$email_password = false;
$user_created = false;
if ( ! $user_id && empty( $user_password ) ) {
/************************************GET ^_^*********************************/
$user_password = wp_generate_password( 12, false );//这里得到密码生成函数
/*****************************************************************************/
$message = __( '<strong><em>Note that password</em></strong> carefully! It is a <em>random</em> password that was generated just for you.' );
$user_id = wp_create_user( $user_name, $user_password, $user_email );//创建用户
update_user_meta( $user_id, 'default_password_nag', true );
$email_password = true;
$user_created = true;
} elseif ( ! $user_id ) {
// Password has been provided.
$message = '<em>' . __( 'Your chosen password.' ) . '</em>';
$user_id = wp_create_user( $user_name, $user_password, $user_email );
$user_created = true;
} else {
$message = __( 'User already exists. Password inherited.' );
}
$user = new WP_User( $user_id );
$user->set_role( 'administrator' );
if ( $user_created ) {
$user->user_url = $guessurl;
wp_update_user( $user );
}
wp_install_defaults( $user_id );
wp_install_maybe_enable_pretty_permalinks();
flush_rewrite_rules();
wp_new_blog_notification( $blog_title, $guessurl, $user_id, ( $email_password ? $user_password : __( 'The password you chose during installation.' ) ) );
wp_cache_flush();
/**
* Fires after a site is fully installed.
*
* @since 3.9.0
*
* @param WP_User $user The site owner.
*/
do_action( 'wp_install', $user );
return array(
'url' => $guessurl,
'user_id' => $user_id,
'password' => $user_password,
'password_message' => $message,
);
}
▲▲▲到这里我们找到了 (密码生成函数 ^_^):
$user_password = wp_generate_password( 12, false );
(3)、存入数据库的密码是通过加密的,所以还得继续捣腾出密码加密方法:
$user_id = wp_create_user( $user_name, $user_password, $user_email );//创建用户
根据文件载入关系查找创建用户函数wp_create_user(),结果在/wp-includes目录下找到该函数
function wp_create_user( $username, $password, $email = '' ) {
$user_login = wp_slash( $username );
$user_email = wp_slash( $email );
$user_pass = $password;
/**
* compact() 函数创建一个包含变量名和它们的值的数组
* 任何没有变量名与之对应的字符串都被略过
*/
//将三个变量存入数组并赋值给$userdata
$userdata = compact( 'user_login', 'user_email', 'user_pass' );
return wp_insert_user( $userdata );
}
可以看到,该函数中又调用了wp_insert_user()函数,在当前文件中查到到该函数。
function wp_insert_user( $userdata ) {
global $wpdb;
if ( $userdata instanceof stdClass ) {
$userdata = get_object_vars( $userdata );
} elseif ( $userdata instanceof WP_User ) {
$userdata = $userdata->to_array();
}
// Are we updating or creating?
if ( ! empty( $userdata['ID'] ) ) {
$user_id = (int) $userdata['ID'];
$update = true;
$old_user_data = get_userdata( $user_id );
if ( ! $old_user_data ) {
return new WP_Error( 'invalid_user_id', __( 'Invalid user ID.' ) );
}
// Hashed in wp_update_user(), plaintext if called directly.
$user_pass = ! empty( $userdata['user_pass'] ) ? $userdata['user_pass'] : $old_user_data->user_pass;
} else {
$update = false;
/************************************GET ^_^*********************************/
// Hash the password.
$user_pass = wp_hash_password( $userdata['user_pass'] );//生成加密密码
/*****************************************************************************/
}
/*.....此处省略无关代码....*/
return $user_id;
}
▲▲▲到这里我们找到了 (密码加密函数 ^_^):
$user_pass = wp_hash_password( $userdata['user_pass'] );
至于密码生成和加密的详细流程,感兴趣的小伙伴可以继续追踪。
密码生成函数wp_generate_password和密码加密函数wp_hash_password
所在文件:/wp-includes\pluggable.php
好了,欢迎评论点赞转发,^_^!