AI助手支持GPT4.0
This plugin allows admininstators to generate autologin links for their
此插件允许管理员为他们的管理员生成自动登录链接
WordPress website, logging in visitors under a certain user name.
WordPress网站,使用特定用户名登录访问者。
Administrators
管理员
can edit (generate and delete) autologin links for users, users can only view
可以为用户编辑(生成和删除)自动登录链接,用户只能查看
their autologin links.
他们的自动登录链接。
Note that This plugin bypasses the standard请注意,此插件会绕过标准authentication method of wordpress via login and password and should only be通过登录名和密码对wordpress进行身份验证的方法,只能是used if you understand the security issues mentioned below and on the如果您了解下面以及上提到的安全问题,请使用plugin website.插件网站。 strong> p>Usage 用法 strong> p>Once this plugin is activated, administrators can generate autologin links on激活此插件后,管理员可以在上生成自动登录链接the edit profile administration pages for different users.针对不同用户的编辑配置文件管理页面。Users can view their用户可以查看他们的autlogin links on their profile pages.他们个人资料页面上的autlogin链接。Autologin links are of the form:自动登录链接的格式为: p>http://yourwebsite/[subdirectory/]?autologin_code=ABC123 http://您的网站/ [子目录/]?autologin_code = ABC123 p>For more convenience it is possible since version 1.05 to generate login links为方便起见,从1.05版开始就有可能生成登录链接directly using the wordpress, site-preview functionality.直接使用wordpress网站预览功能。When viewing the page查看页面时while being logged in as an administrator, the top-bar will show an extra item以管理员身份登录时,顶部栏将显示一个额外的项目“Auto-login link”.“自动登录链接”。When pointing at the menu item, a dropdown list will list指向菜单项时,将列出一个下拉列表all users for whom autologin links were generated on their profile pages.在其个人资料页面上为其生成自动登录链接的所有用户。When什么时候clicking on one of the users, a popup will open showing the link that will点击其中一个用户,将打开一个弹出窗口,显示该链接,该链接将automatically login a visitor as the selected user and bring him to the自动以所选用户身份登录访客并将其带到current page.当前页面。 p>Security issues 安全问题 strong> p>Since autologin links are meant to be an OPEN way to login to由于自动登录链接是登录OPEN的一种开放方式your website and can be viewed by users on their profile, it might be considered您的网站,并且可以被用户在其个人资料上查看,这可能被认为an INSECURE plugin for WordPress.WordPress的不安全插件。I did my best to make it as secure as possible我尽力使它尽可能安全to fit my own needs, but this lead to some design choices which might not sit满足我自己的需求,但这导致一些可能无法使用的设计选择well with all administrators:与所有管理员都很好: p>Autologin codes are saved as plain text. This means that anyone who can 自动登录代码将另存为纯文本。 strong>这意味着任何可以execute queries on the WordPress database (plugins, administrators, system在WordPress数据库上执行查询(插件,管理员,系统administrators) can obtain the autologin code for a certain user.管理员)可以获取特定用户的自动登录代码。I planned an我计划了一个extension of this plugin where login codes are hashed.此插件的扩展名,其中登录代码被哈希化。However, this again has但是,这又有the disadvantage that noone can redisplay a once generated login link.缺点是没有人可以重新显示一次生成的登录链接。 p>This is the most severe problem.这是最严重的问题。For a full self-assesment of possible security全面自我评估可能的安全性issues regarding this problem, please visit the有关此问题的问题,请访问plugin website.插件网站。 p>
请注意,此插件会绕过标准authentication method of wordpress via login and password and should only be通过登录名和密码对wordpress进行身份验证的方法,只能是used if you understand the security issues mentioned below and on the如果您了解下面以及上提到的安全问题,请使用plugin website.
authentication method of wordpress via login and password and should only be
通过登录名和密码对wordpress进行身份验证的方法,只能是
used if you understand the security issues mentioned below and on the
如果您了解下面以及上提到的安全问题,请使用
plugin website.
插件网站。 strong> p>
Usage
用法 strong> p>Once this plugin is activated, administrators can generate autologin links on激活此插件后,管理员可以在上生成自动登录链接the edit profile administration pages for different users.针对不同用户的编辑配置文件管理页面。Users can view their用户可以查看他们的autlogin links on their profile pages.他们个人资料页面上的autlogin链接。Autologin links are of the form:自动登录链接的格式为: p>http://yourwebsite/[subdirectory/]?autologin_code=ABC123 http://您的网站/ [子目录/]?autologin_code = ABC123 p>For more convenience it is possible since version 1.05 to generate login links为方便起见,从1.05版开始就有可能生成登录链接directly using the wordpress, site-preview functionality.直接使用wordpress网站预览功能。When viewing the page查看页面时while being logged in as an administrator, the top-bar will show an extra item以管理员身份登录时,顶部栏将显示一个额外的项目“Auto-login link”.“自动登录链接”。When pointing at the menu item, a dropdown list will list指向菜单项时,将列出一个下拉列表all users for whom autologin links were generated on their profile pages.在其个人资料页面上为其生成自动登录链接的所有用户。When什么时候clicking on one of the users, a popup will open showing the link that will点击其中一个用户,将打开一个弹出窗口,显示该链接,该链接将automatically login a visitor as the selected user and bring him to the自动以所选用户身份登录访客并将其带到current page.当前页面。 p>Security issues 安全问题 strong> p>Since autologin links are meant to be an OPEN way to login to由于自动登录链接是登录OPEN的一种开放方式your website and can be viewed by users on their profile, it might be considered您的网站,并且可以被用户在其个人资料上查看,这可能被认为an INSECURE plugin for WordPress.WordPress的不安全插件。I did my best to make it as secure as possible我尽力使它尽可能安全to fit my own needs, but this lead to some design choices which might not sit满足我自己的需求,但这导致一些可能无法使用的设计选择well with all administrators:与所有管理员都很好: p>Autologin codes are saved as plain text. This means that anyone who can 自动登录代码将另存为纯文本。 strong>这意味着任何可以execute queries on the WordPress database (plugins, administrators, system在WordPress数据库上执行查询(插件,管理员,系统administrators) can obtain the autologin code for a certain user.管理员)可以获取特定用户的自动登录代码。I planned an我计划了一个extension of this plugin where login codes are hashed.此插件的扩展名,其中登录代码被哈希化。However, this again has但是,这又有the disadvantage that noone can redisplay a once generated login link.缺点是没有人可以重新显示一次生成的登录链接。 p>This is the most severe problem.这是最严重的问题。For a full self-assesment of possible security全面自我评估可能的安全性issues regarding this problem, please visit the有关此问题的问题,请访问plugin website.插件网站。 p>
Once this plugin is activated, administrators can generate autologin links on
激活此插件后,管理员可以在上生成自动登录链接
the edit profile administration pages for different users.
针对不同用户的编辑配置文件管理页面。
Users can view their
用户可以查看他们的
autlogin links on their profile pages.
他们个人资料页面上的autlogin链接。
Autologin links are of the form:
自动登录链接的格式为: p>
http://yourwebsite/[subdirectory/]?autologin_code=ABC123
http://您的网站/ [子目录/]?autologin_code = ABC123 p>
For more convenience it is possible since version 1.05 to generate login links
为方便起见,从1.05版开始就有可能生成登录链接
directly using the wordpress, site-preview functionality.
直接使用wordpress网站预览功能。
When viewing the page
查看页面时
while being logged in as an administrator, the top-bar will show an extra item
以管理员身份登录时,顶部栏将显示一个额外的项目
“Auto-login link”.
“自动登录链接”。
When pointing at the menu item, a dropdown list will list
指向菜单项时,将列出一个下拉列表
all users for whom autologin links were generated on their profile pages.
在其个人资料页面上为其生成自动登录链接的所有用户。
When
什么时候
clicking on one of the users, a popup will open showing the link that will
点击其中一个用户,将打开一个弹出窗口,显示该链接,该链接将
automatically login a visitor as the selected user and bring him to the
自动以所选用户身份登录访客并将其带到
current page.
当前页面。 p>
Security issues
安全问题 strong> p>Since autologin links are meant to be an OPEN way to login to由于自动登录链接是登录OPEN的一种开放方式your website and can be viewed by users on their profile, it might be considered您的网站,并且可以被用户在其个人资料上查看,这可能被认为an INSECURE plugin for WordPress.WordPress的不安全插件。I did my best to make it as secure as possible我尽力使它尽可能安全to fit my own needs, but this lead to some design choices which might not sit满足我自己的需求,但这导致一些可能无法使用的设计选择well with all administrators:与所有管理员都很好: p>Autologin codes are saved as plain text. This means that anyone who can 自动登录代码将另存为纯文本。 strong>这意味着任何可以execute queries on the WordPress database (plugins, administrators, system在WordPress数据库上执行查询(插件,管理员,系统administrators) can obtain the autologin code for a certain user.管理员)可以获取特定用户的自动登录代码。I planned an我计划了一个extension of this plugin where login codes are hashed.此插件的扩展名,其中登录代码被哈希化。However, this again has但是,这又有the disadvantage that noone can redisplay a once generated login link.缺点是没有人可以重新显示一次生成的登录链接。 p>This is the most severe problem.这是最严重的问题。For a full self-assesment of possible security全面自我评估可能的安全性issues regarding this problem, please visit the有关此问题的问题,请访问plugin website.插件网站。 p>
Since autologin links are meant to be an OPEN way to login to
由于自动登录链接是登录OPEN的一种开放方式
your website and can be viewed by users on their profile, it might be considered
您的网站,并且可以被用户在其个人资料上查看,这可能被认为
an INSECURE plugin for WordPress.
WordPress的不安全插件。
I did my best to make it as secure as possible
我尽力使它尽可能安全
to fit my own needs, but this lead to some design choices which might not sit
满足我自己的需求,但这导致一些可能无法使用的设计选择
well with all administrators:
与所有管理员都很好: p>
Autologin codes are saved as plain text. This means that anyone who can
自动登录代码将另存为纯文本。 strong>这意味着任何可以execute queries on the WordPress database (plugins, administrators, system在WordPress数据库上执行查询(插件,管理员,系统administrators) can obtain the autologin code for a certain user.管理员)可以获取特定用户的自动登录代码。I planned an我计划了一个extension of this plugin where login codes are hashed.此插件的扩展名,其中登录代码被哈希化。However, this again has但是,这又有the disadvantage that noone can redisplay a once generated login link.缺点是没有人可以重新显示一次生成的登录链接。 p>This is the most severe problem.这是最严重的问题。For a full self-assesment of possible security全面自我评估可能的安全性issues regarding this problem, please visit the有关此问题的问题,请访问plugin website.插件网站。 p>
execute queries on the WordPress database (plugins, administrators, system
在WordPress数据库上执行查询(插件,管理员,系统
administrators) can obtain the autologin code for a certain user.
管理员)可以获取特定用户的自动登录代码。
I planned an
我计划了一个
extension of this plugin where login codes are hashed.
此插件的扩展名,其中登录代码被哈希化。
However, this again has
但是,这又有
the disadvantage that noone can redisplay a once generated login link.
缺点是没有人可以重新显示一次生成的登录链接。 p>
This is the most severe problem.
这是最严重的问题。
For a full self-assesment of possible security
全面自我评估可能的安全性
issues regarding this problem, please visit the
有关此问题的问题,请访问
插件网站。 p>
ol>
原文出处:http://www.sanshu.cn/a/3355.html
群主管理都是支付大佬