I do authorization in the Unity application for my raised site (store) on WordPress (woocommerce).

When entering the login and password, the application should return the user id and its name from the database to me. With login everything is a great match, but with the password problem: a match does not occur.

In the Unity application, for example, I enter the password "1234qwerty", using the connection of unity with the php-script, it is encoded into MD5 type and sent to the database to compare it in a cell, in the database cell the password is approximately like this: "$ P $ BBoBeLvbVYRyFLR5OcuqvPrmKEIKU2 / ".

As a result, I decided to check in what form the password reaches the database for comparison, and it comes in this form "06a8647723d4d285aefdb02ed285220b" which naturally does not coincide with the password that lies in the database cell: "$ P $ BBoBeLvbVYRyFLR5OcuqvPrmKEIKU2 /".

And how to achieve such a password encoding so that they coincide without a clue as there is little experience in php, without a match I can’t do a normal authorization with entering a login and password.

I make a connection with the site database using a php script:

<? $command=$_POST['command']; $databasehost="*******"; $databaseuser="*******"; $databasepassword="*******"; $databasename="*******"; $db = mysql_connect($databasehost,$databaseuser,$databasepassword)or die("cannot connect"); mysql_select_db($databasename,$db)or die("cannot select DB"); mysql_query('SET CHARACTER SET utf8'); mysql_query('SET NAMES utf8'); switch($command) { case "logined": $login=$_POST['login']; //from Unity strings $pass=$_POST['pass']; //from Unity strings //$pass = sha1($pass); $pass = md5($pass); //кодировка в md5 $res = mysql_query("SELECT * FROM wp_users WHERE user_login='$login'"); //AND user_pass='$pass'"); $res_myrow = mysql_fetch_array($res); $dbPass = $res_myrow['user_pass']; $id = $res_myrow['ID']; //! empty $name = $res_myrow['user_nicename']; if(password_verify($pass, $dbPass)) { echo "done "; }else{ echo "Error password_verify "; } echo "us->$login : pas->$pass : id->$id : name->$name"; break; } ?>

In Unity, here is a script to send the fields: login and pass

 using System.Collections; using System.Collections.Generic; using UnityEngine; public class MysqlConnect : MonoBehaviour { private string username = ""; //Переменная для хранения имени private string pswd = ""; //Переменная для хранения пароля public string url = "*******"; //Переменная для хранения адреса //Создание метода, отвечающего за подключение и передачу данных public void Connect(){ WWWForm form = new WWWForm(); form.AddField("command", "logined"); form.AddField("login", username); form.AddField("pass", pswd); WWW www = new WWW(url, form); StartCoroutine(WaitReqwest(www)); } private IEnumerator WaitReqwest(WWW www){ yield return www; if (www.text.Length > 0) { Debug.Log("Ответ " + www.text); } } //Создаём метод OnGUI() void OnGUI() { //Создаём текстовое поле для ввода имени пользователя username = GUI.TextField(new Rect(Screen.width/2-100, Screen.height/2-100, 200, 20), username, 20); //Создаём текстовое поле для ввода пароля pswd = GUI.TextField(new Rect(Screen.width/2-100, Screen.height/2-75, 200, 20), pswd, 12); //Создаём кнопку для произведения подключения if (GUI.Button(new Rect(Screen.width/2-100, Screen.height/2-25, 200, 20), "Connect")) { Connect(); } } }
  • in the database, it means that you do not have md5 , but something else .... md5 lines 1234qwerty will be deaad792606928825c0bf85cd46e9edf .... apparently you need to find passwords in the Wordpress and also do it - Alexey Shimansky
  • all passwords in the WP base start with $ P $ B - this is definitely not md5 in its pure form - KAGG Design

1 answer 1

WordPress is long gone from using md5 in passwords. The Portable PHP password hashing framework has been used for several years now.

This hash creates a dynamic one. For example, we set the same 1234qwerty password to the same user twice. The results in the database are different:

 $P$BO3FF.P7juE2PL.YLD6ggOV9Fk1hnz/ $P$BAkIMkL/cnvMgjh84BeQovZKzrFGg7.

Summary: do not reinvent the wheel. In WordPress, everything has been provided for a long time. Your task is solved in one line of code in WordPress:

 $result = wp_authenticate( 'ttt', '1234qwerty' );

The function returns a data object about the user WP_User if successful and a WP_Error object in case of an error.

Naturally, such a call can not be made from a certain file in the WordPress folder. It is necessary to initialize the CMS. Add something like this to functions.php :

 add_action( 'init', 'check_auth' ); function check_auth() { $command=$_POST['command']; switch($command) { case "logined": $login=$_POST['login']; //from Unity strings $pass=$_POST['pass']; //from Unity strings $result = wp_authenticate( $login, $pass ); if ( is_wp_error( $result ) ) { wp_send_json_error(); } else { wp_send_json_success(); } } }
  • I can not figure out, I added your code to functions.php, now I don’t understand what I’m going to call me from unity, and where to call the line $ result = wp_authenticate ('ttt', '1234qwerty'); As I understand it, I must receive in unity back that the authorization was successful, and after that I will be able to pull from the ID base of the user entered. I tried to turn from unity to wp-includes / functions.php. But without results - Crozen93
  • one
    You send a POST request. Send it to any page of the WordPress site, for example, to the main page. The init hook code will work anyway. Will process your request and send a response. And if there was no POST request, then it will just work out, doing nothing, and this ensures the normal functioning of the site on WP. - KAGG Design
  • one
    Corrected the code, there in $ is not used is_wp_error. - KAGG Design
  • Thanks, it seems to work, it returns the value {"success": true} / {"success": false}, now I’ll understand how to get the ID and the rest of the data of this authorized user. - Crozen93
  • one
    Yes, directly object WP_User parameter in json_success - KAGG Design