跳到內容
  • 登入
  • 註冊
WordPress.org

Hong Kong 香港中文

  • 佈景主題
  • 外掛
  • News
  • Support
  • About
  • 重要通知
  • WordPress 常見問題
  • 團隊
  • 取得 WordPress
取得 WordPress

外掛

  • 我的收藏
  • Beta測試
  • 開發者

這個外掛並未在最新的 3 個 WordPress 主要版本上進行測試。開發者可能不再對這個外掛進行維護或提供技術支援,並可能會與更新版本的 WordPress 產生使用上的相容性問題。

下載

Autologin Links

由Paul Konstantin Gerke
  • 詳情
  • 評價
  • 安裝
  • 開發
支援

描述

This plugin allows admininstators to generate autologin links for their
WordPress website, logging in visitors under a certain user name. Administrators
can edit (generate and delete) autologin links for users, users can only view
their autologin links. Note that This plugin bypasses the standard
authentication method of wordpress via login and password and should only be
used if you understand the security issues mentioned below and on the
plugin website.

Usage

Once this plugin is activated, administrators can generate autologin links on
the edit profile administration pages for different users. Users can view their
autlogin links on their profile pages. Autologin links are of the form:

http://yourwebsite/[subdirectory/]?autologin_code=ABC123

For more convenience it is possible since version 1.05 to generate login links
directly using the wordpress, site-preview functionality. When viewing the page
while being logged in as an administrator, the top-bar will show an extra item
“Auto-login link”. When pointing at the menu item, a dropdown list will list
all users for whom autologin links were generated on their profile pages. When
clicking on one of the users, a popup will open showing the link that will
automatically login a visitor as the selected user and bring him to the
current page.

Security issues

Since autologin links are meant to be an OPEN way to login to
your website and can be viewed by users on their profile, it might be considered
an INSECURE plugin for WordPress. I did my best to make it as secure as possible
to fit my own needs, but this lead to some design choices which might not sit
well with all administrators:

Autologin codes are saved as plain text. This means that anyone who can
execute queries on the WordPress database (plugins, administrators, system
administrators) can obtain the autologin code for a certain user. I planned an
extension of this plugin where login codes are hashed. However, this again has
the disadvantage that noone can redisplay a once generated login link.

This is the most severe problem. For a full self-assesment of possible security
issues regarding this problem, please visit the
plugin website.

螢幕截圖

  • The profile element, allowing administrators to create autologin links for users on their profile page. Codes are generated automatically for sercurity reasons.
  • The administrator UI allowing administrators to generate autologin links that redirect visitors to specific pages of a website. The screenshot shows the menu together with the popup window that allows copying of the redirect link.

安裝

  1. Download autologin.zip
  2. Extract the contents of autologin.zip into /wp-contents/plugins
  3. Activate the plugin through the ‘Plugins’ menu in WordPress

常見問題

  • How to contribute?

I moved the development of the plugin
to GitHub. Please open
issues or pull requests over there!

評價

Nice.

con 2021年11月21日
Plugin authors that create free plugins love people complaining and giving a 1-star rating instead of creating a support thread. Fact.

?

ofihsdfoi 2021年3月3日
Cam here just to say the auto login link is gone and when I click auto login links I cannot find a link just a useless page. It would be smart to add an option to copy and paste the link.

Great and works!

onehare 2021年1月14日
I use it on a staging site when dealing with freelancers. It works every time and make it pain free. Thanks for taking the time out to dev this plugin. love you.

Great! just works!

palansher 2020年9月7日
Thank you, author!

One of a kind

Nickolay Petrov 2020年6月14日
There are no other similar solutions except this plugin.

works

alinoa 2020年5月20日
Great and works!
閱讀全部15個評價

貢獻者及開發者

“Autologin Links” 是一個開源的軟體。以下的人對這個外掛作出了貢獻。

貢獻者
  • WPAutoLogin

將 Autologin Links 外掛本地化為台灣繁體中文版。

對開發相關資訊感興趣?

任何人均可瀏覽程式碼、查看 SVN 存放庫,或透過 RSS 訂閱開發記錄。

修改日誌

1.12.0

  • Feature: Add admin menu under Settings -> Autlogin Links that allows to:
  • Feature: Disable the “generate autologin-link” adminbar menu for good.
  • Feature: Set the details of the new loging-lockout feature.
  • Feature: (Security) Add limited number of login retries from a single remote
    address. Remote IP addresses are blacklisted for certain amount of time after
    too many login failures. Can be disabled from the new menu.
  • Fixed: Deleting autologin links was impossible after a recent wordpress update.

1.11.3

  • Fixed: When using the plugin on big websites, the plugin was obtaining a list of
    all users for the adminbar leading to OOM issues.
  • Update language files and add Makefile generator to automate building all
    translation files.

1.11.2

  • Add support for X_FORWARDED_PREFIX to allow serving wordpress installations
    using a proxy.
  • Merged PR: Add custom filter for generating example urls called
    ‘pkg_autologin_links_sample_url_prefix’. Thanks to https://github.com/mircobabini

1.11.1

  • Fix issue for double include of fuse_url_with_site_url

1.11.0

  • Add limit to the number of autologin-links shown in the admin
    menu (GitHub issue #11)
  • Add new constant PKG_AUTOLOGIN_VERSION allowing to check the
    autologin link version in-code
  • Fix: spaced getting stripped from extra query parameters when
    adding a autologin link.

1.10.1

  • Fixed readme
  • Added more testing platform to the intergation tests
  • Small fix for old PHP version 5.5
  • Add even more cache-prevention code
  • Add JavaScript linter to debug JavaScript related issues earlier
  • Fixed JavaScript bugs

1.10.0

  • Switched to Semver versioning scheme.
  • Fixed accidental global namespace pollution
  • Attempted fixing serving of seemingly cached websites when visting an autologin
    link by sending no-cache headers when visiting a autologin link website.
  • Autologin-links are now generated on the server via AJAX

1.09

  • Fixed vulnerability where autologin-links were verified with a case insensitive
    comparison.

1.08

  • Added integration test suite
  • Fix popup dialog for generating links with modern styles
  • Implemented concatenation fix “.” by Hannes Etzelstorfer
    • See: https://wordpress.org/support/topic/php-7-7-1-compatibility/
  • Reorganized svn branches to make development and deployment easier
  • Moved code development repository to GitHub:
    • https://github.com/MrApplejuice/wp-autologin-links

1.07

  • Fixed HTTP/HTTPS protocol redirection. Special thanks at user @quiquoqua for noting.
  • Updated website details.

1.06

  • Fixed long standing bug, not allowing one to update their profile page when
    an autologin link was set for the user.

1.05

  • New UI for administrators to generate autologin links for arbitrary pages
  • Added screenshots
  • Updated i10n files, however…
  • TODO: …i10n seems to be broken at the moment (.mo file is ignored)

1.04

  • Minor update of a line checking on invalid userid
  • Major review checking if the code still is working with the newest version of
    Wordpress which is should. I cannot find any vulnerabilities that are related
    to this plugin except for the ones mentioned in the module description.

1.03

  • Quick-fix was too quick, more inline directory strings changes were necessary

1.02

  • Fixed directory name to match conventions on wordpress.org

1.01

  • First published version

其它

  • 版本:1.12.0
  • 最後更新:2 年之前
  • 運作中的安裝:10,000+
  • WordPress Version: 4.9.8 or higher
  • 已測試到版本:5.6.10
  • 語言:
    English (US)
  • 標籤:
    autoautomaticlinklinkslogin
  • 進階顯示

評分

顯示全部
  • 5星 14
  • 4星 0
  • 3星 0
  • 2星 0
  • 1星 1
Log in to submit a review.

貢獻者

  • WPAutoLogin

支援

最近兩個月解決了的問題:

1個中的0個

檢視支援論壇

  • 關於我們
  • 最新消息
  • 寄存
  • 贊助基金會
  • Swag
  • 線上說明
  • 開發者資源
  • 共同參與
  • Learn
  • 展示網站
  • 外掛
  • 佈景主題
  • 區塊版面配置
  • WordCamp
  • WordPress.TV
  • BuddyPress
  • bbPress
  • WordPress.com
  • Matt
  • 隱私權
  • Public Code
WordPress.org
WordPress.org

Hong Kong 香港中文

  • 訪問我們的 Facebook 專頁
  • 訪問我們的 Twitter 帳戶
  • Visit our Instagram account
  • Visit our LinkedIn account
代碼就是詩歌。