Unable to login from another wordpress site - wordpress

My A site passes POST data to site B thus must log in the user into site B.
I prefer not to verify password in site B, so I'm using below:
$user = $_POST;
$a = get_user_by('login', $user['data']['user_login']);
do_action('wp_login', $a->data->user_login, $a);
wp_set_current_user( $a->data->ID );
wp_set_auth_cookie( $a->data->ID );
I can get current logged in user like this: wp_get_current_user();.
also when I check is_user_logged_in(), it says true as well.
But when I redirect to site B, the user is not logged in.
One more is that,
when i echo site_url() it says site B url which is correct. BUt when I use wp_safe_redirect or wp_redirect() it goes to site A.
so I use a hack like this:
$string = '<script type="text/javascript">';
$string .= 'window.location = "' . site_url() . '"';
$string .= '</script>';
echo $string;
exit;
What am I doing wrongly here?

Related

Wordpress one time access to password protected page

I am creating a wordpress page which is password protected. It holds a form which needs to be submitted after a timed period of 3h. After that period the user should be logged out, no matter wether he completed the form or not. He should not be able to log in again.
As of now I achieved to set a timer after which the content of the page disappears. Now I need a tool that prevents a particular user to log back in and resubmit the form. Users do not get registered on my site. I want to email them a password for the protected page.
I can't simply change the password after login because as of now the page is protected by one password that every potential user needs to use.
To me the easiest way to avoid relogin seems to be the issuing of one time passwords for this particular page, so upon request every user gets his own OTP.
I am looking for a plugin which generates a list of OTPs for a specific wp page.
Easy solutions are greatly appreciated, since I am not seasoned at coding!
THANK YOU FOR YOUR HELP. Everybody starts somewhere...😔
Something like this (not tested):
$token = $_GET[ 'token' ];
if( is_numeric( $token ) AND metadata_exists( 'post', get_the_ID(), 'token_' . $token ) ):
if( empty( get_metadata( 'post', get_the_ID(), 'token_' . $token, true ) ) )
update_metadata( 'post', get_the_ID(), 'token_' . $token, time() + ( HOUR_IN_SECONDS * 3 );
if( $stamp = get_metadata( 'post', get_the_ID(), 'token_' . $token, true ) < time() ):
echo 'Here goes your form';
echo 'You have ' . $stamp - time() . ' seconds.';
else:
echo 'nope';
delete_metadata( 'post', get_the_ID(), 'token_' . $token )
endif;
else:
echo 'nope';
endif;
So you just have to create a empty postmeta field like token_98751328475 and share the url like example.com/myformpage?token=98751328475.
I would probably create a confirmation page to start the timer so that it doesn't start on first call.

Hide or Remove the log-in link from the "welcome email" send by wordpress for new users

I think the title says it all.
I need to hide or remove the login link that is sent by wordpress in the "welcome email" to the new user that has registered
Now the mail consist in
Username
Password
Link
I just need that link to go.
Thank you for your help.
To manipulate new user email you can override the wp_new_user_notification() funcion placed in /wp-includes/pluggable.php. As you can only override pluggable functions in a plugin, not via functions.php, you should create a simple plugin with the following code:
<?php
/**
* Plugin Name: Custom welcome email
*/
if ( !function_exists('wp_new_user_notification') ) :
function wp_new_user_notification($user_id, $plaintext_pass = '') {
$user = get_userdata( $user_id );
$blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
$message = sprintf(__('New user registration on your site %s:'), $blogname) . "\r\n\r\n";
$message .= sprintf(__('Username: %s'), $user->user_login) . "\r\n\r\n";
$message .= sprintf(__('E-mail: %s'), $user->user_email) . "\r\n";
#wp_mail(get_option('admin_email'), sprintf(__('[%s] New User Registration'), $blogname), $message);
if ( empty($plaintext_pass) )
return;
//$message = sprintf(__('Username: %s'), $user->user_login) . "\r\n";
//$message .= sprintf(__('Password: %s'), $plaintext_pass) . "\r\n";
$message .= wp_login_url() . "\r\n";
wp_mail($user->user_email, sprintf(__('[%s] Your username and password'), $blogname), $message);
}
endif;
Simpler solution might be using the following plugin: link.

$user_login does not append to WP password reset link after key

I'm using HTML custom email templates for Wordpress notifications.
Every template works fine. For some reason, though - the password reset template (which works fine otherwise) will not append the user_login variable at the end of the password reset link - which is vital for the key to be valid. The link without the $user_login renders an "invalid key" error on the WP password reset page.
An example of the string in the link is below - note the missing login=username at the very end.
url/wp-login.php?redirect_to=url?action=rp&key=12345678910&login=http://url.com/wp-login.php?redirect_to=url?action=rp&key=12345678910&login=
Here is the code I'm using to modify the template. Does anyone know why this is happening - and if so, how I can fix it?
add_filter ('retrieve_password_message', 'custom_retrieve_password_message', 10, 2);
function custom_retrieve_password_message($content, $key) {
global $wpdb;
$user_login = $wpdb->get_var("SELECT user_login FROM $wpdb->users WHERE user_activation_key = '$key'");
ob_start();
$email_subject = custom_retrieve_password_title();
include('email_header.php');
?>
<p>It looks like you need to reset your password for your account!</p>
<p>To reset your password, visit the following address, otherwise just ignore this email and nothing will happen.<p>
Reset password
<?php
include('email_footer.php');
$message = ob_get_contents();
ob_end_clean();
return $message;
}
I think the problem is that wordpress changed the way the user activation key is saved in the database. The key is hashed before it's saved in the wp_users table and $key contains the unhashed plain-text activation key. So the following line of your code won't get a result and $user_login will be empty.
$user_login = $wpdb->get_var("SELECT user_login FROM $wpdb->users WHERE user_activation_key = '$key'");
Try this instead:
add_filter ('retrieve_password_message', 'custom_retrieve_password_message', 10, 2);
function custom_retrieve_password_message($content, $key) {
global $wpdb;
$user_data = get_user_by_email(trim($_POST['user_login']));
$user_login = $user_data->user_login;
ob_start();
$email_subject = custom_retrieve_password_title();
include('email_header.php');
?>
<p>It looks like you need to reset your password for your account!</p>
<p>To reset your password, visit the following address, otherwise just ignore this email and nothing will happen.<p>
Reset password
<?php
include('email_footer.php');
$message = ob_get_contents();
ob_end_clean();
return $message;
}
I am not totally sure about all the rest . - but for one thing , you need to get your quotes right . try
echo wp_login_url('url')
not
echo wp_login_url("url")
e.g. :
Reset password
or try
echo '<a href=' . wp_login_url("url") . '?action=rp&key='.$key.'&login='.$user_login.'>Reset password</a> ';
Also - ( and if that is no help ) can you elaborate more where you use it , how and with what templates so we can try and dig deeper ?
For anyone interested, this is another solution:
add_filter ('retrieve_password_message', 'custom_retrieve_password_message', 10, 2);
function custom_retrieve_password_message($content, $key) {
global $wpdb;
if ( empty( $_POST['user_login'] ) ) {
wp_die('<strong>ERROR</strong>: Enter a username or e-mail address.');
} else if ( strpos( $_POST['user_login'], '#' ) ) {
$user_data = get_user_by( 'email', trim( $_POST['user_login'] ) );
}else if(!empty( $_POST['user_login'] )){
$user_data = get_user_by('login', trim( $_POST['user_login']));
}elseif ( empty( $user_data ) ){
wp_die('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.'));
}
$user_login_name=$user_data->user_login;
ob_start();
$email_subject = 'Your password has been changed';
include('email_header.php');
?>
<p>It looks like you need to reset your password. <br/>To reset your password, click here, otherwise just ignore this email and nothing will happen.<p>
<?php
include('email_footer.php');
$message = ob_get_contents();
ob_end_clean();
return $message;
}
Additionally, you can use the POST data to check if the username or the email was submitted:
add_filter ('retrieve_password_message', 'custom_retrieve_password_message', 10, 2);
function custom_retrieve_password_message($content, $key) {
if ( username_exists($_POST['user_login']) ){
$user_login = $_POST['user_login'];
} else {
$user_data = get_user_by_email(trim($_POST['user_login']));
$user_login = $user_data->user_login;
}
ob_start();
...

WordPress Redirect Login/Logout

I have a script that adds a login to the menu. But after logged in it does not redirect correctly. I want to redirect after the log in to the page before the login page.
function sv_get_logout_redirect_url() {
$badurls = array('submit-form', 'dashboard', 'profile', 'guidelines');
$current_url = get_permalink();
$isgood = true;
foreach ($badurls as $bad) {
$pos = strpos($current_url,$bad);
if (! $pos === false) {
$isgood = false;
break; // no need to check any more "bads"
}
}
if ($isgood) {
return wp_logout_url(get_permalink());
} else {
return wp_logout_url(home_url());
}
}
add_filter( 'wp_nav_menu_items', 'sv_add_usermenu', 10, 2 );
function sv_add_usermenu( $items, $args ) {
global $current_user;
if (is_user_logged_in() && $args->theme_location == 'primary-menu') {
// menu items for logged in user
$guidelines_url = site_url() . '/guidelines/';
$dashboard_url = site_url() . '/dashboard/' . $current_user->user_nicename;
$profile_url = site_url() . '/profile/' . $current_user->user_nicename;
// http://fortawesome.github.com/Font-Awesome/
// some fontawesome names icon-arrow-down, icon-chevron-down, icon-caret-down
$items .= "<li class='menu-item'><a href='#'>$current_user->display_name <span class='icon-caret-down'> </span> </a>";
//$items .= "<li class='menu-item'><a href='#'>$current_user->display_name</a>";
$items .= "<ul>";
$items .= "<li class='sub-menu'><a href='$guidelines_url'>Usage Guidelines</a></li>";
$items .= "<li class='sub-menu'><a href='$dashboard_url'>My Dashboard</a></li>";
$items .= "<li class='sub-menu'><a href='$profile_url'>My Profile</a></li>";
$items .= "<li class='sub-menu'><a href='" . sv_get_logout_redirect_url() . "'>Uitloggen</a></li>";
$items .= "</ul>";
$items .= "</li>";
} elseif (!is_user_logged_in() && $args->theme_location == 'primary-menu') {
//menu items for NOT logged in user
//$login_url = site_url('/a-page-name/'); // get login url and redirect to a specific page
//$login_url = wp_login_url( home_url() ); // get login url and redirect to home page
$login_url = wp_login_url( get_permalink() ); // get login url and redirect to current page
//the contents of <a href"" must be a url
$items .= "<li class='sub-menu'> <a href='$login_url' class='simplemodal-login'>Log In</a></li>";
}
return $items;
}
I hope someone can help me! Thanks.
So if I understand you correctly somebody might be on the homepage and then click "login" from the menu and the login page appears. if at some time the user decides to logout again he should be returned to the home page (because this was the page he was on before he went to the login page).
If this is the case you should look into $_SERVER and $_SESSION variables in PHP. To be a bit more precise take a look at the $_SEVER['HTTP_REFERER'] variable which holds the address of the page (if any) which referred the user agent to the current page.
The official documentation is located here: http://php.net/manual/en/reserved.variables.server.php
Because you need this url for a longer period of time you should to store it inside session that you can call upon when the user want's to logout.
There is small downside to this solution though, what happens if the administrator of your WordPress site changes the permalink of the page the user was one before he tried to login? Then the url you stored from $_SEVER['HTTP_REFERER'] is incorrect and will result in a 404 page. But the likelihood of this happening is very small so hopefully this solution helps you with your problem.

Delete post from front end of wordpress

Here's the code I have:
<?php
global $wp_query;
$postid = $wp_query->post->ID;
$url = get_bloginfo('url');
if (current_user_can('edit_post', $post->ID)){
echo '<a href="';
echo wp_nonce_url("$url/wp-admin/post.php?post=$postid&action=delete", 'delete-post_' . $post->ID);
echo '">Delete your listing</a>';
}
?>
I'm trying to delete the post outside the wordpress loop.
When I click the link, I get:
"Your attempt to delete this post: “post-name” has failed.
Please try again."
Does anyone know why that would be?
Looking at the reference, it looks like current_user_can() only takes one argument.
Perhaps the root cause here is a permissions issue for the user. You should be checking if a user has the delete_posts capability as seen below. Note that delete_posts checks if the user can delete their own posts. To check if the user can delete the posts of other users, you can use delete_other_posts instead.
if (current_user_can('delete_posts')){
echo '<a href="';
echo wp_nonce_url("$url/wp-admin/post.php?post=$postid&action=delete", 'delete-post_' . $post->ID);
echo '">Delete your listing</a>';
}
(Assuming you are using WP version 2.1 or later)

Resources