The situation is as: wordpress installation in root and ci installation in /subdomain1 of subdomain1.domain.com.
I want to perform the following; users from my wordpress site can login with the same credentials in the codeigniter app. I tried methods explained here and in other tutorials but one thing keeps happening. When I add require_once('../wp-load.php'); in the index.php file from ci it and adjusted the load.php file and MY_url_helper.php file it keeps redirecting to: subdomain1.domain.com/index.php/login/wp-admin/install.php I tried to shut off rewriting but it doesn't seem to fix this.
Anyone have a solution? I would really appreciate it!
There are two methods:
1. Load the Wordpress Database in your Codeigniter
To do so add to your "application/config/database.php":
$db['wordpress'] = array(
'dsn' => '',
'hostname' => 'localhost',
'username' => '#',
'password' => '#',
'database' => '#',
'dbdriver' => 'mysqli',
'dbprefix' => '',
'pconnect' => FALSE,
'db_debug' => (ENVIRONMENT !== 'production'),
'cache_on' => FALSE,
'cachedir' => '',
'char_set' => 'utf8',
'dbcollat' => 'utf8_general_ci',
'swap_pre' => '',
'encrypt' => FALSE,
'compress' => FALSE,
'stricton' => FALSE,
'failover' => array(),
'save_queries' => TRUE
);
Don't forget to replace '#' with your database login information.
After that you can load the database where ever needed with
$this->load->database('wordpress');
Source: https://www.codeigniter.com/user_guide/database/connecting.html
2. Use the Wordpress wp-load.php
Where ever needed to see if the user is logged in use the following code (PS: at the end there is also a check included how you could check if a user purchased a product via EasyDigitalDownloads in your Wordpress installation - if needed):
<?php
define( 'WP_USE_THEMES', false ); // Do not use the theme files
define( 'COOKIE_DOMAIN', false ); // Do not append verify the domain to the cookie
define( 'DISABLE_WP_CRON', true ); // We don't want extra things running...
//$_SERVER['HTTP_HOST'] = ""; // For multi-site ONLY. Provide the
// URL/blog you want to auth to.
// Path (absolute or relative) to where your WP core is running
require("/var/www/yourdomain.com/htdocs/wp-load.php");
if ( is_user_logged_in() ) {
$user = wp_get_current_user();
} else {
$creds = array();
// If you're not logged in, you should display a form or something
// Use the submited information to populate the user_login & user_password
$creds['user_login'] = "";
$creds['user_password'] = "";
$creds['remember'] = true;
$user = wp_signon( $creds, false );
if ( is_wp_error( $user ) ) {
echo $user->get_error_message();
} else {
wp_set_auth_cookie( $user->ID, true );
}
}
if ( !is_wp_error( $user ) ) {
// Success! We're logged in! Now let's test against EDD's purchase of my "service."
if ( edd_has_user_purchased( $user->ID, '294', NULL ) ) {
echo "Purchased the Services and is active.";
} else {
echo "Not Purchased";
}
}
Source: http://dovy.io/wordpress/authenticating-outside-of-wordpress-on-diff-domain/
Related
I added an action hook based on 'wp_login' which get an ACF value defined in the user who just logged in, connect an API which respond with a URL and I need to redirect the user to this given URL.
All the above function works fine BUT once I tried to do the redirect - at the front end I receive error "Error occurred: parsererror" or "Error occurred: error".
I tried to do the redirect with:
wp_redirect
header("Location: XXX)
add_filter('login_redirect', 'function xx')
add_filter( 'login_url', 'function xx')
All end up with the same errors.
once I remove the redirect line, it all works fine so It have to be an issue with the redirect.
I tried to redirect to an external page (https://www.google.com/) and to the site home page and end up with the same errors...
Any thought ?
Here is the code:
function after_login_send_to_global1simapi ( $user_login, $user ) {
if (is_page ( 35662 )) {
$cs = get_field('client_secret', 'user_' . $user->ID);
if ($cs == '') { //if CS empty redirect user to XX page.
add_filter('login_redirect', 'custom_login_redirect');
} else {
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => 'https://global1simapi.roamhostapi.com/api/services/app/WiFly/WiflySigninWoocommerce?ClientSecret=' . $cs,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'POST',
));
$response = curl_exec($curl);
curl_close($curl);
//save cookie with CS
setcookie ('CS', $cs);
$user_data = (array) json_decode ($response);
$url = $user_data['result']; //URL to redirect
//it all works up to here - once I add the following 2 lines.
//the login failed with the above mentioned errors.
//but although it display those error, the user does logged in
//if I refresh the page, the user is logged in.
wp_redirect( $url );
exit;
}
}
}
add_action('wp_login', 'after_login_send_to_global1simapi', 10, 2);
I am creating a custom plugin for user registration with the following steps:
A function to create my HTML form fields
function render_registration_form() {
ob_start();
...
<input type="hidden" id="register_nonce" name="register_nonce" value="<?php wp_create_nonce('generate-nonce'); ?>" />
//Above line does not create a nonce at all
...
return ob_get_clean();
}
A function to use as shortcode to display the above form
function custom_user_registration_form() {
//Render registration form only if user is not logged in already!
if(!is_user_logged_in()) {
$registration_enabled = get_option('users_can_register');
if($registration_enabled) {
$output = render_registration_form(); (written above)
} else {
$output = __('User registration is not enabled');
}
return $output;
} else {
return _e('You are already logged in!');
}
}
add_shortcode('register-user', 'custom_user_registration_form');
A function to validate and add a new user along with meta to the database:
function validate_and_create_user() {
if(isset($_POST['txt_username']) && wp_verify_nonce($_POST['register_nonce'], 'register-nonce')) {
$user_data = array(
'user_login' => $loginid,
'user_pass' => $password,
'user_nicename' => $first_name,
'display_name' => $first_name . ' ' . $last_name,
'user_email' => $email,
'first_name' => $first_name,
'last_name' => $last_name,
'user_registered' => date('Y-m-d H:i:s'),
'role' => 'subscriber'
);
$new_user_id = wp_insert_user($user_data);
...
}
add_action('init', 'validate_and_create_user');
Since no nonce value is getting created inside the form the check wp_verify_nonce($_POST['register_nonce'], 'register-nonce') always fails and no user data is getting saved in the database.
According to https://codex.wordpress.org/Pluggable_Functions
Pluggable functions are no longer being added to WordPress core. All new functions instead use filters on their output to allow for similar overriding of their functionality.
I am new to WordPress. Don't have any idea about how to solve this! Any help would greatly help me.
Try This:
wp_nonce_field('register_nonce');
in the place of input.
And for retrieving nonce use following
$retrieved_nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($retrieved_nonce, 'register_nonce')) die( 'Failed security check' );
I'm looking for the simplest way to limit a WordPress user to edit only his own pages (that is pages he is author of). I've read about some users manager plugins but for my needs they seems overkill and so I wonder if it is possible to obtain the same result adding some code lines to functions.php or something similar.
you can do this by adding a new role like so :
<?php add_role( $role, $display_name, $capabilities ); ?>
This setting is saved to the database (in table wp_options, field wp_user_roles), so it might be better to run this on theme/plugin activation
Returns a WP_Role object on success, null if that role already exists.
Example
Create a new "Basic Contributor" role.
$result = add_role(
'basic_contributor',
__( 'Basic Contributor' ),
array(
'read' => true, // true allows this capability
'edit_posts' => true,
'delete_posts' => false, // Use false to explicitly deny
)
);
if ( null !== $result ) {
echo 'Yay! New role created!';
}
else {
echo 'Oh... the basic_contributor role already exists.';
}
add_role() is located in wp-includes/capabilities.php.
for more clarification look in this article
I have a custom role in functions.php:
add_role('test_pilot', 'Test Pilot', array(
'read' => true,
'edit_posts' => true,
'delete_posts' => true,
));
// Give the custom role a new level
$test_pilot = get_role('test_pilot');
$test_pilot->add_cap('level_3');
...and on the front-end I'm trying to echo the delete post link:
<?php echo get_delete_post_link( get_the_ID() ); ?>
The problem is the link isn't actually being displayed when logged in as a user with the test pilot role.
If I am logged in as an administrator the link does display.
What am I doing wrong?
Try to replacing with below code:
function init_roles() {
global $wp_roles;
if (class_exists('WP_Roles'))
if ( ! isset( $wp_roles ) )
$wp_roles = new WP_Roles();
if (is_object($wp_roles)) :
$wp_roles->add_cap( 'editor');
endif;
$wp_roles->add_role( 'test_pilot', 'Test Pilot', array(
'read' => true,
'edit_posts' => true,
'delete_posts' => true
));
}
add_action('init', 'init_roles');
When publishing a new link, using php sdk, the link is only available for logged user, it's not publish as public.
$facebook = new Facebook(array(
'appId' => $appId,
'secret' => $secret,
'cookie' => true
));
$user = $facebook->getUser(); // Get the UID of the connected user, or 0 if the Facebook user is not connected.
if($user == 0) {
setcookie('cod_eventos', $_POST['cod_eventos']);
$login_url = $facebook->getLoginUrl($params = array('scope' => "publish_stream"));
setcookie('userlogin', 1);
echo ("<script>window.open('".$login_url."')</script>");
} else {
$page_id = $page_id;
try {
$access_token = $facebook->getAccessToken();
$attachment2 = array(
'access_token' => $access_token
);
$page = $facebook->api('/me/accounts', 'get', $attachment2);
} catch (FacebookApiException $e) {
echo 'Unable to get page access token';
}
$privacy = array(
'value' => 'EVERYONE',
);
$attachment = array(
'access_token' => $page['data'][0]['access_token'],
'name' => 'Test',
'link' => 'http://www.facebook.com/',
'description' =>'Facebook',
'privacy' => json_encode($privacy),
);
try {
$facebook->api('/' . $page_id . '/feed', 'POST', $attachment);
echo '<div class="gestor_ficheiros_tipo">Event publish Facebook</div>';
}
catch (FacebookApiException $e)
{
echo '<div class="gestor_ficheiros_tipo">'.$e->getMessage().'</div>';
}
After running this the content is publish, but not view-able by un-registered facebook users
Apparently, despite what the API documentation says, the privacy setting is 'privacy_type', not 'privacy'. I found that out here on SO I think, but closed the tab so I can't immediately share the link.
Check the settings on your app as well - I think it's the 'Visibility of app and posts' setting defaults to 'Friends' instead of 'Public'. Maybe that'll do it?
I found out what was the problem, I was using facebook app in sandbox mode... :(. Once I've changed it started working perfectly