Let me explain a bit what I am trying to achieve. I want to send data from HTML form setup on wordpress which looks like that -> http://prntscr.com/mn87bl when the user enters correctly username/password it should login automatically on our Laravel APP which is on a different URL then the WP website.
I've tried to make an AJAX call to that link but i got a Cross-Origin Read Blocking error. I am not sure it will be possible to be done through cURL because the protocol is HTTPS.
I am lost and I am not sure what solution should i think of in order to make this work.. Anyone familiar with something like that?
Thanks in advance!!
I would avoid making a direct cross-origin request altogether. It is finicky to make it work. Rather, submit username/password to WP backend, then make an authentication request to Laravel site from WP backend (with CURL or similar). If login is successful, return authentication token to the user and redirect him to the Laravel site.
You may consider using Laravel passport to handle tokens https://laravel.com/docs/5.7/passport
Related
I have one WordPress site and an app in codeignitor, App uses its own database to store user and plan details.
Now I want to simplify it like My user can log in to my WordPress website and after successful login I want the login information to forward to the app so that the user can go to the app.
Directory structure:
For Worpress => root->wordpress
For App => root->app
On the same domain hosting.
I want the user's to use WordPress login to access App and manage their profile.
No idea how to proceed. Any suggestions
The most logical way to do this may be to use the cURL. Still, it is impossible to do so because such solutions cannot launch cookies or sessions in your browser and eject your client (essentially a security mechanism). You can try to resolve this by redirecting a user, or the most logical way is to use wordpress api support or capture the data using XML-RPC.
As an update. If both sides are on the same domain, you can try to eject the cookie or the session to the side you want to log in to. If it is under different domains, unfortunately, this suggestion will not work.
I am developing an application in IONIC. I am making a $http.get request in Angular JS and its giving me 404 error when I successfully login and trying to load the user profile using the token sent in the authentication header.
It produces error in chrome, although I enabled CORS. Please check the screenshot:
Now if I try the url in POSTMAN, everything is ok. See the screenshot below:
I am stuck with this error, can someone help me?
What Ionic says
There are two ways to solve the issue: The first, and easier, solution is to just allow all origins from your API endpoint. However, we can’t always control the endpoint we are accessing. What we need, then, is a request that does not specify an origin.
We can do this by using a proxy server. Let’s look how the Ionic CLI provides
Reference
What works but isn't completely good to use
A simple solution is just add a CORS plugin into your browser and everything will work.
Plugin Link
Proxy server
If you want a proxy server there is this tutorial:
Link
I am using HybridAuth to authenticate my social apps through PHP. Using Facebook as an example, I want to send a notification to a user.
When HybridAuth connects to Facebook, it needs to go to the website to allow the connection and then it redirects the browser back to the page that it was on.
The problem is when I am running PHP through AJAX. I'm not sure what is happening but the API call is not run and a notification is not sent. The problem must lie in leaving the AJAX script to connect the social network and not being able to continue with the code.
Any thoughts here?
The problem is when I am running PHP through AJAX. I'm not sure what
is happening but the API call is not run and a notification is not
sent.
Redirection doesn't work on Ajax calls. You have to change the coding style here.
There are already 100s of examples out there on how to write such scripts that provides login using facebook. So I'd consider skipping it, since that'll be really broad.
Please try and then come up with some specific issue, we'll be more than glad to help you out. Also, always consider posting a SSCCE to clarify what exactly you tried.
As #coding_idiot stated, authentication won't work in AJAX calls, since authentication requires redirecting the user to the provider. The backend script will die() in the Redirect function.
For an alternative solution, check this approach: https://stackoverflow.com/a/29891358/1816603
I am working with a site that builds XML files that are then posted to a RESTful interface. I have built the tool to generate the files and I would like to upload them to the RESTful interface. I am having a slight problem. It would be nice to POST the file using a form, but the "content-type" must be "application/xml" not "multipart/form-data", so that ruled out posting that way. Next, I figured I'd try to cURL the file, but that failed, too.
The RESTful interface requires the user's certificate in order to process data. That's because the interface keeps track of who is uploading based on their cert information. So, I was hoping to get help with one of two options
1) Post the data, and client certificates that are in the browser, to the RESTful interface using cURL
2) Process the data, set the headers properly and then somehow redirect the POST using the client's browser to the page. I know the page will authenticate a user if they go to the RESTful URL. So if I could somehow setup the page data as an "application/xml" and then tell the user's browser "Hey, redirect to this address and send this data"...
Suggestions?
thanks for reading! Here's what I'm up to.
I'm writing a WordPress plugin that makes use of the PHP SDK (latest version 3.1.1) that Facebook provides. My application is registered with Facebook as a website because it infact acts like a website, even though it's embedded in WordPress.
This SDK comes with an example.php that is very straightforward and easy to understand. If I put this file on my server, it just works. I made sure that the certificate file and the SDK files are in the right place and accessible by the script.
However, if I do the exact same thing from within a WordPress plugin (from the admin page of the plugin), the Facebook backend won't return the user id but will always return 0 instead. The problem with FB returning 0 is pretty common, but the reasons for it seem to vary a lot.
I have to mention that this behavior wasn't always like this. It began just a few weeks ago. I'm suspecting that the FB backend somehow checks for indirect API calls and that calling it from within a WordPress plugin seems to violate FBs auth rules in some way (CSRF issue?). But I'm not sure.
Has anybody got a clue what's going on here?
Here's my guess:
Facebook will not be able to access the backend of your WordPress blog since it requires authentication. So the example.php code will not be visible to it from a WordPress admin panel.
When served raw on your server, there are no such access controls and Facebook is able to reach the page.
If this is the case, my suggestion would be to turn this into a non-admin plugin, perhaps by adding a rewrite rule using the WP_Rewrite class.