I am building an e-commerce website with WordPress.
And I have list of emails and names.
My website need to be accessed only by people with those emails when they click on a link on another custom website which is not built with WordPress.
What I want is, when clients click the link to my WordPress website, they automatically get logged in in WordPress and they start right away shopping.
Please how can I achieve this?
The solution I thought of is to pass email as parameters in the URL.
Then in WordPress I will create a new user with the passed email and I will log the user in then I will redirect the user to the home page.
Is this a good solution?
Try this, called Single Sign On or SSO. You would essentially be bypassing WordPress' authentication methods and use those from a 3rd party. WordPress needs a local user of some kind for normal operations to work (the user_can() function for example.)
So the general gist would be something like this - Send any request for authentication to a 3rd party who will yay or nay and return some data about the user - if yay, check if there is a WordPress user that represents the authenticated user. If not, create one and add any meta data you might need from the third party. - these WordPress users are like placeholders and every time you successfully authenticate, you update the meta data of the WordPress user to keep things in sync.
This is how OneLogin does it and you can poke around their WordPress plugin to get a sense of how it works.
https://wordpress.org/plugins/onelogin-saml-sso/
Or You can refer this also.
http://carlofontanos.com/auto-login-to-wordpress-from-another-website/
Related
I can't seem to find the answer to this online.
I don't have much experience with Wordpress but I need to build a site using a few plugins. They all offer the ability for users to register and login, and I need to know if they will all use the same user implementation (i.e. the native Wordpress one), so that when a user registers/logs in once they will get access to all of the plugins' features and be logged into all of them.
The plugins specifically are:
https://wordpress.org/plugins/paid-memberships-pro/faq/
https://wordpress.org/plugins/camptix/
https://wordpress.org/plugins/private-messages-for-wordpress/
First and third one seems to use WP Login. In second one users seems to use formula to order tickets so they will probably have to fill all fields every order, but still logged as your WP users. Second plug-in using external website to finalise ordering so your user will have to log in somewhere else.
In my opinion for example thanks to first plugin you will be able to control access to second one and your users will not have to register twice to use third one.
Hi I want to create a wordpress connect for our codeigniter site , and connect our own wordpress site.I was create a login page and done all wordpress authentication successfully.But I need
`If I am already logged into Wordpress and then go to the codeigniter site , I should see the "Welcome Admin" in the upper right to indicate that I am logged in`.
But I cant take the authentication details from wordpress site.is it possible to get login details from wordpress ?Any one please help me
What you are looking for is a Single Sign On solution. Signing into either of the sites will allow you to be signed into the other.
To accomplish this, you might have to re-organize how people log in. You have 2 options:
1) The more secure way would be to have ONE source for logins. Then, implement an oAuth type solution so that if a person visits the other source and tries to login, they are redirected to the main source...login...and then they are sent back to where they originally tried to login. I've done this a couple times with the oAuth plugin for wordpress and writing custom code in my other site (which was CakePHP...but it shouldn't matter).
2) Another way would be to write a custom plugin that when a person logs in with codeigniter, they are manually logged in in the background to wordpress. Not nearly as secure...but if your site doesn't have a need for decent security it might be an option. Here your issue is that you won't know the WP password in order to do proper authentication.
I have a wordpress site, and a iphone app for the same.Both have a common database with different user tables.
1> mysite.com >> wp_user
2> iPhone app >> app_user
what i want that, i want to make able app user login to the WordPress site. means
1> site user can only able to login into site
2> app user can login into site + iPhone app
how can i make app user able to login into site.
i have tried by debugging WP-login script, but can't find correct way
i need help from you guys.
thanks.
The required functionality looks a bit tricky, there might be more methods possible but the one I will recommend is:
Create a custom login form in wordpress site
Retrieve the username and password and first check if they exists on your site or not. If they do exist then simply login (these are site users) wp_signon method can be used here.
If they are not wordpress users then check if they are mobile app user by using MySQL and looking into the mobile app table, if they do exists then retrieve their information and register them into WordPress site wp_create_user can be used for it, you can add custom meta data so that you know these are app users. After registering, create login session using wp_signon.
I will recommend you to build a plugin for this task in wordpress.
Happy coding !
You could use extend the WordPress XML-RPC API to authenticate your iphone user to wordpress. Detailed explanation and basic working code can be found at Extending the WordPress XML-RPC API (http://www.skyverge.com/blog/extending-the-wordpress-xml-rpc-api/).
I would recommend a custom login plugin to accomplish this.
You can use wp-rename login plugin as a start up point for this.
In this plugin the WP credentials validation part is handled In the file rwl-login.php at line 449.
Similarly you have to add code to validate the mobile credentials as well in this switch case.
If you have built your code adhering to WP mobile app standards you can just include login validation file as it is done for WP regular validation in line 450
if not do your own validation and redirect properly in that case You may also have your native app register the handler of that custom url so that it can catch and handle the redirect appropriately
Make 2 user groups namely:
Site User
App User
When the user tries to login, check the user group it belongs to and accordingly provide the access or display an error message.
For making changes to the login system user the filter hook "authenticate" or even better use wp_authenticate
Thinking out loud - first a confirmation of the core problem:
You need a user to be able to log into the iOS app and grant access to the WP site.
Current consideration : On the iOS app and wordpress create a hash of user ID + password + salt (or something of that ilk). Use that hash, sent via the iOS app to WP, to confirm a user.
Yes, there are security issues regarding this info going over the air, just as your username and PW would go over the air.
With a matching hash (use a look up table in WP, super easy), there are methods in WP to force a user log-in (done that, could dig out code helpers from my archives).
Issue : Need to hook PW change to hash generation / update. There are user change hooks in WP, very solvable.
Good to know : Almost every aspect of user management, including permission and groups, are available via the WP API/framework. It is possible (although not easy) to put a change PW on the iOS app that will update WP and much more.
Hope I helped you along, the messages are a little confusing.
I have a wordpress site, and I want to put a link on that site so that users are redirected to another PHP site.
But here the problem is that the other php site uses authentication, i.e. users need to give username and password before they can enter.
I want to develop a link that users can simply click on and get to the other site directly.
I can give the username and password for the php site, but the requirement is that the user users are not asked for username and password.
you have to make a new php file(in the 'php site') that assign the session variable to the linked users, and then it redirect them to the main page of the 'php site'
U have to write an authentication function on the other php site.. when the user clicks on the link of the wordpress site redirect him to that authentication function, along with his credentials, where the users will get logged in automatically and get redirected to your php site.
if i get you right, i think the best way is to generate the link in wordpress site with a parameter : http://www.linktophpsite.com/?autologin=true
Then at php site you could get the element and if it is set to true, you can log the user to your site. If you want single sign-on on both sites, that's totally different. I recommend you to read articles about single sgn-on on php
If you have no control over the target site, then your options are very limited. You can't just provide access to material that requires login credentials without providing those login credentials.
Your best, and most secure, bet is to include the target site's login fields directly from their site in an iframe. The user logs into the other site, you track the iframe onload event to see that it changed, and then redirect the user to the page in question. This is better because it keeps you from handling the login details directly on your site.
I cannot guarantee that this works as simple as that, I haven't tried it and this page seems to indicate that at least some of the possibilities with cross-domain iframes are no longer relevant with modern browsers (I didn't read the page in detail, just trying to give a starting point).
I'm building a website and I've decided to use wordpress for the totally public parts (e.g. the blog, about us, etc.), but I still want to have a separate area for registered users of the website that would contain user specific info and options (like chat). My PHP knowledge is limited, but I can learn how to code login scripts etc. if I need to.
My real question is, can I use the registration and login functionality that is built in to wordpress, or will I need to create my own login DB and scripts so that I can have this user specific content?
Of course you can use build-in login functionality! The required function is is_user_logged_in().
Additionally, you can install any of chat plug-in.
Edited: to retrieve user profile data -> get_profile()