I have a wordpress site, and a iphone app for the same.Both have a common database with different user tables.
1> mysite.com >> wp_user
2> iPhone app >> app_user
what i want that, i want to make able app user login to the WordPress site. means
1> site user can only able to login into site
2> app user can login into site + iPhone app
how can i make app user able to login into site.
i have tried by debugging WP-login script, but can't find correct way
i need help from you guys.
thanks.
The required functionality looks a bit tricky, there might be more methods possible but the one I will recommend is:
Create a custom login form in wordpress site
Retrieve the username and password and first check if they exists on your site or not. If they do exist then simply login (these are site users) wp_signon method can be used here.
If they are not wordpress users then check if they are mobile app user by using MySQL and looking into the mobile app table, if they do exists then retrieve their information and register them into WordPress site wp_create_user can be used for it, you can add custom meta data so that you know these are app users. After registering, create login session using wp_signon.
I will recommend you to build a plugin for this task in wordpress.
Happy coding !
You could use extend the WordPress XML-RPC API to authenticate your iphone user to wordpress. Detailed explanation and basic working code can be found at Extending the WordPress XML-RPC API (http://www.skyverge.com/blog/extending-the-wordpress-xml-rpc-api/).
I would recommend a custom login plugin to accomplish this.
You can use wp-rename login plugin as a start up point for this.
In this plugin the WP credentials validation part is handled In the file rwl-login.php at line 449.
Similarly you have to add code to validate the mobile credentials as well in this switch case.
If you have built your code adhering to WP mobile app standards you can just include login validation file as it is done for WP regular validation in line 450
if not do your own validation and redirect properly in that case You may also have your native app register the handler of that custom url so that it can catch and handle the redirect appropriately
Make 2 user groups namely:
Site User
App User
When the user tries to login, check the user group it belongs to and accordingly provide the access or display an error message.
For making changes to the login system user the filter hook "authenticate" or even better use wp_authenticate
Thinking out loud - first a confirmation of the core problem:
You need a user to be able to log into the iOS app and grant access to the WP site.
Current consideration : On the iOS app and wordpress create a hash of user ID + password + salt (or something of that ilk). Use that hash, sent via the iOS app to WP, to confirm a user.
Yes, there are security issues regarding this info going over the air, just as your username and PW would go over the air.
With a matching hash (use a look up table in WP, super easy), there are methods in WP to force a user log-in (done that, could dig out code helpers from my archives).
Issue : Need to hook PW change to hash generation / update. There are user change hooks in WP, very solvable.
Good to know : Almost every aspect of user management, including permission and groups, are available via the WP API/framework. It is possible (although not easy) to put a change PW on the iOS app that will update WP and much more.
Hope I helped you along, the messages are a little confusing.
Related
I am building an e-commerce website with WordPress.
And I have list of emails and names.
My website need to be accessed only by people with those emails when they click on a link on another custom website which is not built with WordPress.
What I want is, when clients click the link to my WordPress website, they automatically get logged in in WordPress and they start right away shopping.
Please how can I achieve this?
The solution I thought of is to pass email as parameters in the URL.
Then in WordPress I will create a new user with the passed email and I will log the user in then I will redirect the user to the home page.
Is this a good solution?
Try this, called Single Sign On or SSO. You would essentially be bypassing WordPress' authentication methods and use those from a 3rd party. WordPress needs a local user of some kind for normal operations to work (the user_can() function for example.)
So the general gist would be something like this - Send any request for authentication to a 3rd party who will yay or nay and return some data about the user - if yay, check if there is a WordPress user that represents the authenticated user. If not, create one and add any meta data you might need from the third party. - these WordPress users are like placeholders and every time you successfully authenticate, you update the meta data of the WordPress user to keep things in sync.
This is how OneLogin does it and you can poke around their WordPress plugin to get a sense of how it works.
https://wordpress.org/plugins/onelogin-saml-sso/
Or You can refer this also.
http://carlofontanos.com/auto-login-to-wordpress-from-another-website/
I'm developing a moodle site where I have to use an external service for authenticating users. This SSO service should be the only form of authentication.
The provider of the external service requires me to do use their login form on their server so I have to disable the moodle login form.
I have looked at the various authentication plugins but none of them seems to do exactly what I need them to do.
Thus far I think this is what I'm going to do:
Change the login/index.php file so it does nothing but redirect the user to the external login form.
The SSO service heads back to a new page on my Moodle server that confirms the credentials supplied.
All relevant user data is collected from a SOAP webservice connected to the SSO service.
If the (unique) username provided by the SSO service exists in the mdl_users table the row is updated with the relevant user data.
If the username does not exist a new user is generated automatically
The user is then logged in to the Moodle site and headed to their front page.
This is my first time working with Moodle so I have a few questions:
How can I create a new user automatically? Is it enough just to add a new entry to mdl_users?
How do I sign a user in?
Can I make this sort of functionality as an authentication plugin or do I need to make a hack in the login/index.php file?
How do I disable the no longer needed parts of Moodle's own user management (i.e. password reset, user info fields that are collected from the SOAP service etc.)?
I really hope you can help me :)
Call create_user_record() (line 4008 of lib/moodlelib.php in master branch). This does the insert into mdl_user but also performs a bunch of checks and calls other functions to take care of dependencies, event triggers and so on. This function is called automatically by authenticate_user_login() (see below) if the user being authenticated doesn't already exist.
This involves calling authenticate_user_login() (line 4378 of lib/moodlelib.php) followed by complete_user_login() (line 4577 of lib/moodlelib.php).
This can all be achieved by creating an authentication plugin, and you should be able to find everything you need to know at https://docs.moodle.org/dev/Authentication_plugins, including links to example code and a suggested template.
You can lock user profile fields via your auth plugin and you can actually set a custom/external password reset page via the admin interface at /admin/settings.php?section=manageauths.
Hope this helps.
Hi I want to create a wordpress connect for our codeigniter site , and connect our own wordpress site.I was create a login page and done all wordpress authentication successfully.But I need
`If I am already logged into Wordpress and then go to the codeigniter site , I should see the "Welcome Admin" in the upper right to indicate that I am logged in`.
But I cant take the authentication details from wordpress site.is it possible to get login details from wordpress ?Any one please help me
What you are looking for is a Single Sign On solution. Signing into either of the sites will allow you to be signed into the other.
To accomplish this, you might have to re-organize how people log in. You have 2 options:
1) The more secure way would be to have ONE source for logins. Then, implement an oAuth type solution so that if a person visits the other source and tries to login, they are redirected to the main source...login...and then they are sent back to where they originally tried to login. I've done this a couple times with the oAuth plugin for wordpress and writing custom code in my other site (which was CakePHP...but it shouldn't matter).
2) Another way would be to write a custom plugin that when a person logs in with codeigniter, they are manually logged in in the background to wordpress. Not nearly as secure...but if your site doesn't have a need for decent security it might be an option. Here your issue is that you won't know the WP password in order to do proper authentication.
I am writing an application in CodeIgniter and I have concluded that it's best to write two applications. One for back office and one for client use.
I would like to have just one login screen. It will be in the back office application but if a client user logs in then I want to redirect to the client app and create a session there. The database user table stores the user type i.e. client or admin.
I have come up with the following solution. As I want to this the correct way I said i'd run it by you guys to see what ye think.
User logs into admin CI app.
Admin CI app verifies user and determines type. If admin then go ahead and create session etc.
If the user is a client then MD5(user_ip+timestamp OR make a secure token some other way) and store in a token field (user_table) in DB.
redirect the user to the client admin via a login page. The paramters would be the token and username. The login function would then go to that user in the database and verify the token.
On successful authorization of token the CI client app would start a session and let the user in.
This seems like a very long winded method. Ideally there would be a way to start a session for one CI app from another?
Any ideas?
Thanks.
Once you've verified admin or client, I would use the CodeIgniter session class with the ci_sessions table in your database.
http://codeigniter.com/user_guide/libraries/sessions.html
Then to distinguish users from client or employee add a variable to the session.
$this->session->set_userdata('user_type', 'client');
Then just use that if ever you need it.
I would go about making 2 applications under HMVC (Hierarchical-Model-View-Controller) framework.
HMVC CodeIgniter Tutorial
Then you can go about using same sessions under multiple applications, as well as use the same models for user management, etc..
HMVC helps you modularize your applications, thus if you want to add more applications in the future, you can easily do that, passing over same sessions and such.
I answered your question in a bigger scope, one central login with 2 apps, best should be done with HMVC.
:)
Might wanna check out BackEndPro for CodeIgniter, could save you a lot of time.
Includes:
User Authentication with registration & account activation
User Permissions by using ACL (Access Control Lists)
Admin GUI backend for editing Site-wide Preferences
Built on Matchbox (for Modular development)
Asset Library (optimize, cache, and load JS & CSS)
ReCAPTCHA
Status messages (info/success/warning/error messages for the user)
I'm building a website and I've decided to use wordpress for the totally public parts (e.g. the blog, about us, etc.), but I still want to have a separate area for registered users of the website that would contain user specific info and options (like chat). My PHP knowledge is limited, but I can learn how to code login scripts etc. if I need to.
My real question is, can I use the registration and login functionality that is built in to wordpress, or will I need to create my own login DB and scripts so that I can have this user specific content?
Of course you can use build-in login functionality! The required function is is_user_logged_in().
Additionally, you can install any of chat plug-in.
Edited: to retrieve user profile data -> get_profile()