Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
I need to redirect authenticated users from Wordpress site #1 to Wordpress site #2, and have them be already authenticated for site #2 when they land there. IOW, I don't want them to have to authenticate twice just because I've relocated their app from #1 to #2.
The Wordpress user tables will be replicated between the 2 sites, which may or may not be within the same domain.
Any ideas on how to accomplish this? (I can write Wordpress plugins)
I don't know enough about wordpress to answer definitively, but it is possible to use OpenID in an SSO (single sign-on) model wherein one of your wordpress sites (say WP1) acts as an openid provider for WP2. Once the user agrees to share their credentials with WP2 they should be logged in automatically. This is the method of authentication stack exchange uses; if you are logged in on stackexchange.com you will be automatically logged in on any of their other sites provided you have an account.
Janrain provides a library for php OpenId which I've heard good things about, personally (although I've never used it, but I have used OpenID with C#).
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 months ago.
Improve this question
I am building a desktop application that will have a settings screen in web. If the user click on the settings button it shall open laravel web application and shall authenticate automatically. So I need a deeplink to login directly into the application and redirect user to settings page.
Is there any way to solve this scenario with laravel Auth or any further suggestions?
I guess that for deep link you mean "very long and difficult to guess url".
I suggest you to manage the access using an authentication token (is generally used for API, but also "remember me" functionality use a token stored in cookie) and make it possible to configure the token in the desktop application.
this allow you to:
disable a token at any time
create different tokens for different users
much better security compared to hidden url
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I am almost a total newbie to Wordpress.
I want to create a website where users can register themselves using either their Email ID or their Google, Facebook and similar accounts.
As I understand WP upon installation provides certain pre-defined users as explained here. Again as I understand these roles are meant for users who will specifically log in from the backend of the WP CMS to carry out stuff as per their roles.
But then again these are the pre defined users of WP. I want a surfer to be able to register on the website and add posts on their own.
Questions
Is this at all possible in WP?
If so how? Coding or using extending the basic functionality of WP extensions or plugins?
Can the user (not any of the reserved users) then create and publish a post on their own?
Can you refer some resources where the basic WP capabilities can be explored?
I hope my questions are clear
Thanks once again!
Check out this blog article on this very topic.
http://www.smashingmagazine.com/2012/05/29/login-wordpress-using-social-network/
Basically you are wanting Social logins. You can search wordpress.org for plugins to make this easier for you to implement. Basically you would download the desired plugin , install it and test it. (plugins have instillation instructions inside them usually in a text file.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
I was wondered what is the best way (and maybe the more secure) to organize the admin area.
First, what I mean by administration area, it is to manage the site itself (manage user, manage the cache, manage news, ...).
Currently, I have a User table, so that users can log into their member's area.
So is it better to use the same table, and add a user with special rights (administrator) or create another table only for administrators?
It also means having to manage multiple identities on the site (Member, Administrator).
What is the best way to proceed in Zend?
Imo... It would be better to use the same user table for authentication with a column to specify a role (ie user, admin etc).
Zend Framework has a built in authorization to log users in and built in ACL (access controll list) to allow users access to modules, controllers and actions based on their role.
There are lots of working examples on the web including the Zend framework docs.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I found that many sites using sub-domain to handle login. one of them is msn.com. Can anyone explain what is the purpose and advantage of using sub-domain to handle login. Appreciate for any reply.
Answers may vary.
One possible reason is that when you forward someone to a login sub-domain, since a lot of websites are using SSL these days (https), there is a good chance that they'll buy an SSL certificate that specifically articulates to that particular login sub-domain.
Another reason is that the login sub-domain could act as a login handler for multiple referring sub-domains across the spectrum of the entire domain in general. For example, (and to get very technical too) a given website located at meta.example.com could forward to login.example.com/?ref=meta, which would be the location of the login handling, which takes in the referring sub-domain and sets a cookie for that referring sub-domain.
But, again, answers may vary. Perhaps this isn't the best StackExchange sub-site for this question.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
I've built a website that authenticates users via facebook.
The way I've set it up is like this: The website uses the facebook JS SDK on the front end, and when the user authenticates with facebook their access_token is sent to my server via an ajax call (using HTTPS for security) - where the graph api is queried and their session is initiated server-side (Using a database for secure session storage of user data).
Can anyone think of any potential problems this approach might lead to? Thanks!
This is a very common scenario. The only issue is that unless you request offline_access that token you get is only valid for an hour.