I have a wordpress site, and I want to put a link on that site so that users are redirected to another PHP site.
But here the problem is that the other php site uses authentication, i.e. users need to give username and password before they can enter.
I want to develop a link that users can simply click on and get to the other site directly.
I can give the username and password for the php site, but the requirement is that the user users are not asked for username and password.
you have to make a new php file(in the 'php site') that assign the session variable to the linked users, and then it redirect them to the main page of the 'php site'
U have to write an authentication function on the other php site.. when the user clicks on the link of the wordpress site redirect him to that authentication function, along with his credentials, where the users will get logged in automatically and get redirected to your php site.
if i get you right, i think the best way is to generate the link in wordpress site with a parameter : http://www.linktophpsite.com/?autologin=true
Then at php site you could get the element and if it is set to true, you can log the user to your site. If you want single sign-on on both sites, that's totally different. I recommend you to read articles about single sgn-on on php
If you have no control over the target site, then your options are very limited. You can't just provide access to material that requires login credentials without providing those login credentials.
Your best, and most secure, bet is to include the target site's login fields directly from their site in an iframe. The user logs into the other site, you track the iframe onload event to see that it changed, and then redirect the user to the page in question. This is better because it keeps you from handling the login details directly on your site.
I cannot guarantee that this works as simple as that, I haven't tried it and this page seems to indicate that at least some of the possibilities with cross-domain iframes are no longer relevant with modern browsers (I didn't read the page in detail, just trying to give a starting point).
Related
I'm trying to make something like this:
Basically, I have one site (the main site) where people authenticate and create accounts. Their data is sent to a MySQL database.
On the other side, there’s another site. That site needs the users username (because I’d like to show it) and if they are not logged into their account on the first site, I want the second site to redirect them to the first site where they eventually create and account or login.
I’m also going to give an example where this is used. Let’s take Microsoft, they have their Microsoft accounts and a login page, and other services such as azure and office. They all use Microsoft’s original login without them needing to login each time they open that service, nor even the first time if they are already logged into their Microsoft account.
(I have the main site coded in PHP)
Could you maybe help?
You can use session variable.
In your main site you can save login in a variable like $_SESSION['user_auth_ok']
In every page of both websites you can use:
<?php
session_start();
if (!isset($_SESSION['user_auth_ok'])) {
header("Location: main-site/login.php");
}
So, everytime a not authenticate user try to access a reserved page will redirect to main site login page.
Brace yourselves, this can get a little confusing. I have a wordpress website which currently directs users after logging in to their user dashboard. That functions exactly as we want it too on desktop and mobile/tablet devices.
Our website consists of different sections of course, to list a few examples we have 'Celeb News', 'Videos', 'Images', etc. Our website does not require logging in for any reason other than to 'Submit' content and have a 'Profile'.
Here's the DILEMMA. We have a Android app that is a wrapper of our website. In our APP we would like to force people to login in order to use the APP. We have limited functions in the platform we are creating this app with.
Here is how our URL structure is setup:
/wp-login.php
/wp-login.php?action=register
We want to be able to setup approx 5 different URLS that will direct the user to the desired page after logging in. I'm not a coder and the code I'm about to place below is wrong but I'm doing it for visual reasons for everyone to understand me better. We are looking for something like this:
https://example.com/wp-login.php?action=redirect_to"/index.php"
https://example.com/wp-login.php?action=redirect_to"/category/hottest/"
So we can place these links direclty on the buttons. When a user wants to access these sections on the app, they are asked to login. Once they login they are directed to the specified page or section. We also have cookies enabled in our login plugin so that if a user has logged in it will remember, we have our app setup so it can save these cookies to the devices. So we want the links to redirect the user to the desired page via the url if they are already logged in as well as the links on the buttons will be permanent.
Any help would be great!
All righty, so why not use the already built-in WordPress redirect, then?
If you build your login urls with the "redirect_to" parameter, the user should be automatically redirected once they have logged-in:
https://example.com/wp-login.php?redirect_to=%2Findex%2Ephp
Notice that you will have to url-encode the redirect value. How you do that, exactly, will depend on the language you are using, etc...
But basically, as soon as the user successfully logs in, in this case, she will be redirected to /index.php
Hope that helps!
Hi I want to create a wordpress connect for our codeigniter site , and connect our own wordpress site.I was create a login page and done all wordpress authentication successfully.But I need
`If I am already logged into Wordpress and then go to the codeigniter site , I should see the "Welcome Admin" in the upper right to indicate that I am logged in`.
But I cant take the authentication details from wordpress site.is it possible to get login details from wordpress ?Any one please help me
What you are looking for is a Single Sign On solution. Signing into either of the sites will allow you to be signed into the other.
To accomplish this, you might have to re-organize how people log in. You have 2 options:
1) The more secure way would be to have ONE source for logins. Then, implement an oAuth type solution so that if a person visits the other source and tries to login, they are redirected to the main source...login...and then they are sent back to where they originally tried to login. I've done this a couple times with the oAuth plugin for wordpress and writing custom code in my other site (which was CakePHP...but it shouldn't matter).
2) Another way would be to write a custom plugin that when a person logs in with codeigniter, they are manually logged in in the background to wordpress. Not nearly as secure...but if your site doesn't have a need for decent security it might be an option. Here your issue is that you won't know the WP password in order to do proper authentication.
I am going through a discussion and I need to know if we can have users operate on a Facebook Page tab application without logging into Facebook? I don't want any user info, I don't need to know if they liked it or not. I just want them to be able to use my iFrame App without having to log into Facebook.
For eg: Log out of Facebook and go to this page: https://www.facebook.com/nissancanada/app_331500170235929. You can still work on it without having to log into Facebook. So, can I have a similar page for forms and submit options without having the user to log into Facebook?
PS: Don't ask what's the point of having this etc. It is a long thought idea. Just trying to find something on this.
yes you can (just like in the link you passed)... you don't need to do anything special... just don't ask for login and it will work.
though for some pages the properties of the page might prevent access to the page without active login so it is not depends on the application
There is a portal that a company's users are familiar with, and we will put a link to login to a different portal on a different machine. This process would not require username/password check, just hitting the link will log them in.
How can this two delivered in secured way? We don't want that anyone with the link to be able to log in, how can we make this to work between the two platforms?
I'm presuming the two portals aren't able to share sessions/cookies. If they are you can just use those to keep track of who is logged in where.
In the situation where that's not possible, you could use an authentication API, which you could query to see if a given user_id is logged in on that portal. This could be a very simple API which returns a yes or no, or you could develop it to be more complex.
Additionally keep in mind that there are Open Source choices out there. Open ID is a system that stackoverflow uses, for example.
Easiest method would be script on main site, that waits for session ID in POST/GET input, if session exists, it outputs user name. The new site server, when user comes in, reads in cookie with session ID, sends a request to main site server script and asks if session ID exists, if exists, uses that user name, for new site server.