I was working on a site of Cakephp which was successfully delivered.But recently Client again appered and asked me to put the Wordpress blog in it,to cover up the Blogging thing in his site.He wants to share the authentication between the Cakephp and WP.Whoever registers in his site,then Logins in it and if he clicks on the Blog Tab,he must be redirected to the WP blog with the session still there.After some googling I have installed it in /app/webroot/blog folder but I am not able to edit the .htaccess file.
Please help me in the right direction,that how to share the authentication betwenn Cake Php and Wordpress, and the second one how to customize the .htaccess file so that URL's look good.
Thanks in advance..!
Here is one way of doing it. In CakePHP you can have access to multiple databases. Why not configure cake to have access to WP and use their login on the entire website? You can link the user information to the ID in the WP database and tie it to the content in the CakePHP specific database. Since you are using CakePHP, this should actually be quite simple too.
Related
I've an external app that is using Xenforo 2 session data to determine who is currently logged into my forums. This works fine as I'm able to do a lot of stuff in my app (like creating a thread, making a post etc) and then have it reflected in my forums as well.
But the only thing missing is the theme. I was wondering if that can somehow be used in my external app as well so that when a user redirects from the forums to my app, he doesn't notice the change.
This is for Xenforo v2 btw.
I programmed a Backend for an app. In the Backend is of course the login/registration endpoint.
The problem is that my client had the new idea of synchronizing his Wordpress Blog with the app. And now he wants that when an user registers himself in the App, then he can log in the Wordpress and when an user registers himself in the Wordpress Blog, he can log in the App.
My problem is that I'm not specialized either in Wordpress nor in PHP. I was watching the wp-login.php file, but didn't find a good result.
I'm thinking of using the Backend Endpoint with Wordpress, I can guess that Wordpress could work as a client. Then I could use the same Login-Backend-Function with the App and with Wordpress and it should work.
I was reading this kind of post in Internet, but is not that way, I don't want to register an user in Wordpress from the app, but the other way, I would like to register an user in the App or in Wordpress and log him in the App or Wordpress, but using the Django Endpoints of the Backend.
I did't think that it would be so complicated.
Maybe someone already tried something like that and can say me how I should program it.
I continued searching in Internet and found this post.
Then, I easy changed the do_register_user function of the second page of the post the way I needed.
I have a Moodle(3.0) website and a WordPress blog (3.5.4). I need to implement SSO between these two.
Here is the basic idea why I want to do it:
Some of the courses in Moodle contain external content (load a page with resources in iframe). At the bottom of the iframe page, that is loaded there is a bbPress embedded (Forum plugin for WordPress).
I need the SSO, so when user logs in his moodle account and choose to view certain resource to be able to participate in the forum topic under the resource without the need of login again.
I've read Authenticate Users From Moodle Into WordPress, and tried to configure External database Authentication Method in Moodle, but so far no luck.
I've found an WordPress plugin Edwiser Bridge, but it makes quite the opposite (integrates Moodle within WordPress) - which is of no use to my particular case.
I will much appreciate every help I can get. Thanks
I ended up building an API, which makes the handshake between Moodle and Wordpress.
I've modified the moodle/login/index.php page and wp-login.php to send requests to the API when logging in.
Every time someone logs in either platform a request is being sent to the API. It tries to log the user programmatically and start a session cookie for the user. (if the username and password match in the db).
When user is being registered the user data is stored in both databases (Moodle and Wordpress).
NOTE: This is not exactly SSO, but it solved my problem and its working.
Background on what I am trying to accomplish... Currently I have created a mini CMS on top of Codeigniter to edit some database stuff for a web app. Right now it is not password protected, since it is still being developed. I want to integrate this into my WordPress installation so that my client does not have to log into the CMS and WordPress.
Where I am so far is:
I have created a custom WP admin_menu (via add_menu_page)
I have the CMS visible/working in an iframe of the admin menu tab.
What I need to do now is only allow access to these CMS pages if the user is authenticated as a WordPress admin.
In case you are wondering my directory structure:
/ (Codeigniter installed on root)
/blog/ (WordPress Install)
/blog/cms/ (CMS that is talking to Codeigniter)
Thank you in advance!
Update: Since it hasn't been answered in the answers yet, I need to know how to execute WordPress functions outside of the WordPress system.
you probably want to use WordPress's current_user_can() function to confirm the user has at least one capability normally associated with an Admin user, or is a member of the Administrator role.
According to that codex page, this should work to test for an administrator based on role, although I'm not in a position to confirm this sorry. I've certainly used this method in the past to verify user has a given capability.
<?php current_user_can( 'Administrator' ); ?>
EDIT: To authenticate users from a different site to WP, using WP credentials, this answer over on Wordpress.stackexchange describes how to use WP's built in XMLRPC service. The answer is written in the context of authenticating from a servlet, but cOnsumption of the WP XMLRPC service could be implemented in eg JavaScript at the client (rather than between your sites' two separate backends) so might be more useful in your scenario.
The answer includes a pre-written plugin to handle the specific auth request from your remote client at the WP server... But note the comments below the question regarding use of a token instead of passing the creds over the wire (research "nonce" if you're not already familiar with these... WP can created these for you).
I've figured this out. Code below:
define('WP_USE_THEMES', false);
require('../wp-blog-header.php');
if(!is_user_logged_in())
{
exit('You do not have access');
}
thanks for reading! Here's what I'm up to.
I'm writing a WordPress plugin that makes use of the PHP SDK (latest version 3.1.1) that Facebook provides. My application is registered with Facebook as a website because it infact acts like a website, even though it's embedded in WordPress.
This SDK comes with an example.php that is very straightforward and easy to understand. If I put this file on my server, it just works. I made sure that the certificate file and the SDK files are in the right place and accessible by the script.
However, if I do the exact same thing from within a WordPress plugin (from the admin page of the plugin), the Facebook backend won't return the user id but will always return 0 instead. The problem with FB returning 0 is pretty common, but the reasons for it seem to vary a lot.
I have to mention that this behavior wasn't always like this. It began just a few weeks ago. I'm suspecting that the FB backend somehow checks for indirect API calls and that calling it from within a WordPress plugin seems to violate FBs auth rules in some way (CSRF issue?). But I'm not sure.
Has anybody got a clue what's going on here?
Here's my guess:
Facebook will not be able to access the backend of your WordPress blog since it requires authentication. So the example.php code will not be visible to it from a WordPress admin panel.
When served raw on your server, there are no such access controls and Facebook is able to reach the page.
If this is the case, my suggestion would be to turn this into a non-admin plugin, perhaps by adding a rewrite rule using the WP_Rewrite class.