I have been looking for a way to authenticate users without having to load up WordPress every time. To put it simply, I am generating apps that don't make use of web kits of any kind so when WordPress sends out the WordPress_logged_in cookie I store that cookie as a string and I manually send it back to my website.
On the one end I am using WordPress as a normal website and I write plugins that interface with the WordPress tables and with my custom tables. All that is pretty standard... but I also want to access the database directly to be used by real time apps that could call the database at any time for whatever reason and obviously you don't want to load up WordPress every time you want to do something that has nothing to do with the website...
I managed to figure out how to authenticate a user login using username and password without having to load WordPress but that will generate the cookie and that is what I want to use from there on out. I absolutely do not want to send the username and password for every single action I perform on the database either so I need to know how to validate the WordPress_logged_in cookie without actually loading up WordPress.
Over here I managed to find the perfect solution to my problem! It's 100% perfect for my needs! Is there a way to use the Wordpress users but without loading the entire Wordpress core?
To sum it up briefly: Log in using WordPress, as normal, then generate your own cookie and use THAT to authenticate a user. IF that cookie pans out then you know the user has already gone through WordPress to authenticate himself so just go ahead and use that user... Unfortunately that post leaves me with one question that I cannot answer....
It says to use (If this is your cookie):
key: wordpress_logged_in_1234567890abcdef1234567890abcdef
value: admin|1234567890|abcdef1234567890abcdef1234567890
to generate your cookie value like so:
$key = ... // the key from the WP cookie
$value = ... // the value from the WP cookie
$hash = hash_hmac ( 'md5' , $key.$value , 'some secret key' );
This all makes perfect sense in terms of how I will use this later to authenticate my cookie MYCOOKIE against the wordpress_logged_in cookie but the part that I don't get is HOW do I actually get the $key and $value values that I use when I generate my cookie.
WordPress will generate a cookie name with a hash value appended to it and will send that out immediately. If this were a normal web page then I would be ableto get the value from the _COOKIE array later on but I need that cookie name and value NOW, as in directly after it was generated so that I can generate my companion cookie to be sent along with it... is there a filter or function or something I can call that will tell me the name and value of the cookie that was just set?
Thanks
I have been looking for a way to authenticate users without having to load up WordPress every time. To put it simply, I am generating apps that don't make use of web kits of any kind so when WordPress sends out the WordPress_logged_in cookie I store that cookie as a string and I manually send it back to my website.
On the one end I am using WordPress as a normal website and I write plugins that interface with the WordPress tables and with my custom tables. All that is pretty standard... but I also want to access the database directly to be used by real time apps that could call the database at any time for whatever reason and obviously you don't want to load up WordPress every time you want to do something that has nothing to do with the website...
I managed to figure out how to authenticate a user login using username and password without having to load WordPress but that will generate the cookie and that is what I want to use from there on out. I absolutely do not want to send the username and password for every single action I perform on the database either so I need to know how to validate the WordPress_logged_in cookie without actually loading up WordPress.
Over here I managed to find the perfect solution to my problem! It's 100% perfect for my needs! Is there a way to use the Wordpress users but without loading the entire Wordpress core?
To sum it up briefly: Log in using WordPress, as normal, then generate your own cookie and use THAT to authenticate a user. IF that cookie pans out then you know the user has already gone through WordPress to authenticate himself so just go ahead and use that user... Unfortunately that post leaves me with one question that I cannot answer....
It says to use (If this is your cookie):
key: wordpress_logged_in_1234567890abcdef1234567890abcdef
value: admin|1234567890|abcdef1234567890abcdef1234567890
to generate your cookie value like so:
$key = ... // the key from the WP cookie
$value = ... // the value from the WP cookie
$hash = hash_hmac ( 'md5' , $key.$value , 'some secret key' );
This all makes perfect sense in terms of how I will use this later to authenticate my cookie MYCOOKIE against the wordpress_logged_in cookie but the part that I don't get is HOW do I actually get the $key and $value values that I use when I generate my cookie.
WordPress will generate a cookie name with a hash value appended to it and will send that out immediately. If this were a normal web page then I would be ableto get the value from the _COOKIE array later on but I need that cookie name and value NOW, as in directly after it was generated so that I can generate my companion cookie to be sent along with it... is there a filter or function or something I can call that will tell me the name and value of the cookie that was just set?
Thanks
I can't believe I actually managed to find this answer on my own!!! :D
In case anyone else is ever curious about this:
The name of the cookie is defined in the constant LOGGED_IN_COOKIE To get the value thereof just setup an action like so:
add_action( 'set_logged_in_cookie', 'action_set_logged_in_cookie', 10, 5 );
function action_set_logged_in_cookie( $logged_in_cookie, $expire, $expiration, $user_id, $logged_in )
$logged_in_cookie is the value. Thus to answer my question I have to do:
$hash = hash_hmac ( 'md5' , LOGGED_IN_COOKIE . $logged_in_cookie , 'some secret key' );