I'm trying to authenticate users from my system database into wordpress database. Both databases has the users records, since my registration form in /office/register records users in both databases. I'm using woocommerce api to accomplish that, but this API has no mention how to log users in.
I have 2 systems, both using the same domain, just in different paths. Wordpress with woocommerce (both last release): /store/ My System: /office/
My login form is here: /office/login (use WP login form is not an option in my case)
This is what I had already tried in my login processing and didn't work
require '/var/www/store/wp-includes/user.php';
$credentials = array();
$credentials['user_login'] = $_POST['username'];
$credentials['user_password'] = $_POST['password'];
$credentials['remember'] = true;
$autologin_user = wp_signon( $credentials, is_ssl() );
and
$url_wp = '/store/';
//$postdata = "log=" . $username . "&pwd=" . $password . "&wp-submit=Log%20In&redirect_to=" . $url_wp . "wp-admin/&testcookie=1";
$postdata = "log=" . $username . "&pwd=" . $password . "&wp-submit=Log%20In&redirect_to=" . $url_wp;
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url_wp . "wp-login.php");
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36");
curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 0);
curl_setopt ($ch, CURLOPT_REFERER, $url_wp . "wp-login.php");
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt ($ch, CURLOPT_POST, 1);
$result = curl_exec ($ch);
curl_close($ch);
I'm also using the plugin 'jwt-authentication-for-wp-rest-api', here is the code to get the token (it works just as expected) but again no clue where to send the request with this cookie.
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "/store/wp-json/jwt-auth/v1/token?username=ambro&password=123456789012345",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "",
));
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
// get the token and other data
$wp_api_response = json_decode($response, true);
// $wp_api_response['token'];
// $wp_api_response['user_email'];
// $wp_api_response['user_nicename'];
// $wp_api_response['user_display_name'];
// with the token now we need to send a request to login
// "Authorization: Bearer ".$wp_api_response['token']
// "Authorization: Bearer " . $wp_api_response['user_display_name'].$wp_api_response['token']
// store the token in a cookie
setcookie(
'office_wp_auth',
$wp_api_response['token'], // cookie value
time() + (86400 * 30), // 30 days
'/', // the cookie will be available within the entire domain.
'',
TRUE, // Only send cookie over HTTPS, never unencrypted HTTP
TRUE // Don't expose the cookie to JavaScript
);
The basic idea behind this, my users need a shop to purchase items and the current "shop" is not an full e-commerce application. I'm not looking into plugin development or anything like that, just need my users to be logged with woocommerce store when they pass through their login in the office.
I have no more ideas how to accomplish that, it seems to be a very simple task but I'm failing to see the big picture.
any ideas?
Regards,
I'm trying to authenticate users from my system database into wordpress database. Both databases has the users records, since my registration form in https://domain.tld/office/register records users in both databases. I'm using woocommerce api to accomplish that, but this API has no mention how to log users in.
I have 2 systems, both using the same domain, just in different paths. Wordpress with woocommerce (both last release): https://domain.tld/store/ My System: https://domain.tld/office/
My login form is here: https://domain.tld/office/login (use WP login form is not an option in my case)
This is what I had already tried in my login processing and didn't work
require '/var/www/store/wp-includes/user.php';
$credentials = array();
$credentials['user_login'] = $_POST['username'];
$credentials['user_password'] = $_POST['password'];
$credentials['remember'] = true;
$autologin_user = wp_signon( $credentials, is_ssl() );
and
$url_wp = 'https://domain.tld/store/';
//$postdata = "log=" . $username . "&pwd=" . $password . "&wp-submit=Log%20In&redirect_to=" . $url_wp . "wp-admin/&testcookie=1";
$postdata = "log=" . $username . "&pwd=" . $password . "&wp-submit=Log%20In&redirect_to=" . $url_wp;
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url_wp . "wp-login.php");
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36");
curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 0);
curl_setopt ($ch, CURLOPT_REFERER, $url_wp . "wp-login.php");
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt ($ch, CURLOPT_POST, 1);
$result = curl_exec ($ch);
curl_close($ch);
I'm also using the plugin 'jwt-authentication-for-wp-rest-api', here is the code to get the token (it works just as expected) but again no clue where to send the request with this cookie.
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "https://domain.tld/store/wp-json/jwt-auth/v1/token?username=ambro&password=123456789012345",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "",
));
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
// get the token and other data
$wp_api_response = json_decode($response, true);
// $wp_api_response['token'];
// $wp_api_response['user_email'];
// $wp_api_response['user_nicename'];
// $wp_api_response['user_display_name'];
// with the token now we need to send a request to login
// "Authorization: Bearer ".$wp_api_response['token']
// "Authorization: Bearer " . $wp_api_response['user_display_name'].$wp_api_response['token']
// store the token in a cookie
setcookie(
'office_wp_auth',
$wp_api_response['token'], // cookie value
time() + (86400 * 30), // 30 days
'/', // the cookie will be available within the entire domain.
'',
TRUE, // Only send cookie over HTTPS, never unencrypted HTTP
TRUE // Don't expose the cookie to JavaScript
);
The basic idea behind this, my users need a shop to purchase items and the current "shop" is not an full e-commerce application. I'm not looking into plugin development or anything like that, just need my users to be logged with woocommerce store when they pass through their login in the office.
I have no more ideas how to accomplish that, it seems to be a very simple task but I'm failing to see the big picture.
any ideas?
Regards,
I found a way to do it. I created a new folder under https://domain.tld/store/ and created 2 new files (/store/integra/wp-login.php and /store/integra/wp-auth.php).
wp-login.php
require_once("wp-auth.php");
auth();
wp-auth.php
startit();
function auth()
{
// decode query string
$u = base64_decode($_GET['u']);
$p = base64_decode($_GET['p']);
$r = base64_decode($_GET['r']);
$username = htmlspecialchars($u);
$password = htmlspecialchars($p);
$user = get_user_by('login', $username);
if (!wp_check_password($password, $user->data->user_pass, $user->ID)):
return false;
endif;
wp_set_current_user($user->ID, $username);
if($r == "1")
wp_set_auth_cookie($user->ID, true);
else
wp_set_auth_cookie($user->ID);
if(isset($_SESSION["return_to"])):
$url = $_SESSION["return_to"];
unset($_SESSION["return_to"]);
header("location: $url");
else:
header("location: /Office/home");
endif;
}
function login()
{
if(!is_user_logged_in()):
$_SESSION["return_to"] = $_SERVER['REQUEST_URI'];
header("location: /integra/wp-login.php");
endif;
}
function startit()
{
if(!session_id())
session_start();
define('WP_USE_THEMES', false);
require_once("../wp-load.php");
}
If more pages are required, just follow the same idea, include wp-auth.php and wordpress functions become available.
and that's all, works.
wp-load.phpbut not so sure if it's good practice to rely on this file to log in users.. ideas? – devasia2112 Commented Feb 9, 2019 at 18:36