发表新帖
发表新帖

automatic login to wordpress dashboard from another site

前端 未结
关注
2 1085
你的背包
你的背包 2020-12-15 01:53

I want to log in automatically to WP admin/dashboard from another site without going thru the login process.. I\'ve tried the following but with no luck:

<
相关标签:
2条回答
  • 北荒
    2020-12-15 02:51

    Try This complete code it working 100% First Website : http://firstwebsite.com and Second Website : http://secondwebsite.com

    Now, first of all create a link on your first website, on which we want to click to go to our second website as a logged in user. So, in your first website create a link at your desired place as mentioned below :

    <?php   global $current_user;
$second_website_url = 'http://secondwebsite.com'; // put your second website url
$user_email = $current_user->user_email;
$user_login = $current_user->user_login;
if($user_email != ''){

$email_encoded = rtrim(strtr(base64_encode($user_email), '+/', '-_'), '='); 
$user_login_encoded = rtrim(strtr(base64_encode($user_login), '+/', '-_'), '='); 
echo '<a href="'.$second_website_url.'/sso.php? 
key='.$email_encoded.'&detail='.$user_login_encoded.'" target="_blank">Link to 
second website</a>';
}?>

    Now, open our second website and create a new php file and name it as “sso.php”. Place this file at your root installation and just copy paste the below mentioned code in this file :

    <?php

require_once( 'wp-load.php' ); //put correct absolute path for this file


global $wpdb;

if(isset($_GET['key']) && !empty($_GET['key'])){

$email_decoded = base64_decode(strtr($_GET['key'], '-_', '+/'));   
$username_decoded = base64_decode(strtr($_GET['detail'], '-_', '+/')); 

$received_email = sanitize_text_field($email_decoded);
$received_username = sanitize_text_field($username_decoded);


if( email_exists( $received_email )) {

        //get the user id for the user record exists for received email from database 
        $user_id = $wpdb->get_var($wpdb->prepare("SELECT * FROM ".$wpdb->users." WHERE user_email = %s", $received_email ) );

        wp_set_auth_cookie( $user_id); //login the previously exist user

        wp_redirect(site_url()); // put the url where you want to redirect user after logged in

}else {

        //register those user whose mail id does not exists in database 

        if(username_exists( $received_username )){

            //if username coming from first site exists in our database for any other user,
            //then the email id will be set as username
            $userdata = array(
            'user_login'  =>  $received_email,
            'user_email'  =>  $received_email, 
            'user_pass'   =>  $received_username,   // password will be username always
            'first_name'  =>  $received_username,  // first name will be username
            'role'        =>  'subscriber'     //register the user with subscriber role only
        );

        }else {

            $userdata = array(
            'user_login'  =>  $received_username,
            'user_email'  =>  $received_email, 
            'user_pass'   =>  $received_username,   // password will be username always
            'first_name'  =>  $received_username,  // first name will be username
            'role'        =>  'subscriber'     //register the user with subscriber role only
        );

        }


        $user_id = wp_insert_user( $userdata ) ; // adding user to the database

        //On success
        if ( ! is_wp_error( $user_id ) ) {
             
            wp_set_auth_cookie( $user_id); //login that newly created user
            wp_redirect(site_url()); // put the url where you want to redirect user after logged in

        }else{

            echo "There may be a mismatch of email/username with the existing record.
                  Check the users with your current email/username or try with any other account.";die;
        }


}

 die;

 } ?>
    0 讨论(0)
  • 野趣味
    2020-12-15 02:54

    If you have access to the files of the website where you trying to login. You could add a auto login php script and $_POST the username and password to this script, example:

    if ($_POST) {

    $errors = array();

    $username = esc_sql($_REQUEST['username']);
    $password = esc_sql($_REQUEST['password']);
    $remember = esc_sql($_REQUEST['rememberme']);
    $remember = ($remember) ? "true" : "false";

    $login_data = array();
    $login_data['user_login'] = $username;
    $login_data['user_password'] = $password;
    $login_data['remember'] = $remember;
    $user_verify = wp_signon($login_data, true);

    if (is_wp_error($user_verify)) {
        $errors[] = 'Invalid username or password. Please try again!';
    } else {
        wp_set_auth_cookie($user_verify->ID);
        wp_redirect(admin_url());
        exit;
    }

}

    Wordpress codex references:

    • Login function: http://codex.wordpress.org/Function_Reference/wp_signon
    • Set cookie for admin login http://codex.wordpress.org/Function_Reference/wp_set_auth_cookie
    • Get the admin page url: http://codex.wordpress.org/Function_Reference/admin_url

    Hope it helps.

    Edit: $wpdb->escape is deprecated since Wordpress version 3.6, use wpdb::prepare() or esc_sql() instead! I've changed the code to use esc_sql().

    • esc_sql(): http://codex.wordpress.org/Function_Reference/esc_sql
    0 讨论(0)
 看不清?
提交回复
热议问题