Calling wp_signon doesn’t log the user in
You need to make sure that your code is executed before auth_redirect() is called. In simple words, you need to hook the whole function using setup_theme action. It worked in my case.
You need to make sure that your code is executed before auth_redirect() is called. In simple words, you need to hook the whole function using setup_theme action. It worked in my case.
WordPress REST API “rest_authentication_errors” doesn’t work external queries?
By removing the ADMIN SSL login in wp-config.php, I solved this. So, remove this: define(‘FORCE_SSL_ADMIN’, true); Read more about this feature here
Take a look at what wp_parse_auth_cookie() does. You can easily duplicate that given the fact that you have all the Cookie constants available. Still, I’d highly advise against that. In your case, I’d try to integrate as far with WordPress as I can to avoid duplicating an authentication mechanism. You can always use any custom … Read more
Trust me, don’t DIY this. Cryptography is not for the faint of heart. Use the Google Authenticator plugin. It’s awesome.
Sounds like a server configuration problem, not a WordPress thing. You said you were using Rackspace? I don’t have personal experience with Rackspace but it appears that they have some known issues with the default PHP mail() function. See: http://feedback.rackspace.com/forums/71021-product-feedback/suggestions/1873281-fully-support-php-mail-function- http://www.joshuawinn.com/huge-email-delays-on-rackspace-cloud-sites-dont-use-php-mail/ The primary issue is that sending straight through mail() doesn’t authenticate the sender, using … Read more
Here’s the full working code, put it in functions.php: add_action(‘login_form’,’my_added_login_field’); function my_added_login_field(){ ?> <p> <label for=”my_extra_field”>I agree to the terms<br /> <input type=”checkbox” value=”1″ class=”input” id=”my_extra_field” name=”my_extra_field_name”/></label> </p> <?php } function check_checkbox($user, $password) { if( !isset($_POST[‘my_extra_field_name’]) ) { remove_action(‘authenticate’, ‘wp_authenticate_username_password’, 20); $user = new WP_Error( ‘denied’, __(“<strong>ERROR</strong>: Please agree to our terms.”) ); } return … Read more
The problem is that you’re not using the correct name for the REST API nonce header — the correct name is X-WP-Nonce, but you used X-WP-Header: fetch(‘http://localhost/wptest2/?rest_route=/wp/v2/users/me’, { method : ‘get’, mode : ‘cors’, headers : { ‘Access-Control-Allow-Origin’ : ‘*’, ‘X-WP-Header’ : _wpnonce // here you used the wrong name } }) Reference from the … Read more
I’ve created a reduced test case that demonstrates that what you want to do is achievable: add_action( ‘rest_api_init’, function() { register_rest_route( ‘wpse/343039’, ‘route’, [ ‘methods’ => [ ‘POST’ ], ‘permission_callback’ => function( WP_REST_Request $request ) { if ( ‘1’ == $request->get_param( ‘param’ ) ) { return true; } else { return false; } }, ‘callback’ … Read more
I would just hook into determine_current_user filter and check HTTP basic auth data to return the user. Maybe, just maybe, I would allow only specific user to be logged via HTTP auth. That could be done, for example, by setting an user option. The code could look like something like this (tested by OP): add_filter( … Read more