Just add this at the top of your file: require_once($_SERVER[‘DOCUMENT_ROOT’].’/wp-blog-header.php’); // If you run multisite, you might nees this to prevent 404 error header(‘HTTP/1.1 200 OK’); Note that the file must be in the same folder as your theme. Then you can use is_user_logged_in before executing the rest of the script. If use is not … Read more
Fetching private posts or custom post types via WP-API with basic authentication
I sent it to you on Twitter, but here it is again. I made this little class to help me do XML-RPC faster. abstract class MZAXMLRPC { protected $calls = Array(); protected $namespace = “myxmlrpc”; function __construct($namespace){ $this->namespace = $namespace; $reflector = new ReflectionClass($this); foreach ( $reflector->getMethods(ReflectionMethod::IS_PUBLIC) as $method){ if ($method->isUserDefined() && $method->getDeclaringClass()->name != get_class()){ … Read more
As pointed out in the comments by @kaiser, your question is very similar to this question. In fact, the question itself holds the answer. To disable all feeds add the following code… function itsme_disable_feed() { wp_die( __( ‘No feed available, please visit the <a href=”‘. esc_url( home_url( “https://wordpress.stackexchange.com/” ) ) .'”>homepage</a>!’ ) ); } add_action(‘do_feed’, … Read more
If you will work with sessions, then init this at first in your plugin, theme. add_action( ‘init’, ‘my_start_session’ ); function my_start_session() { if ( session_id() ) return; @session_cache_limiter(‘private, must-revalidate’); //private_no_expire @session_cache_expire(0); @session_start(); } Alternative use the library from Eric Mann: WP Session Manager, also his tutorial.
It finally hit me that javascript would be behind the interim login modal behavior, and that gave me a new direction in my search. I have disabled the new login popups by adding the following to my theme’s functions.php file: // Disable login modals introduced in WordPress 3.6 remove_action( ‘admin_enqueue_scripts’, ‘wp_auth_check_load’ ); If anyone’s interested … Read more
The issue was because I wasn’t generating and sending a nonce value with the request. In order to generate a nonce value. Localize the value of a wp_create_nonce(‘wp_rest’) function call. wp_localize_script(‘application’, ‘api’, array( ‘root’ => esc_url_raw(rest_url()), ‘nonce’ => wp_create_nonce(‘wp_rest’) )); This will then be accessible to the window object of the browser which can be … Read more
There is a function in the user.php of the core files called wp_authenticate_username_password that seems like what you’re looking for. If you want to avoid throwing in the $user object (you probably only have the username + password), then just throw null as 1st function argument in: $check = wp_authenticate_username_password( NULL, ‘some_username’, ‘#thepassw0rd’ ); You … Read more
If I were you, I would look at solutions with Federated Identities. For example OpenID solutions. This link has a lot of examples of implementation on PHP. Advantages: open source, secure protocols, clear documentation
Short answer – Your original function (mostly) works. This is your function edited to do what it needs to do: function automatically_log_me_in( $user_id ) { wp_set_current_user( $user_id ); wp_set_auth_cookie( $user_id ); wp_redirect( home_url( ‘/some-ending-page/’ ) ); exit(); } add_action( ‘user_register’, ‘automatically_log_me_in’ ); Long answer – here is an explanation of why this is the answer. … Read more