ReAuth=1 is required when your login Cookies are no longer valid, WordPress will force validation for your browser. if ( $force_reauth ) $login_url = add_query_arg(‘reauth’, ‘1’, $login_url); Add reauth=1 flag to login url when auth_redirect() redirects to wp-login.php after the auth cookie fails validation wp-login.php clears cookies and forces log in if reauth=1. If reauth=1 … Read more
First of all, I would advise against editing the core files as it will be overwritten when you next update WordPress. Also, you should update WordPress, because it will often include security updates. (It’s recently been reported that there has been a spate of attacks on sites using outdated WordPress versions) In order to achieve … Read more
Your problem is that you call wp_logout_url immediately after wp_set_auth_cookie. wp_set_auth_cookie() does some setcookie() calls. Unfortunately setcookie doesn’t make the new value available instantly in the PHP global $_COOKIE. It must be set through a new HTTP Request first. wp_logout_url() (via wp_nonce_url > wp_create_nonce > wp_get_session_token > wp_parse_auth_cookie) fetches $_COOKIE[LOGGED_IN_COOKIE] in order to create a … Read more
“On login, wordpress uses the wordpress_[hash] cookie to store your authentication details. It’s use is limited to the admin console area, /wp-admin/ After login, wordpress sets the wordpress_logged_in_[hash] cookie, which indicates when you’re logged in, and who you are, for most interface use. WordPress also sets a few wp-settings-{time}-[UID] cookies. The number on the end … Read more
This showed up as a notification due to the upvote. Here’s how I solved it. The endpoint coded in the app that I am supposed to authenticate with prepares the token. The token has to be in the specified format. It then should be base 64 encoded and hash encrypted. The wp_init handler should be … Read more
Update: Made a blog post to explain this better 🙂 I was able to do this by WP’s authenticate filter inside a new plugin; most of which is guided by this tutorial by Ben Lobaugh. Major points on the plugin: Make an API call function using cURL (you can get guide codes from Postman upon … Read more
There should be no problem with any normal WordPress-vBulletin bridge which syncs user data between the two platforms. Just make sure that synced users have the default role of “Subscriber”. This allows them to only post comments, and not to create or edit posts.
The variable $interim_login is TRUE when the log-in session of a user expires while she is working in the back end, for example during an auto-save action. In this case a message asking to log in again appears at the bottom of the editor: The same can happen in the theme customizer. The $_REQUEST variable … Read more
This is just a modification of timshutes’ answer – if you want specific pages to require login and don’t want to put them into a custom post type, you can add to functions.php: add_shortcode(‘need_login’, ‘shortcode_needLogin’); function shortcode_needLogin() { if (!is_user_logged_in()) { auth_redirect(); } } And then at the top of the pages you want to … Read more
WordPress already has an API built in via an XMLRPC server. Meaning, you can make an XMLRPC request from your java app and verify a username/password. Unfortunately, there’s no way to just authenticate through it as is. That said, it’s very easy to roll your own. Just hook into xmlrpc_methods, a filter, and add yours. … Read more