WordPress.org

Ready to get started?Download WordPress

Forums

Using WordPress login authentication in external PHP file (9 posts)

  1. Rambomst
    Member
    Posted 1 year ago #

    Hey Guys/Gals,

    I am having issues using WordPress authentication in an external PHP file to validate that the user is in fact an admin rather than someone who isn't meant to have access.

    For some reason I can't even get a basic "is_user_logged_in" check to return any value at all.

    This is the code I using:


    <?php
    require('../wp-blog-header.php');

    if ( is_user_logged_in() )
    {
    echo "test";
    }
    else
    {
    echo "test2";
    }
    ?>

    This is always displaying "test2" and if I echo "is_user_logged_in" it will return nothing at all, not even NULL.

  2. bcworkz
    Member
    Posted 1 year ago #

    If your require wp-admin/admin.php, a login form is presented if the user is not logged in. The rest of the page will not execute until the user is authenticated. You don't need wp-blog-header.php unless you need a template loaded, in which case require template-loader.php instead, as admin.php handles the WP environment loading.

  3. Rambomst
    Member
    Posted 1 year ago #

    Thanks for the reply bcworkz.

    I have changed the code and now it just brings up the login screen every time the page is loaded even if I am already logged in.

  4. bcworkz
    Member
    Posted 1 year ago #

    I should have told you to use require_once(). That should do it for you.

  5. Rambomst
    Member
    Posted 1 year ago #

    That made no difference, could this not work because the php file isn't in the same folder as WordPress? The file is located in a folder down from WordPress. WordPress is located in the top directory and then the php file is in a custom directory "topdir/phpfiledirectory".

  6. bcworkz
    Member
    Posted 1 year ago #

    I wouldn't think so, but haven't actually done that. My similar files are all within the WP structure. The fact you're getting a login screen means it's loading, so maybe there IS something about being outside the WP structure. You might try moving the files as a test, even if it's not possible to permanently move them.

    The only other thing that could cause this is if your browser isn't retrieving cookies for admin.php as it should. Maybe it thinks your files are on a third party site? (If you have that disabled)

    All I can tell you for sure is my files in the plugins folders work as expected and all they do is require_once admin.php. Anything else, your guess is as good (or better) as mine.

  7. bcworkz
    Member
    Posted 1 year ago #

    The thought occurred to that my external files reside in my plugin folder. Activating my plugin may have something to to with the external files working, even though I don't see how WP even knows the files are really there, there is no code reference to them in the main plugin file, reference only via html/template references.

  8. Rambomst
    Member
    Posted 1 year ago #

    I just tested it then and it seems to still do the same behavior even within the correct WordPress structure.

  9. bcworkz
    Member
    Posted 1 year ago #

    Somehow, wp_validate_auth_cookie() is probably always returning false, instead of your user ID. It's in wp-includes/pluggable.php. Time to do some debugging to find out why. Guessing at things to try is getting us no where.

Topic Closed

This topic has been closed to new replies.

About this Topic