Support » Developing with WordPress » Automatically authenticate users in wp-admin

  • Hi,

    we are currently developing a site where the authentication is handled behind a portal and not WP. When the user reaches WP, we automatically create or update user based on the credentials provided by the portal and then authenticate them with wp_set_current_user and wp_set_auth_cookie.
    However, there are users who needs to use wp-admin. These users needs to log in again in wp-admin with a password. Is there any way to authenticate specific users to use wp-admin without making them log in with their WP credentials?

    In advance, thanks.

Viewing 6 replies - 1 through 6 (of 6 total)
  • Once the user account is created, you can promote them to Admin and then they’ll have admin rights. This only needs to be done once.

    Problem is – these users are not supposed to have admin rights.
    The ones that needs auto-auth trough wp-admin are editors and authors.
    But thank you for the suggestion.

    Ah, ok…well you could do the same thing, but promote the users to editor/author as need be.

    The users logging in are already promoted as editors or authors. But /wp-admin still provides a login prompt for them. I see that when you login through the login prompt at /wp-admin, you are provided a new cookie. I can’t seem to find anywhere to set this new cookie.

    This is exactly how we login a user automatically, at any role, maybe it will help.

    function autoLogin( $user ) {
            if (!$user = get_user_by('login', $user)) {
                    echo __LINE__;
                    return;
            }
            wp_set_current_user( $user->data->ID, $user->data->user_login);
            wp_set_auth_cookie( $user->data->ID );
            do_action( 'wp_login', $user->data->user_login );
            header( 'Location: '.site_url());
    }
    • This reply was modified 2 years, 2 months ago by bcworkz. Reason: code fixed
    Moderator bcworkz

    (@bcworkz)

    You’re close, but there are a couple problems preventing success. Maybe most importantly is where/when your code executes. Do so too early and the WP user functions will not work. Your function should be called as a callback for the “init” action to ensure it’s called at the right time. This means you cannot pass the user login as a parameter, you’ll need to get it through another mechanism, perhaps as an URL parameter?

    I’m not sure why, but conditionally returning by the result of get_user_by() is problematic. First check the result of is_user_logged_in(), then call get_user_by() (and do everything else) when false. If get_user_by() fails it might be appropriate to die if being logged in is critical, otherwise just return without further processing.

    When you do_action() for “wp_login”, for full compatibility, you must pass 3 parameters: ‘wp_login’ and the user’s login, just as you’ve already done, plus pass the WP_User object ($user).

    I’m not sure why, but the header location redirect does not seem to work in my testing. The original request is fulfilled, which it seems to me should be OK.

    BTW, you should always demarcate with backticks or use the code button when posting code. Especially if there’s any chance someone would want to test it or use it to provide working examples. When you do not, the forum’s parser corrupts your code and makes it unusable. I fixed your code for you so that I could test it in my installation. Regular members don’t have that luxury. With the adjustments mentioned, auto login seems to work well for me.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Automatically authenticate users in wp-admin’ is closed to new replies.