Built an OAuth2.0 login system, need a little help (4 posts)

  1. hectavex
    Posted 2 years ago #

    Here's the plugin/code:


    What I am wondering is how I might be able to eliminate the usage of:

    require_once( "../../../wp-load.php" );

    This "malpractice" can be found in the login-openid.php and login-facebook.php files.

    I understand this will prevent my plugin from being placed into the WordPress plugins repository.

    The reason for using wp-load.php is because of the way OAuth 2.0 seems to work. During authentication, the browser navigates to the third-party authUrl, then returns to our site on success or failure, and it's at this point (the cross-domain return path) that we need to access the WordPress core again (to register or login the WordPress user), but we no longer have a reference to it since our script is now being called from outside the WordPress environment. Hence the reason for wp-load.php.

    If someone could let me know how to tackle this I would greatly appreciate it!


  2. bcworkz
    Posted 2 years ago #

    I guess ideally your plugin should work entirely off hooks and actions, such that all requests go through the WP parser so there is no need to include wp-load.php. Of course, doing so is not always possible, but it is something to strive for.

    One way to get around the need to include wp-load.php is to use an AJAX request instead of requesting a new page. I know this doesn't work for you, I mention it only for completeness.

    Another is to place all your code on a custom page template. Insert a page based on this template. When this page is requested, the template code is executed, no matter what it is. It may have nothing to do with displaying a page. Of course, you need to display something or use javascript to redirect somewhere else. (It's too late to use location header redirects)

    The template only needs to be in the theme folder in order to be pickable in the page edit template dropdown. Otherwise it can reside anywhere as long as the correct URL is stored in postmeta under the '_wp_page_template' key.

  3. bcworkz
    Posted 2 years ago #

    As it happens, there is a third technique, similar to the AJAX approach, except no javascript or jQuery is required, you request handler can be initiated from a simple HTML link or form action. It is suitable for any GET or POST request. The handler can include another PHP file and in the process enable access to WP functions on that file.

    See Plugin_API/Action_Reference/admin_post_(action).

    Better late than never :)

  4. hectavex
    Posted 2 years ago #

    Nice, I'll check that out!

Topic Closed

This topic has been closed to new replies.

About this Topic