log into wordpress using POST data

Question

I have seen tons of posts on how to do this but nothing i have tried seems to work on my situation. I am going crazy with anticipation to get it working.

I am trying to log into a wordpress site A from a different url and so when a user logs into wordpress site B they get auto logged into wordpress site A. NOTE: the sites are on the same server just different urls.

I have tried CURL and have gotten everything working properly (sending and receiving the data) however it doesn't seem like the cookies are being stored properly and well never log me onto the site. I am doing security on the password i just got rid of it to post it here

So in more detail here is the code to which i am sending the CURL from (Site B)

add_filter('wp_authenticate', 'send_login', 100, 3);
function send_login($username, $password) {
    // this filter is called on the log in page
    // make sure we have a username before we move forward
    if (!empty($username)) {

    //send login information to other sites
    $fields = array( 'username' => $username , 'password' =>   $password );
    echo "<br /> pwd: ". $fields['password'];
    $response = do_post_request('http://www.wordpressSiteA.com/wp-content/plugins/login-api/login.php' , $fields );
    echo $response;
    exit;  // i have this for testing purposes so i dont have to keep logging in and out to test
    return $user;
    }
    return $user;
}



 function send_data_to_sister_sites($url , $fields ) {
//url-ify the data for the POST
foreach($fields as $key=>$value) { $fields_string .= $key.'='.urlencode($value).'&'; }
rtrim($fields_string,'&');
$cookie = "cookie.txt";
//open connection
$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt($ch, CURL_COOKIEFILE, '');
//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
curl_setopt($ch,CURLOPT_POST,count($fields));
curl_setopt($ch,CURLOPT_POSTFIELDS,$fields_string);

//execute post
$result = curl_exec($ch);




//close connection
curl_close($ch);

return $result;
}

And then here is on Site A the login.php file i am sending the CURL too to login the user

require_once("../../../wp-blog-header.php");
//check security of this request and check fields are sent properly
if (isset ($_REQUEST['username'] ) && isset($_REQUEST['password']) ) {
    $username = $_REQUEST['username'];
    $userinfo = get_user_by('login', $username);
    if ($userinfo) {


        //parse data and decrypt fields
        $password =  $_REQUEST['password'];

        $creds = array();
        $creds['user_login'] = $username;
        $creds['user_password'] = $password;
        $creds['remember'] = false;
        //log in user

        wp_signon($creds, true);
        wp_set_auth_cookie( $userinfo->ID );
        wp_set_current_user($userinfo->ID);

    //  global $current_user;
        //get_currentuserinfo();
    //  echo 'name: ' . $current_user->user_login . '<br />';
        if ( is_wp_error($user) )
           echo $user->get_error_message();
        echo "Success";
    } else {
        //no user found exit false
        echo "no user found";
    }
} else { echo "no paramters exist"; }

I have ran this script regularly calling it from Site A like this and it works fine, user gets logged in.

www.wordpressSiteA.com/wp-content/plugins/login-api/login.php?username=username&password=password

However on the CURL request nothing seems to save. Can anyone think of something to help me in the right direction. I am sooo close!

Thanks!

Answer 1

word press like other web apps uses session for login. and there is a problem in sessions when working with different domains.they are not sent to any other site even any other sub domain let alone another domain.so try a way to send your sessions!!!

Answer 2

Since they are on the same server, it is possible to share sessions between both sites but not by reading cookie. you could for instance, store session id, ip and last visit time in database on both sites, and read that database table in both, if same ip and visited within short span and there was no logout, then create new session based on that session id and log the user in. This might open door for some security issues, but it can be done.

See also this: Session Share Across Multiple Domains On Same Server