3

I have a website which is being developed using Zend Framework. I also have a Wordpress site placed on the same server. Is it possible to login to Wordpress site using any (e:g AJAX call) when i login to my Zend site.

Reason:

I have a link to word press blog on Zend site, and when i click on that link, it takes me to Wordpress login page.

I want the user to be taken to word press blog page link as a logged in user.

I researched a lot on this, but not finding the correct path.

Thanks.

Muhammad Zeeshan
  • 8,722
  • 10
  • 45
  • 55
  • How do you want to recognize which WP user needs to login? Based on your Zend site login credentials? – Dmitry Isaev Nov 01 '12 at 15:15
  • The user has same credentials in both wordpress and Zend site. – Muhammad Zeeshan Nov 02 '12 at 05:30
  • Do you mean the user coming to WP page **should have** a WP account with the same login/pass? There is already a record in wp_users table? – Dmitry Isaev Nov 02 '12 at 06:27
  • One issue is syncing user registration, another issue is syncing user login. You must implement both of them. I'm trying to find out do you have the former implemented – if yes, then the latter should be pretty easy. – Dmitry Isaev Nov 02 '12 at 06:31
  • When i create an account for my zend site, the wordpress user is also created. I have progressed in this. http://stackoverflow.com/questions/13174677/ajax-call-cross-domain-issue. But there is another issue, after calling wp login, the action runs but user still doesn't get login. – Muhammad Zeeshan Nov 02 '12 at 06:45
  • So many threads... :) Well, what does HTTPFox show on ajax request? – Dmitry Isaev Nov 02 '12 at 10:41
  • "Red 200" by Firebug is not enough to understand the problem. HTTPFox or other sniffer should provide more info. – Dmitry Isaev Nov 02 '12 at 11:41

3 Answers3

0

Using AJAX between 2 different domain names is forbidden, you can use the Curl function in PHP. http://bit.ly/RBGgfp

Afir Abdel
  • 71
  • 4
0

There is a security concern over your problem. How to pass the credentials from one website to another without actually passing them…

You need some sort of authorisation process which will tell WP that the user which is being logged in to WP is actually the same user which is already logged to Zend. For this purpose you can’t just pass username and passwords in an Ajax call from ZF to WP, because everybody will be able to get users’ passwords from the cached JS source code. Also you can’t pass just username in ajax call because then everybody could make such ajax call to sign in as someone else.

In general you should limit passing of authorisation through client side requests (Ajax) as much as possible.

One way of doing this is a mechanism used by many social networks (i.e. Facebook) called OAuth. Facebook uses special tokens for authorisation and no credentials are passed between the Facebook and a website which uses Facebook connect mechanism. Also Facebook uses PHP’s curl function to make cross server calls behind the curtain so no trace is left on client side about the authorisation process.

You can but you don’t have to use OAuth but it will be a good experience gain if you do.

Another problem you are facing is that probably your ZF and WP use different authorisation cookies on client side. So when authorising user on ZF website you need to make also Ajax call to WP page responsible for login to make sure proper cookies are set.

Summa summarum the process flow will be something similar to this (assuming that user account is already created on both sites):

  1. Login user on ZF site.
  2. From ZF make curl call containing user id (for example) to WP page which will return some sort of randomly generated token (if user with given ID exists).
  3. Once your curl call receives the token from WP, generate the ZF web page with JS which makes Ajax call to WP (How to send Ajax call to WP is explained here: http://codex.wordpress.org/AJAX_in_Plugins) This Ajax call should contain something like md5 hashed user id and the token.
  4. Now on the WP side, WP will receive ZF’s Ajax call with the hashed value. So, check if this value is the same as the value after hashing user id and token which WP returned before (in step 2). If yes then login user on the WP site.

Now, because we don’t send user password from ZF to WP (and we don’t know it on WP side either – because it’s encrypted) you can’t use wp_signon to sign in user. But you can use wp_set_auth_cookie which for this particular purpose should be sufficient.

It is a rough explanation but I hope it will be of help.

P.S. wp_login is deprecated and you should avoid using it.

Also wp_login action doesn’t call wp_set_auth_cookie which can be a reason why your user didn’t appear as logged in a first place.

Try your solution with wp_set_auth_cookie in it. I’m saying this at the end so you don’t miss the security concerns above.

J. Wrong
  • 822
  • 11
  • 10
0

Since both sites are on the same server, presumable you can access files form both Zend and WordPress. When you user is loggin into Zend based site, you can add a call to load basic wordpress files, and then use the function wp_set_auth_cookie() to log the user into wordpress.

require_once 'wordpress-directory/wp-load.php';
wp_set_auth_cookie( $wp_user_id );

In your users table on your Zend site, you could have an additional column wp_user_id to store the wordpress user id's for your users, so that you know what user id to pass the wp_set_auth_cookie() function.

I wrote up a blog article in a bit more general terms if you want to check it out as well here

user1917505
  • 31
  • 1
  • 3