仅允许登录的WordPress Admin访问页面(WordPress核心外部)
[英]Only allow logged in WordPress Admin to access page (outside of WordPress core)
问题描述
Background on what I am trying to accomplish... Currently I have created a mini CMS on top of Codeigniter to edit some database stuff for a web app. 
我要完成的工作的背景知识...目前,我在Codeigniter之上创建了一个微型CMS,以编辑Web应用程序的一些数据库内容。 Right now it is not password protected, since it is still being developed. 目前,它尚未受密码保护,因为它仍在开发中。 I want to integrate this into my WordPress installation so that my client does not have to log into the CMS and WordPress. 我想将此集成到我的WordPress安装中,这样我的客户端就不必登录CMS 和 WordPress。
Where I am so far is: 我到目前为止的位置是:
- I have created a custom WP
admin_menu(viaadd_menu_page)我创建了一个自定义WP admin_menu(通过add_menu_page) - I have the CMS visible/working in an
iframeof the admin menu tab.我的CMS可见/正在管理菜单标签的iframe中运行。
What I need to do now is only allow access to these CMS pages if the user is authenticated as a WordPress admin. 我现在需要做的是仅在用户通过WordPress管理员身份验证后才允许访问这些CMS页面。
In case you are wondering my directory structure: 如果您想知道我的目录结构:
/ (Codeigniter installed on root)
/blog/ (WordPress Install)
/blog/cms/ (CMS that is talking to Codeigniter)
Thank you in advance! 先感谢您!
Update: Since it hasn't been answered in the answers yet, I need to know how to execute WordPress functions outside of the WordPress system. 更新:由于尚未在答案中回答它,我需要知道如何在WordPress系统之外执行WordPress函数。
2 个解决方案
解决方案1
3 2013-04-05 05:36:35
you probably want to use WordPress's current_user_can() function to confirm the user has at least one capability normally associated with an Admin user, or is a member of the Administrator role. 您可能想使用WordPress的current_user_can()函数来确认用户具有至少一个通常与管理员用户相关联的功能,或者是Administrator角色的成员。
According to that codex page, this should work to test for an administrator based on role, although I'm not in a position to confirm this sorry. 根据该法典页面,这应该可以根据角色来测试管理员,尽管我无法确认这一遗憾。 I've certainly used this method in the past to verify user has a given capability. 我过去肯定使用过这种方法来验证用户是否具有给定的功能。
<?php current_user_can( 'Administrator' ); ?>
EDIT: To authenticate users from a different site to WP, using WP credentials, this answer over on Wordpress.stackexchange describes how to use WP's built in XMLRPC service. 编辑:要使用WP凭据从另一个站点向WP验证用户, 在Wordpress.stackexchange上的此答案描述了如何使用WP的内置XMLRPC服务。 The answer is written in the context of authenticating from a servlet, but cOnsumption of the WP XMLRPC service could be implemented in eg JavaScript at the client (rather than between your sites' two separate backends) so might be more useful in your scenario. 答案是在从servlet进行身份验证的上下文中编写的,但是WP XMLRPC服务的建议可以在客户端的JavaScript中实现(而不是在站点的两个独立后端之间),因此在您的方案中可能更有用。
The answer includes a pre-written plugin to handle the specific auth request from your remote client at the WP server... But note the comments below the question regarding use of a token instead of passing the creds over the wire (research "nonce" if you're not already familiar with these... WP can created these for you). 答案包括一个预先编写的插件,用于处理来自WP服务器上的远程客户端的特定身份验证请求。但是请注意下面有关使用令牌而不是通过凭据传递凭据的问题下方的注释(研究“ nonce”如果您还不熟悉这些... WP可以为您创建这些。)
解决方案2
1 已采纳 2013-04-05 17:55:41
I've figured this out. 我已经弄清楚了。 Code below: 代码如下:
define('WP_USE_THEMES', false);
require('../wp-blog-header.php');
if(!is_user_logged_in())
{
exit('You do not have access');
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.