stackoom
  简体   繁体   中英

Only allow logged in WordPress Admin to access page (outside of WordPress core)

 原文  2013-04-05 05:31:23       php/ wordpress/ codeigniter/ wordpress-plugin

Question

Background on what I am trying to accomplish... Currently I have created a mini CMS on top of Codeigniter to edit some database stuff for a web app. Right now it is not password protected, since it is still being developed. I want to integrate this into my WordPress installation so that my client does not have to log into the CMS and WordPress.

Where I am so far is:

  1. I have created a custom WP admin_menu (via add_menu_page )
  2. I have the CMS visible/working in an iframe of the admin menu tab.

What I need to do now is only allow access to these CMS pages if the user is authenticated as a WordPress admin.

In case you are wondering my directory structure: 

/ (Codeigniter installed on root)
/blog/ (WordPress Install)
/blog/cms/ (CMS that is talking to Codeigniter)

Thank you in advance!

Update: Since it hasn't been answered in the answers yet, I need to know how to execute WordPress functions outside of the WordPress system.

2 answers

solution1
 3  2013-04-05 05:36:35

you probably want to use WordPress's current_user_can() function to confirm the user has at least one capability normally associated with an Admin user, or is a member of the Administrator role.

According to that codex page, this should work to test for an administrator based on role, although I'm not in a position to confirm this sorry. I've certainly used this method in the past to verify user has a given capability. 

<?php current_user_can( 'Administrator' ); ?>

EDIT: To authenticate users from a different site to WP, using WP credentials, this answer over on Wordpress.stackexchange describes how to use WP's built in XMLRPC service. The answer is written in the context of authenticating from a servlet, but cOnsumption of the WP XMLRPC service could be implemented in eg JavaScript at the client (rather than between your sites' two separate backends) so might be more useful in your scenario.

The answer includes a pre-written plugin to handle the specific auth request from your remote client at the WP server... But note the comments below the question regarding use of a token instead of passing the creds over the wire (research "nonce" if you're not already familiar with these... WP can created these for you).

solution2
 1 ACCPTED  2013-04-05 17:55:41

I've figured this out. Code below: 

define('WP_USE_THEMES', false);
require('../wp-blog-header.php');
if(!is_user_logged_in())
{
    exit('You do not have access');
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to allow page access ONLY by form in Wordpress Restrict access to an HTML page on Wordpress Site to Only logged in users Wordpress ajax post to same page - with only admin panel access wordpress access widgets or plugins outside of admin and with php Wordpress post loop, only shows variable when logged in as admin How to allow download url redirection for only logged-in wordpress users? How to allow url redirection only if user logged in to Wordpress site? Only allow Wordpress the access to Video files session value is not accessible in another page when admin is logged out in wordpress Wordpress front-end only works when logged in as an admin
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM