user authentication for all pages in wordpress website

Question

I would like to to have a wordpress website for authorized users only. I was thinking to add custom php code to my theme's header file that checks if a specific user is authorized to access the page and if not users are redirected to a custom login page. I am also thinking of adding a new table to my database for user information. Is there a plugin that does that for me? I couldn't find any.

Answer 1

Apply basic authentication to the site's folder where the wordpress site is.

Create a .htaccess file in the folder like this (but using your own path and username):

AuthUserFile /home/YOURACCOUNT/public_html/wordpress/.htpasswd
AuthGroupFile /dev/null
AuthName "Authentication"
AuthType Basic
<LIMIT POST GET>
require valid-user YOURUSERNAME
</LIMIT> 

Then create a .htpasswd file like this:

YOURUSERNAME:YOURPASSWORD_AS_MD5_ENCRYPTION

To convert your password to MD5 encryption go here:

http://hash.online-convert.com/apache-htpasswd

Answer 2

Based on your additional comments try a plugin with wordpress to make the work easy on you.

https://wordpress.org/plugins/tags/user-registration

Answer 3

Well, with some nasty hacking I was able to work it out. In my theme's header.php file I added the following lines of code to the top:

if(session_id() == '') {
  session_start();
}
if (!$_SESSION['authenticated']) {
  header('Location: '.get_site_url().'/login.php');
}

I created a custom login.php file in my project's root folder containing a simple login form, posting its data to another custom file "webservice.php" with the following lines of code:

//webservice.php
<?php
    if(session_id() == '') {
        session_start();
    }
    $username = $_POST['username'] ? $_POST['username'] : '';
    $password = $_POST['password'] ? $_POST['password'] : '';

    if ($password && $username) {
        $response = file_get_contents("http://example.com/api/Accounts?username=".$username."&password=".$password);
        $json = json_decode($response);

        if ($json->{'Status'} == "Success") {
            $_SESSION['authenticated'] = true;
            echo "<META http-equiv=\"refresh\" content=\"0;URL=http://example.com/\">";
        }
        else {
            $_SESSION['authenticated'] = false;
            echo "<META http-equiv=\"refresh\" content=\"0;URL=http://example.com/login.php?incorrect=yes\">";
        }
    }
    else {
        echo "<META http-equiv=\"refresh\" content=\"0;URL=http://example.com/\">";
    }

Yet, in another custom file(logout.php) I only unset my session variable:

<?php
if(session_id() == '') {
    session_start();
}
if ($_SESSION['authenticated']) {
    $_SESSION['authenticated'] = false;
    echo "<META http-equiv=\"refresh\" content=\"0;URL=http://example.com/\">";
}
?>

I would love to know my solution's disadvantages...