How can I use a different login/signup mechanism for wordpress

Question

I have so far integrated a multisite wordpress that uses 4 main subdomain templates in a single wordpress installation: college.mysite.com | jobs.mysite.com | advisors.mysite.com | answers.mysite.com

A wp user is only required to login once and they inmediately have acccess to any wp template.

However, What I would like to achieve is a bit more complicated than that. I don't want new users and existing members to use wordpress as their main user interface to access private content.

In fact I have disabled registration and hidden wp login altogether. I would like a more secure and less public signup/login.

For this occassion I would like wordpress to ignore the default login credentials and use instead custom db table names and hashmethod pulled from the same wordpress database.

For instance I have a yii platform called: humhub. For a user to use wordpress they would need to login through humhub and have wp read the db table names: user instead of wp_users

a secondary db name would need to be read for the password because humhub uses: user_password instead of the default value within wp_users (user_pass)

I've tried integrating yii framework with wordpress, I've tried tweaking here and about within the yii framework so that it reads two databases separately but it's far more complicated than simply redirecting the wp login credentials by changing the default login table names within the wordpress files, please help me,

Answer 1

Let's assume you have some unique identifier so that one user will not accidentally collide with another (in YII/HumHub)

You can load up the WordPress API via

require_once("/path/to/wp-load.php");
//Found normally in the WordPress root directory alongside wp-config.php

You can then when creating a new user in HumHub do:

wp_create_user( $username, $password, $email ); 
//Where username is the unique identifier
//password is ideally a random hash
//email is their email if relevant

And then log them in (assuming you remembered the username and password!!)

$creds = array();
$creds['user_login'] = $username;
$creds['user_password'] = $password;
$creds['remember'] = true;
$user = wp_signon( $creds, false );
if ( !is_wp_error($user) ) {
    ob_start(); //flush buffers - otherwise login won't work or user gets redirected to dashboard
    $user_id = $user->ID;
    wp_set_current_user( $user_id, null );
    wp_set_auth_cookie( $user_id,true );
    do_action( 'wp_login', $username );
    ob_end_clean();
} else {
   //Handle the login error
}

They are then logged into WordPress with cookies etc without any headers interfering with HumHub

Note - the above method may not work is there is a name conflict between WordPress and YII/HumHub. You will get a php error with details of the conflict if that is the case and will have to try something else (such as Oauth plugin)