wordpress: securely sending user credentials to new page

Question

I have a web app on a wordpress page.

One of its functions is to register a new user based on form input and then forward the customer to a checkout page.

Right now, the web app can create the new user via an ajax POST and listen for the success/failure of the user registration.

Once it receives confirmation, I need to tell wordpress to log the user in and go to mysite.com/checkout .

This is where I'm stuck. It seems wp_signon needs to be called before headers are sent, so I can't log in while still on the page with the web app. That would suggest to me that I need to send the credentials to the ../checkout page. I don't know how to send them except as part of the URL (something I definitely do not want to do). I seem to be running into a situation where I need to recreate the functionality of the tokens/nonces of wordpress, so I feel I'm missing something obvious.

Given a plaintext user name/password, how do I log a user in and send them to a new wordpress page?

Answer 1

You can do it like Woocommerce.

Register User -> Auto Sign-in -> Redirect

Register

$new_customer_data = apply_filters( 'woocommerce_new_customer_data', array(
    'user_login' => $username,
    'user_pass'  => $password,
    'user_email' => $email,
    'role'       => 'customer'
) );

$customer_id = wp_insert_user( $new_customer_data );

auto sign-in

global $current_user;
$current_user = get_user_by( 'id', $customer_id );
wp_set_auth_cookie( $customer_id, true );

Then to redirect

wp_safe_redirect( home_url( '/' ) );
exit;

For reference,

checkout https://docs.woothemes.com/wc-apidocs/source-function-wc_create_new_customer.html#36-118