wordpress admin-ajax buddypress authentication

Question

Requirement: Wordpress/Buddypress programmatic authentication

I have created a Wordpress user signup process via an external API. This effectively checks if the email is registered and if not creates a new WP user using

$random_password = wp_generate_password( $length,$include_standard_special_chars);
$user_id = wp_create_user( $user_name, $random_password, $user_email );

Also using

$meta_key = 'authorities';
$meta_value = $authorites;
add_user_meta( $user_id, $meta_key, $meta_value, true );

for roles. The registration process in called using add_action('init', MyAuthFunction); only if a valid user is not found.

The problem is the Buddypress heartbeat admin-ajax.php process which returns

{"wp-auth-check":false,"server_time":1521498709}

Whenever a new activity comment or forum post is attempted. This in-turn produces (on click of 'Post')

Are you sure you want to do this?</p><p><a> href="WP_DOMAIN/activity/">Please try again.</a>

as a response to admin-ajax.php

As a result of this we cannot post new items in activities or forum. What is strange is that the forum and activity sections know which user is logged in... (ie displaying the login name)

I am assuming this is some form of secondary user registration within buddypress but cannot seem to locate it. So far I've seen comments to the hooks:

• bp_core_signup_user()
• bp_signup_validate()

Therefore: Question - does Buddypress require a secondary form of authentication or flag when a new WP user is created via code instead of via the registration form.

So far I'm investigating: Buddypress additional user requirement data (as seen in the above functions) Re-testing new user signup via the admin to replicate the issue. (so far original users added prior to the Buddypress plugin (or admins) do not experience this issue)

UPDATE: attempting to use this from 'ray" response (half way down the page) https://buddypress.org/support/topic/how-to-hook-into-add-new-member-in-buddypress-unresolved/

You can bypass this programatically by adding a 'last_activity' user meta entry.

Unfortunately this is not correct as the user in question has a record in user meta already for last_activity.

UPDATE 2: Deactivate auth plugin, login as admin, change user password, logout as admin, login via /admin/ (wp-admin) as user created by code, post comment in /activity/. This sequence correctly allows me to post comments in the activity section. Therefore, the user created programmatically is OK, the issues appears to be somewhere in the 'login' process to trigger buddy press to be happy with the user...

UPDATE 3: Isolation of issue appears to be within the way that admin-ajax.php gets the $current_user (Wp_User) value. If a member logs in via the /admin/ login form a magical value is set that allows admin-ajax.php to extract the current user. If the user authentication cookie is set via

wp_clear_auth_cookie();
wp_set_current_user ( $user_id );
wp_set_auth_cookie  ( $user_id );

Then admin ajax cannot seem to get $current_user hence the failing of is_user_logged_in()

Therefore, Redefined issue isolating admin-ajax.php and the extraction of the current user (which is logged in on page load but not via admin-ajax.php)

Answer 1

The final issue was the wp_logout() was being called in a certain case which removed the

• wordpress_logged_in_xxxxx
• wordpress_sec_xxxxx

cookies which is what caused the is_logged_in_user() to return an empty instance.

NOTE to all: When signing on/into Wordpress via an external API make sure your cookies are setting correctly (http and https and the domain)

NOTE: this is not a buddy press issue at all