8

I developed a website using PHP and MySQL, which already has a login and registration form. (myweb.com)

I've added wordpress to it at this url myweb.com/blog

I want to disable the login and registration page on WordPress and force users to use mine. Basically integrate my login with WordPress so that user will be logged in on both sites.

My site members table looks like this. And all registered users are stored here. And passwords in my DB are hashed using md5()

id | name | email | password

and WordPress structure is like this and is currently empty

ID | user_login | user_pass | user_nicename | user_email | user_url | user_registered | user_activation_key | user_status | display_name

I tried following the steps mentioned here

but I get this error on line 254 var_dump($user); 

    object(WP_Error)#620 (2) {
  ["errors"]=>
  array(1) {
    ["invalid_username"]=>
    array(1) {
      [0]=>
      string(166) "<strong>ERROR</strong>: Invalid username. <a href="http://localhost/dev/blog/wp-login.php?action=lostpassword" title="Password Lost and Found">Lost your password</a>?"
    }
  }
  ["error_data"]=>
  array(0) {
  }
}

Also, all user info is stored in my members table on my site not in WordPress's db.

Here is my login code for my site, which I recently added the WordPress login to it too.

/*
 *  Login
 *
 *  $email = email of user
 *  $pass = user password (must already be in md5 form)
 *  $url = url of page they are login from
 */
function login($email = '', $pass = '', $url = '', $sticky = false)
{
        global $lang, $_db, $mod, $template_style;

        // Replace nasty things to stop sql injection
        $email = addslashes(strtolower($email));
        $email = strip_tags($email);
        $email = htmlspecialchars($email, ENT_QUOTES);

        //get user id
    $sql = "SELECT `id`, `name`, `username`
                FROM `members`
                WHERE `email`='".mysql_real_escape_string($email)."'
                AND `pass` = '" . mysql_real_escape_string($pass) . "'
                LIMIT 0,1";

        $q = $_db->query($sql);
        list($uid, $name, $username) = $_db->fetch_array($q);

        $login_check = $_db->num_rows($q);

        if ($login_check <= '0')  //check if login matches
        {
                  echo '0'; //login failed
                  die;
        }

        /*
         * wordpress login
         * 
         * read:
         * http://codex.wordpress.org/Function_Reference/wp_update_user
         */ 
         $credentials = array();
         $credentials['user_email'] = $email;
         $credentials['user_password'] = $pass;
         $credentials['remember'] = $sticky; // true/false
         $secure_cookie = false; // true / false

         $user = wp_authenticate($credentials['user_email'], $credentials['user_password']);

    if ( is_wp_error($user) ) {
        if ( $user->get_error_codes() == array('empty_email', 'empty_password') ) {
            //$user = new WP_Error('', '');
            $user = wp_update_user(array ( 'user_login' => $name, 'user_email' => $email, 'user_pass' => $pass ));
        }
    }

        var_dump($user);

        wp_set_auth_cookie($user->ID, $credentials['remember'], $secure_cookie);
        do_action('wp_login', $user->user_login, $user);

        /*
            set login cookies
        */
        set_login_cookie($uid, $pass, $sticky);

        //lock check
        lock_checker($uid);

        update_thisuser_online();           
}

Do I have to copy everything from my members table and populate it into wp_users or is there a way to login into wordpress without having duplicate data in 2 different tables? I don't want to have 2 logins and 2 registration forms on both sites.

Why won't wp_authenticate() in my code above authenticate?

Community
  • 1
  • 1
user2636556
  • 1,905
  • 4
  • 32
  • 61

3 Answers3

4

You can set the wordpress login to use a custom table by editing the config.php and adding these two lines:

define('CUSTOM_USER_TABLE','new_user_table'); //login, pass, email etc
define('CUSTOM_USER_META_TABLE', 'new_usermeta_table'); //optional bio, don't have to include this line

Where new_user_table is your website's table and new_usermeta_table is your website's bio table (if you want one)

The custom table needs to have the same structure as a normal wordpress table. So, to get this working with your existing website's table you'll have to add some fields and make sure the password is hashed the same way.

Here is how to structure the user table

Here is how to structure the user meta table

To hash the passwords correctly at registration, include the file wp-includes/pluggable.php and use the function
<?php $hash = wp_hash_password( $password ) ?>

For existing passwords that are not hashed correctly, you'll have to set up an email password reset.

Or. if you'd like to retain your current password hashes (not recommended for security reasons but doable) you can change the wordpress hashing function. In wp-includes/pluggable.php change:

if ( !function_exists('wp_hash_password') ){
    function wp_hash_password($password) {
                //apply your own hashing structure here
            return $password;
    }
}

And change:

if ( !function_exists('wp_check_password') ){
    function wp_check_password($password, $hash, $user_id = '') {
            //check for your hash match
            return apply_filters('check_password', $check, $password, $hash, $user_id);
            }
}

For details on wp_check_password Go Here

Alternatively

You can skip messing around with your custom user table and have the wordpress login apply to the rest of your site. To do this, simple use the following code:

<?php
include 'wp-config.php';
if ( is_user_logged_in() ) {
    echo 'Welcome, registered user!';
} else {
    header( 'Location: http://google.com' ) ;
};
?>

Make sure that 'wp-config.php' is the full relative path to the file, then place this code in every page on your non wordpress site. replace the echo with whatever content is to be displayed for a logged in user, and replace the header with whatever is to be displayed for a guest. If the content is simple html you can do the following:

<?php
include 'wp-config.php';
if ( is_user_logged_in() ) {
?>

<html>
<head></head>
<body><p>Welcome Registered user</p></body>
</html>

<?php
} else {
?>

<html>
<head></head>
<body><p>Please log in</p></body>
</html>

<?php
};
?>
Seff
  • 217
  • 1
  • 9
0

Try changing the options in your wp-config.php file to point to your members database; it's probably a good idea to create a separate user/password with MySQL and grant it privileges to your members DB. There a number of useful options you're able to set/change with that file. I suggest you read the documentation on it for some more in-depth stuff. If you do decide to try the above-mentioned approach, make sure to also change the $table-prefix line to match your existing DB.

Also, see if this blog post is of any help, as it deals with external authentication directly. There's a php script available which you can copy/paste or otherwise adjust to your particular needs. Pay particular attention to the include_once("../wp-config.php"); and include_once("../wp-includes/class-phpass.php"); lines.

ILMostro_7
  • 1,422
  • 20
  • 28
  • privileges have been set on both DB's and can read and write to my sites DB and the wordpress DB too. just the login from my site to wordpress don't work – user2636556 Jan 14 '14 at 06:39
  • have you looked at that blog post I linked, the first comment as well--regarding the password-hash? `$wp_hasher = new PasswordHash(8, TRUE);` `$password_hashed = $row['user_pass'];` This is from the wordpress manual regarding the User-pass: >Remember, user_pass should be the plain text password as it will >be automatically hashed by WordPress. However, that's done by the `wp-includes/class-phpass.php` script, as far as I can tell. – ILMostro_7 Jan 14 '14 at 07:14
  • WordPress uses the PasswordHash class to hash passwords by default now, regardless of the complexity of the password. Newer versions of WordPress (since version 2.5) no longer use MD5, except as a last resort if a series of more secure hashing protocols are unavailable. PasswordHash handles the process of trying the most secure method first, and then trying the next most secure method (if the first method is unavailable to the host server), and so on. – ILMostro_7 Jan 14 '14 at 07:42
  • Md5 only hashes and the PasswordHash class does hashing + salting. The reason why WordPress uses 2 techniques and not 1 is because WordPress will use Md5 if the password is difficult (Ex. number + chars + symbols) and the PasswordHash class when the password is short and easy (Ex. only chars). – ILMostro_7 Jan 14 '14 at 07:43
0

I've managed to do that a while ago by using a function from the Wordpress API.

wp_set_auth_cookie( $wordpress_user_id, $remember, false );

$wordpress_user_id is the ID of the user in the Wordpress table.

$remember is a Boolean variable indicating whether Wordpress should create a persisting cookie "remembering" the user between sessions.

I don't remember the third one, but you could Google it easily.

P.S. To have the wp_set_auth_cookie function available you need to include/require some Wordpress files before you use it. Try with the wp-load.php file.

Haralan Dobrev
  • 7,617
  • 2
  • 48
  • 66
  • so i have to duplicate my members table into wordpress? – user2636556 Jan 25 '14 at 00:35
  • @user2636556 I am not sure what would be best for your situation. My solution treats the Wordpress blog/site and other website as two completely separate things. But you could make so the users would feel them as one. You could similar things for registering and comments. – Haralan Dobrev Jan 26 '14 at 21:10