Using WordPress login authentication in external PHP file

  • Hey Guys/Gals,

    I am having issues using WordPress authentication in an external PHP file to validate that the user is in fact an admin rather than someone who isn’t meant to have access.

    For some reason I can’t even get a basic “is_user_logged_in” check to return any value at all.

    This is the code I using:


    <?php
    require('../wp-blog-header.php');

    if ( is_user_logged_in() )
    {
    echo "test";
    }
    else
    {
    echo "test2";
    }
    ?>

    This is always displaying “test2” and if I echo “is_user_logged_in” it will return nothing at all, not even NULL.

Viewing 8 replies - 1 through 8 (of 8 total)
  • Moderator bcworkz

    (@bcworkz)

    If your require wp-admin/admin.php, a login form is presented if the user is not logged in. The rest of the page will not execute until the user is authenticated. You don’t need wp-blog-header.php unless you need a template loaded, in which case require template-loader.php instead, as admin.php handles the WP environment loading.

    Thread Starter Rambomst

    (@rambomst)

    Thanks for the reply bcworkz.

    I have changed the code and now it just brings up the login screen every time the page is loaded even if I am already logged in.

    Moderator bcworkz

    (@bcworkz)

    I should have told you to use require_once(). That should do it for you.

    Thread Starter Rambomst

    (@rambomst)

    That made no difference, could this not work because the php file isn’t in the same folder as WordPress? The file is located in a folder down from WordPress. WordPress is located in the top directory and then the php file is in a custom directory “topdir/phpfiledirectory”.

    Moderator bcworkz

    (@bcworkz)

    I wouldn’t think so, but haven’t actually done that. My similar files are all within the WP structure. The fact you’re getting a login screen means it’s loading, so maybe there IS something about being outside the WP structure. You might try moving the files as a test, even if it’s not possible to permanently move them.

    The only other thing that could cause this is if your browser isn’t retrieving cookies for admin.php as it should. Maybe it thinks your files are on a third party site? (If you have that disabled)

    All I can tell you for sure is my files in the plugins folders work as expected and all they do is require_once admin.php. Anything else, your guess is as good (or better) as mine.

    Moderator bcworkz

    (@bcworkz)

    The thought occurred to that my external files reside in my plugin folder. Activating my plugin may have something to to with the external files working, even though I don’t see how WP even knows the files are really there, there is no code reference to them in the main plugin file, reference only via html/template references.

    Thread Starter Rambomst

    (@rambomst)

    I just tested it then and it seems to still do the same behavior even within the correct WordPress structure.

    Moderator bcworkz

    (@bcworkz)

    Somehow, wp_validate_auth_cookie() is probably always returning false, instead of your user ID. It’s in wp-includes/pluggable.php. Time to do some debugging to find out why. Guessing at things to try is getting us no where.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Using WordPress login authentication in external PHP file’ is closed to new replies.