How do I run an script only for admins, but outside of “/wp-admin” in WordPress?

2 Views

In WordPress, I am trying to get a script to work, which runs in my plugin’s directory and gets directly called by the browser via its URL, e.g. www.example.org/wp-content/plugins/myplugin/script.php. The script should only be available for logged-in admins.

What I tried to do was to include /wp-admin/admin.php at the very beginning of the script, to bootstrap WordPress’ functionality, and to check for the sufficient permissions. However, during this bootstrapping process, WordPress redirects me to the log-in-screen, even tough I already am logged in. That is, because the WordPress-authentification-cookie isn’t available outside the /wp-admin-directory.

Read More

So, because my approach obviously doesn’t work, I was wondering: What is the best practice to run WordPress-admin-scripts, outside the admin-directory? Is there some “wrapper”-script inside /wp-admin I could use, like there is admin-ajax.php for AJAX-calls? Or isn’t it even WordPress, but just my server-configuration that the auth-cookie is only available in /wp-admin?

Also, please note it is not an option to register an admin-menu-item, because the script shall be loaded as a pop-up, and not be available in the menu.

Thanks in advance for your kind help.

Post Views: 2

Related posts

Leave a Reply

2 comments

  1. A while ago, I created a function that checks whether someone is logged in and has admin privileges, and if so, it runs the code you want:

    To use it, put this code in your functions.php file:

    <?php
function admin_level($user_login=''){
    global $current_user;
    get_currentuserinfo();

    if(current_user_can('level_10')) {
        if ($user_login!=''){
            if($current_user->user_login==$user_login){
                return true;
            } else {
                return false;
            }
        } else {
            return true;
        }
    } else {
        return false;
    }
}
?>

    Now, here’s an example of how to create a “test area” where code is run only if the user “admin” is logged in AND has admin privileges:

    <?php

//Test Area

   //Only run following code if logged in as admin

   if( admin_level($user_login = 'adminuser') ){

      //run your awesome code right here, adminuser!!!

   }

//End Test Area

?>

    I use this myself all the time during development/testing when I only need something to run when I am logged in, without other users seeing it.

    Thanks, and I hope this helps!

  2. Okay. Because nobody seems to have an idea on how to deal with this, I just misused admin-ajax.php as wrapper script for my admin-script. It’s not a very beautiful solution, but it works.

    Please note some functions don’t work as expected when used in AJAX mode, such as wp_die. If anyone has to deal with the same problem: You will need to rewrite these functions to also work in AJAX-mode.