Is there any way I can log a WordPress user in given only their wp user_ID?
I’m sending users emails to confirm something and when they click on the given link to come to the website they need to be logged in to see the page I’m taking them to, so I have to log the user in and then do a header redirect.
I need a php function provided by wordpress, one that I can use in php, could you also give me any extra details as to how I can implement it (if any)
Here a function to auto-log an user (not tested) :
You have to pass 2 parameters in wp_login hook. See Wp codex
Create separate table to store all the links you sent and respective temp authentication code, which may be valid only for some time, then pass that temp auth code and email as a url param –
Write a code to validate user based on temp auth code, so that as soon as user clicks on email you can redirect him.
The WordPress plugin temporary-login-without-password implements that and a unique hash / key as per your comments.
Open Source code is here:
https://plugins.trac.wordpress.org/browser/temporary-login-without-password/trunk/public/class-wp-temporary-login-without-password-public.php
That’s a really bad ideea. Consider this:
You send an email to user A and B which contains the following link:
If user B replaces his user id with A’s user_id then he has access to User A’s account.
Youd be better of constructing a hash for logging a user that way