So I’m looking for something like peter’s login redirect, but slightly different. I want to build a client portal for a photography website, and I figured the best way would be to add a custom post type for clients and use advanced custom fields to add all of the extra functionality needed for the CPT. When a new client is added, a new URL will be created for the client’s access page. Seems simple.
Then, we can just password protect each page and send the password to the client. This is all great, however I also want to accompany this with a “login” button in the site’s main navigation. When someone clicks this button, I want them to be presented with a password form where they can enter the password we sent them in the email. Based on the password they enter, they’ll be redirected to the appropriate CPT page. Anyone have any ideas on how I can go about this? I assumed I could somehow run a query to pull posts based on password, but I’m not sure if the encryption used in the DB would allow for that. Any insight would be greatly appreciated.
Here’s the solution I came up with that relies on the info already present in the database.
Background
Each password-protected post stores the password in plaintext in the
wp_posts
table (in thepost_password
column). We can use that to query the db for any posts that have that password assigned and get the post info based on that. From there, we can redirect to the password-protected post.Assumptions/constraints
The OP stated that a custom login form would be used for clients to enter their special password. I’m assuming that form is created and can use a GET request to send the password since it’s already plaintext.
The OP also stated each password protecting the post/page would be unique. I’m assuming that unique password is generated separately from this answer.
How it works
A query string of
client_key
is sent (either through the GET of the form, or through a link) and checked usingget_query_var()
. If it’s present, check thewp_posts
table for the first post that has a password set that equals theclient_key
and return the row as an object.Sanity check: if object has been created, create a couple of variables to use in our JavaScript function.
Echo a
script
element into the DOM that will run a POST function towp-login.php
. This mimics the form posting that would normally happen when a password-protected page is visited for the first time. There, the client would be prompted for the password to view the post content, and once it was given a cookie is created to allow future access to the content.This function does the same form submission behind the scenes, the redirects to the appropriate post (based on GUID).
Finally, only run the function on the front-end of the site, when
wp_head
is fired (when jQuery is [usually] loaded).The code
I answered my own question. Here’s a plugin that does almost exactly what I needed, but I needed the same functionality on custom post types:
Smart Passworded Pages
I just modified the plugin and made my own for personal use.
Editing for usefulness:
This plugin contains only one PHP file. In this file is a single class by the name of “smartPWPages” that contains 3 functions. Within the “process_form” function is a call to the get_pages function. In version 3.8.1, the plugin didn’t work out of the box, so I removed the “child_of” and “parent” args from the get_pages call. After removing these args, the plugin works, but only for pages. In order to make it work for a custom post type, you can simply change the “post_type” arg to your custom post type instead of “page”.
These minor tweaks enabled me to set up a client portal using a custom post type, which has a single log in page where users are redirected to their proper area based on the password entered. I could see many uses for this for items such as project management systems and the like. Definitely a useful plugin.