Is it possible ( or advisable) to allow open access to the new theme customizer for potential clients?

I’ve been using the new theme customizer and it really has me thinking how awesome it would be to allow potential theme buyers/clients etc to play with the customizer for a demo theme (without being logged in). The customizer is located at :

..wp-admin/customize.php.

Read More

So what it would take would be to somehow allow open access to this URL but nothing else in the back end. I suppose there is probably a security issue with this but I thought I’d get a discussion going on it here in case it’s possible to do this safely as I’m sure other people might have the same idea.

So the question is : is there any safe way to allow open access to a single page of the admin?

Related posts

Leave a Reply

1 comment

  1. Just an idea:

    1. Make a user called ‘Guest’ and look up the user ID
    2. When redirecting your potential clients to the admin page, redirect to a script that’s logging in your clients as the guest user (Code #1)
    3. Add an WordPress action to disallow the user when logged in as ‘Guest’ and not on customize.php (Code #2)

    Code #1

    $creds = array(
        'user_login' => 'guest_user',
        'user_password' => 'guest_user_plain_password'
    );
    
    $user = wp_signon( $creds, false );
    
    if ( is_wp_error( $user ) )
        echo $user->get_error_message();
    else
        wp_redirect( 'your_absolute_admin_url' ); exit;
    

    Code #2

    add_action( 'init', 'check_guest_user' );
    
    function check_guest_user() {
        // Only when in backend and the guest user is logged in
        if ( is_admin() && user_id = get_current_user_id() ) {
            // Block other pages then custom.php
            global $pagenow;
    
            if ( 'customize' != $pagenow )
                exit();
        }
    }
    
    // replace user_id with the user ID of 'Guest'
    

    Only problem with this script is when multiple users are trying the customizer. Saving customization settings per user would make things a lot harder.

    It answers your question though, as it is a solution to give access to users to a specific page without them having to register an account.

    http://codex.wordpress.org/Function_Reference/wp_signon