I have a website which is being developed using Zend Framework. I also have a WordPress site placed on the same server. Is it possible to login to WordPress site using any (e:g AJAX call) when i login to my Zend site.
Reason:
I have a link to word press blog on Zend site, and when i click on that link, it takes me to WordPress login page.
I want the user to be taken to word press blog page link as a logged in user.
I researched a lot on this, but not finding the correct path.
Thanks.
Using AJAX between 2 different domain names is forbidden, you can use the Curl function in PHP. http://bit.ly/RBGgfp
There is a security concern over your problem. How to pass the credentials from one website to another without actually passing themâ¦
You need some sort of authorisation process which will tell WP that the user which is being logged in to WP is actually the same user which is already logged to Zend. For this purpose you canât just pass username and passwords in an Ajax call from ZF to WP, because everybody will be able to get usersâ passwords from the cached JS source code.
Also you canât pass just username in ajax call because then everybody could make such ajax call to sign in as someone else.
In general you should limit passing of authorisation through client side requests (Ajax) as much as possible.
One way of doing this is a mechanism used by many social networks (i.e. Facebook) called OAuth. Facebook uses special tokens for authorisation and no credentials are passed between the Facebook and a website which uses Facebook connect mechanism. Also Facebook uses PHPâs curl function to make cross server calls behind the curtain so no trace is left on client side about the authorisation process.
You can but you donât have to use OAuth but it will be a good experience gain if you do.
Another problem you are facing is that probably your ZF and WP use different authorisation cookies on client side. So when authorising user on ZF website you need to make also Ajax call to WP page responsible for login to make sure proper cookies are set.
Summa summarum the process flow will be something similar to this (assuming that user account is already created on both sites):
This Ajax call should contain something like md5 hashed user id and the token.
Now, because we donât send user password from ZF to WP (and we donât know it on WP side either â because itâs encrypted) you canât use wp_signon to sign in user. But you can use wp_set_auth_cookie which for this particular purpose should be sufficient.
It is a rough explanation but I hope it will be of help.
P.S. wp_login is deprecated and you should avoid using it.
Also wp_login action doesnât call wp_set_auth_cookie which can be a reason why your user didnât appear as logged in a first place.
Try your solution with wp_set_auth_cookie in it. Iâm saying this at the end so you donât miss the security concerns above.
Since both sites are on the same server, presumable you can access files form both Zend and WordPress. When you user is loggin into Zend based site, you can add a call to load basic wordpress files, and then use the function wp_set_auth_cookie() to log the user into wordpress.
In your users table on your Zend site, you could have an additional column
wp_user_id
to store the wordpress user id’s for your users, so that you know what user id to pass thewp_set_auth_cookie()
function.I wrote up a blog article in a bit more general terms if you want to check it out as well here