I am creating an iPhone app for my WordPress membership site. In my app the user faces a log in screen where they enter their username and password and these are sent via POST to an external php page that I store on my server.
What I am trying to do is to check the user’s credentials in the external php page. If the user is registered on the wp database and has entered the right credentials, send back a ‘success’ response, otherwise do nothing.
My problem is that this is not working. I am using the wp_signon function but for some reason is_wp_error($user_verify) keeps returning 1. Here is my code so far, I would really appreciate your help.
<?php $parse_uri = explode('apple', $_SERVER['SCRIPT_FILENAME']); //makes this page part of wordpress
$wp_load = $parse_uri[0].'wp-load.php';
require_once($wp_load);
global $wpdb;
global $current_user;
//####### THIS CODE IS RESPONSIBLE FOR A SECURE LOG IN INTO THE iPhone APP #############
header('Content-Type: application/json'); //matches the json content type the app is expecting
//SQL escape all inputs
$username = $wpdb->escape($_POST['username']);
$password = $wpdb->escape($_POST['password']);
$login_data = array();
$login_data['user_login'] = $username;
$login_data['user_password'] = $password;
$login_data['remember'] = true;
$user_verify = wp_signon( $login_data, true);
if (is_wp_error($user_verify) )
{
//DENY ACCESS : FAILURE
exit();
} else {
//$user_verify contains WP_User object
//GRANT ACCESS : SUCCESS
echo '[{"success":"true"}]';
exit();
}
?>
UPDATE
After some testing, the code I provided above is actually perfectly functional, the problem was on the iOS side.
