UPDATE 11.02.2009: This post was written based on WordPress pre version 2.7, when it would seem things changed a little. Please see the second comment posted at the end for the necessary (minor) changes to the code described in the post.
Jump to:
Wordpress has an extensive database of plugins available for it that cover a multitude of applications. However, as I recently discovered, this database does not cover every possible application you can think of, nor all of the requirements some clients present! There may eventually come a time when you need to write your own script that doesn’t need to operate as a plugin per se, and whilst the script writing is not so difficult, what I did find difficult was working out how to integrate the Wordpress user authentication system in to it.
My situation was that I wanted to write a nifty web application that was on the whole not a part of the Wordpress installation, but I did want it to require users to be registered before they could access it. I’m not talking about restricting access to posts and pages written in Wordpress, that functionality is already available. I am talking about 100% custom scripts that are on the whole completely unrelated to what Wordpress can do.
I could have spent time writing a function or my own include file that set-up a connection to the Wordpress database, queried the right table, checked the right cookies and so forth, but I knew that all this code obviously existed within Wordpress, so why not just harness that?
All I required was access to a built-in function that would tell me whether the user requesting my custom script is logged in or not.
User registration is not something of concern in in this example, as that is something taken care of by the main Wordpress administrator who creates user accounts on an as-and-when basis. The site administrator essentially seeks out parties who are interested in advertising on the web site and creates a login for them through the default user management facility that is built in to Wordpress so they can maintain their own listing.
I searched high and low on the Internet to find out how to easily include the brains of Wordpress into my custom script without it trying to handle the request and output anything (anything includes headers as well as content). It was probably just a case of me not using the right keywords when searching, but I couldn’t find anything. This left me with no other choice but to dig into the code myself.
The solution
Let’s say your Wordpress installation is within the directory /blog (e.g. http://www.jamescaws.co.uk/blog) and you want to build an application in /custom-app (http://www.jamescaws.co.uk/custom-app). At the start of all your publicly accessible PHP scripts in /custom-app, simply add the following to the top:
require_once('../blog/wp-load.php' );
$wp->init();
And that is enough to load the Wordpress basics and get it going.
Now in your PHP, you just need to add the following to decide what to show who:
if (is_user_logged_in()) { ... } else { ... }
An added bonus I discovered was that if the user is logged in, you also have access to an array of their details called $user_info without having to perform any other function calls, so you can easily personalise your pages too based on their profile. To see the full range of values available in this array, simply add print_r($user_info) to one of your scripts that include the above pieces of code.
Notes
The default Wordpress login page is a bit ugly, so give your users something a bit nicer to look at and that fits in with your design when they come to login. There are a number of plugins available via the Wordpress site that give you this flexibility, such as the Sidebar Login.
If you are looking to allow registration on your Wordpress based site, consider using the Register Plus plugin.
Remember to ensure users whom you register in the Wordpress system are assigned a suitable role. Just because you may not be publicly linking to the Wordpress admin location, it doesn’t mean a user won’t guess it’s location or be taken there if you are using the default Wordpress login. If you assign a user to the role of editor for example, they can still log in at the backend and work with content. If the default Wordpress roles all prove unsuitable, considering using the Wordpress Role Manager plugin to create a restricted privilege role.
James – exactly what I needed to learn – thanks for this!!
just a quick note – in WP 2.7, $user_info was empty, instead I had to use the following
global $current_user;
get_currentuserinfo();
and then the print_r($current_user) worked as your $user_info described above.
Hi Mike,
Thanks very much for taking the time to add details on the WordPress 2.7+ difference. I think I wrote this post just before 2.7 was released and haven’t had to consider implementation for such a version (yet). You’ve no doubt saved me from a bit of head hitting wall action!
Hi James & Mike,
I’ve been trying to do this for myself and failed and failed and failed. Searched for hours on the web, but maybe I’m also just lousy with keywords. But this does exactly what I wanted and needed! Thanks a lot!
Hi James and Mike,
I could not make it works!!!….
if I put my page.php on the same directory that my blog it works but if not it
does not realize that I am logued on wordpress…
Any idea what is going on ???…the wp-load.php is included with success but the function
is_user_logged_in() works for me only if my page.php is on the same directory my blog…
Thanks…
Sandino.
Montevideo – Uruguay
Hi Sandino,
I’m sorry you are having difficulties. I have revisited this using the latest version of Wordpress (2.8.2 at time of writing) and have not had any problems.
<?php init(); global $current_user; get_currentuserinfo(); if (is_user_logged_in()) { echo sprintf('YES -- %s', print_r($current_user, 1)); } else { echo 'NO'; } ?>Check what version of WP you are using and adjust your code depending on that. This post contains solutions for both pre 2.7 and post 2.7.
Another thing to try is looking at your cookies. I have not investigated this and you have not mentioned what directories you are using, but if you run Wordpress at /myblog/ for example, the login cookie is more than likely being set for /myblog/*, so if you run a script at /myotherscript/, it is likely that the WP code included will not have access to any cookie. To fix that I guess you will need the root Cookie Path plugin at http://wordpress.org/extend/plugins/root-cookie/.
James:
It worked!!!! Thanks a lot for your help!