[wp-hackers] problem with wp_signon
Nikola Nikolov
nikolov.tmw at gmail.com
Mon May 5 08:16:53 UTC 2014
If you look into wp-login.php, you'll see that after wp_signon() is called,
the user is redirected(if the credentials were correct) right away, which
basically loads another page and the cookie becomes available.
In general this is how cookies work :) If you set a cookie with PHP, it
will not be available in the same script execution, but in a following
one(since I assume PHP gets cookies data before/at the very beginning of
execution and doesn't modify it after setcookie() calls).
Slightly off-topic - whenever I need to log-in to a site without the
credentials(for instance when the admin hasn't given me access to the
dashboard, but wants me to fix a problem), I use a combination of
wp_set_current_user( $user->ID, $user->user_login );
wp_set_auth_cookie( $user->ID, true );
do_action( 'wp_login', $user->user_login, $user );
This immediately makes me seem logged-in(because of wp_set_current_user()
), but obviously doesn't make any security checks.
On Mon, May 5, 2014 at 7:49 AM, Guus (IFS) <guus at inspiration-for-success.com
> wrote:
> Well, I'm not sure how it was all meant to be, but to me it's pretty
> confusing if I try to sign the user in with wp_signon() and then cannot
> check later on in the code if the user is logged in with
> is_user_logged_in(), especially finding that the user was actually logged
> in with wp_signon() when going to another page (which was also confirmed as
> a user object was returned and not an error code.
>
> It took me hours in actual time and weeks in lead time to finally find out
> it doesn't work as I expected it to work.
>
> -----Original Message----- From: Otto
> Sent: Monday, May 05, 2014 3:39 AM
>
> To: wp-hackers at lists.automattic.com
> Subject: Re: [wp-hackers] problem with wp_signon
>
> This isn't really a bug. I think you're just using the wrong function for
> your purpose.
>
> The purpose of calling wp_signon is to validate credentials and then send
> back appropriate authentication cookies to the visitor's browser. It
> doesn't set the current user because it doesn't have to do that. Setting
> the current user in wp_signon would serve no real purpose at this point in
> the code.
>
> The thing is, you don't need a username or password or anything else to set
> the current user. Just call wp_set_current_user with the user's ID, and
> bam, you're that user.
>
> In your _my_user_login function, you call wp_signon totally unnecessarily.
> You can just take the ID you got from the user you created in the function
> before that and simple set the current user to that ID. The only thing
> calling wp_signon will do here is send the auth cookie back to the browser.
>
> -Otto
>
>
>
> On Sun, May 4, 2014 at 5:30 AM, Guus (IFS) <guus at inspiration-for-success.
> com
>
>> wrote:
>>
>
> Thanks for your reply. Tried that and didn't work. I just found myself
>> it's a bug in is_user_logged_in().
>>
>> Nicest work around I found is to call set_current_user() just after the
>> wp_signon(), of course if the user was really logged in. Answer is here:
>> http://blog.rhysgoodwin.com/programming/wordpress-wp_
>> signon-current_user-is-not-populated/.
>>
>> I guess it's time for the Wordpress team to fix that bug as it took me
>> hours and hours to figure this out. Didn't expect this type of bug in
>> Wordpress.
>>
>> Guys, please fix.
>>
>> -----Original Message----- From: Nikola Nikolov
>> Sent: Sunday, May 04, 2014 4:31 PM
>> To: wp-hackers at lists.automattic.com
>> Subject: Re: [wp-hackers] problem with wp_signon
>>
>>
>> I think the cookies are not set on the first load - so you'd have to
>> redirect them in order for WordPress to detect that the user is actually
>> logged-in.
>>
>> I could be wrong though, so if someone else has a clue...
>>
>>
>> On Sun, May 4, 2014 at 11:18 AM, Guus (IFS) <
>> guus at inspiration-for-success.com> wrote:
>>
>> Hi,
>>
>>>
>>> I am having a problem signing a user in with wp_signon. When calling it
>>> (before the headers have been sent) the first time the user appears not
>>> to
>>> be logged in when using is_user_logged_in. When going to another page the
>>> user is signed in however. Only the first page opened tells the users is
>>> signed in, which apparently somehow is the case.
>>>
>>> Please advise,
>>>
>>> Guus
>>> _______________________________________________
>>> wp-hackers mailing list
>>> wp-hackers at lists.automattic.com
>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>>
>>> _______________________________________________
>>>
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>
>> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
More information about the wp-hackers
mailing list