Creating scripts that check user is registered in Wordpress DB
Posted Thursday 23.10.08Jump to:
Wordpress has an extensive database of plugins available for it that cover a multitude of applications. However, as I recently discovered, this database does not cover every possible application you can think of, nor all of the requirements some clients present! There may eventually come a time when you need to write your own script that doesn’t need to operate as a plugin per se, and whilst the script writing is not so difficult, what I did find difficult was working out how to integrate the Wordpress user authentication system in to it.
My situation was that I wanted to write a nifty web application that was on the whole not a part of the Wordpress installation, but I did want it to require users to be registered before they could access it. I’m not talking about restricting access to posts and pages written in Wordpress, that functionality is already available. I am talking about 100% custom scripts that are on the whole completely unrelated to what Wordpress can do.
I could have spent time writing a function or my own include file that set-up a connection to the Wordpress database, queried the right table, checked the right cookies and so forth, but I knew that all this code obviously existed within Wordpress, so why not just harness that?
All I required was access to a built-in function that would tell me whether the user requesting my custom script is logged in or not.
User registration is not something of concern in in this example, as that is something taken care of by the main Wordpress administrator who creates user accounts on an as-and-when basis. The site administrator essentially seeks out parties who are interested in advertising on the web site and creates a login for them through the default user management facility that is built in to Wordpress so they can maintain their own listing.
I searched high and low on the Internet to find out how to easily include the brains of Wordpress into my custom script without it trying to handle the request and output anything (anything includes headers as well as content). It was probably just a case of me not using the right keywords when searching, but I couldn’t find anything. This left me with no other choice but to dig into the code myself.
The solution
Let’s say your Wordpress installation is within the directory /blog (e.g. http://www.jamescaws.co.uk/blog) and you want to build an application in /custom-app (http://www.jamescaws.co.uk/custom-app). At the start of all your publicly accessible PHP scripts in /custom-app, simply add the following to the top:
require_once('../blog/wp-load.php' );
$wp->init();
And that is enough to load the Wordpress basics and get it going.
Now in your PHP, you just need to add the following to decide what to show who:
if (is_user_logged_in()) { ... } else { ... }
An added bonus I discovered was that if the user is logged in, you also have access to an array of their details called $user_info without having to perform any other function calls, so you can easily personalise your pages too based on their profile. To see the full range of values available in this array, simply add print_r($user_info) to one of your scripts that include the above pieces of code.
Notes
The default Wordpress login page is a bit ugly, so give your users something a bit nicer to look at and that fits in with your design when they come to login. There are a number of plugins available via the Wordpress site that give you this flexibility, such as the Sidebar Login.
If you are looking to allow registration on your Wordpress based site, consider using the Register Plus plugin.
Remember to ensure users whom you register in the Wordpress system are assigned a suitable role. Just because you may not be publicly linking to the Wordpress admin location, it doesn’t mean a user won’t guess it’s location or be taken there if you are using the default Wordpress login. If you assign a user to the role of editor for example, they can still log in at the backend and work with content. If the default Wordpress roles all prove unsuitable, considering using the Wordpress Role Manager plugin to create a restricted privilege role.
