Albert Albert - 2 months ago 10
PHP Question

Create user account in WordPress website on login using info from external database

I have a PHP website that has its own users in a MySQL database. That website is "alive" so new user accounts will continue to be created for undefined time.

Now I have to create another website using WP, with these 2 particularities:


  • Some sections of the website can only be accessed when the user logs into the website

  • The users who can access this WP website are some of the users in the users table used by the first website. This is important because not all those users will have access, only the ones that have one of the fields in that table with certain values.



The first way of accomplishing this that I've thought about is to create a custom login function that does all the processing, without having wordpress create any sort of user account on its own for those users. I'm not a WP developer but I guess that with some research I could find out how to do that.

The issue with that option is that I plan on including a forum and maybe other features that will in fact require user accounts in WP to keep track of comments, posts, etc

So why I would like to seek advice for is how to approach all this. Ideally, what I would need is an implementation that:


  • Asks for login when users want to access certain sections of the site

  • Checks user credentials in an external database on login, using a custom function that validates not just username and password, but also a third (or even a fourth) field

  • On login, if it's the first time, creates an account for that user in WP using the information that the user has in the other website, but blocking any typical account management functions (change profile info, password, etc)



I know that with some coding it all can be done, I'm just don't know very much about about Wordpress so I don't know if all that would be too complicated.

Anther option that I have in mind would be to create the user accounts in WP right when the account in the original website is created, but I don't know if that's even possible in a "legit" way (to create an account for the WP from another website).

Any advice on this topic would be really appreciated

Answer

One solution in is to create the accounts in wordpress by pushing the info from your old website to wordpress. I'm sure you have a trigger (a moment in time when you decide you need to create the user in wordpress) when that trigger needs to fire, have your website send the user info to a script in wordpress for that, in wordpress site you need to create a new php file that will create users something like this:

Your PHP Website decides it has a user that checks all the reasons to have an account on your WordPress website so it will make a wget or a curl (for the straight forward solution) with all the info that needs to pass to WordPress as parameters maybe something like

yourWPwebsite.com/createUser.php?username=<?php echo the username ?>&email=<?php echo the user email; ?>&...

then create a createUser.php file in the root of your WordPress website (depending on the setup you have you might have to modify .htaccess but on most of setups it should work)

in that file(createUser.php) first include WordPress by including the fallowing wp-load.php:

require( 'wp-load.php' ); //if you put this script in another place then root you need to make sure you change the path for this file.

after that you can use any WordPress functions so as security I'd advice to accept views to this only from the other site ip or include some sort of token to authenticate the source of the info and if the source is not authenticated redirect to 404 or homepage or whatever message you want, then read the get variables (you might want to do some cleaning on them)

Then create the user using the fallowing wp function: <?php wp_create_user( $username, $password, $email ); ?>

code that you might use looks like this:

$user_id = username_exists( $user_name );
if ( !$user_id and email_exists($user_email) == false ) {
    $random_password = wp_generate_password( $length=12, $include_standard_special_chars=false );
    $user_id = wp_create_user( $user_name, $random_password, $user_email );
} else {
    $random_password = __('User already exists.  Password inherited.');
}

if you want users to have a specific role you can add a role management/edit plugin and create a new role then set that role as default additionally if you want to force a role for a user you need to add the fallowing code after the above:

$user_id = wp_update_user( array( 'ID' => $user_id, 'role' => "DesiredRoleHere" ) );

using the user management plugin you can remove profile rights for users and also other (lots) of things check a plugin like Multisite User Management to get an idea (others might be better) and that's about it then the user will have an account on your wordpress website with a password you've set, if you want to authenticate the user you can take similar steps but the auth script will call wp_authenticate and have a script similar to:

 $logging = wp_authenticate ($username, $password);
 //then redirect to the page you want to redirect users when they log in

it's not a lot of coding but you need to get into it to see exactly what limitations there are for each step.

Another solution might be using an API like WP API but I haven't used it and I'm don't know what you can do to authenticate the user and redirect him/her to your desired wp page not sure...

Comments