最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客

wp load.php - Check user logged in from outside of WP folder

programmeradmin2浏览0评论

If user is logged in to site/subsite, and you check this function:

require(__DIR__."/wp-load.php");
var_dump(is_user_logged_in());

it returns true. However, if called from outside folder:

require(__DIR__."/subfolder/wp-load.php");
var_dump(is_user_logged_in());

It doesn't recognize authorization. What are the acceptable ways to achieve that, without using REST-API? (I doubt it just needs pointing some sub-directory for cookie).

If user is logged in to site/subsite, and you check this function:

require(__DIR__."/wp-load.php");
var_dump(is_user_logged_in());

it returns true. However, if called from outside folder:

require(__DIR__."/subfolder/wp-load.php");
var_dump(is_user_logged_in());

It doesn't recognize authorization. What are the acceptable ways to achieve that, without using REST-API? (I doubt it just needs pointing some sub-directory for cookie).

Share Improve this question asked Oct 13, 2020 at 9:58 T.ToduaT.Todua 5,8609 gold badges52 silver badges79 bronze badges
Add a comment  | 

1 Answer 1

Reset to default 1

If WordPress is installed in /subfolder/, then the authentication cookies will by default only valid for that path.

So if needed, you can allow the cookies in parent directory by setting the cookie constants like COOKIEPATH.

For example, if I had WordPress installed at example/wp/ and I wanted the authentication works at example/, then I'd define the following in wp-config.php: (but I don't know much about the differences between the SITECOOKIEPATH and COOKIEPATH, other than that the former seems to be specific to Multisite)

define( 'COOKIEPATH',        '/' );
define( 'SITECOOKIEPATH',    '/' );
define( 'ADMIN_COOKIE_PATH', '/wp/wp-admin' );

But the thing is, you'd need to logout first before applying the above changes, and so does with all other users who were already logged-in on your site, i.e. log out before you applied the above changes.

So you'd want to just invalidate all (existing) WordPress cookies by changing the security keys like LOGGED_IN_KEY — all users will have to login again, but at least, they'd be able to login properly.

发布评论

评论列表(0)

  1. 暂无评论