I have an issue where is_user_logged_in() appears to alternate between being true and false.
Additionally, get_current_user_id() gives the correct user ID if is_user_logged_in() is true.
Here's my code:
.htaccess:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} -s
RewriteRule ^wp-content/uploads/(.*)$ file-access.php?file=$1 [QSA,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
file-access.php:
require_once('wp-load.php');
if ( is_user_logged_in() ) {
// User is logged in, proceed.
} else {
// User is a guest, block.
}
I've verified the alternating status and user id using some error logging in the file-access.php conditionals.
Do I need to call something other than wp-load.php perhaps? Just seems strange to me that it alternates between true and false, rather than always being false...
Edit to add: I also had an issue where one of my files I was testing with wasn't uploaded as the https version which caused issues.
I have an issue where is_user_logged_in() appears to alternate between being true and false.
Additionally, get_current_user_id() gives the correct user ID if is_user_logged_in() is true.
Here's my code:
.htaccess:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} -s
RewriteRule ^wp-content/uploads/(.*)$ file-access.php?file=$1 [QSA,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
file-access.php:
require_once('wp-load.php');
if ( is_user_logged_in() ) {
// User is logged in, proceed.
} else {
// User is a guest, block.
}
I've verified the alternating status and user id using some error logging in the file-access.php conditionals.
Do I need to call something other than wp-load.php perhaps? Just seems strange to me that it alternates between true and false, rather than always being false...
Edit to add: I also had an issue where one of my files I was testing with wasn't uploaded as the https version which caused issues.
Share Improve this question edited Feb 19, 2020 at 8:21 warm__tape asked Feb 15, 2020 at 7:55 warm__tapewarm__tape 611 silver badge11 bronze badges 4 |2 Answers
Reset to default 4 +150I've run your code and it works fine to me except for the inclusion in file-access.php:
require_once($_SERVER['DOCUMENT_ROOT'].'/wp-load.php');
enable debug to see if there are errors depending on other issues and not regarding these specific code lines.
But.. as per WP documentation: actions reference the earlier action hook where the authentication process is completed and cookies are set is init as suggested in @Mohsin comment so I suggest to use this code in file-access.php
/* you probably don't need a theme */
define( 'WP_USE_THEMES', false );
/* defining a constant here allows you to exit functions when not needed */
define('FROM_EXTERNAL_FILE',true);
/* unless you've renamed your wp-content folder this path will always point to wp-load.php even in subfolders installations */
require_once(explode("wp-content", __FILE__)[0] . "wp-load.php");
and move the check in your file functions.php which gets loaded with the whole WP environment by wp-load.php
function is_logged_function(){
if ( !defined ('FROM_EXTERNAL_FILE') )
return;
if ( is_user_logged_in()){
echo "logged";
echo get_current_user_id();
}
else{
echo "not logged";
}
}
add_action('init', 'is_logged_function');
The file that would normally be called to kick off the Wordpress setup is wp-blog-header.php so maybe try swapping out wp-load.php for wp-blog-header.php in your code then re-test
www.example, then you won't necessarily be logged in atexample- depending on how the cookies were set. – MrWhite Commented Feb 15, 2020 at 13:46