2

I am trying to integrate the WP functions in a external php file.

The problem is that user's and login's authentication functions like is_user_logged_in(), is_admin(), etc doesn't work at all. However, Post's functions are working correct. So, it has to be a "Session" problem.

Actually after a deep deep search, the only "good" post in the web about the issue is the following old post in WP support: https://wordpress.org/support/topic/how-to-integrate-sessionlogin-authentication-to-non-wordpress-pages-w-wp-auth

But, that solution isn't working at all, and if I enable the root Cookie plugin, I can not even login into my /wp-blog/

So, is there any idea how to integrate and the login functions in the php file?

Code is pretty simple:

file.php

<?php
//define('WP_USE_THEMES', false);
//include($_SERVER['DOCUMENT_ROOT'].'/wp-blog/wp-load.php');
include($_SERVER['DOCUMENT_ROOT'].'/wp-blog/wp-blog-header.php');

if ( is_user_logged_in() ) {
        echo 'logged in.';
} else {
        echo 'NOT logged in.';
}
?>

Also, I have the following warning in my error logs

PHP Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /..../) in /....../wp-content/plugins/global-content-blocks/global-content-blocks.php on line 302

Edit:

I add the function.php as rnevius said in the comments

Code: 

include($_SERVER['DOCUMENT_ROOT'].'/wp-blog/wp-blog-header.php');
include($_SERVER['DOCUMENT_ROOT'].'/wp-blog/wp-includes/functions.php');

and I have

the following fatal warning and fatal error:

PHP Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /..../) in /....../wp-content/plugins/global-content-blocks/global-content-blocks.php on line 302

PHP Fatal error: Cannot redeclare mysql2date() (previously declared in /...../wp-includes/functions.php:26) in /....../wp-includes/functions.php on line 42

Edit:

Also, I have already tried it with all the following:

define('WP_USE_THEMES', false);
//include($_SERVER['DOCUMENT_ROOT'].'/wp-blog/wp-load.php');
include($_SERVER['DOCUMENT_ROOT'].'/wp-blog/wp-blog-header.php');

and

define('WP_USE_THEMES', false);
include($_SERVER['DOCUMENT_ROOT'].'/wp-blog/wp-load.php');
//include($_SERVER['DOCUMENT_ROOT'].'/wp-blog/wp-blog-header.php');

Edit:

This may help to think ideas:

We have the following structure:

domain.com/test/
domain.com/wp-blog/
domain.com/wp-blog/test/

If the file file.php if in the /test/ it doesn't work.

domain.com/test/file.php
domain.com/wp-blog/
domain.com/wp-blog/test/

If the file file.php is in the /wp-blog/ it works!!

domain.com/test/
domain.com/wp-blog/file.php
domain.com/wp-blog/test/

If the file file.php is in the /wp-blog/test/ it works!!

domain.com/test/
domain.com/wp-blog/
domain.com/wp-blog/test/file.php

Every folder on the "domain" has 755 and files 644 permissions. So it is not a "permission" problem. any other thoughts?

Greg
  • 343
  • 3
  • 17
  • You haven't loaded that part of WordPress...so it won't work. You should (instead) either create a custom plugin, or include the file in *functions.php*. Also, FWIW, WordPress doesn't use Sessions. – rnevius Jan 27 '16 at 22:57
  • give me sec to include the functions.php – Greg Jan 27 '16 at 22:58
  • @rnevius I have a fatal error when I include the functions.php . I post the errors on the current post. – Greg Jan 27 '16 at 23:02
  • @rnevius as you can see from the error, the functions.php had been already "included" due to the wp-blog-header.php . whatever.... – Greg Jan 27 '16 at 23:10
  • You should be adding your code to *functions.php* you shouldn't be including *functions.php* in your external file...Even better, write a custom plugin... – rnevius Jan 27 '16 at 23:10
  • @rnevius what do you mean to "insert your code in functions.php" ? I have to use the the login system from WP to validate users in every html page. So, what code to write on the functions.php ? the whole website ? ..... the file.php is a dump-test file to check if the functionallity of WP works. – Greg Jan 27 '16 at 23:16
  • @rnevius If i didnt gets you, please write your thoughts more clearly. – Greg Jan 27 '16 at 23:16
  • 1
    I think what @rnevius mean is that you are probably taken a bad approach. What you are doing, loading WordPress in no-WordPress pages, is a very bad practice. Almost sure you can do it in a better way, like with a custom plugin or some code in the functions.php file. – ThemesCreator Jan 27 '16 at 23:21
  • @ThemesCreator I can not understand why it is a "bad approach" mate. The fact is that in the most (probably in all) php/html websites all the developers are getting the "blog posts" not with customize functions but with running the WP. Why not to validate your users as far you already have integrate the WP to get your blog post? – Greg Jan 27 '16 at 23:25
  • I don't think all developers are doing it that way... less good developers. Research a bit and you will find some reasons to not do it, you can start by reading this fantastic post from Otto: http://ottopress.com/2010/dont-include-wp-load-please/ – ThemesCreator Jan 28 '16 at 00:01
  • Be away for how secure is that "javascript" break point code. At least, the WP technic is something more secure. The user can not temper the running code. But with the javascript ?? Everything is on the interface! With simple source code viewer can someone finds out what is going on on your request. Of course it is a fantastic/wonderful "hack" but it lacks of security. U choose. @ThemesCreator – Greg Jan 28 '16 at 00:08
  • I think you misunderstand, that post wasn't a solution to your problem, just some reasons of why you should not do this. The javascript code in the post is only an example of one use case people often include wp-load when is not neccesary. – ThemesCreator Jan 28 '16 at 00:16
  • for example one reason is that you are using a relative path to load the wp-load file and this is way it works in your wp-blog folder and not in test folder. If you add in test folder you need to change the path the wp-load.php file – ThemesCreator Jan 28 '16 at 00:18
  • Nope, I understood mate. And my answer was to say that it is a wonderful hack, BUT a bad security technic. totally clear. – Greg Jan 28 '16 at 00:19
  • Also, are you sure that it is due to the relative path and not for any something like "token" or "session" or "cookie" or whatever ? If it was due to the relative path, why the other implemented functions do not have any problem ?? – Greg Jan 28 '16 at 00:21

1 Answers1

0

You're missing the variable that stops it from loading all the output:

//Load startup
define('WP_USE_THEMES', false);
require_once( $_SERVER[ "DOCUMENT_ROOT" ] . "/wp-blog-header.php" );
Don Rhummy
  • 24,730
  • 42
  • 175
  • 330
  • I had tried it as well before. I add that info in the post – Greg Jan 27 '16 at 23:20
  • @Greg can you please print out `$_SERVER ["DOCUMENT_ROOT]` – Don Rhummy Jan 28 '16 at 00:51
  • @Greg and what are the permissions on the wp-blog folder? – Don Rhummy Jan 28 '16 at 01:08
  • folders 755 and files 644 @Don Rhymmy – Greg Jan 28 '16 at 01:09
  • @Greg given that it works in the folder and not an outer folder, it's a path issue. Possibly from permissions but possibly something else – Don Rhummy Jan 28 '16 at 01:50
  • Rhymmy sorry for my late reply, Nope, it is the permissions. permission on the files and folder are correct! So there is has to be something with the "authenticate path". as I had already checked mention in a comment, a guy had found a solution (which was probably worked in a very old wordpress version). Due to the fact the plugin: Root Cookie is out-dateed, his solutions isn't working anymore. – Greg Feb 01 '16 at 14:36
  • @Greg what os are you using? If it's Linux, it might be a permissions issue BUT not the way you think. you need to look at context: chcon https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html – Don Rhummy Feb 01 '16 at 16:03
  • It's centos 6. Ok. I'll check it. Thanks. – Greg Feb 01 '16 at 16:06
  • @Greg try changing the folders AND files to `httpd_sys_rw_content_t` – Don Rhummy Feb 01 '16 at 16:07