0

I’m using WordPress as my frontend for user administration, handling registration, logins, authentication and logouts. Users register and login using WordPress.

The site has URLs served by a backend mod_perl server in the same domain. When a user clicks a link that proxies to the backend server, I would like for the frontend server, the proxy, to pass the authenticated user’s name or login credentials to the backend server. The backend server will use those credentials to do authorization. I can imagine several ways to do this.

  1. Maybe the backend server reads the username from the WordPress cookie. The Cookie HTTP Header is visible in the backend server logs (I configured intentionally this as a debugging aid.) Is it possible to do this, one server read a cookie written by another server (in the same domain)?

    The frontend WordPress server might write the authenticated username into an environment variable which mod_rewrite would tack on to the URL proxiing to the backend server. Maybe using a WordPress plugin, but I’ve not found such.

    WordPress SSO/OAuth might be possible, but my OS X El Capitan development environment presents another layer of challenges for that.

The frontend is Apache2.4, PHP 5.5.34, WordPress 4.5.3. Apache modules can be added and removed as DSOs. The backend is Apache 2.4, mod_perl 2.0.10, MySQL 5.7.

Both servers run in the same AWS instance running AWS Linux. (I’m beginning to think AWS Linux was the wrong choice for me, but that’s a whole nother thread.)

I have Apache, MySQL and Perl skills. PHP and Javascript I never learnt.

Russell Lundberg
  • 13
  • 8
  • You could use the wp_users table for the authentication on the backend server as well. – Lonkey Jul 14 '16 at 08:26
  • @Lonkey. Yes I thought of this as well, and if an acceptable way to pass authentication from the frontend to the backend cannot be found I may yet have to. But doing so just seems to plant both feet on the slippery slope of wheel re-invention, and where would it end? I preferred reusing WordPress infrastructure to take advantage of its robustness and scope, and avoid a bunch or orthogonal development. – Russell Lundberg Jul 14 '16 at 09:04
  • OK. The most simple way (perhaps it's also the only practicable one) would be to use PHP because wordpress is a PHP apllication, which indeed is a problem for you. Using PHP you could just use the is_user_logged_in() function. If the function returns true, the page from the backend server would be loaded. Otherwise you would be redirected to the wordpress login page. – Lonkey Jul 14 '16 at 10:02
  • Thanks for that @Lonkey. It's good to know there is at least one option. That function might need to be modified to return the WP user name, and maybe write it to an HTTP header or Environment variable. I think the backend server requires the user's name to authorize. – Russell Lundberg Jul 14 '16 at 10:18
  • Actually you don't have to modify anything. Wordpress has many [built-in functions](https://codex.wordpress.org/Function_Reference/#User_and_Author_Functions) that can be used and combined by any developer. Therefore you just have to call the wp_get_current_user() funtcion in case that the is_user_logged_in() function returned true and pass the result via a GET/POST request to the backend server. – Lonkey Jul 14 '16 at 10:29
  • @Lonkey. I'm still parsing WordPress to figure out how to realize your suggestion. But I'd like to credit you with the answer, without being sure exactly how to. Does StackOverflow allow a "comment" to be made into an "answer"? Alternatively, you might resubmit your comment as an answer, then I can mark it as the solution. Thanks for your help! – Russell Lundberg Jul 15 '16 at 23:28

1 Answers1

0

The simplest way (perhaps it's also the only practicable one) would be to use PHP because wordpress is a PHP application, which indeed is a problem for you. Nevertheless, I have a simple example for you:

PHP page on your wordpress site:

<?php
require('path/to/wp-blog-header.php');

if (is_user_logged_in()) {
    $user = wp_get_current_user();
    header("Location:backend.php?user=".$user);
    exit();
} else {
    echo "User is not logged in!";
};
?>

PHP page on your backend server:

<?php
if (isset($_GET['user'])) {
    $user = $_GET['user'];
    // do something with $user.
} else {
    echo "No user passed!";
}
?>

This simply uses two of Wordpress' built-in functions. First the is_user_logged_in() function is used to determine whether a user is logged in. If the function returns true, the wp_get_current_user() function is called to pass the username to the backend server's php page using the GET method. Then the backend server validates the passed variable.

Please note that this simple procedure is illustrative only and is extremely unsafe!

Lonkey
  • 183
  • 10