[wp-hackers] problem with wp_signon

Guus (IFS) guus at inspiration-for-success.com
Tue May 6 10:00:02 UTC 2014


I just called wp_signon() before the headers were sent as you can find 
anywhere. Tried different places and result object was user, so user 
supposedly logged in.

Then I called is_user_logged_in() in the template which returned false. When 
clicking any menu item after, the user was logged in. I tried to call 
header('Location: xxx') just after the wp_signon(), but that didn't work.

That's all I found and I found a similar issue described on the internet 
http://wordpress.org/support/topic/is_user_logged_in-not-working-as-expected, 
where I also found the solution/work-around with calling 
wp_set_current_user() just after wp_signon(). And that worked straight away.

-----Original Message----- 
From: Nikola Nikolov
Sent: Tuesday, May 06, 2014 2:22 AM
To: wp-hackers at lists.automattic.com
Subject: Re: [wp-hackers] problem with wp_signon

The thing is there shouldn't be a problem, since that's what is used in
WP-core to log users in from wp-login.php.. Can you post your code(to
gist.github.com or similar), so we can look at an example where this
occurs? If you can strip as much possible until you get code that can be
used to reproduce the issue, that will be pretty helpful as well.

Nikola


On Mon, May 5, 2014 at 9:03 PM, Guus (IFS) <guus at inspiration-for-success.com
> wrote:

> Hi Nikola,
>
> Thanks for explaining, but I tried redirecting after wp_signon and that
> still didn't work.
>
> And my problem is either there is a bug in is_user_logged_in() or the
> documentation of either wp_signon() or is_user_logged_in() is wrong, at
> least unclear,
>
> Guus
>
>
> -----Original Message----- From: Nikola Nikolov
> Sent: Monday, May 05, 2014 4:16 PM
>
> To: wp-hackers at lists.automattic.com
> Subject: Re: [wp-hackers] problem with wp_signon
>
> If you look into wp-login.php, you'll see that after wp_signon() is 
> called,
> the user is redirected(if the credentials were correct) right away, which
> basically loads another page and the cookie becomes available.
> In general this is how cookies work :) If you set a cookie with PHP, it
> will not be available in the same script execution, but in a following
> one(since I assume PHP gets cookies data before/at the very beginning of
> execution and doesn't modify it after setcookie() calls).
>
> Slightly off-topic - whenever I need to log-in to a site without the
> credentials(for instance when the admin hasn't given me access to the
> dashboard, but wants me to fix a problem), I use a combination of
> wp_set_current_user( $user->ID, $user->user_login );
> wp_set_auth_cookie( $user->ID, true );
> do_action( 'wp_login', $user->user_login, $user );
>
> This immediately makes me seem logged-in(because of wp_set_current_user()
> ), but obviously doesn't make any security checks.
>
>
> On Mon, May 5, 2014 at 7:49 AM, Guus (IFS) <guus at inspiration-for-success.
> com
>
>> wrote:
>>
>
>  Well, I'm not sure how it was all meant to be, but to me it's pretty
>> confusing if I try to sign the user in with wp_signon() and then cannot
>> check later on in the code if the user is logged in with
>> is_user_logged_in(), especially finding that the user was actually logged
>> in with wp_signon() when going to another page (which was also confirmed
>> as
>> a user object was returned and not an error code.
>>
>> It took me hours in actual time and weeks in lead time to finally find 
>> out
>> it doesn't work as I expected it to work.
>>
>> -----Original Message----- From: Otto
>> Sent: Monday, May 05, 2014 3:39 AM
>>
>> To: wp-hackers at lists.automattic.com
>> Subject: Re: [wp-hackers] problem with wp_signon
>>
>> This isn't really a bug. I think you're just using the wrong function for
>> your purpose.
>>
>> The purpose of calling wp_signon is to validate credentials and then send
>> back appropriate authentication cookies to the visitor's browser. It
>> doesn't set the current user because it doesn't have to do that. Setting
>> the current user in wp_signon would serve no real purpose at this point 
>> in
>> the code.
>>
>> The thing is, you don't need a username or password or anything else to
>> set
>> the current user. Just call wp_set_current_user with the user's ID, and
>> bam, you're that user.
>>
>> In your _my_user_login function, you call wp_signon totally 
>> unnecessarily.
>> You can just take the ID you got from the user you created in the 
>> function
>> before that and simple set the current user to that ID. The only thing
>> calling wp_signon will do here is send the auth cookie back to the
>> browser.
>>
>> -Otto
>>
>>
>>
>> On Sun, May 4, 2014 at 5:30 AM, Guus (IFS) <guus at inspiration-for-success.
>> com
>>
>>  wrote:
>>>
>>>
>>  Thanks for your reply. Tried that and didn't work. I just found myself
>>
>>> it's a bug in is_user_logged_in().
>>>
>>> Nicest work around I found is to call set_current_user() just after the
>>> wp_signon(), of course if the user was really logged in. Answer is here:
>>> http://blog.rhysgoodwin.com/programming/wordpress-wp_
>>> signon-current_user-is-not-populated/.
>>>
>>> I guess it's time for the Wordpress team to fix that bug as it took me
>>> hours and hours to figure this out. Didn't expect this type of bug in
>>> Wordpress.
>>>
>>> Guys,  please fix.
>>>
>>> -----Original Message----- From: Nikola Nikolov
>>> Sent: Sunday, May 04, 2014 4:31 PM
>>> To: wp-hackers at lists.automattic.com
>>> Subject: Re: [wp-hackers] problem with wp_signon
>>>
>>>
>>> I think the cookies are not set on the first load - so you'd have to
>>> redirect them in order for WordPress to detect that the user is actually
>>> logged-in.
>>>
>>> I could be wrong though, so if someone else has a clue...
>>>
>>>
>>> On Sun, May 4, 2014 at 11:18 AM, Guus (IFS) <
>>> guus at inspiration-for-success.com> wrote:
>>>
>>>  Hi,
>>>
>>>
>>>> I am having a problem signing a user in with wp_signon. When calling it
>>>> (before the headers have been sent) the first time the user appears not
>>>> to
>>>> be logged in when using is_user_logged_in. When going to another page
>>>> the
>>>> user is signed in however. Only the first page opened tells the users 
>>>> is
>>>> signed in, which apparently somehow is the case.
>>>>
>>>> Please advise,
>>>>
>>>> Guus
>>>> _______________________________________________
>>>> wp-hackers mailing list
>>>> wp-hackers at lists.automattic.com
>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>>>
>>>>  _______________________________________________
>>>>
>>>>  wp-hackers mailing list
>>> wp-hackers at lists.automattic.com
>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>> _______________________________________________
>>> wp-hackers mailing list
>>> wp-hackers at lists.automattic.com
>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>>
>>>  _______________________________________________
>>>
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>
>>  _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
_______________________________________________
wp-hackers mailing list
wp-hackers at lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-hackers 



More information about the wp-hackers mailing list