External system integration with wordpress

I’m writing a web/db application. My clients would like authentication based on whether the user is logged into WordPress.

Assuming this application is hosted from within /wordpress I would like to be able to:

1. Determine who, if anyone, is logged into WordPress

   Seems as if it should be possible via wp_get_current_user() but I can’t find any documentation detailing which include files need to be included to make that work. Including /wp-includes/plugin.php and pluggable.php results in a class WP_User not found error from wp_get_current_user(). I presume some required include files are not included, but which?

2. Read WordPress cookies

   Seems to require knowledge of the hash that was used when they were created – how is this gettable?

Additional Information: The clients are a group of over 300 artists who want

• a website managed in WordPress and
• a system to manage exhibition submissions,
• a member database,
• rotas,
• user roles
• catalogue production
• detailed business rules/validation, permissions etc

It boils down to various m:n relationships. So a separate system providing ‘club admin’ alongside WordPress for the public-facing website, seemed a better fit than WordPress with endless plugins with uncertain futures. The group, understandably, desires SSO. OAuth or similar is not an option since we’re restricted to a single shared hosting (cPanel) account.

UPDATE – simple solution found – see my answer below

Take a look at what wp_parse_auth_cookie() does. You can easily duplicate that given the fact that you have all the Cookie constants available.

Still, I’d highly advise against that. In your case, I’d try to integrate as far with WordPress as I can to avoid duplicating an authentication mechanism. You can always use any custom code (and connect to external Databases) by using plugins. Simply add the plugin header comment to the bootstrap process of your custom application and you are ready to run. You can also easily display data on custom admin pages or add page templates to the public facing site to handle data entries from there. Then restrict access to the application using is_user_logged_in() or exit( wp_redirect( home_url() ) ); in every other case.

Another option would be to build a custom application and integrate with WordPress via the REST API (available routes + addt. docs). Using WP as simply data provider backend then isn’t that hard.