My client explicitly does not want to use ‘multisite’ wordpress option.
My client has a main site and 199 sub sites (other domains).
A user has usermeta with meta key: branch_id
As an example (completely made up names):
Main site: kero.com
Sub site: uka.com (and many others)
Both domains have SSL certificates.
The end goal is as following:
When you log in to the main site (kero.com). I have build a plugin which checks which branch ID is attached to the user. It goes like this:
function myplugin_auth_signon( $username, $password ) {
$user = get_user_by('email', $username);
$user_id = $user->ID;
$key = 'branch_id';
$single = true;
$branch = get_user_meta( $user_id, $key, $single );
if($branch == 'number') {
//magic happens here!
$cookie = "cookie.txt";
$postdata = "log=" . $username . "&pwd=" . $password . "&wp-submit=Log%20In&redirect_to=" . $url . "wp-admin/&testcookie=1";
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url . "wp-login.php");
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 0);
curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt ($ch, CURLOPT_COOKIEFILE, $cookie);
curl_setopt ($ch, CURLOPT_REFERER, $url . "wp-login.php");
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt ($ch, CURLOPT_POST, 1);
$result = curl_exec ($ch);
curl_close($ch);
//This is from the answer of the link. On the end url the users get redirected from wp-admin to my-account
header('location: ' . $url . 'wp-admin/');
die();
//after logging in redirect the user to uka.com/my-account
}
add_action( 'wp_authenticate', 'myplugin_auth_signon', 30, 2 );
So I build all kind of stuff, I used this link on the //magic happens here:
Click here.
It does not work as intented. It keeps me on the main website, but when I click on ‘store’ it is in the sub site. When I go to my-account (where I should be logged in) i’m not logged in anymore.
I wrote some other code:
$response = wp_remote_post( $url, array(
'method' => 'POST',
'timeout' => 45,
'redirection' => 5,
'httpversion' => '1.0',
'blocking' => true,
'headers' => array(),
'body' => array(
'username' => $username,
'password' => $password
),
'cookies' => array()
)
);
I don’t really know how to use this for my personal goal. I can echo the results, but then get a big array of headers etc. And when I surf to the subsite: I’m not logged in… So it just does not keep sessions/cookies.
TBH: I’m really a beginner on the whole session/cookie/security stuff. Most of the time I build in WordPress or Laravel and most of the security stuff is already handled then.
Thanks everyone who is taking the time to read this.
UPDATE: Added extra cUrl code!