WordPress Username & Password For Your Application Login

Today we shall learn a simple method of using Self Hosted WordPress’s Credentials(username and password) to log into your custom application..

You may ask, “Well, why we should use this?”
The reason is, because WordPress is an opensource script which is constantly improving and has a strong security. And this approach provides easy integration of our custom application with WordPress.

In this tutorial we are using a simple login form(loginform.php) wherein our custom application’s users enter their username and password, which is sent to login.php file, where it is passed on to a standerd WordPress function for processing. Based on the result returned by this function, we decide the success and failure of user login.

Source Code: WordPress Username & Password For Your Application Login

(loginform.php)

 
<html>
 <head>
  <title>User Login Form</title>
 </head>
 <body>
<form action="login.php" method="post">
Username: <input type="text" name="txtuid"><br />
Password:  <input type="password" name="txtpwd"><br />
<input type="submit" value=" LogIn ">
  </form>
 </body>
</html>

This is simple HTML login form with two input fields, each having unique names to it. We are using post method here, as we will be passing sensitive information i.e., password.

login.php

<?php require('..\wp-blog-header.php'); ?>
 
<?php
 
  $uid = $_POST['txtuid'];
  $pwd = $_POST['txtpwd'];
 
  if(!user_pass_ok( $uid, $pwd ))
    echo "Login Failed!";
  else
   echo "Welcome {$uid}!!";
 ?>

We MUST include wp-blog-header.php file into our login.php file. wp-blog-header.php is a core WordPress file found in the root of the WordPress installation.
user_pass_ok() is a standard WordPress function which takes a minimum of two arguments. One is username and the other is password.
Once we pass these parameters to this function, it checks for the username and password combination in the WordPress’s database and returns true if present and false if not present. Based on this result we authenticate the user.

If user_pass_ok($username, $password) returns true, then the username and password combination passed is present in the WordPress database, hence login successful. If it returns false, then the username and password combination passed is NOT present in the WordPress database, hence login failed.

Video Tutorial: WordPress Username & Password For Your Application Login



YouTube Link: https://www.youtube.com/watch?v=uSRkv2jfPG0 [Watch the Video In Full Screen.]


At the time of recording this video, we have WordPress 3.0.4 as the latest version. The above tutorial works for all the versions of WordPress 3.0.4 and below. We don’t know when WordPress folks will change this method of authentication in future versions of WordPress.

Please share any such WordPress techniques you know, in the comment section.

View Comments

  • Is it possible to check user permission?
    I'd like to make something like VIP zone, but I don't know how to separate users with and without permission.

  • Yes, something like accessing /wp-admin/.
    I tried changing wp-login.php but it didn't work (page was redirecting to /wp-admin/ instead of /vip/, although i changed $redirect_to).

    // If the user can't edit posts, send them to their profile.
    if ( !$user->has_cap('edit_posts') && ( empty( $redirect_to ) 
    || $redirect_to == 'vedouci.php' || $redirect_to == admin_url() ) )
                $redirect_to = admin_url('../index.php');
            wp_safe_redirect($redirect_to);
            exit();
    
  • @Akcipurk, Do you want to separate based on (WordPress's: Users->role;) "role" of the logged in user ?