This script will automatically (forcefully) log any user that loads this page into a specific wordpress account. You can specify the account by changing this line:
$user_login = 'demo';
In our example, we are logging the user into the account demo.
Word of caution: Any user who finds and loads this page will be logged in. Use very carefully. Do NOT use this script to allow logging into any user account with any meaningful privileges. Do NOT use this in a production environment. This basically creates a backdoor to your wordpress site.
PHP File Download: auto_login_wordpress
PHP Code:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 | <?php error_reporting(E_ERROR & ~E_WARNING & ~E_NOTICE); //Allow iframes from external domains header('Access-Control-Allow-Origin: *'); //Don't echo output while logging in ob_start(); //WP Loader include('wp-load.php'); $user_login = 'demo'; //User ID to login $user_logged_in = is_user_logged_in(); if ( !$user_logged_in) { $user = get_user_by( 'slug', $user_login); //$user = get_user_by( 'id', $user_id); if($user) { $user_id = $user->ID; //$user_login = $user->user_login; wp_set_current_user($user_id, $user_login); wp_set_auth_cookie($user_id); do_action('wp_login', $user_login); $user_logged_in = true; } } ob_end_clean(); if(!$user_logged_in) { $message = array( 'status' => 0, 'message' => 'Login Failed', ); header('Content-type: application/json'); echo json_encode($message); exit; } //Go to the homepage $domain = "https://" . $_SERVER['HTTP_HOST']; header('Location: '.$domain); |