Here is one possible solution (use at your own risk).
Create a .htaccess
file in the _warehouse
directory with the following content:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^.*$ wplogin.php [NC,L]
This will redirect all requests for files that exist in _warehouse
and any subdirectories to _warehouse/wplogin.php
Create _warehouse/wplogin.php
with the following content:
<?php
// Edit this path to include wp-load.php from your WordPress directory
require_once '../wp-load.php';
if (!is_user_logged_in()) {
// if user is not logged in, set redirect URI, show WP login
$_REQUEST['redirect_to'] = $_SERVER['REQUEST_URI'];
require_once '../wordpress/wp-login.php';
exit;
} else {
// user is logged into wordpress - show the requsted file.
require_once $_SERVER['DOCUMENT_ROOT'] . $_SERVER['REQUEST_URI'];
}
Lastly, and very important, add this to your wp-config.php
file:
define('COOKIEPATH', '/');
This is because WordPress will set cookies with a path specified. This would prevent the login cookies from being recognized in _warehouse
.
And as I said, use at your own risk. It is not perfect but is probably the quickest way to achieve what you want and will handle many cases.
Note: it doesn’t deal with directories with no index. If Apache Options +Indexes
is on, someone may be able to see directory listings in _warehouse
but if they try to access one it will show the login page.
If the user already has an account in WordPress:
Redirect the user to the login form. Use wp_login_url
with the $redirect
parameter to set where they go after logging in:
$loginUrl = wp_login_url( home_url('_warehouse') );
https://codex.wordpress.org/Function_Reference/wp_login_url
Then use the wp_login
action to manually authenticate the user in your application:
add_action('wp_login', function($username, $user) {
// Log user into external application
}, 10, 2);
https://codex.wordpress.org/Plugin_API/Action_Reference/wp_login
Actually setting the user as “logged in” is going to depend on how your external application is setup. It could be as simple as setting a session variable and then checking if that is set in your warehouse app.