breeze351
asked on
Setting up a wordpresss site with code from a php site.
I'm trying to stop to people from logging in with the same ID. I posted this to php and was told that the best way to do this was with a WordPress plugin. They even gave me the link to the plugin.
I've never used WordPress.
I just got off the phone with my hosting site. And was told the following:
1. WordPress cannot be installed on an existing site.
2. I have to create a new sub under the site.
3. Install WordPress.
4. Modify all my code to work with the new site since I just can't copy the existing PHP code that works!!!!!!
All I need to do is use the WordPress plugin for the existing login page. Am I getting some bad info from the girl on the phone?
If she was correct, what kind of mods would I have to do the other pages?
I've never used WordPress.
I just got off the phone with my hosting site. And was told the following:
1. WordPress cannot be installed on an existing site.
2. I have to create a new sub under the site.
3. Install WordPress.
4. Modify all my code to work with the new site since I just can't copy the existing PHP code that works!!!!!!
All I need to do is use the WordPress plugin for the existing login page. Am I getting some bad info from the girl on the phone?
If she was correct, what kind of mods would I have to do the other pages?
ASKER
The current working site does not have WP installed. I can install it but I was told that it cannot be installed into an existing site, that I must create a new sub of the site and install it there. So far no problems. This I can do.
Here's the problem.
My web host told me that after the install, I cannot just copy all the existing php code to the new sub. That I must modify all the code to work with WP. Is this true??????? If so what has to be modifed?
Here's the problem.
My web host told me that after the install, I cannot just copy all the existing php code to the new sub. That I must modify all the code to work with WP. Is this true??????? If so what has to be modifed?
Did you write the original PHP code? You can't really just "copy PHP code" into WordPress and expect it to work straight off, no.
Is there an existing content management system? Is the PHP code you already have a bespoke solution written for you? If not, what is it?
Is there an existing content management system? Is the PHP code you already have a bespoke solution written for you? If not, what is it?
ASKER
I wrote the code from scratch. There is no content management system. What do you mean by a "bespoke solution"?
Bespoke means "tailored for you" essentially in this example.
Okay, how much code is there? Are we talking about 1000 lines? 10 lines? What does the code do?
The more information you are able to the provide the easier it would be for me to advise.
It may be possible for example that you can just add yourscript.php to the main document root of your WordPress and as long as it's not writing over a WordPress file, you should be able to access it by going to http://yourwordpress.site/yourscript.php
As I said though, the more info you can provide the clearer a picture you can paint for us to help.
Okay, how much code is there? Are we talking about 1000 lines? 10 lines? What does the code do?
The more information you are able to the provide the easier it would be for me to advise.
It may be possible for example that you can just add yourscript.php to the main document root of your WordPress and as long as it's not writing over a WordPress file, you should be able to access it by going to http://yourwordpress.site/yourscript.php
As I said though, the more info you can provide the clearer a picture you can paint for us to help.
ASKER
Chris
The site is for commercial retail brokers that we are trying to sell. It tracks listing, you can look up buildings , do surveys for available space, etc.
As I said before everything works.
What I'm trying to stop is from one broker subscribing and yelling across the office "Hey Chris. I just subscribed to this great site. Here's the login and password!"
The boys at the php helpe recommended using WP and gave me a link to a plugin that would stop this.
The only page that needs the plugin is "login.php". After that I'm checking session variables so that you can't just type in the url.
The total line count in "login.php" is about 60.
The site is for commercial retail brokers that we are trying to sell. It tracks listing, you can look up buildings , do surveys for available space, etc.
As I said before everything works.
What I'm trying to stop is from one broker subscribing and yelling across the office "Hey Chris. I just subscribed to this great site. Here's the login and password!"
The boys at the php helpe recommended using WP and gave me a link to a plugin that would stop this.
The only page that needs the plugin is "login.php". After that I'm checking session variables so that you can't just type in the url.
The total line count in "login.php" is about 60.
The thing you're trying to achieve is almost (if not actually) impossible.
There is no way of applying a technical/logical constraint that relies on non-repudiation, and really it would not be a wise thing to try and spend your time doing.
You will almost certainly end up with more of a headache blocking out genuine users than denying nefarious ones.
I would abandon the hope of trying to stop 2 people physically in the same room trying to login to one account. The only real thing you could do is to apply legal ramifications should it occur and you can prove it did?
The notion that you think you have made a script that will successfully achieve what you're suggesting is making me think you need to do more testing.
Either way, no you will not just be able to copy and paste login.php to wp-login.php and assume it will work.
There is no way of applying a technical/logical constraint that relies on non-repudiation, and really it would not be a wise thing to try and spend your time doing.
You will almost certainly end up with more of a headache blocking out genuine users than denying nefarious ones.
I would abandon the hope of trying to stop 2 people physically in the same room trying to login to one account. The only real thing you could do is to apply legal ramifications should it occur and you can prove it did?
The notion that you think you have made a script that will successfully achieve what you're suggesting is making me think you need to do more testing.
Either way, no you will not just be able to copy and paste login.php to wp-login.php and assume it will work.
ASKER
Chris
You're disappointing me ;)
Check this out. This is text from an answer I got from Dave at php. I checked it out and it does seem to do what I'm talking about.
"Easy via WordPress. There are several plugins available including https://wordpress.org/plugins/prevent-concurrent-logins/ which comes up in a plugin search."
Now all I have to do is implement it in login.php
You're disappointing me ;)
Check this out. This is text from an answer I got from Dave at php. I checked it out and it does seem to do what I'm talking about.
"Easy via WordPress. There are several plugins available including https://wordpress.org/plugins/prevent-concurrent-logins/ which comes up in a plugin search."
Now all I have to do is implement it in login.php
Concurrent logins aren't the issue really. What if person A wants to login when they get home but still have an active session?
It's easy to disallow it but not practical in my opinion :)
It's easy to disallow it but not practical in my opinion :)
Although I guess closing the session is an option. Good luck with it though!
ASKER
If they don't logout, the session will eventually time out. Then they can log in. If your sloppy I can't help you, but concurrent logins are the issue.
Also the competition, forces you to supply an IP address. I could do this as well using just php. The problem with that is that it limits you to just one device. So if it's registered to your office machine, you can't use it when you get home!
Also the competition, forces you to supply an IP address. I could do this as well using just php. The problem with that is that it limits you to just one device. So if it's registered to your office machine, you can't use it when you get home!
Only allow one IP per username, not just one IP address.
Also the competition, forces you to supply an IP address. I could do this as well using just php. The problem with that is that it limits you to just one device. So if it's registered to your office machine, you can't use it when you get home!
No it doesn't. PHP can only identify public IP addresses (unless its an internal application).
So if you have PAT/NAT setup then you could have several thousand devices all connecting under one IP address.
Based on the questions you're asking, best you use WordPress along with https://wordpress.org/plug
If you must use custom PHP, then you'll have to recreate the entire an entire session management system like WordPress + convert the above plugin code to work with your custom code.
This will likely take a long time, especially if this is your first time doing this.
If you're looking for shortest implementation time, use WordPress + the above plugin.
If you must use custom PHP, then you'll have to recreate the entire an entire session management system like WordPress + convert the above plugin code to work with your custom code.
This will likely take a long time, especially if this is your first time doing this.
If you're looking for shortest implementation time, use WordPress + the above plugin.
ASKER
You guys are not following the logic on this.
1. A brokerage firm with 2 brokers subscribes to my service.
2. The brokerage firm pays me $200/month for this service.
3. I am trying to stop broker #1 from sharing the login with broker #2 so that they can't be logged in at the same time!
4. You purchased one license, you get 1 login at a time. I don't care what device or where you are logging in from.
5. The guys at php gave me the link to the URL plug-in that will to this.
6. The existing php site works and the only thing I need to do is setup the WP page that checks the login.
7. If I use IP addresses this does not stop broker #1 from giving his device to broker #2. And now I have 2 people using the site and only paying for 1.
I need to know how to set up WP add the plugin code into my "login_chk.php".
1. A brokerage firm with 2 brokers subscribes to my service.
2. The brokerage firm pays me $200/month for this service.
3. I am trying to stop broker #1 from sharing the login with broker #2 so that they can't be logged in at the same time!
4. You purchased one license, you get 1 login at a time. I don't care what device or where you are logging in from.
5. The guys at php gave me the link to the URL plug-in that will to this.
6. The existing php site works and the only thing I need to do is setup the WP page that checks the login.
7. If I use IP addresses this does not stop broker #1 from giving his device to broker #2. And now I have 2 people using the site and only paying for 1.
I need to know how to set up WP add the plugin code into my "login_chk.php".
If you must use custom PHP, then you'll have to recreate the entire an entire session management system like WordPress + convert the above plugin code to work with your custom code.
What David says above is true.
You could of course edit the core WordPress files but that is never recommended due to upgrades and security.
You may wish to try a plugin like this:
https://wordpress.org/plugins/only-one-device-login-limit/
I haven't tried it, but I would assume that this is session based and would cater for your needs.
The more I think about your setup the more I would say it (against my first post) is an acceptable way of doing things. My initial reaction was to do with annoyed consumers, but I suspect this is surmountable.
Also see this code:
From this thread:
https://wordpress.stackexchange.com/questions/160069/how-to-limit-user-to-login-only-once-per-session
My problem is helping you find code that will stay up to date and work with the newest versions of the CMS...
add_filter('authenticate', 'wpse_12282015_single_login_authenticate', 0, 3);
function wpse_12282015_single_login_authenticate($user, $username, $password) {
$user = get_user_by('login', $username);
if( isset($user->ID) ){
if(isset($user->roles) && is_array($user->roles)) {
//check for admins
if(in_array('administrator', $user->roles)) {
// admin can log in more than once
return $user;
}
}
// get all sessions for user
$sessions = WP_Session_Tokens::get_instance($user->ID);
// destroy everything since we'll be logging in shortly
$sessions->destroy_all();
}
return $user;
}From this thread:
https://wordpress.stackexchange.com/questions/160069/how-to-limit-user-to-login-only-once-per-session
My problem is helping you find code that will stay up to date and work with the newest versions of the CMS...
ASKER
Back to my original post.
I was told that I would have to modify every page to work with WP. Is this true or not?
The only place that I need to check concurrent users is in a page called "login_chk.php".
I was told that I would have to modify every page to work with WP. Is this true or not?
The only place that I need to check concurrent users is in a page called "login_chk.php".
That's not what you said in the first post to be fair.
What you said was you would have to modify all your code, and yes that is probably true, you couldn't just copy and paste your login_chk.php into wp-login.php and expect variable names to match, for session data to be treated the same etc.
I suspect you need to learn a little more about how PHP, sessions, logins, databases and how programming in general works, but this thread is not the place for that.
No you cannot simply copy and paste your code and expect it to work.
I would also worry that if you are writing login code and you are not well versed in PHP that you may not be aware of sanitising user input for example.
You might want to consider creating a project in Gigs for this and have someone help you do it.
Hopefully your question has now been answered, but I suspect not really what you wanted to hear :) Good luck nevertheless.
What you said was you would have to modify all your code, and yes that is probably true, you couldn't just copy and paste your login_chk.php into wp-login.php and expect variable names to match, for session data to be treated the same etc.
I suspect you need to learn a little more about how PHP, sessions, logins, databases and how programming in general works, but this thread is not the place for that.
No you cannot simply copy and paste your code and expect it to work.
I would also worry that if you are writing login code and you are not well versed in PHP that you may not be aware of sanitising user input for example.
You might want to consider creating a project in Gigs for this and have someone help you do it.
Hopefully your question has now been answered, but I suspect not really what you wanted to hear :) Good luck nevertheless.
ASKER
Chris
My question has not been answered.
If you would like to look at the site I can give you the url and login info. You can see for your self it does work!!!
I wrote the entire site by myself in php, this include creating the database with MySql. I know how session vars work, I know how databases work, I know how logins should work, and I know not only how programming should work in general but specifcally!!!
My problem that you have not answered yet is how do I call a WP plugin into one page that needs it.
What do I have to do to install a WP plugin and what do I have to add to the "login_chk.php" to use it.
Why would I have to modify every page on the site for only one call to a WP plugin on one page!
My question has not been answered.
If you would like to look at the site I can give you the url and login info. You can see for your self it does work!!!
I wrote the entire site by myself in php, this include creating the database with MySql. I know how session vars work, I know how databases work, I know how logins should work, and I know not only how programming should work in general but specifcally!!!
My problem that you have not answered yet is how do I call a WP plugin into one page that needs it.
What do I have to do to install a WP plugin and what do I have to add to the "login_chk.php" to use it.
Why would I have to modify every page on the site for only one call to a WP plugin on one page!
To quote your initial post:
We have given you several WordPress mods, we have told you that simply copying and pasting the code will not work and I have even given you a suggestion to anchor a function in the already existing WordPress core as found on another site, with a person trying to achieve the same functionality.
I have no doubt that your PHP and site works, but what you're asking is essentially if you can just "add your PHP to an already existent content management system" without the use of hooks, plugins or so on.
Here is my best analogy for you:
I've just baked a cake, and its a Victoria sponge, but I want a chocolate cake, I can't simply just cut the cake open and shove chocolate into it, well I could but it would be awful, and that pretty much sums up what I'm trying to say about it.
My suggestion now is that you pay someone to help you out. So my final thought is that you check on over at EE Gigs and ask for someone to help you out.
Here are a few links you may wish to read up on first:
https://developer.wordpress.org/
https://developer.wordpress.org/plugins/
https://developer.wordpress.org/themes/
https://developer.wordpress.org/rest-api/
All I need to do is use the WordPress plugin for the existing login page. Am I getting some bad info from the girl on the phone?
If she was correct, what kind of mods would I have to do the other pages?
Are you getting some bad info from the girl on the phone?It is impossible to say, and moreover unfair as, with all due respect, we have only "heard" that information third party.
If she was correct, what kind of mods would I have to do the other pages?The kinds of mods are the ones suggested by the experts throughout the thread.
We have given you several WordPress mods, we have told you that simply copying and pasting the code will not work and I have even given you a suggestion to anchor a function in the already existing WordPress core as found on another site, with a person trying to achieve the same functionality.
I have no doubt that your PHP and site works, but what you're asking is essentially if you can just "add your PHP to an already existent content management system" without the use of hooks, plugins or so on.
Here is my best analogy for you:
I've just baked a cake, and its a Victoria sponge, but I want a chocolate cake, I can't simply just cut the cake open and shove chocolate into it, well I could but it would be awful, and that pretty much sums up what I'm trying to say about it.
My suggestion now is that you pay someone to help you out. So my final thought is that you check on over at EE Gigs and ask for someone to help you out.
Here are a few links you may wish to read up on first:
https://developer.wordpress.org/
https://developer.wordpress.org/plugins/
https://developer.wordpress.org/themes/
https://developer.wordpress.org/rest-api/
ASKER
Thanks for nothing
I feel that the users question has been answered.
The question comprised two points:
and
The question comprised two points:
Am I getting some bad info from the girl on the phone?This question was clearly impossible to answer without a transcript and more information about the conversation that took place.
If she was correct, what kind of mods would I have to do the other pages?Several attempts were made in the thread to answer including:
Based on the questions you're asking, best you use WordPress along with https://wordpress.org/plugins/prevent-concurrent-logins/ or similar plugin.by David Favor
and
You may wish to try a plugin like this: https://wordpress.org/plugins/only-one-device-login-limit/and
From this thread: https://wordpress.stackexchange.com/questions/160069/how-to-limit-user-to-login-only-once-per-sessionBy myself.
Accepting an insulting comment as the answer is really not acceptable.
Breeze351, It seems I have been unknowingly abrasive, and so I apologise. I'm not quite sure at which point my comments had been insulting, but clearly this was the case, and my problem, not yours.
I can be blunt and to the point and at times have trouble observing online social etiquette. I felt that we were at an impasse. I certainly did not intend to bring the credibility of your ability, intelligence, know-how or experience into question.
My suggestions still stand as they are to the best of my knowledge the best way to try and help you in answering your question. I appreciate that you have felt attacked, but I assure you it was never my intention to cause you any discomfort.
All the best with your endeavours,
C :)
Dave: Thanks for the feedback :)
I can be blunt and to the point and at times have trouble observing online social etiquette. I felt that we were at an impasse. I certainly did not intend to bring the credibility of your ability, intelligence, know-how or experience into question.
My suggestions still stand as they are to the best of my knowledge the best way to try and help you in answering your question. I appreciate that you have felt attacked, but I assure you it was never my intention to cause you any discomfort.
All the best with your endeavours,
C :)
Dave: Thanks for the feedback :)
I think the major disconnect here may be found in this quote...
This comment seems to assume that you're interested in using a WordPress platform.
This comment indicates that you are not using WordPress, but instead a bespoke site.
This comment seems to want to use a WordPress plug-in in a bespoke site.
The dialog is a little bit like the parable of the blind men and the elephant. It is non-trivial to create a bespoke web site -- in fact, it represents a huge commitment of time and effort, with unique benefits that are impossible to achieve in Wordpress. It is also non-trivial to convert the bespoke site to WordPress, and probably unreasonable to consider the conversion just because you need the functionality of a single WordPress plugin. It is also non-trivial and probably not reasonable to expect to be able to use a WordPress plug-in outside of a WordPress web site. WordPress is an "ecosystem," a framework unto itself, with hooks, routing, it's "loop" and all the other things that WordPress developers use and depend upon when they create plug-ins.
I think the best approach will be to write down the functionality you need from the WP plug-in (and this question dialog seems to document it pretty thoroughly) and spec out how you would recreate the functionality outside of the WP framework. I believe this will give you the least-cost path to success (when total cost of ownership, support, etc., is considered over a long-term system life).
I did not see this question because it was posted in the WordPress topic area and was not posted in the PHP topic area. A member of E-E brought it to my attention. Going forward, when you have a cross-disciplinary question, you can use more than one topic. For this question, PHP and WordPress would both be good topic areas. Many things in web development are cross-disciplinary and fit into several topic areas simultaneously. Using the broadest context when selecting topic areas for the question is often a good strategy.
I need to know how to set up WP add the plugin code...What was not clear (to me, at least) is whether you wanted to be using a WordPress platform or a bespoke PHP application. As I began reading the comments in detail, it sounded like there was confusion among the community about your situation and intent.
This comment seems to assume that you're interested in using a WordPress platform.
This comment indicates that you are not using WordPress, but instead a bespoke site.
This comment seems to want to use a WordPress plug-in in a bespoke site.
The dialog is a little bit like the parable of the blind men and the elephant. It is non-trivial to create a bespoke web site -- in fact, it represents a huge commitment of time and effort, with unique benefits that are impossible to achieve in Wordpress. It is also non-trivial to convert the bespoke site to WordPress, and probably unreasonable to consider the conversion just because you need the functionality of a single WordPress plugin. It is also non-trivial and probably not reasonable to expect to be able to use a WordPress plug-in outside of a WordPress web site. WordPress is an "ecosystem," a framework unto itself, with hooks, routing, it's "loop" and all the other things that WordPress developers use and depend upon when they create plug-ins.
I think the best approach will be to write down the functionality you need from the WP plug-in (and this question dialog seems to document it pretty thoroughly) and spec out how you would recreate the functionality outside of the WP framework. I believe this will give you the least-cost path to success (when total cost of ownership, support, etc., is considered over a long-term system life).
I did not see this question because it was posted in the WordPress topic area and was not posted in the PHP topic area. A member of E-E brought it to my attention. Going forward, when you have a cross-disciplinary question, you can use more than one topic. For this question, PHP and WordPress would both be good topic areas. Many things in web development are cross-disciplinary and fit into several topic areas simultaneously. Using the broadest context when selecting topic areas for the question is often a good strategy.
ASKER
Ray
I originally posted this on PHP and was referred to Word Press. I am trying to stop to people from logging concurrently to the same site.
Since I can't use Word Press for one page and I sure as hell don't want to write everything over. My thinking now is:
1. Define a $_SERVER variable with the user ID and login time.
2. Keep track of the request time with a $_SESSION var
3. If the next request time is longer than 1 hour, destroy the session var and clear the server var and redirect to the login page.
4. If the user logs out do the same as #3.
The only problem I see with this is if the user is at work, leaves the machine on, and then tries to log in from home. There would be no way to clear the $_SERVER var.
I originally posted this on PHP and was referred to Word Press. I am trying to stop to people from logging concurrently to the same site.
Since I can't use Word Press for one page and I sure as hell don't want to write everything over. My thinking now is:
1. Define a $_SERVER variable with the user ID and login time.
2. Keep track of the request time with a $_SESSION var
3. If the next request time is longer than 1 hour, destroy the session var and clear the server var and redirect to the login page.
4. If the user logs out do the same as #3.
The only problem I see with this is if the user is at work, leaves the machine on, and then tries to log in from home. There would be no way to clear the $_SERVER var.
ASKER
Ray
I just thought of something. There is also a REQUEST_TIME as a server var. So when the guy goes home and tries to login again, I could destroy the session vars if is over an hour old.
Make sense?
I just thought of something. There is also a REQUEST_TIME as a server var. So when the guy goes home and tries to login again, I could destroy the session vars if is over an hour old.
Make sense?
After the session timeout period, $_SESSION variables may or may Not be still available. Session time out is a minimum time, the actual time depends on the next garbage collection cycle. In any case, the $_SESSION variables will not be the same when coming from a different browser or computer.
ASKER
Yes, but the server time would still be the same. You don't logoff at work and the server request time is over one hour old, I clear the server vars and you have new session vars on your home machine. If your on your home machine, I don't care about the session variables on the machine at work, tomorrow morning the session vars are going to be timed out and unless you stayed up all night the server var should be timed out as well. If you're only 5 minutes from the office, it's not my fault you didn't log out before you kissed the dog and kicked the wife good bye (or is that the other way around?) :)
Let me know if I'm going in the wrong direction. I know it's going to be a bitch to code but I think the logic is correct.
Let me know if I'm going in the wrong direction. I know it's going to be a bitch to code but I think the logic is correct.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Dave:
Upon a request:
I have a $_SERVER time that is store on the server. If I check the time and it's over 1 hour destroy the session var and the server var and re-direct to the login page.
If not:
I have a $_SESSION time that is stored locally. If I check the time and it's over 1 hour destroy the session vars, the server vars and re-direct to the login page. If the time is less than 1 hour, update the $_SERVER and $_SESSION time and continue.
Every time the user makes a request, I update the time on both the $_SERVER and $_SESSION time.
Upon a request:
I have a $_SERVER time that is store on the server. If I check the time and it's over 1 hour destroy the session var and the server var and re-direct to the login page.
If not:
I have a $_SESSION time that is stored locally. If I check the time and it's over 1 hour destroy the session vars, the server vars and re-direct to the login page. If the time is less than 1 hour, update the $_SERVER and $_SESSION time and continue.
Every time the user makes a request, I update the time on both the $_SERVER and $_SESSION time.
You can't use a WordPress plugin unless you have a WordPress installed. Are you saying you DO have WordPress installed? If so, why does your host think you don't?
If you have a login, but not WordPress then you need to figure out what software is there that needs a login? Once you've done that then you need to find a plugin for the software that the site is currently using.
Can you give us a little (lot) more information about the set up you have?
What does the login area show you/allow you to do? Is there any identification of what the software is when you login?