From the continuation of post about how to authenticate a Active directory user with WordPress and IIS!
The below code at the end will explain how we can make a user from Active directory auto login into wordpress without needing them to enter the AD username or AD password!
Step 1: Get the Email Address from the user who is on the page
$redirectUrl=$_GET['url'];
error_reporting("-1");
$user = $_SERVER['AUTH_USER'];
$domain = getenv('USERDOMAIN');
$users=explode("\\",$user);
$actualuser=$users[1];
$corp_id=$actualuser;
$email_id=$actualuser.'@corporate.com';
The above code gets userdomain and their ID on the corporate network by using the “AUTH_USER” in php (This works only on IIS and not on LAMPP or XAMPP)
Step 2: Now to register the user in wordpress we need to get the email address of the user and once we get the email we need to check whether the user is already in WordPress DB or not by checking their WordPress User ID using the email address
$validuser=get_user_by('email',$email_id);
$user_id=@$validuser->data->ID;
if($user_id>0)
{
//Login the user
}
else
{
// Register the user
}
Step 3: If the user is already present in WordPress DB, login the user programmatically and that’s what the below code does exactly
if($user_id>0)
{
//Sets the current user as logged in user
wp_set_current_user( $user_id, $user->user_login );
wp_set_auth_cookie( $user_id );
do_action( 'wp_login', $user->user_login );
wp_redirect($redirectUrl);
}
Step 4: If the user id is not found, then register the user and auto login the user!
On the second line you may see something $corp_id that’s nothing but the id that has been taken from AUTH_USER and the same id is being used in NET USER command to see whether the user is part of Active Directory and also to get the user’s display name ($fullName variable) and once we get fullname (will explain in another post about it)
if ( !is_wp_error($user_id) ) {
$user_id=trim($user_id);
exec("NET USER /DOMAIN ".$corp_id." 2>1",$output);
$fullName=$output[3];
$userID=$output[2];
$fullName=trim(preg_replace("#Full Name#","",$fullName));
$user_id=wp_update_user( array( 'ID' => $user_id, 'display_name'=>$fullName));
if ( is_wp_error( $user_id ) ) {
} else {
}
wp_set_current_user( $user_id, $user->user_login );
wp_set_auth_cookie( $user_id );
do_action( 'wp_login', $user->user_login );
wp_redirect($redirectUrl);
}
And here is the full code
<?php
//Getting the referrer url and AD user
$redirectUrl=$_GET['url'];
error_reporting("-1");
$user = $_SERVER['AUTH_USER'];
$domain = getenv('USERDOMAIN');
$users=explode("\\",$user);
$actualuser=$users[1];
$ADId=$actualuser;
$email_id=$actualuser.'@corporate.com';
include_once("wp-config.php");
include_once("wp-includes/registration.php");
include_once("wp-includes/user.php");
//Check whether a user is already in WordPress DB by checking against their email address
$validuser=get_user_by('email',$email_id);
$user_id=@$validuser->data->ID;
if($user_id>0)
{
//If the user is present, auto login the user
wp_set_current_user( $user_id, $user->user_login );
wp_set_auth_cookie( $user_id );
do_action( 'wp_login', $user->user_login );
wp_redirect($redirectUrl);
}
else
{
//If the user is not present, register and autologin the user
$user_id = register_new_user( $ADId, $email_id );
if ( !is_wp_error($user_id) ) {
$user_id=trim($user_id);
exec("NET USER /DOMAIN ".$ADId." 2>1",$output);
$fullName=$output[3];
$userID=$output[2];
$fullName=trim(preg_replace("#Full Name#","",$fullName));
$user_id=wp_update_user( array( 'ID' => $user_id, 'display_name'=>$fullName));
if ( is_wp_error( $user_id ) ) {
} else {
}
wp_set_current_user( $user_id, $user->user_login );
wp_set_auth_cookie( $user_id );
do_action( 'wp_login', $user->user_login );
wp_redirect($redirectUrl);
}
}
?>