Authentication using WordPress

Hi,

From time to time I’ve made a few PHP pages, for various reasons. Some of these use a MySQL database for storing and retrieving data. When it comes to securing my data and restricting access to editing and deleting functions to me only, I’ve looked at a few simple solutions to the problem. One of the ways I’ve done this, and the one I prefer, is by letting WordPress handle the authentication of the user. The WordPress authentication can probably be bypassed, but since it’s not personal or top secret data, I’ve come to the conclusion that a basic protection is adequate for these data.

How to do it?
First off you need to use WordPress own login page and the users you want to let on to the custom page need to have access to log onto the WordPress site you’re using for authentication purposes.
In my PHP code I’ve included the following lines (the page is located in an adjacent directory to the WordPress installation):

require(‘../wp-blog-header.php’);

and

if(is_user_logged_in()) {
   // Show the page, since the user is logged in
} else {
   // The user is not logged in
}

The inclusion of the wp-blog-header.php file is required if you want to be able to use the method is_user_logged_in(). It is this method that check to see if the user is logged in (surprise, surprise!). Then all I need to do is put the magic inside the curly brackets between the if and the else. Easy, peasy 🙂

Things that I haven’t checked
There are some obvious things that I haven’t checked, like if it’s possible to circumvent the authentication and if so how easy it is. I also haven’t looked into the possibility of making a special right for the page, but just given access to any user that can log into the WordPress site that I piggyback my authentication off.
The solution is simple, I know, but it covers the bare minimum I needed for the pages I’ve created. Oh, and any updates to the login procedure is not my headache, since they get handled with the WordPress updates. Which is probably better than what I could piece together on my own anyways 😉

Cheers!
Lars

The Android likes dice – 10,000 version 1.5 released

Hi all,

I’ve released a new version of the 10,000 – The Dice Game app on Google Play. This release features a few things.

  • You can now play against the computer
  • German translation
  • Better randomness of the dice rolls

The option to play against the computer is something that has been on my mind for quite some time and I’m happy to say that the result is now here. The AI proved to be a bit more challenging to implement than I first thought, but from my time in the computer industry I was hardly surprised. Things are in my opinion never straight forward 😉 Nevertheless I’m quite pleased with the result.
I’ve aimed for the computer to be beatable but not a walkover, relying on a set of simple rules to govern its behaviour. I also tried to make it animated so you can follow the steps it takes when playing and who knows, maybe you’ll even get a new trick or two. I hope you’ll enjoy it!

Happy rolling 🙂