Wordpress - Can I programmatically login a user without a password?

The following code does the job for automatic login, without any password!

// Automatic login //
$username = "Admin";
$user = get_user_by('login', $username );

// Redirect URL //
if ( !is_wp_error( $user ) )
{
    wp_clear_auth_cookie();
    wp_set_current_user ( $user->ID );
    wp_set_auth_cookie  ( $user->ID );

    $redirect_to = user_admin_url();
    wp_safe_redirect( $redirect_to );
    exit();
}

wp_set_auth_cookie() will log a user in without having to know their password.


I have found another solution here that uses a better approach (at least in my opinion...). No need to set any cookie, it uses the Wordpress API:

/**
 * Programmatically logs a user in
 * 
 * @param string $username
 * @return bool True if the login was successful; false if it wasn't
 */
    function programmatic_login( $username ) {
        if ( is_user_logged_in() ) {
            wp_logout();
        }

    add_filter( 'authenticate', 'allow_programmatic_login', 10, 3 );    // hook in earlier than other callbacks to short-circuit them
    $user = wp_signon( array( 'user_login' => $username ) );
    remove_filter( 'authenticate', 'allow_programmatic_login', 10, 3 );

    if ( is_a( $user, 'WP_User' ) ) {
        wp_set_current_user( $user->ID, $user->user_login );

        if ( is_user_logged_in() ) {
            return true;
        }
    }

    return false;
 }

 /**
  * An 'authenticate' filter callback that authenticates the user using only     the username.
  *
  * To avoid potential security vulnerabilities, this should only be used in     the context of a programmatic login,
  * and unhooked immediately after it fires.
  * 
  * @param WP_User $user
  * @param string $username
  * @param string $password
  * @return bool|WP_User a WP_User object if the username matched an existing user, or false if it didn't
  */
 function allow_programmatic_login( $user, $username, $password ) {
    return get_user_by( 'login', $username );
 }

I think the code is self explanatory:

The filter searches for the WP_User object for the given username and returns it. A call to the function wp_set_current_user with the WP_User object returned by wp_signon, a check with the function is_user_logged_in to make sure your are logged in, and that's it!

A nice and clean piece of code in my opinion!

Tags:

Authentication

Login

Related

Wordpress - How to generate thumbnails when needed only? Wordpress - WordPress is stripping escape backslashes from JSON strings in post_meta Wordpress - Why might a plugin's 'do_shortcode' not work in an AJAX request? Wordpress - Custom Post Type URL Rewriting? Wordpress - Woocommerce - Add a product to cart programmatically via JS or PHP Wordpress - get_terms vs. get_categories: does it matter? Wordpress - WordPress Paginate $wpdb->get_results Wordpress - How to Change the Categories Order in the Admin Dashboard? Wordpress - Export all posts as individual plain txt files Wordpress - Force post slug to be auto generated from title on save Wordpress - Should I escape wordpress functions like the_title, the_excerpt, the_content Wordpress - I'm getting a 404 message when I try to access wpadmin

Recent Posts