Jump to content
TNG Community
tdungan

WordPress Sign-In Integration

Recommended Posts

tdungan

Between the upgrades to WordPress as well as the TNG core, the old TNG WordPress plugin has become completely useless. This forced me to use an alternate method for integration. I chose the Kloosterman method which worked great. Unfortunately, this left me without Single Sign-In capability so that only site members would have access to the genealogy section, TNG. Even if I left the TNG directory out of all the site's navigation and links and used ROBOTS.TXT to prevent it being indexed by searchbots (at least the compliant, reputable ones,) it would still be accessible by any user (logged in or not) that entered the TNG directory address directly or had a link or bookmark that led to it.

The imperfect workaround I went with was to use the .HTACCESS file to check the already existing WordPress cookie to see if a user is logged in. This applies only when they try to visit that directory or any of its subdirectories or files. If they go there and they're not logged in, they get redirected to the login page. (It's an imperfect method, because it's still hackable, but it's the best I could come up with on the spot.)

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]

RewriteCond %{REQUEST_URI} ^.*tng/.*
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteRule . /wp-login.php?redirect_to=%{REQUEST_URI} [R,L]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

INSTRUCTIONS

(Use at your own risk. I am will not be held responsible for any damage or losses to you or your site for trying this nor is it my responsibility to help you fix things if they break. I'm sharing a method that I use that works for me. I think it will work for most others as well, but I can't guarantee that.)

  1. Copy the code above, and be sure to change the TNG folder name to the one you use on your site.
  2. Open your own HTACCESS file, and find the basic WordPress code that looks like this:
  3. # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    # END WordPress

    Overwrite the part between BEGIN and END WORDPRESS with the new, edited code.

  4. Save your changes, and upload the new file back to the server.

ADDITIONAL ACTIONS

  • These are additional actions I went with for my site. I hope they help you as well.
    • I turned REQUIRE LOGIN off so that users only had to log in to the membership section of the site once to see the full genealogy section.
      • This keeps them from being able to edit the records. They can only suggest changes.
      • This also prevents hackers that bypass my method above from being able to easily make changes without a login.
    • I removed all LOGIN and ADMINISTRATION links from the TNG pages.
      • Now I have to use my bookmarked links to get to the admin.php and login.php pages.

Share this post


Link to post
Share on other sites
jayat1familytree

Interesting approach...

I have not gone down the Word Press path because like you, I believe a User should only have to log in ONCE to visit any areas of the same site.

With your method, are these users being logged into tng? so that their lastlogin and other info is updated?

And how do you prevent direct access to tng (outside of WP) and still allow search robots to index those pages?

And when you say log into the membership section, you mean the site wordpress login?

Thanks

Jay

Share this post


Link to post
Share on other sites
tdungan
2 hours ago, jayat1familytree said:

With your method, are these users being logged into tng? so that their lastlogin and other info is updated?

No, they're not logged into TNG at all. Only administrators have a TNG login, and they have to go directly to it to do so. That's a part of TNG functionality we lose with this method, but we don't want regular members to edit the genealogy database anyway. They just gain access for viewing it.

 

2 hours ago, jayat1familytree said:

And how do you prevent direct access to tng (outside of WP) and still allow search robots to index those pages?

Ours is a special case where the TNG database and some other resources are members-only. We don't want them indexed.

 

2 hours ago, jayat1familytree said:

And when you say log into the membership section, you mean the site wordpress login?

Yes and no. We use the Membership 2 plugin for the membership section. It creates a user account under WordPress. This method means that only logged-in users can see that content.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×