A
A
Andrey Khokhlov2014-11-12 10:49:51
PHP
Andrey Khokhlov, 2014-11-12 10:49:51

How to access a file by a specific url and is it necessary?

Server nginx (frontend) + apache (backend).
Multilingual Wordpress (Polylang plugin).
For authorization, the api of another site is used, which, if the user entered the login-password correctly, returns a token for further authorization of the user.
That is:
example.com > example.ru > login/password input, if ok then > example.com + token
Now it's crooked.
2 pages have been created on which the api returns a token for further authorization:
example.com/ru/auth-ru/
example.com/en/auth-en/
and in the page template itself there is no output, only authorization actions and a redirect to the page of the other person pressed "login".
This kills the logic a bit: the page templates are in the pages folder and among them there is a file exclusively with logic, and for some reason a page was created in the admin panel that essentially does not exist.
I want not to make pages at all, but to create a conditional auth.php in the theme folder (so that everything is in 1 place) if possible, or at least in the root directory.
In which to load wordpress (to use the features)

require_once( $_SERVER['DOCUMENT_ROOT'] . '/wp-load.php' );

Do everything you need to do and redirect the person to the page from which he started authorization.
Now, if we put it in the root of the site and refer to example.com/auth.php, then I will get a 404 page
. Is this the right approach at all and how to write (I suspect that in .htaccess) rules for such a url?

Answer the question

In order to leave comments, you need to log in

2 answer(s)
I
Igor Vorotnev, 2015-08-11
@andrhohlov

The answer is already, as it were, I just can’t understand why to fence third-party files, make redirects, and so on. There is such a handy thing as hooks. For example - init, template_redirect, template_include. Instead of the whole file, register query_var, you can even rewtie_rule your own (example.com/auth/). When you hit this url in the init or template_include hook, start an authorized session, if there is a token, do what you need (for example, check the token with that in the wp_usermeta table), then send it to the desired page (from where the authorization started). The flexibility is fantastic. And all are native WP features, not crutches. Yes, this is a more advanced topic than just a third-party file, but also more flexible as a result, more reliable and safer. Here in your case, for example, what, if the token is left to send? Are there checks? Is there an API key pair? So that one key is on the service where you log in, and the second is on the site itself. It is clear that you did not disclose the authorization mechanism in detail, but from the outside, a not very reliable place is visible here.

M
Maxim Grechushnikov, 2014-11-12
@maxyc_webber

why apache?

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question