Hey everyone! I’m working on a WordPress site and I need some help. I’ve built a custom login form on a page I made (custom-page.php). What I want to do is have users log in through this form and then send them to either custom-admin.php or custom-user.php, depending on their role. The thing is, I don’t want regular users to have any access to wp-admin at all. That’s just for me.
I’ve also set up a custom table in the WordPress database called my_user to store user info. Now I’m wondering what the best way to handle this whole setup is. Should I look for a plugin that can help me out? Or do I need to code everything from scratch (like login.php, logout.php, admin.php)?
Has anyone done something similar before? Any tips or suggestions would be super helpful! I’m trying to keep things separate from the standard WordPress login system, but I’m not sure if that’s the right approach. Thanks in advance for any advice!
I’ve tackled a similar challenge before, and here’s what worked for me:
Instead of creating a separate login system, I leveraged WordPress’s existing authentication mechanisms but customized the user flow. This approach saved me a ton of time and headaches.
For the custom login form, I used wp_signon() to handle authentication. Then, I created a function hooked to ‘wp_login’ to handle redirection based on user roles.
To restrict wp-admin access, I used the ‘admin_init’ hook combined with current_user_can() to check user capabilities and redirect non-admins if needed.
For storing additional user data, I extended the user meta rather than creating a separate table. This method kept things integrated with WordPress while giving me the custom flow I needed. It’s more maintainable in the long run too.
Hey alexj, sounds like an interesting project! I’ve done something similar before. Instead of reinventing the wheel, you could use WordPress’s built-in authentication functions and just customize the redirection. Check out wp_signon() and wp_set_auth_cookie(). For restricting wp-admin, look into the ‘admin_init’ hook. Good luck!
I’ve implemented something similar in the past. Instead of creating a separate login system, I’d recommend leveraging WordPress’s existing authentication mechanisms. You can use wp_signon() for your custom login form and hook into ‘wp_login’ for role-based redirection.
For restricting wp-admin access, the ‘admin_init’ hook is your friend. You can check user roles there and redirect non-admins as needed. As for storing additional user data, consider using user meta instead of a separate table. It integrates better with WordPress and is easier to maintain.
Remember to sanitize and validate all user inputs, and use nonces for security. Also, look into the ‘template_redirect’ hook for custom page handling. This approach keeps you within the WordPress ecosystem while achieving your custom workflow.