fix: Use wp_signon for proper WordPress authentication in standalone login
This commit is contained in:
dwindown
@@ -31,8 +31,14 @@ class AuthController {
|
||||
], 400 );
|
||||
}
|
||||
|
||||
// Authenticate user
|
||||
$user = wp_authenticate( $username, $password );
|
||||
// Use wp_signon to properly authenticate and set cookies (same as wp-login.php)
|
||||
$credentials = [
|
||||
'user_login' => $username,
|
||||
'user_password' => $password,
|
||||
'remember' => true,
|
||||
];
|
||||
|
||||
$user = wp_signon( $credentials, false );
|
||||
|
||||
if ( is_wp_error( $user ) ) {
|
||||
return new WP_REST_Response( [
|
||||
@@ -43,15 +49,14 @@ class AuthController {
|
||||
|
||||
// Check if user has WooCommerce permissions
|
||||
if ( ! user_can( $user, 'manage_woocommerce' ) ) {
|
||||
// Logout if no permission
|
||||
wp_logout();
|
||||
return new WP_REST_Response( [
|
||||
'success' => false,
|
||||
'message' => __( 'You do not have permission to access this area', 'woonoow' ),
|
||||
], 403 );
|
||||
}
|
||||
|
||||
// Set auth cookie
|
||||
wp_set_auth_cookie( $user->ID, true );
|
||||
|
||||
// Return user data and new nonce
|
||||
return new WP_REST_Response( [
|
||||
'success' => true,
|
||||
|
||||
Reference in New Issue
Block a user