Custom App Login Questions

  • Diana Nichols

    (@diananichols)


    9 years ago

    I built a custom app and simple shopping cart for a client.
    Normal process is, of course, for the customer to login and place an order.

    The client (several people, all of whom have administrator access) regularly has to place orders on behalf of the customers (subscribers). To do this, they currently change the customer’s password, login and place the order, and then notify the customer of the new password.

    They are now asking if they can simplify this process by placing the order on the customer’s behalf without logging in as the customer. I can build this, of course, as a separate function, but it will be complicated.

    I’m wondering if there is any secure way to allow them to access the site as another user without having the password. Or, is there a way to change the password temporarily and then restore it?

    I realize this would circumvent WP’s native login security, but believe it would be acceptable for this particular client.

    I should also note that the client admins only access the site through front end forms, never through the back end.

    Any thoughts would be greatly appreciated.
    Diana

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator bcworkz

    (@bcworkz)

    You should be able to get the current password hash out of the DB and store it somewhere for a while, perhaps as a transient. You’d have to get it directly by using $wpdb methods, there’s no WP function that would do this. Then the password can be changed, and the order placed.

    When all is finished, get the original hash from transients and place it back in the DB. It should be as if the password change never occurred. I’ve used the less authoritative word “should” a lot. When it comes to password hashes, what makes logical sense does not always work in reality. Setup a simple test to be sure this works before spending any time developing a solution.

    The idea of an admin temporarily taking over another user’s account just feels creepy to me. It would really be much better to remain an admin and submit orders on another user’s behalf with out juggling hashes, passwords, and logging in and out as various users.

    You say this would be complicated. I’ll have to take your word for it, but I’m not really seeing the complication. I imagine the same order form, except admins see an extra field where they specify which user the order is for.

    When the form is processed, if the extra user field is present, that user’s data is saved with the order instead of the current user’s data, which is normally done for subscriber users.

    This would require some extra code on the order form and in the form processing script, but it’s not that extensive in either location. Of course, I don’t know what the current code looks like nor if it’s easy to cleanly hack this code or not. Maybe it is complicated.

    Thread Starter Diana Nichols

    (@diananichols)

    Thanks, bcworkz, I hadn’t thought of pulling the hash. I may try that.

    This is a special case, where the client is providing free products to their customers. Otherwise, it would be creepy. ??

    Unfortunately, changing the order form is not really possible the way it’s written… too many of the variables depend upon logged in user variables. And there are many products, and each user can have many shipping addresses.

    I will take another look at it, though, with your comments in mind.

    Thanks much for taking the time to help me think this through!

    Happy Tuesday!
    Diana

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Custom App Login Questions’ is closed to new replies.