Now, I have prepared the solution for this functionality. Initially I have implemented this on my local server…now I have implemented with my live website as well. It is working as expected…
Let us take an example, we have two separate websites :
First Website : https://firstwebsite.com
Second Website : https://secondwebsite.com
Now put below mentioned code at your first website from where you want to login to second website :
<?php global $current_user;
$second_website_url = 'https://secondwebsite.com'; // put your second website url
$user_email = $current_user->user_email;
$user_login = $current_user->user_login;
if($user_email != ''){
$email_encoded = rtrim(strtr(base64_encode($user_email), '+/', '-_'), '='); //email encryption
$user_login_encoded = rtrim(strtr(base64_encode($user_login), '+/', '-_'), '='); //username encryption
echo '<a href="'.$second_website_url.'/sso.php?key='.$email_encoded.'&detail='.$user_login_encoded.'" target="_blank">Link to second website</a>';
}?>
After that prepare a php file and name it as “sso.php” and place this file to the root folder of your second website with below mentioned code :
<?php
require_once( 'wp-load.php' ); //put correct absolute path for this file
global $wpdb;
if(isset($_GET['key']) && !empty($_GET['key'])){
$email_decoded = base64_decode(strtr($_GET['key'], '-_', '+/')); // decrypt email
$username_decoded = base64_decode(strtr($_GET['detail'], '-_', '+/')); // decrypt username
$received_email = sanitize_text_field($email_decoded);
$received_username = sanitize_text_field($username_decoded);
if( email_exists( $received_email )) {
//get the user id for the user record exists for received email from database
$user_id = $wpdb->get_var($wpdb->prepare("SELECT * FROM ".$wpdb->users." WHERE user_email = %s", $received_email ) );
wp_set_auth_cookie( $user_id); //login the previously exist user
wp_redirect(site_url()); // put the url where you want to redirect user after logged in
}else {
//register those user whose mail id does not exists in database
if(username_exists( $received_username )){
//if username coming from first site exists in our database for any other user,
//then the email id will be set as username
$userdata = array(
'user_login' => $received_email,
'user_email' => $received_email,
'user_pass' => $received_username, // password will be username always
'first_name' => $received_username, // first name will be username
'role' => 'subscriber' //register the user with subscriber role only
);
}else {
$userdata = array(
'user_login' => $received_username,
'user_email' => $received_email,
'user_pass' => $received_username, // password will be username always
'first_name' => $received_username, // first name will be username
'role' => 'subscriber' //register the user with subscriber role only
);
}
$user_id = wp_insert_user( $userdata ) ; // adding user to the database
//On success
if ( ! is_wp_error( $user_id ) ) {
wp_set_auth_cookie( $user_id); //login that newly created user
wp_redirect(site_url()); // put the url where you want to redirect user after logged in
}else{
echo "There may be a mismatch of email/username with the existing record.
Check the users with your current email/username or try with any other account.";die;
}
}
die;
} ?>
Modify the code as per your needs.
To get it more clear, please go through this link : https://www.wptricks24.com/auto-login-one-website-another-wordpress
Hope this help someone…
Thanks
Sunil
