package | BackPress |
---|
WP_Auth($db, $users, $cookies)
__construct($db, $users, array $cookies)
link |
---|
array
Array indexed by internal name of cookie. Values are arrays of array defining cookie parameters. $cookies = array( 'auth' => array( 0 => array( 'domain' => (string) cookie domain 'path' => (string) cookie path 'name' => (string) cookie name 'secure' => (bool) restrict cookie to HTTPS only ) ) );
At least one cookie is required. Give it an internal name of 'auth'.
Suggested cookie structure: logged_in: whether or not a user is logged in. Send everywhere. auth: used to authorize user's actions. Send only to domains/paths that need it (e.g. wp-admin/) secure_auth: used to authorize user's actions. Send only to domains/paths that need it and only over HTTPS
You should be very careful when setting cookie domain to ensure that it always follows the rules set out in the {@link http://curl.haxx.se/rfc/cookie_spec.html Set Cookie spec}. In most cases it is best to leave cookie set to false and allow for user configuration to define a cookie domain in a configuration file when cross subdomain cookies are required.
get_current_user() : boolean | null
Will set the current user, if the current user is not set. The current user will be set to the logged in person. If no user is logged in, then it will set the current user to 0, which is invalid and won't have any permissions.
since | 0.71 |
---|---|
uses | Checks if the current user is set |
uses | Retrieves current logged in user. |
boolean
null
False on XMLRPC Request and invalid auth cookie. Null when current user setset_current_user($user_id) : \BP_User
Set $id to null and specify a name if you do not know a user's ID
Some WordPress functionality is based on the current user and not based on the signed in user. Therefore, it opens the ability to edit and perform actions on users who aren't signed in.
since | 2.0.4 |
---|---|
uses | Calls 'set_current_user' hook after setting the current user. |
\BP_User
Current user User object$current
0
$db
$users