Hi Jamal,
Sorry for the late reply, We have changed the idea of the form to give the user account in our application. The scenario will be now :
the user will access using his Civil ID and card reader. and a hidden page should check from DB before access the application page.
If the user does not exist --> redirect him to the registration page.
if the user exists --> login him directly and redirects him to his profile.
How can I do that?
Hello!
I am not really sure to understand what do you mean, especially the following:
- card reader
- hidden page should check from DB
Can you please elaborate a little more on your question so I can better understand it? Sometimes screenshots illustrating what you mean may go a long way to clarify what words fail to transmit, so if you like, make use of “upload an image” below the comment area.
Hi Jamal,
When New users visit the service and want to register. He should access using the smart card authentication method PKI, where all the attributes are passed to the registration page including the user name and password (as the attached image).
then he will be redirected to the registration page (user form) to register and the system will create an account for him.
then if the user wants to follow up and review his profile he should access again using his smart card and now it should redirect him to his profile.
what we did so far: when the new user access, it redirects him to the registration page and allowing him to create an account.
But the issue is that if the user already has an account, we want him to log in directly to the system without passing the wp-login page.
I think we have to write a specific code in a specific place to check the availability of the user from the database, and if available automatically log in and open his profile.
or if possible the wp-login should be hidden and the user credentials coming from PKI to the hidden login page to check the availability of the user and if available redirect him immediately to the profile page. So the user should not see the wp-login page.
I hope this scenario is clear now.
Yes, you will need custom code to implement this workflow. However, I am sorry, I still don't see how this SmartCard authentication method works? How the integration with WordPress is done?
So, I'll try to give some guidance on how to programmatically authenticate the user:
- The code should be run before WordPress send any headers. I would suggest the init hook https://developer.wordpress.org/reference/hooks/init/
- I remember that you are modeling users with posts. Use get_posts to find an already created user. https://developer.wordpress.org/reference/functions/get_posts/
- If no user available redirect to the registration page.
- If a post is available. Get the corresponding user, and set it as the current user, then set authentication cookies, as explained in this thread https://wordpress.stackexchange.com/a/128445
thank you Jamal for your reply,
Smart Card Authentication is a system that reads the Civil Id card and returns the user data from the government database and we are passing these data to our system. Because we don't want to allow the user to enter his details and to be more accurate.
-regarding the hook. where should we add the hook code. is it in funchion.php file??
-regarding the user, previously it was with posts. but now we have changed it to be only users created by a user form. we don't have any post forms.
Thank you for the explanation, but I still don't see how this SmartCard authentication is integrated with WordPress. I understood that it passes the user information to the form, right? Does it have any interaction with WordPress? Or does it work only on the browser?
As you are working directly with users, you should lookup for users using get_users or the WP_User_Query class:
- https://developer.wordpress.org/reference/functions/get_users/
- https://developer.wordpress.org/reference/classes/wp_user_query/
The custom code can be added to the theme's functions.php file, or into a plugin, or using the Toolset Custom Code section. Just note that all Toolset Custom Code snippets are loaded at the init hook in priority 20. Check the following articles:
- https://toolset.com/documentation/adding-custom-code/using-toolset-to-add-custom-code/
- https://toolset.com/documentation/adding-custom-code/how-to-use-toolset-api-hooks-in-custom-code/
it is on a separate server. it does not interact with WordPress only passing the values to the form. the username is his civil id and the password is a concatenation from the name and civil id and both will be readonly. the user allowed only to add his email and organization and clicking submit then the account will be created. (this is done)
the second time when the user inserts his card. WordPress should check the availability of the user from the toolset database before loading. if available login him directly without showing wp-login page and redirect him to his profile page. if not go to the registration form.
You said:
it is on a separate server. it does not interact with WordPress only passing the values to the form.
Then you said:
the second time when the user inserts his card. WordPress should check the availability of the user from the toolset database before loading.
Are you talking about the same form?
If that's the case, you can use the cred_form_validate hook. Check if the user exists on the database or no. If it exists, use the function I suggested before to authenticate the user. If it does not, just return the fields and errors arrays and let Toolset create the user for you. Then you can use the same functions to authenticate the user with the cred_save_data hook. Does it make sense?
https://toolset.com/documentation/programmer-reference/cred-api/#cred_form_validate
