How do I run an script only for admins, but outside of "/wp-admin" in WordPress?_问答_开发者

How do I run an script only for admins, but outside of "/wp-admin" in WordPress?

开发者 https://www.devze.com 2023-04-11 02:03 出处：网络

In WordPress, I am trying to get a script to work, which runs in my plugin\'s directory and gets directly called by the browser via its URL, e.g. www.example.org/wp-content/plugins/myplugin/script.php

In WordPress, I am trying to get a script to work, which runs in my plugin's directory and gets directly called by the browser via its URL, e.g. www.example.org/wp-content/plugins/myplugin/script.php. The script should only be available for logged-in admins.

What I tried to do was to include /wp-admin/admin.php at the very beginning of the script, to bootstrap WordPress' functionality, and to check for the sufficient permissions. However, during this bootstrapping process, WordPress redirects me to the log-in-screen, even tough I already am开发者_开发技巧 logged in. That is, because the WordPress-authentification-cookie isn't available outside the /wp-admin-directory.

So, because my approach obviously doesn't work, I was wondering: What is the best practice to run WordPress-admin-scripts, outside the admin-directory? Is there some "wrapper"-script inside /wp-admin I could use, like there is admin-ajax.php for AJAX-calls? Or isn't it even Wordpress, but just my server-configuration that the auth-cookie is only available in /wp-admin?

Also, please note it is not an option to register an admin-menu-item, because the script shall be loaded as a pop-up, and not be available in the menu.

Thanks in advance for your kind help.

A while ago, I created a function that checks whether someone is logged in and has admin privileges, and if so, it runs the code you want:

To use it, put this code in your functions.php file:

<?php
function admin_level($user_login=''){
    global $current_user;
    get_currentuserinfo();

    if(current_user_can('level_10')) {
        if ($user_login!=''){
            if($current_user->user_login==$user_login){
                return true;
            } else {
                return false;
            }
        } else {
            return true;
        }
    } else {
        return false;
    }
}
?>

Now, here's an example of how to create a "test area" where code is run only if the user "admin" is logged in AND has admin privileges:

<?php

//Test Area

   //Only run following code if logged in as admin

   if( admin_level($user_login = 'adminuser') ){

      //run your awesome code right here, adminuser!!!

   }

//End Test Area

?>

I use this myself all the time during development/testing when I only need something to run when I am logged in, without other users seeing it.

Thanks, and I hope this helps!

Okay. Because nobody seems to have an idea on how to deal with this, I just misused admin-ajax.php as wrapper script for my admin-script. It's not a very beautiful solution, but it works.

Please note some functions don't work as expected when used in AJAX mode, such as wp_die. If anyone has to deal with the same problem: You will need to rewrite these functions to also work in AJAX-mode.