I am trying to login into a CI site from a WP sub-domain, by calling an API end-point with the user and password. The problem is that even if the API returns success with a valid user and password, when I am redirected to the CI site I am not detected as logged in because apparently there is no open session.
So, how do I make the API save the session so when the user reaches the CI site he/she is properly identified as logged in.
Sessions are stored in a table and I am making the request from the WP site like this:
// wp.mysite.com
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,"ci.mysite.com/api/public/login");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($_POST));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$server_output = json_decode(curl_exec($ch));
curl_close ($ch);
// Here I find out if I am logged in or not
if ($server_output->success) {
header("Location: ci.mysite.com/my");
}
and the API made in the CI site
// ci.mysite.com/api/public/login
<?php
class Login extends Api_Controller {
public function index() {
$email = Input::get('email_address');
$user = new User();
$user->where('email', $email)->get();
if(!$user->exists()) {
Data::set('error', 'User not found');
$this->done();
}
$password = Input::get('password');
if(!$user->checkPassword($password)) {
Data::set('error', 'Login error');
$this->done();
}
Data::set('user', $user->toArray());
Session::login($user);
$this->done();
}
}
So, after login I expect the session to be open in the CI site but when I am redirected there, I find out I am not. How could I make this work?
