Title: SUC – same user credentials Author: giuliopanda Published: May 24, 2024 Last modified: May 24, 2024 --- Search plugins This plugin **hasn’t been tested with the latest 3 major releases of WordPress**. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress. ![](https://ps.w.org/same-user-credentials/assets/icon-256x256.jpg?rev=3091975) # SUC – same user credentials By [giuliopanda](https://profiles.wordpress.org/giuliopanda/) [Download](https://downloads.wordpress.org/plugin/same-user-credentials.1.0.0.zip) * [Details](https://twd.wordpress.org/plugins/same-user-credentials/#description) * [Reviews](https://twd.wordpress.org/plugins/same-user-credentials/#reviews) * [Installation](https://twd.wordpress.org/plugins/same-user-credentials/#installation) * [Development](https://twd.wordpress.org/plugins/same-user-credentials/#developers) [Support](https://wordpress.org/support/plugin/same-user-credentials/) ## Description The plugin synchronizes users with a main site, allowing you to access all sites where the plugin is installed with the same credentials. * One website must be configured as a server, while the other sites must be configured as clients. * Users registered on the server site can now access client sites using the same login credentials. * In the client site, if the user does not exist, a new user is created with the data coming from the server. You can customize the data to be saved on the client site through several hooks described later. * If the user already exists (checks the username) then the plugin updates the user information. * If the user exists on the client, but not on the server, the plugin blocks access by changing the password to the user saved on the client. * For security reasons the plugin does not synchronize administrators. * When you click on recover password from a client site you are redirected to the server site to recover your password. Once you have recovered the password you return to the client site login. When you try to register a user from a client site you are redirected to the server site to register the user. * If a user has logged in to a client site and logs in again through cookies, then without logging in again the system updates the user data with the server data once a day. If the user no longer exists on the server, he or she is logged out of the client site. * Client users are never deleted even if they are no longer present on the server. * Be careful if a user already exists on the client with the same email, but different user login, the user is not logged in. ### Security Communications take place via APIs protected through an encrypted token system. Usernames and passwords are never passed in clear text or through a basic authentication system. Synchronizing administrators is not allowed, administrators must be managed locally. Some user metadata is not passed because it is specific to the configuration of each individual site. ### Logs All operations are logged both on the client site and on the server. ### Customizations By default the plugin synchronizes all user except administrators. By default The plugin synchronizes all user data, roles, and metadata. However, you can customize who and what to sync through many specially created filters and hooks. First you may want to choose which users you want to sync and which you don’t. You can choose which user roles you want to sync. This way if the user has a certain role it will be synchronized, otherwise not. You can do this through the sucw-roles- exclude-all-sync-except filter placed in the client site. **apply_filters(‘sucw-roles-exclude-all-sync-except’, [‘subscriber’]);** _(CLIENT)_ Excludes all roles from synchronization except those specified This overrides the filter ‘sucw-roles-to-exclude-sync’! param array $array_exclude the list of default roles [‘subscriber’] since 1.0.0 Otherwise you can choose to sync all users except those who have a certain role. **apply_filters(‘sucw-roles-to-exclude-sync’, [‘administrator’])** _(CLIENT)_ These are the roles that do not need to synchronize If active The filter ‘sucw-roles-exclude- all-sync-except’ will be ignored param array $array_exclude the list of default roles [‘administrator’] since 1.0.0 The same role configuration entered in the client sites should be placed in the server site. **add_filter(‘sucw-roles-exclude-all-sync-except’, []);** _(SERVER)_ Exclude all roles from synchronization except those specified If active the ‘sucw-block-user- roles’ filter will be ignored param array $array_exclude the list of default roles[] since 1.0.0 **add_filter(‘sucw-block-user-roles’, [‘administrator’]);** _(SERVER)_ If the user has one of the blocked roles I won’t let them through var array $block_user_roles return array since 1.0.0 ### Below are the other filters and hooks you can use to customize your plugin configuration. **apply_filters(‘sucw-update-roles’, $roles)** _(CLIENT)_ The list of roles to save in the user profile when creating or updating the user. if it is an empty array it does not update the roles. since 1.0.0 **do_action( ‘sucw-update-user’, $user_id, $user_data )** _(CLIENT)_ It is called after updating or creating a user param: int $user_id the user id object $user_data user data since 1.0.0 **apply_filters(‘sucw-remote-args’, $args)** _(CLIENT)_ These are the arguments for the client to call the server param array $args Default [‘method’:’POST’, ‘timeout’: $timeout, ‘redirection’:2, ‘httpversion’:’1.0′, ‘blocking’:true, ‘headers’:$headers,‘ cookies’:[]] since 1.0.0 **apply_filters(‘sucw-remote-timeout’, 15)** _(CLIENT)_ The server call times out param int $timeout Default 15 since 1.0.0 **apply_filters(‘sucw-allow-metadata’, true)** _(CLIENT)_ Allows you to update metadata param bool $allow_metadata Allows you to update metadata if false it does not update the metadata, if it is an array it only updates the metadata present in the array since 1.0.0 **apply_filters(‘sucw_register_url’, $url)** _(CLIENT)_ Manages the registration link param string $url il link di default since 1.0.0 **apply_filters(‘sucw-lostpassword-url’, url)** _(CLIENT)_ Manages lost password link param string $url il link di default since 1.0.0 **apply_filters( ‘sucw-htaccess’, true )** _(CLIENT)_ If the server uses htaccess or you need to make the call to the API via /?rest_route (false) since 1.0.0 **apply_filters(‘sucw-api-response’, $response, ‘login|check-user’)** _(SERVER)_ The server’s response to the login client api call param array $response [‘response_status’ =>’ok’, ‘user’=>$user] | [‘response_status’=>’error’, ‘message’=>’…’] param string $type login | check-user since 1.0.0 **apply_filters(‘sucw-log-limit’, 1000)** (SERVER & CLIENT) The number of logs to keep on both server and client param int $log_limit Default 1000 since 1.0.0 ### TIPS & TRICKS If the user misspells the password, it may appear as an error message that the user does not exist. To make the error messages more generic you can use the following code: ``` add_filter('login_errors', 'login_message', 10, 1); function login_message($error ) { if ($error != '') { $error = "Incorrect username or password"; } return $error; } ``` To add a new role you need to create code like this on both the client and server sites ``` add_role('my_custom_role', __( 'My Custom Role' ), array( 'read' => true, 'read_private_posts' => true, ) ); ``` ### Credits Same user credentials as started in 2024 by Giulio Pandolfelli Thanks to [Ekebu](https://www.ekebu.com) for the supports. ## Installation The plugin must be installed on two or more sites. The first site must be configured as a server, while the others as clients. Remember to save your settings once you have configured the plugin. **Server:** Click on the “Server” box and save. **Client:** Copy the token generated by the server and paste it into the client’s“ Token” box. Copy the server URL into the URL. Save. When you save the client settings it tries to connect to the server to verify that everything is working correctly. If the server does not have active htaccess, the API address changes and the following code must be applied to the client’s functions. php: ``` add_filter( 'sucw-htaccess', 'sucw_htaccess' ); function sucw_htaccess() { return false; } ``` ## Reviews There are no reviews for this plugin. ## Contributors & Developers “SUC – same user credentials” is open source software. The following people have contributed to this plugin. Contributors * [ giuliopanda ](https://profiles.wordpress.org/giuliopanda/) [Translate “SUC – same user credentials” into your language.](https://translate.wordpress.org/projects/wp-plugins/same-user-credentials) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/same-user-credentials/), check out the [SVN repository](https://plugins.svn.wordpress.org/same-user-credentials/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/same-user-credentials/) by [RSS](https://plugins.trac.wordpress.org/log/same-user-credentials/?limit=100&mode=stop_on_copy&format=rss). ## Meta * Version **1.0.0** * Last updated **2 years ago** * Active installations **10+** * WordPress version ** 6.0 or higher ** * Tested up to **6.5.8** * PHP version ** 7.4 or higher ** * Language * [English (US)](https://wordpress.org/plugins/same-user-credentials/) * Tags * [authentication](https://twd.wordpress.org/plugins/tags/authentication/)[multisite user](https://twd.wordpress.org/plugins/tags/multisite-user/) [share login](https://twd.wordpress.org/plugins/tags/share-login/) * [Advanced View](https://twd.wordpress.org/plugins/same-user-credentials/advanced/) ## Ratings No reviews have been submitted yet. [Add my review](https://wordpress.org/support/plugin/same-user-credentials/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/same-user-credentials/reviews/) ## Contributors * [ giuliopanda ](https://profiles.wordpress.org/giuliopanda/) ## Support Got something to say? Need help? [View support forum](https://wordpress.org/support/plugin/same-user-credentials/)