I am working on a WordPress plugin and I have a problem where I get the WordPress logged-in users id & session and i need to create a comment on this user's behalf from my server.
[Update] What I mean by "my server" is from my own Java server. My comment system creates the comments on the Java server and the Java server needs also to create the same comment on the wordpress PHP server. In order to create the comment on the user account i am sending the session to the Java server so it will as the wordpress to convert the session to the user, so it will be secure. [/update]
The problem is that in order to make this operation secure i need to check with WordPress that the session i got is valid and matches the user id.
I couldn't find any API that convert the session into the user id in order to check that it matches.
anyway to do that with WordPress API?
There are a number of ways you can get the user id from the auth cookie, depending on the path you want to take this are the functions you should check:
get_current_user_id ->Returns the ID of the current user.
wp_get_current_user ->Retrieve the current user object (WP_User).
Wrapper of get_currentuserinfo() using the global variable $current_user. You can check the code of this function here to have an ideea how you can build your script.
wp_validate_auth_cookie -Validates authentication cookie. It returns the user id.
I'm thinking you'll have to use the last one like it is used in get_currentuserinfo:
$user = wp_validate_auth_cookie( $_COOKIE[LOGGED_IN_COOKIE], 'logged_in' )
if ($user != 0) { //then we have a valid user...}