[ Please forget about security concerns for a moment... ]
My goal is to create an invitation page where people land on after being invited by an email with a unique link. On that page they choose a password using a basic HTML form, which posts into the very same page.
When posted, my goal is to programmatically log the user in (the backend knows the email + the password based on the unique invite code) and redirect that user to another page, as a logged in user.
my code has NO EFFECT. The user is not logged in (I can see that by refreshing another page in my web app in another browser tab, where the header differs if the user is logged in). Also-- the redirect has no effect. We never navigate out of the page we posted to.
Here's the code. It is being executed in the POST portion of the page:
$creds = array(
'user_login' => $user->user_email, // VERIFIED- CORRECT
'user_password' => $password, // VERIFIED- CORRECT
'remember' => true
);
$user = wp_signon( $creds, false );
if ( is_wp_error( $user ) ) {
echo $user->get_error_message(); // DOESN'T GET HERE
}
wp_redirect('http://mywebapp.loc/faq'); // DOESN'T REDIRECT
die();
I would appreciate any pointer. Obviously I am doing something wrong.