[wp-hackers] wp-login.php changes in 2.5

[benchun]

On Fri, Apr 11, 2008 at 8:01 AM, Otto <otto at ottodestruct.com> wrote:

> On Thu, Apr 10, 2008 at 1:46 PM, benchun <ben at benchun.net> wrote:
> >  The current implementation involves hooking wp_authenticate.  It looks like
> >  the order of operations in 2.5 in wp-login.php has changed.  Previously it
> >  called wp_authenticate no matter what, and the plugin could do it's magic.
> >  Now wp-login.php calls wp_signon() in wp-includes/user.php, which returns
> >  before calling wp_authenticate if it wasn't passed any credentials.
>
> Short answer is that you're right, you can't do it at all. The
> do_action_ref_array('wp_authenticate'... got moved out of the
> wp-login.php, where it was right after getting the posted info, into
> wp_signon(), where now it doesn't run until after that info is checked
> for cleanliness.
>
> That happened here, BTW: http://trac.wordpress.org/changeset/6643
>
> Either the 'wp_authenticate' action needs to be moved up to earlier in
> the function, or you can't do what you want to do.

Thanks for the reference to the change.  If wp_signon was pluggable,
we would be able to do what we want, right?  It seems like this is the
best way to get the desired ability without disrupting the good work
that was already done.  There's even a comment in pluggable.php for
wp_login that says  * @deprecated Use wp_signin() which I'm thinking
indicates that someone wanted wp_signon() to be pluggable (since there
is no wp_signin) but it was just never implemented?

I would love to get this into 2.5.1 ... what would you recommend as
the best way to proceed?  I've done a lot of hacking on random stuff
but I'm new to this particular development community and would like to
go with the flow.  Is there a page I should read explaining the
preferred way to submit patches, etc?

Ben