[wp-hackers] overriding pluggable.php functions

Will Norris will at willnorris.com
Sat Jan 10 08:48:12 GMT 2009


Just implemented this to get OAuth working, and found that you don't  
need to remove other filters.  At least the default filter should  
first check the $user variable, and if set, bail out.  Plugins  
*should* do the same thing, but may not if they have good reason to.   
Updated example inline.

On Jan 9, 2009, at 10:13 PM, Will Norris wrote:
> I actually chatted with Peter Westwood in #wordpress-dev today and  
> he suggested using filters instead... there is certainly an elegance  
> to this.  pluggable.php was designed to *replace* functionality, not  
> *add* it.  There is already a great mechanism in wordpress to add  
> functionality... filters and actions.  So imagine something along  
> the lines of...
>
>  if (!function_exists('wp_authenticate')) {
>    function wp_authenticate($username, $password) {
>      return apply_filters('authenticate', null, $username, password);
>    }
>  }
>
>  add_filter('authenticate', '_wp_authenticate', 10, 3);
>  function _wp_authenticate($user, $username, $password) {
>    /* all the normal authentication logic */
>  }

this would now become...

   function _wp_authenticate($user, $username, $password) {
       if (is_a($user, 'WP_User')) return $user;

       /* all the normal authentication logic */

       return $user;
   }


> Now I could do something like the following in my plugin...
>
>  add_filter('authenticate', 'my_authenticate', 9, 3);
>  function my_authenticate($user, $username, $password) {
>    if ( /* some check*/) {
>      /* custom authenticate logic here */
>
>      // just remove the default authentication filter
>      remove_filter('authenticate', '_wp_authenticate');
>
>      // or remove them all
>      remove_all_filters('authenticate');
>    }
>    return $user;
>  }

this gets simplified, and now looks exactly like the standard function  
above:

   function my_authenticate($user, $username, $password) {
       if (is_a($user, 'WP_User')) return $user;  // or leave this out  
if I don't care about other authentication plugins

       /* custom authenticate logic here that may or may not update  
value of $user */

       return $user;
   }


More information about the wp-hackers mailing list