[wp-hackers] Pluggable authenticaton
Alan J Castonguay
alan at verselogic.net
Tue Dec 12 02:27:07 GMT 2006
I have been working on a plugin[1] which extends authentication for
WP as well. I find the local wordpress user ID, using whatever
method, grab the $user object, and do a login against wp_login()
mimicking the method used when logging in with cookies. If that
works, I set both the username and password cookies. This is all done
using the same method as wp-login.php, by hooking the wp_authenticate
hook and die()ing myself.
$user = new WP_User( $matching_user_id );
if( wp_login( $user->user_login, md5($user->user_pass), true ) ) {
do_action('wp_login', $user_login);
wp_clearcookie();
wp_setcookie($user->user_login, md5($user->user_pass), true,
'', '', true);
$this->action = 'redirect';
if ( !$user->has_cap('edit_posts') ) $redirect_to = '/wp-admin/
profile.php';
} else {
$this->error = "Extended auth valid, but WP login failed.";
$this->action = 'error';
}
1: http://verselogic.net/projects/wordpress/wordpress-openid-plugin/
Alan J Castonguay
On 11-Dec-06, at 5:36 AM, Tassoman (mailing) wrote:
> Hello to all.
> I'm working at a pluggable authentication plugin, but I'm stuck with
> session handling.
>
> My external app is creating a single cookie with crypted session hash.
> But WP is needing two cookies: one for username and another for
> password.
More information about the wp-hackers
mailing list