[wp-hackers] Pluggable authenticaton

Alan J Castonguay alan at verselogic.net
Tue Dec 12 02:27:07 GMT 2006

I have been working on a plugin[1] which extends authentication for  
WP as well. I find the local wordpress user ID, using whatever  
method, grab the $user object, and do a login against wp_login()  
mimicking the method used when logging in with cookies. If that  
works, I set both the username and password cookies. This is all done  
using the same method as wp-login.php, by hooking the wp_authenticate  
hook and die()ing myself.

					$user = new WP_User( $matching_user_id );
					if( wp_login( $user->user_login, md5($user->user_pass), true ) ) {
						do_action('wp_login', $user_login);
						wp_setcookie($user->user_login, md5($user->user_pass), true,  
'', '', true);
						$this->action = 'redirect';
						if ( !$user->has_cap('edit_posts') ) $redirect_to = '/wp-admin/ 

					} else {
						$this->error = "Extended auth valid, but WP login failed.";
						$this->action = 'error';

1: http://verselogic.net/projects/wordpress/wordpress-openid-plugin/

Alan J Castonguay

On 11-Dec-06, at 5:36 AM, Tassoman (mailing) wrote:

> Hello to all.
> 	I'm working at a pluggable authentication plugin, but I'm stuck with
> session handling.
> My external app is creating a single cookie with crypted session hash.
> But WP is needing two cookies: one for username and another for
> password.

More information about the wp-hackers mailing list