[wp-hackers] wp-login.php changes in 2.5

Viper007Bond viper at viper007bond.com
Thu Apr 10 23:11:04 GMT 2008

Passwords aren't MD5'ed anymore in the database (they are now salted and
uber-hashed via phpass), so that plugin won't work as it is right now

On Thu, Apr 10, 2008 at 11:46 AM, benchun <ben at benchun.net> wrote:

> Hi everyone,
> I noticed that login is handled a little differently in 2.5.  This caused
> Daniel Westermann-Clark's http-authentication (
> http://wordpress.org/extend/plugins/http-authentication/ ) plugin to
> break,
> but just slightly.  Background: The purpose of the plugin is to check if
> the
> user is already authenticated by looking for the REMOTE_USER environment
> variable, as set by mod_auth or similar.  If yes, then it logs them in to
> WP
> with the same username by setting the cookie.
> The current implementation involves hooking wp_authenticate.  It looks
> like
> the order of operations in 2.5 in wp-login.php has changed.  Previously it
> called wp_authenticate no matter what, and the plugin could do it's magic.
> Now wp-login.php calls wp_signon() in wp-includes/user.php, which returns
> before calling wp_authenticate if it wasn't passed any credentials.  So
> why
> not pass it credentials?  Well that sounds great.  How are we intended to
> do
> this cleanly?
> wp_signon() is not in pluggable.php and wp_login() is deprecated with a
> note
> to use wp_signin() -- a function that as far as I can tell does not exist
> at
> all.  Clearly someone had an idea for how logins should work, and these
> changes were probably a good idea in some context.  Were they implemented
> completely?  Can anyone point me at documentation for these changes or
> give
> a suggestion as to how to fix dwc's plugin?
> Thanks in advance,
> Ben
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

Viper007Bond | http://www.viper007bond.com/ | http://www.finalgear.com/

More information about the wp-hackers mailing list