[wp-hackers] wp-login.php changes in 2.5

Otto otto at ottodestruct.com
Fri Apr 11 15:01:45 GMT 2008

On Thu, Apr 10, 2008 at 1:46 PM, benchun <ben at benchun.net> wrote:
>  The current implementation involves hooking wp_authenticate.  It looks like
>  the order of operations in 2.5 in wp-login.php has changed.  Previously it
>  called wp_authenticate no matter what, and the plugin could do it's magic.
>  Now wp-login.php calls wp_signon() in wp-includes/user.php, which returns
>  before calling wp_authenticate if it wasn't passed any credentials.  So why
>  not pass it credentials?  Well that sounds great.  How are we intended to do
>  this cleanly?

Short answer is that you're right, you can't do it at all. The
do_action_ref_array('wp_authenticate'... got moved out of the
wp-login.php, where it was right after getting the posted info, into
wp_signon(), where now it doesn't run until after that info is checked
for cleanliness.

That happened here, BTW: http://trac.wordpress.org/changeset/6643

Either the 'wp_authenticate' action needs to be moved up to earlier in
the function, or you can't do what you want to do.

More information about the wp-hackers mailing list