[wp-hackers] Integrate site authentication with WordPress

Otto otto at ottodestruct.com
Wed Dec 2 20:21:32 UTC 2009

That's the old way. Authenticating a user in WP 2.8 and up is much more simple.

1. Create a function that authenticates the user via whatever means
you like, and returns an appropriate WP_User object.
2. Hook that to the 'authenticate' filter.
3. There is no 3.

Example - Everybody is the admin:

function everybody_gets_to_be_the_admin($user) {
$user = new WP_User(1);
return $user;


Basically, authentication is now a simple matter. WordPress itself has
two built in methods, both using something very similar to the above.
wp_authenticate_cookie will check cookies to see if authentication
works there, and wp_authenticate_username_password will check
usernames and passwords to produce valid credentials. In either case,
all that has to be done is to produce a valid WP_User object.

Few points of note:
- The authenticate filter can pass in three parameters: A WP_user
object (or null), username, and password.
- If the $user is already set, then you probably should return it
without modification.
- If you want the input username and password to check against
something (anything), you'll need to add those params to your function
and add ,10, 3 to your add_filter call, to receive them.

This sort of thing is called every page load, so if you want to not
have to check against a database too often, you can do your own cookie
based system, if you like, or set WordPress's cookie after
authenticating, by calling wp_set_auth_cookie appropriately.

Sent from Memphis, TN, United States

On Wed, Dec 2, 2009 at 1:38 PM, Beau Lebens <beau at dentedreality.com.au> wrote:
>> This article works if I want to let WordPress do the authentication but I
>> want the rails site to handle the authentication. I want the user to
>> be automatically logged in to WordPress when they log in on the rails site.
> You'll need to ensure that your passwords are always kept in sync
> between the 2 DBs then, and also have your Rails app generate cookies
> that match up with WP in that case (probably in addition to whatever
> you're already doing). Take a look at how the functions work in
> pluggable.php ( wp_*_auth_cookie() functions ).
> Have a look at wp-includes/class-phpass.php for the hashing mechanism
> used in WP to store passwords these days, and check out
> wp_hash_password() (also in pluggable.php) to see it in action.
> Alternatively, you could override all those functions with your own
> versions that match more closely to your current Rails implementation
> (since they're all in pluggable to specifically allow you to override
> them in a plugin).
> Beau
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

More information about the wp-hackers mailing list