[wp-hackers] Use WP as an authentication system
James Collins
james at om4.com.au
Mon Feb 16 05:11:44 GMT 2009
Hi Alex,
It looks like the wp_safe_redirect() function is called on the redirect_to
parameter before redirecting. This helps ensure that the redirect URL is a
safe one.
I'm guessing you'll have to hook into the allowed_redirect_hosts filter (see
the wp_safe_redirect() function in wp-includes/pluggable.php in order to
allow the user to be redirected to your staff.example.com subdomain.
Regards,
James Collins
2009/2/16 Alex Hempton-Smith <hempsworth at googlemail.com>
> Sure thing Mike, I've got it pretty much working but I just need to change
> where the sign-in form redirects to, so things run completely smoothly.
> I have a really stripped down sign-in form like this:
>
> <form name="loginform" id="loginform" action="<?php bloginfo('wpurl');
> ?>/wp-login.php" method="post">
> <input type="text" name="log" id="user_login" class="input" value="<?php
> echo attribute_escape(stripslashes($user_login)); ?>" />
> <input type="password" name="pwd" id="user_pass" class="input" value=""
> size="20" />
> <input type="submit" name="wp-submit" id="wp-submit" value="Log In" />
> <input type="hidden" name="redirect_to" value="http://staff.example.com"
> />
> </form>
>
> But when it's used in the subdomain, it logs me in but redirects me to the
> admin panel - completely ignoring the redirect_to!
> Also, with log-out links I'm adding "&redirect_to=http://staff.example.com
> "
> to the URL but it's not working either.
>
> Am I missing something?
>
> -- Alex
>
>
> On Mon, Feb 16, 2009 at 1:28 AM, <mikeschinkel at newclarity.net> wrote:
>
> > Alex,
> >
> > When you get it all working any chance you could document how you did it
> on
> > a blog or somewhere? I think it would be a very valuable technique in
> > general and could help a lot of people.
> >
> > -Mike
> >
> > Sent from my iPhone
> >
> > On Feb 15, 2009, at 5:34 PM, Alex Hempton-Smith <
> hempsworth at googlemail.com>
> > wrote:
> >
> > By the way, I changed the cookie attributes in the
> >> Firefox developer toolbar, and the authentication is now working.
> >> I just need to stop WP saving the cookies with the original settings.
> >>
> >> -- Alex
> >>
> >>
> >> On Sun, Feb 15, 2009 at 10:24 PM, Alex Hempton-Smith <
> >> hempsworth at googlemail.com> wrote:
> >>
> >> Brilliant, so I changed the cookie path from "/wp/wp-admin" to "/", and
> >>> changed the host from "www.example.com" to ".example.com".
> >>> How would I force WP to save the cookies like this?
> >>>
> >>> -- Alex
> >>>
> >>>
> >>>
> >>> On Sun, Feb 15, 2009 at 9:34 PM, Gaarai <gaarai at gaarai.com> wrote:
> >>>
> >>> The cookie is most likely being set just for the domain that your
> >>>> WordPress resides on. The subdomain is treated as a different domain.
> >>>>
> >>>> So, you might look at modifying the cookie to be set for a domain of
> ".
> >>>> domain.com". Note the dot (.) in front of the domain name. This
> should
> >>>> ensure that the cookie will work for all subdomains.
> >>>>
> >>>>
> >>>> Chris Jean
> >>>> http://gaarai.com/
> >>>> http://wp-roadmap.com/
> >>>>
> >>>>
> >>>>
> >>>> Alex Hempton-Smith wrote:
> >>>>
> >>>> Thanks Mike, I've defined ABSPATH and when I visit the page I get
> sent
> >>>>> to
> >>>>> the WP login page. I log in, it redirects me to the Dashboard. When I
> >>>>> go
> >>>>> back to the subdomain it just shows me the login page again.
> >>>>> Why's it doing this you think?
> >>>>>
> >>>>> -- Alex
> >>>>>
> >>>>>
> >>>>> On Sun, Feb 15, 2009 at 9:18 PM, <mikeschinkel at newclarity.net>
> wrote:
> >>>>>
> >>>>>
> >>>>>
> >>>>> admin.php includes wp-load.php and assumes it's relative directory.
> >>>>>> Either
> >>>>>> define ABSPATH to your WordPress root or explicitly require()
> >>>>>> wp-load.php
> >>>>>> using the correct directory before requiring admin.php and that
> should
> >>>>>> solve
> >>>>>> it.
> >>>>>>
> >>>>>> -Mike
> >>>>>>
> >>>>>> Sent from my iPhone
> >>>>>>
> >>>>>>
> >>>>>> On Feb 15, 2009, at 2:11 PM, Alex Hempton-Smith <
> >>>>>> hempsworth at googlemail.com>
> >>>>>> wrote:
> >>>>>>
> >>>>>> I'm having real trouble with this... I get errors when I try to
> >>>>>> include
> >>>>>>
> >>>>>>
> >>>>>> the
> >>>>>>> following code:
> >>>>>>> require_once('../wp/wp-admin/admin.php');
> >>>>>>>
> >>>>>>> Saying:
> >>>>>>> Warning: require_once(../wp-load.php) [function.require-once]:
> failed
> >>>>>>> to open stream: No such file or directory in...
> >>>>>>>
> >>>>>>> Does anybody have any experience of using WP in this way?
> >>>>>>>
> >>>>>>> -- Alex
> >>>>>>>
> >>>>>>>
> >>>>>>> On Sun, Feb 15, 2009 at 5:49 PM, Gaarai <gaarai at gaarai.com> wrote:
> >>>>>>>
> >>>>>>> I'm about to head out, but I wanted to give you a tip to get you
> >>>>>>> started.
> >>>>>>>
> >>>>>>>
> >>>>>>> I recommend checking out the wp-admin/index.php file. This should
> >>>>>>>> serve
> >>>>>>>> as
> >>>>>>>> a template for your custom app.
> >>>>>>>>
> >>>>>>>> You'll also need to look at the $_REQUEST['redirect_to'] query arg
> >>>>>>>> so
> >>>>>>>> that
> >>>>>>>> you can properly redirect your user once they've logged in. You
> can
> >>>>>>>> find
> >>>>>>>> more about it by looking in the wp-login.php file.
> >>>>>>>>
> >>>>>>>> Chris Jean
> >>>>>>>> http://gaarai.com/
> >>>>>>>> http://wp-roadmap.com/
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> Alex Hempton-Smith wrote:
> >>>>>>>>
> >>>>>>>> Hi all,
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> I'm building a set of custom apps/scripts for our charity and I
> >>>>>>>>> would
> >>>>>>>>> like
> >>>>>>>>> to make these available at "staff.example.com". I have a regular
> >>>>>>>>> install
> >>>>>>>>> of
> >>>>>>>>> WP in "example.com/wp/". The staff subdomain's content is
> actually
> >>>>>>>>> in
> >>>>>>>>> /home/
> >>>>>>>>> example.com/staff/.
> >>>>>>>>>
> >>>>>>>>> Instead of re-invent the wheel I (and to have the same
> >>>>>>>>> usernames/passwords),
> >>>>>>>>> I would like to use the authentication system from the WP install
> >>>>>>>>> on
> >>>>>>>>> my
> >>>>>>>>> own
> >>>>>>>>> custom PHP stuff in the subdomain. And then be able to use normal
> >>>>>>>>> WP
> >>>>>>>>> functions within my own app, like checking if they're logged in,
> >>>>>>>>> getting
> >>>>>>>>> usernames etc.
> >>>>>>>>>
> >>>>>>>>> What do I need to do to allow my users to log into the main
> >>>>>>>>> install,
> >>>>>>>>> and
> >>>>>>>>> then be logged into the custom area?
> >>>>>>>>>
> >>>>>>>>> I know it'll be more than just including 'wp-blog-header.php',
> >>>>>>>>> because
> >>>>>>>>> of
> >>>>>>>>> cookies etc?
> >>>>>>>>>
> >>>>>>>>> Many thanks if anyone can help!
> >>>>>>>>>
> >>>>>>>>> -- Alex
> >>>>>>>>> _______________________________________________
> >>>>>>>>> wp-hackers mailing list
> >>>>>>>>> wp-hackers at lists.automattic.com
> >>>>>>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> _______________________________________________
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> wp-hackers mailing list
> >>>>>>>> wp-hackers at lists.automattic.com
> >>>>>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> >>>>>>>>
> >>>>>>>> _______________________________________________
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> wp-hackers mailing list
> >>>>>>> wp-hackers at lists.automattic.com
> >>>>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> _______________________________________________
> >>>>>> wp-hackers mailing list
> >>>>>> wp-hackers at lists.automattic.com
> >>>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> _______________________________________________
> >>>>> wp-hackers mailing list
> >>>>> wp-hackers at lists.automattic.com
> >>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> >>>>>
> >>>>>
> >>>>>
> >>>>> _______________________________________________
> >>>> wp-hackers mailing list
> >>>> wp-hackers at lists.automattic.com
> >>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> >>>>
> >>>>
> >>>
> >>> _______________________________________________
> >> wp-hackers mailing list
> >> wp-hackers at lists.automattic.com
> >> http://lists.automattic.com/mailman/listinfo/wp-hackers
> >>
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
More information about the wp-hackers
mailing list