[wp-hackers] Use WP as an authentication system

Alex Hempton-Smith hempsworth at googlemail.com
Tue Feb 17 16:52:54 GMT 2009


I'm still having trouble with this... being a bit of a PHP newbie doesn't
help!
The following plugin allows the redirection of specific user roles:
<http://svn.wp-plugins.org/peters-login-redirect/trunk/wplogin_redirect.php>
http://svn.wp-plugins.org/peters-login-redirect/trunk/wplogin_redirect.php

Could I use some of that code to fix my problem? If so, what bits do I need?

Learning through doing I guess.. :P

-- Alex


On Mon, Feb 16, 2009 at 5:11 AM, James Collins <james at om4.com.au> wrote:

> Hi Alex,
> It looks like the wp_safe_redirect() function is called on the redirect_to
> parameter before redirecting. This helps ensure that the redirect URL is a
> safe one.
>
> I'm guessing you'll have to hook into the allowed_redirect_hosts filter
> (see
> the wp_safe_redirect() function in wp-includes/pluggable.php in order to
> allow the user to be redirected to your staff.example.com subdomain.
>
> Regards,
>
> James Collins
>
>
>
>
> 2009/2/16 Alex Hempton-Smith <hempsworth at googlemail.com>
>
> > Sure thing Mike, I've got it pretty much working but I just need to
> change
> > where the sign-in form redirects to, so things run completely smoothly.
> > I have a really stripped down sign-in form like this:
> >
> > <form name="loginform" id="loginform" action="<?php bloginfo('wpurl');
> > ?>/wp-login.php" method="post">
> > <input type="text" name="log" id="user_login" class="input" value="<?php
> > echo attribute_escape(stripslashes($user_login)); ?>" />
> > <input type="password" name="pwd" id="user_pass" class="input" value=""
> > size="20" />
> > <input type="submit" name="wp-submit" id="wp-submit" value="Log In" />
> > <input type="hidden" name="redirect_to" value="http://staff.example.com"
> > />
> > </form>
> >
> > But when it's used in the subdomain, it logs me in but redirects me to
> the
> > admin panel - completely ignoring the redirect_to!
> > Also, with log-out links I'm adding "&redirect_to=
> http://staff.example.com
> > "
> > to the URL but it's not working either.
> >
> > Am I missing something?
> >
> > -- Alex
> >
> >
> > On Mon, Feb 16, 2009 at 1:28 AM, <mikeschinkel at newclarity.net> wrote:
> >
> > > Alex,
> > >
> > > When you get it all working any chance you could document how you did
> it
> > on
> > > a blog or somewhere? I think it would be a very valuable technique in
> > > general and could help a lot of people.
> > >
> > > -Mike
> > >
> > > Sent from my iPhone
> > >
> > > On Feb 15, 2009, at 5:34 PM, Alex Hempton-Smith <
> > hempsworth at googlemail.com>
> > > wrote:
> > >
> > >  By the way, I changed the cookie attributes in the
> > >> Firefox developer toolbar, and the authentication is now working.
> > >> I just need to stop WP saving the cookies with the original settings.
> > >>
> > >> -- Alex
> > >>
> > >>
> > >> On Sun, Feb 15, 2009 at 10:24 PM, Alex Hempton-Smith <
> > >> hempsworth at googlemail.com> wrote:
> > >>
> > >>  Brilliant, so I changed the cookie path from "/wp/wp-admin" to "/",
> and
> > >>> changed the host from "www.example.com" to ".example.com".
> > >>> How would I force WP to save the cookies like this?
> > >>>
> > >>> -- Alex
> > >>>
> > >>>
> > >>>
> > >>> On Sun, Feb 15, 2009 at 9:34 PM, Gaarai <gaarai at gaarai.com> wrote:
> > >>>
> > >>>  The cookie is most likely being set just for the domain that your
> > >>>> WordPress resides on. The subdomain is treated as a different
> domain.
> > >>>>
> > >>>> So, you might look at modifying the cookie to be set for a domain of
> > ".
> > >>>> domain.com". Note the dot (.) in front of the domain name. This
> > should
> > >>>> ensure that the cookie will work for all subdomains.
> > >>>>
> > >>>>
> > >>>> Chris Jean
> > >>>> http://gaarai.com/
> > >>>> http://wp-roadmap.com/
> > >>>>
> > >>>>
> > >>>>
> > >>>> Alex Hempton-Smith wrote:
> > >>>>
> > >>>>  Thanks Mike, I've defined ABSPATH and when I visit the page I get
> > sent
> > >>>>> to
> > >>>>> the WP login page. I log in, it redirects me to the Dashboard. When
> I
> > >>>>> go
> > >>>>> back to the subdomain it just shows me the login page again.
> > >>>>> Why's it doing this you think?
> > >>>>>
> > >>>>> -- Alex
> > >>>>>
> > >>>>>
> > >>>>> On Sun, Feb 15, 2009 at 9:18 PM, <mikeschinkel at newclarity.net>
> > wrote:
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>  admin.php includes wp-load.php and assumes it's relative
> directory.
> > >>>>>> Either
> > >>>>>> define ABSPATH to your WordPress root or explicitly require()
> > >>>>>> wp-load.php
> > >>>>>> using the correct directory before requiring admin.php and that
> > should
> > >>>>>> solve
> > >>>>>> it.
> > >>>>>>
> > >>>>>> -Mike
> > >>>>>>
> > >>>>>> Sent from my iPhone
> > >>>>>>
> > >>>>>>
> > >>>>>> On Feb 15, 2009, at 2:11 PM, Alex Hempton-Smith <
> > >>>>>> hempsworth at googlemail.com>
> > >>>>>> wrote:
> > >>>>>>
> > >>>>>> I'm having real trouble with this... I get errors when I try to
> > >>>>>> include
> > >>>>>>
> > >>>>>>
> > >>>>>>  the
> > >>>>>>> following code:
> > >>>>>>> require_once('../wp/wp-admin/admin.php');
> > >>>>>>>
> > >>>>>>> Saying:
> > >>>>>>> Warning: require_once(../wp-load.php) [function.require-once]:
> > failed
> > >>>>>>> to open stream: No such file or directory in...
> > >>>>>>>
> > >>>>>>> Does anybody have any experience of using WP in this way?
> > >>>>>>>
> > >>>>>>> -- Alex
> > >>>>>>>
> > >>>>>>>
> > >>>>>>> On Sun, Feb 15, 2009 at 5:49 PM, Gaarai <gaarai at gaarai.com>
> wrote:
> > >>>>>>>
> > >>>>>>> I'm about to head out, but I wanted to give you a tip to get you
> > >>>>>>> started.
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>  I recommend checking out the wp-admin/index.php file. This
> should
> > >>>>>>>> serve
> > >>>>>>>> as
> > >>>>>>>> a template for your custom app.
> > >>>>>>>>
> > >>>>>>>> You'll also need to look at the $_REQUEST['redirect_to'] query
> arg
> > >>>>>>>> so
> > >>>>>>>> that
> > >>>>>>>> you can properly redirect your user once they've logged in. You
> > can
> > >>>>>>>> find
> > >>>>>>>> more about it by looking in the wp-login.php file.
> > >>>>>>>>
> > >>>>>>>> Chris Jean
> > >>>>>>>> http://gaarai.com/
> > >>>>>>>> http://wp-roadmap.com/
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>> Alex Hempton-Smith wrote:
> > >>>>>>>>
> > >>>>>>>> Hi all,
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>  I'm building a set of custom apps/scripts for our charity and I
> > >>>>>>>>> would
> > >>>>>>>>> like
> > >>>>>>>>> to make these available at "staff.example.com". I have a
> regular
> > >>>>>>>>> install
> > >>>>>>>>> of
> > >>>>>>>>> WP in "example.com/wp/". The staff subdomain's content is
> > actually
> > >>>>>>>>> in
> > >>>>>>>>> /home/
> > >>>>>>>>> example.com/staff/.
> > >>>>>>>>>
> > >>>>>>>>> Instead of re-invent the wheel I (and to have the same
> > >>>>>>>>> usernames/passwords),
> > >>>>>>>>> I would like to use the authentication system from the WP
> install
> > >>>>>>>>> on
> > >>>>>>>>> my
> > >>>>>>>>> own
> > >>>>>>>>> custom PHP stuff in the subdomain. And then be able to use
> normal
> > >>>>>>>>> WP
> > >>>>>>>>> functions within my own app, like checking if they're logged
> in,
> > >>>>>>>>> getting
> > >>>>>>>>> usernames etc.
> > >>>>>>>>>
> > >>>>>>>>> What do I need to do to allow my users to log into the main
> > >>>>>>>>> install,
> > >>>>>>>>> and
> > >>>>>>>>> then be logged into the custom area?
> > >>>>>>>>>
> > >>>>>>>>> I know it'll be more than just including 'wp-blog-header.php',
> > >>>>>>>>> because
> > >>>>>>>>> of
> > >>>>>>>>> cookies etc?
> > >>>>>>>>>
> > >>>>>>>>> Many thanks if anyone can help!
> > >>>>>>>>>
> > >>>>>>>>> -- Alex
> > >>>>>>>>> _______________________________________________
> > >>>>>>>>> wp-hackers mailing list
> > >>>>>>>>> wp-hackers at lists.automattic.com
> > >>>>>>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>> _______________________________________________
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>  wp-hackers mailing list
> > >>>>>>>> wp-hackers at lists.automattic.com
> > >>>>>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> > >>>>>>>>
> > >>>>>>>> _______________________________________________
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>  wp-hackers mailing list
> > >>>>>>> wp-hackers at lists.automattic.com
> > >>>>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>  _______________________________________________
> > >>>>>> wp-hackers mailing list
> > >>>>>> wp-hackers at lists.automattic.com
> > >>>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>  _______________________________________________
> > >>>>> wp-hackers mailing list
> > >>>>> wp-hackers at lists.automattic.com
> > >>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>  _______________________________________________
> > >>>> wp-hackers mailing list
> > >>>> wp-hackers at lists.automattic.com
> > >>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> > >>>>
> > >>>>
> > >>>
> > >>>  _______________________________________________
> > >> wp-hackers mailing list
> > >> wp-hackers at lists.automattic.com
> > >> http://lists.automattic.com/mailman/listinfo/wp-hackers
> > >>
> > > _______________________________________________
> > > wp-hackers mailing list
> > > wp-hackers at lists.automattic.com
> > > http://lists.automattic.com/mailman/listinfo/wp-hackers
> > >
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list