[wp-hackers] overriding pluggable.php functions

Will Norris will at willnorris.com
Sat Jan 10 21:04:03 GMT 2009

On Jan 10, 2009, at 12:23 PM, Otto wrote:

> On Sat, Jan 10, 2009 at 4:36 AM, Will Norris <will at willnorris.com>  
> wrote:
>> in the case of wp_authenticate(), it is expected to return either  
>> null or an
>> WP_User object.  We begin by passing in null.  If any of the filter
>> implementations are able to authenticate the user by whatever  
>> means, all
>> they need to do is return a new WP_User object.  Otherwise, they  
>> just return
>> what they were originally passed in.  If no filter function is able  
>> to
>> authenticate the user, then null ends up being returned.
> Hah. I like this much better.  Instead of calling wp_authenticate in
> the code anywhere, we hook it to a filter. Then you say that every
> authentication function needs to hook into that filter and have code
> like if ($value !== null) return $value; right at the top of the
> function. That way, if somebody authenticated already, it bypasses the
> rest and falls on through. You can use the priority of the filter to
> determine the order of authentication attempts.

Well, I would still leave wp_authenticate() as a public function that  
can be called from wherever... just make it a wrapper around the  
apply_filters stuff.  And as you hinted at in your other post, we  
actually don't need to create the new private functions either...  
instead of having both wp_authenticate and _wp_authenticate which has  
the standard logic, we simply need to add the apply_filters call at  
the beginning of the existing function...

   function wp_authenticate($username, $password) {
       $pre = apply_filters( 'wp_authenticate', false, $username,  
$password );
       if ( false !== $pre ) return $pre;
       .. normal wp_auth logic here ..

Of course, there is still something attractive about being able to  
call the standard logic directly anytime you want.  This only works  
cleanly if it's separated out into another function.  Otherwise, you'd  
have to clear out all the filters, then call wp_authenticate().


More information about the wp-hackers mailing list