[wp-hackers] overriding pluggable.php functions

Will Norris will at willnorris.com
Sat Jan 10 21:17:48 GMT 2009


On Jan 10, 2009, at 1:04 PM, Will Norris wrote:

>
> On Jan 10, 2009, at 12:23 PM, Otto wrote:
>
>> On Sat, Jan 10, 2009 at 4:36 AM, Will Norris <will at willnorris.com>  
>> wrote:
>>> in the case of wp_authenticate(), it is expected to return either  
>>> null or an
>>> WP_User object.  We begin by passing in null.  If any of the filter
>>> implementations are able to authenticate the user by whatever  
>>> means, all
>>> they need to do is return a new WP_User object.  Otherwise, they  
>>> just return
>>> what they were originally passed in.  If no filter function is  
>>> able to
>>> authenticate the user, then null ends up being returned.
>>
>> Hah. I like this much better.  Instead of calling wp_authenticate in
>> the code anywhere, we hook it to a filter. Then you say that every
>> authentication function needs to hook into that filter and have code
>> like if ($value !== null) return $value; right at the top of the
>> function. That way, if somebody authenticated already, it bypasses  
>> the
>> rest and falls on through. You can use the priority of the filter to
>> determine the order of authentication attempts.
>
> Well, I would still leave wp_authenticate() as a public function  
> that can be called from wherever... just make it a wrapper around  
> the apply_filters stuff.  And as you hinted at in your other post,  
> we actually don't need to create the new private functions either...  
> instead of having both wp_authenticate and _wp_authenticate which  
> has the standard logic, we simply need to add the apply_filters call  
> at the beginning of the existing function...
>
>  function wp_authenticate($username, $password) {
>      $pre = apply_filters( 'wp_authenticate', false, $username,  
> $password );
>      if ( false !== $pre ) return $pre;
>      .. normal wp_auth logic here ..
>  }
>
> Of course, there is still something attractive about being able to  
> call the standard logic directly anytime you want.  This only works  
> cleanly if it's separated out into another function.  Otherwise,  
> you'd have to clear out all the filters, then call wp_authenticate().

The more I'm looking at the authentication code, especially  
wp_signon(), the more I think it is really a unique case.  I think  
more work needs to be done here beyond just adding a filter like we've  
talked about.  I do believe the filter will be part of the overall  
solution though.  I'm going to focus on the wp_authenticate case for  
the time being and see what I can come up with.  Once that's working,  
I suspect we can do similar things with filters (or privates  
functions, whichever seems to work best) with the other pluggable.php  
functions.

-will


More information about the wp-hackers mailing list