[wp-hackers] Complex login, urgent problem

Stefano Aglietti steagl4ml at gmail.com
Tue Jan 26 08:54:09 UTC 2010


I have a series of nanopublishing blogs that use a complex login method to
integrate into an existing community but keeping the WP accounts separated,
I use the External DB Authentication plugin to check against another DB the
logind data and let user authenticate. But there is a caveat, we have to
check if a user is logged into the original community and if so silently log
him into the various WP blogs. The external DB plugin has no modification
but I made 2 functions in the functions.php theme's file, I have a function
that give me back the user status with some info:

function login_community_user() {

require_once("Zend/Loader/Autoloader.php");
$autoloader = Zend_Loader_Autoloader::getInstance();
$autoloader->setFallbackAutoloader(true);

//Here i get an array of the community user data if authenticated
$cred =
TDev_User::getFactory(array('project_name'=>'community','dir_name'=>'tgit'))->getInternalCredentials();
global $status;


    if (is_array($cred)) {
        $credentials['user_login']=$cred['nick'];
        $credentials['user_password']=$cred['key'];
        $credentials['remember']= TRUE;

        $logincookiedata= explode('|', $_COOKIE[LOGGED_IN_COOKIE]);
        $logincookieusr = $logincookiedata[0];

        if ($credentials['user_login'] ===  $logincookieusr) {
            $status= "GIA' LOGGATO - $logincookieusr";
        } else {
            $comuser = (array)wp_signon($credentials);
            $logincookiedata= explode('|', $_COOKIE[LOGGED_IN_COOKIE]);
            $logincookieusr = $logincookiedata[0];
        }
    } else {
        wp_logout();
    }
}

add_action('init','login_community_user',1);
add_action('admin_init','login_community_user',1);

function redirect_login() {

require_once("Zend/Loader/Autoloader.php");
$autoloader = Zend_Loader_Autoloader::getInstance();
$autoloader->setFallbackAutoloader(true);

$cred =
TDev_User::getFactory(array('project_name'=>'community','dir_name'=>'tgit'))->getInternalCredentials();
global $status;

$credentials['user_login']=$cred['nick'];
$credentials['user_password']=$cred['key'];
$credentials['remember']= TRUE;

$logincookiedata= explode('|', $_COOKIE[LOGGED_IN_COOKIE]);
$logincookieusr = $logincookiedata[0];

if (in_array(NOMEBLOG, array("internet", "economia", "gossip", "motori"))) {
    $redirectAfterLogin = 'http://community.domain.it/login.php?r=http://' .
NOMEBLOG . '.domain.it/';
} else {
    $redirectAfterLogin = 'http://community.domain.it/login.php?r=http://' .
NOMEBLOG . '.domain.it/news/';
}

    if (is_array($cred)) {
        if ($credentials['user_login'] ===  $logincookieusr) {
            return;
            $redirect = get_option('siteurl') . '/wp-admin/index.php';
            wp_redirect($redirect);
        } else {
            wp_redirect($redirectAfterLogin);
        }
    } else {
            wp_redirect($redirectAfterLogin);
    }
}

add_action('login_head','redirect_login',1);

All works fine if i go to and homepage i see the user logged in (the auth
cookie is set) but sometimes when i access wp-admin instead of getting the
dashboard I've been asked to loign (and this login page should never appear
cause the login is done by the community with a complex method and not using
the real password for reason it too long to explain) The login screen appear
even if the

wordpress_logged_in_hashvalue and wordpress_hashvalue cookies are correctly
set.

Maybe I'm doing something wrng but i did a lot of test anf trial with no
luck... any idea or suggestions? Thank in advance!!


More information about the wp-hackers mailing list