Re: [wp-testers] Angsuman’s Authenticated WordPress Plugin

Mistah P mistahp.testers at gmail.com
Fri Mar 14 20:36:17 GMT 2008


On Fri, Mar 14, 2008 at 3:11 PM, Chris <fck.u.too at gmail.com> wrote:
> Angsuman's Authenticated WordPress Plugin just keeps redirecting back
> to the dashboard, alternately the Authenticate plugin seems to work
> correctly.
>

I'm glad you mentioned this. I was planning on bringing this up myself
sometime soon. I also use Angsuman's plugin. The reason it doesn't
work in 2.5 is that there's a new system for generating cookies and
that plugin implicitly relies on the old system.

I work around the issue by modifying the plugin. I replaced this bit:


if ( (!empty($_COOKIE[USER_COOKIE]) &&
				!wp_login($_COOKIE[USER_COOKIE], $_COOKIE[PASS_COOKIE], true)) ||
			 (empty($_COOKIE[USER_COOKIE])) )


with this bit:


global $user_ID;
if (!$user_ID) {


and it _seems_ to work exactly as it should. But it seems too simple.
If it was really that easy, why didn't it work like that to begin
with? I wonder, is there something I'm missing? Is checking for a
value to $user_ID less secure than verifying cookie contents?


More information about the wp-testers mailing list