WordPress Login Customization for External Authentication

1 comment

1. Where … is handling the final true/false call returns in its traditional login concept?

   The login process starts in the wp-login.php WordPress file around line 625:

   $user = wp_signon('', $secure_cookie);
   

   The wp_signon() function is from the wp-includes/user.php file.

   /**
    * Authenticate user with remember capability.
    *
    * The credentials is an array that has 'user_login', 'user_password', and
    * 'remember' indices. If the credentials is not given, then the log in form
    * will be assumed and used if set.
    *
    * The various authentication cookies will be set by this function and will be
    * set for a longer period depending on if the 'remember' credential is set to
    * true.
    *
    * @since 2.5.0
    *
    * @param array $credentials Optional. User info in order to sign on.
    * @param bool $secure_cookie Optional. Whether to use secure cookie.
    * @return object Either WP_Error on failure, or WP_User on success.
    */
   function wp_signon( $credentials = '', $secure_cookie = '' ) {
       if ( empty($credentials) ) {
           if ( ! empty($_POST['log']) )
               $credentials['user_login'] = $_POST['log'];
           if ( ! empty($_POST['pwd']) )
               $credentials['user_password'] = $_POST['pwd'];
           if ( ! empty($_POST['rememberme']) )
               $credentials['remember'] = $_POST['rememberme'];
       }
   
       if ( !empty($credentials['remember']) )
           $credentials['remember'] = true;
       else
           $credentials['remember'] = false;
   
       // TODO do we deprecate the wp_authentication action?
       do_action_ref_array('wp_authenticate', array(&$credentials['user_login'], &$credentials['user_password']));
   
       if ( '' === $secure_cookie )
           $secure_cookie = is_ssl();
   
       $secure_cookie = apply_filters('secure_signon_cookie', $secure_cookie, $credentials);
   
       global $auth_secure_cookie; // XXX ugly hack to pass this to wp_authenticate_cookie
       $auth_secure_cookie = $secure_cookie;
   
       add_filter('authenticate', 'wp_authenticate_cookie', 30, 3);
   
       $user = wp_authenticate($credentials['user_login'], $credentials['user_password']);
   
       if ( is_wp_error($user) ) {
           if ( $user->get_error_codes() == array('empty_username', 'empty_password') ) {
               $user = new WP_Error('', '');
           }
   
           return $user;
       }
   
       wp_set_auth_cookie($user->ID, $credentials['remember'], $secure_cookie);
       do_action('wp_login', $user->user_login, $user);
       return $user;
   }
   

   I’m not an expert on this topic, but it looks like you have two choices.

   1) Rewrite the wp_authenticate() function located in the wp-includes/pluggable.php.

   All the functions in wp-includes/pluggable.php, check to see if the function already exists before creating the function, so you can add the rewritten function in a theme or a plugin and it will replace the default wp_authenticate() function.

   2) Add your layer to ‘wp_login’ action hook located near the end of the function.

   The ‘wp_login’ action occurs after WordPress is done with all authentication. Use it like this.

   add_action( 'wp_login', 'my_external_authentication', 10, 2 );
   /**
    * @return object Either WP_Error on failure, or WP_User on success.
    */
   function my_external_authentication( $user_login, $user ) {
       // Add external authentication here.
   }
   

Comments are closed.