I want to modify submited password in wp_logon wp_authenticate
action.
When authenticating, I want to grab submited password, modify it, and pass back to wp_logon
So here is an action
do_action_ref_array('wp_authenticate', array(&$credentials['user_login'], &$credentials['user_password']));
I’m adding my action like this (as @kaiser suggested):
add_action("wp_authenticate", "myfunctionhere");
function myfunctionhere($credentials) {
return $credentials['user_password'] = 'foo';
}
The thing is that it does not return to wp_signon.
And more, $credentials
in myfunctionhere
value is string(3) "aka"
(username)
The thing I’m doing here, I want to modify http://wordpress.org/plugins/login-encryption/ plugin to work with current wordpress.
and this is the original function which was hooked on wp_authenticate
function add_decryption_function() {
global $user_pass;
if ($_REQUEST['encryption_code']) {
// Obtenemos la clave DES usando nuestra clave privada RSA
$key = new RSA(get_option('le_rsa_modulus'), get_option('le_rsa_public_key'), get_option('le_rsa_private_key'));
$code = $key->decrypt($_REQUEST['encryption_code']);
// Obtenemos la clave usando la clave DES
$password = des ($code, hexToString($_REQUEST['pwd']), 0, 0, null, null);
preg_match("/^([sw]*)/", $password, $res);
$user_pass = $res[1];
$_REQUEST['encryption_code'] = "";
}
}
global $user_pass is NULL of course
I’m testing native wp-login.php authentification, no other plugins.
The things you can change in there are:
$secure_cookie = apply_filters('secure_signon_cookie', $secure_cookie, $credentials);
Cookie$credentials
for theuser_login
anduser_password
1)Example
To generate a secure password, take a look at the function
wp_generate_password()
and its internals. Or better: Make it even more secure.1) As @brasofilo noted in the comment (I’ve overseen that). @brasofilo – Copy/Paste my answer to take it, it’s your credits.
It didn’t work in any reasonable hack.
The only way it could work was hacking wp_logon core function itself with global variable, which was undisairable.
SO I went with another solution.
I removed authentication function and made my own