Overriding WordPress Authentication Method

  • Hello everybody,
    I want to override wordpress authentication method. The authentication will be done with a different function that query username and password using php curl function. For example the code is below;

    function authenticate($username,$password,$emaildomain){
  $find_me = "logintext";
  $urltopost = "https://www.xxxx.xxx/auth.php";
  $datatopost = array (
	"username" => $username,
	"emailHost" => $emaildomain,
	"password" => $password,
   );
$ch = curl_init ($urltopost);
curl_setopt ($ch, CURLOPT_POST, true);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $datatopost);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true);
$returndata = curl_exec ($ch);
$pos = strpos($returndata, $findme);
if ($pos === false) {
    // Can not authenticate
    return false;
} else {
   // Authenticaion is successfull
    return true;
}
}

    So please can you help me how to do this modification on my wordpress ? Thanx everybody

Viewing 3 replies - 1 through 3 (of 3 total)

  • It depends upon how deep you want to rewrite things. If you want wordpress to take care of everything else, and you just want to rewrite the authentication function then you are in luck. wp_authenticate is a pluggable function so you could overwrite it with your own custom function, but you would need to make sure that you are returning values that are consistent with the other functions that make use of wp_authenticate, mainly that you return a WP_User object if you successfully authenticate, and a WP_Error object on failure.

    Thread Starter omeraydin

    (@omeraydin)

    Thanks for you help. I added new function in wp-includes/user.php .
    So you can see my solution below.

    add_filter('authenticate', 'wp_my_auth', 20, 3);
function wp_my_auth( $user, $username, $password ){

    if($username == '' || $password == '') return;
	if($username=="administrator"){
		// If username local admin so try wordpress authentication
		return wp_authenticate_username_password($user, $username, $password);
	}else{
		$urltopost = "https://www.xxx.xxx/xxx.php";
		$datatopost = array (
			"username" => $username,
			"password" => $password,
			"emailHost" => $_POST['emailHost'],
		); 

		$ch = curl_init ($urltopost);
		curl_setopt ($ch, CURLOPT_POST, true);
		curl_setopt ($ch, CURLOPT_POSTFIELDS, $datatopost);
		curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true);
		$returndata = curl_exec ($ch);

		$findme = "xxxxxxxxx";
		$pos = strpos($returndata, $findme);
		if( $pos == false ) {
			$user = new WP_Error( 'denied', __("<strong>ERROR</strong>: User cant find.") );
		} else {

			@$firstname  = "First Name";
			@$display_name ="Display Name";
			@$secondname = "Second Name";

			$userobj = new WP_User();
			$user = $userobj->get_data_by( 'email', $extemail ); 

			$user = new WP_User($user->ID);
			// Attempt to load up the user with that ID

			if( $user->ID == 0 ) {
				$userdata = array(  'user_email'   => $extemail,
									'user_login'   => $username,
									'first_name'   => $firstname,
									'last_name'    => $secondname,
									'display_name' => $display_name,
									'nickname'     => $username,
									'description'  => $description,
				);
				$new_user_id = wp_insert_user( $userdata );
				// Load the new user info
				$user = new WP_User ($new_user_id);
			}
		}
		remove_action('authenticate', 'wp_authenticate_username_password', 20);

		return $user;
	}
}

    Good to hear. I wouldn’t leave your function in the wp core because it will get overridden on a wp update.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Overriding WordPress Authentication Method’ is closed to new replies.