twentysixpoint2
Forum Replies Created
-
Forum: Plugins
In reply to: Auto Login to WPSince I couldn’t just sit around and wait for someone to do my work for me I will post the (admittedly minimal) solution that I have tested and found to work.
The goal is to run Mambo and WordPress as separate applications but to be able to embed WordPress in Mambo and present it in a “wrapper page”. We want the Mambo users to be authenticated to WordPress automatically so that if they want to comment on blog posts they will not have to login (again). I have accomplished this by creating a new class for Mambo that simply connects to the WordPress DB and uses the userid and password the user supplied to Mambo to authenticate to WordPress. Once the user is authenticated the cookies are created and placed on the users machine. This will let WordPress know who they are if they go to the blogs.
For those interested here is the code. DISCLAIMER – I make NO warranties for this code. It is simply a hack that I found will work on our installation and it is not bulletproof yet.
In Mambo: in includes/authenticator.php I added the hook to the (custom) wp_login function:
include_once ("wp_functions.php"); WP_Integration::wp_login( $username, $passwd, false );I created a new file called wp_functions and put it in the includes directory in Mambo:
<?php /*** this code was created for the single purpose of authenticating user withing WordPress AFTER the user has been authenticated in Mambo. Our application simply presents the WordPress application as a wrapped page in our mambo site. wordpress is installed as a standalone app and we would like to keep it that way. authenticating the users in this way allows them to comment on the blogs without having to log in again. it allows us to ensure that those making comments have been authenticated to our application and that no comments will be received by unknown parties. we will secure the wordpress application from outside access within the webserver. */ /** ensure this file is being included by a parent file */ defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' ); /** * @package Mambo_4.5.1 */ class WP_Integration { function wp_login( $userid, $pass, $already_md5 = false) { // site url and home directory for wordpress $wp_siteurl = "https://www.yoursite.com/wp"; $wp_home = "https://www.yoursite.com/wp"; // for now, just a quick and dirty connection to the wordpress db $dbusername = "wp_db"; $dbpassword = "wp_password"; $dbhostname = "localhost"; $dbh = mysql_connect($dbhostname, $dbusername, $dbpassword) or die("Unable to connect to MySQL"); //print "Connected to MySQL<br>"; $selected = mysql_select_db("blogs",$dbh) or die("Could not select first_test"); $result = mysql_query("SELECT ID, user_login, user_pass FROM wp_users WHERE user_login = '$userid'"); if (!$result) { print '<strong>ERROR</strong>: Invalid username.'; return false; } if (sizeof($result) == 1) { $row = mysql_fetch_array($result,MYSQL_ASSOC); // If the password is already_md5, it has been hashed. // Otherwise, it is plain text. if ( ($already_md5 && $row{'user_pass'} == $pass) || ($row{'user_login'} == $userid && $row{'user_pass'} == md5($pass)) ) { // set the wordpress cookie on the users machine - they will be "logged in" // wordpress when we bring it up in a wrapper page $a = new WP_Integration(); $a->wp_setcookie($userid, $pass, false, $wp_home, $wp_siteurl, false ); mysql_close($dbh); return true; } else { if ($already_md5) { // debug statement //print "<strong>ERROR</strong>: Incorrect password." . $row{'user_pass'} ." , $pass"; } else { // debug statement //print "<strong>ERROR</strong>: Incorrect password." . $row{'user_pass'} ." , " . md5($pass); } $pass = ''; mysql_close($dbh); return false; } } } function wp_setcookie($username, $password, $already_md5 = false, $home = '', $siteurl = '', $remember = false) { // this code was pretty much lifted from the wp_setcookie function in the // wordpress pluggable.php file. it is a pure hack to meet our minimal // needs for authentication. the global cookie declarations code was taken // from wp_settings.php in wordpress // there are several places in the code that have been modified so that the // code will function as desired for our purpose - to authenticate a mambo // user to wordpress AFTER authenticating in mambo. if (strpos($_SERVER['PHP_SELF'], 'install.php') === false) { // Used to guarantee unique hash cookies $cookiehash = md5($siteurl); define('COOKIEHASH', $cookiehash); } if ( !defined('USER_COOKIE') ) define('USER_COOKIE', 'wordpressuser_'. COOKIEHASH); if ( !defined('PASS_COOKIE') ) define('PASS_COOKIE', 'wordpresspass_'. COOKIEHASH); if ( !defined('COOKIEPATH') ) define('COOKIEPATH', preg_replace('|https?://[^/]+|i', '', $home . '/' ) ); if ( !defined('SITECOOKIEPATH') ) define('SITECOOKIEPATH', preg_replace('|https?://[^/]+|i', '', $siteurl . '/' ) ); if ( !defined('COOKIE_DOMAIN') ) define('COOKIE_DOMAIN', false); if ( !$already_md5 ) $password = md5( md5($password) ); // Double hash the password in the cookie. if ( empty($home) ) $cookiepath = COOKIEPATH; else $cookiepath = preg_replace('|https?://[^/]+|i', '', $home . '/' ); if ( empty($siteurl) ) { $sitecookiepath = SITECOOKIEPATH; $cookiehash = COOKIEHASH; } else { $sitecookiepath = preg_replace('|https?://[^/]+|i', '', $siteurl . '/' ); $cookiehash = md5($siteurl); } if ( $remember ) $expire = time() + 31536000; else $expire = 0; setcookie(USER_COOKIE, $username, $expire, $cookiepath, COOKIE_DOMAIN); setcookie(PASS_COOKIE, $password, $expire, $cookiepath, COOKIE_DOMAIN); if ( $cookiepath != $sitecookiepath ) { setcookie(USER_COOKIE, $username, $expire, $sitecookiepath, COOKIE_DOMAIN); setcookie(PASS_COOKIE, $password, $expire, $sitecookiepath, COOKIE_DOMAIN); } } } ?>I hope this will help someone else.