Title: Overriding WordPress Authentication Method
Last modified: August 21, 2016

---

# Overriding WordPress Authentication Method

 *  [omeraydin](https://wordpress.org/support/users/omeraydin/)
 * (@omeraydin)
 * [13 years ago](https://wordpress.org/support/topic/overriding-wordpress-authentication-method/)
 * Hello everybody,
    I want to override wordpress authentication method. The authentication
   will be done with a different function that query username and password using
   php curl function. For example the code is below;
 *     ```
       function authenticate($username,$password,$emaildomain){
         $find_me = "logintext";
         $urltopost = "http://www.xxxx.xxx/auth.php";
         $datatopost = array (
       	"username" => $username,
       	"emailHost" => $emaildomain,
       	"password" => $password,
          );
       $ch = curl_init ($urltopost);
       curl_setopt ($ch, CURLOPT_POST, true);
       curl_setopt ($ch, CURLOPT_POSTFIELDS, $datatopost);
       curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true);
       $returndata = curl_exec ($ch);
       $pos = strpos($returndata, $findme);
       if ($pos === false) {
           // Can not authenticate
           return false;
       } else {
          // Authenticaion is successfull
           return true;
       }
       }
       ```
   
 * So please can you help me how to do this modification on my wordpress ? Thanx
   everybody

Viewing 3 replies - 1 through 3 (of 3 total)

 *  [Timothy Jacobs](https://wordpress.org/support/users/timothyblynjacobs/)
 * (@timothyblynjacobs)
 * [13 years ago](https://wordpress.org/support/topic/overriding-wordpress-authentication-method/#post-3778795)
 * It depends upon how deep you want to rewrite things. If you want wordpress to
   take care of everything else, and you just want to rewrite the authentication
   function then you are in luck. [wp_authenticate](http://core.trac.wordpress.org/browser/trunk/wp-includes/pluggable.php#L470)
   is a pluggable function so you could overwrite it with your own custom function,
   but you would need to make sure that you are returning values that are consistent
   with the other functions that make use of wp_authenticate, mainly that you return
   a WP_User object if you successfully authenticate, and a WP_Error object on failure.
 *  Thread Starter [omeraydin](https://wordpress.org/support/users/omeraydin/)
 * (@omeraydin)
 * [13 years ago](https://wordpress.org/support/topic/overriding-wordpress-authentication-method/#post-3778884)
 * Thanks for you help. I added new function in wp-includes/user.php .
    So you can
   see my solution below.
 *     ```
       add_filter('authenticate', 'wp_my_auth', 20, 3);
       function wp_my_auth( $user, $username, $password ){
   
           if($username == '' || $password == '') return;
       	if($username=="administrator"){
       		// If username local admin so try wordpress authentication
       		return wp_authenticate_username_password($user, $username, $password);
       	}else{
       		$urltopost = "http://www.xxx.xxx/xxx.php";
       		$datatopost = array (
       			"username" => $username,
       			"password" => $password,
       			"emailHost" => $_POST['emailHost'],
       		); 
   
       		$ch = curl_init ($urltopost);
       		curl_setopt ($ch, CURLOPT_POST, true);
       		curl_setopt ($ch, CURLOPT_POSTFIELDS, $datatopost);
       		curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true);
       		$returndata = curl_exec ($ch);
   
       		$findme = "xxxxxxxxx";
       		$pos = strpos($returndata, $findme);
       		if( $pos == false ) {
       			$user = new WP_Error( 'denied', __("<strong>ERROR</strong>: User cant find.") );
       		} else {
   
       			@$firstname  = "First Name";
       			@$display_name ="Display Name";
       			@$secondname = "Second Name";
   
       			$userobj = new WP_User();
       			$user = $userobj->get_data_by( 'email', $extemail ); 
   
       			$user = new WP_User($user->ID);
       			// Attempt to load up the user with that ID
   
       			if( $user->ID == 0 ) {
       				$userdata = array(  'user_email'   => $extemail,
       									'user_login'   => $username,
       									'first_name'   => $firstname,
       									'last_name'    => $secondname,
       									'display_name' => $display_name,
       									'nickname'     => $username,
       									'description'  => $description,
       				);
       				$new_user_id = wp_insert_user( $userdata );
       				// Load the new user info
       				$user = new WP_User ($new_user_id);
       			}
       		}
       		remove_action('authenticate', 'wp_authenticate_username_password', 20);
   
       		return $user;
       	}
       }
       ```
   
 *  [Timothy Jacobs](https://wordpress.org/support/users/timothyblynjacobs/)
 * (@timothyblynjacobs)
 * [13 years ago](https://wordpress.org/support/topic/overriding-wordpress-authentication-method/#post-3778886)
 * Good to hear. I wouldn’t leave your function in the wp core because it will get
   overridden on a wp update.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Overriding WordPress Authentication Method’ is closed to new replies.

## Tags

 * [overriding](https://wordpress.org/support/topic-tag/overriding/)

 * In: [Hacks](https://wordpress.org/support/forum/plugins-and-hacks/hacks/)
 * 3 replies
 * 2 participants
 * Last reply from: [Timothy Jacobs](https://wordpress.org/support/users/timothyblynjacobs/)
 * Last activity: [13 years ago](https://wordpress.org/support/topic/overriding-wordpress-authentication-method/#post-3778886)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics