wp_authenticate redirects

  • BnMcG

    (@bnmcg)


    10 years, 11 months ago

    Hello all,

    I’m trying to use wp_authenticate to authenticate users using WordPress credentials on an external PHP application. My code is as follows:

    function authenticate($user,$password) {
	$auth = wp_authenticate($user, $password);
	if(is_wp_error($auth)) {
	 	return false;
	 } else {
	 	return true;
	 }
}

    I require wp-blog-header.php to access WordPress functions, as follows:

    require("/path/to/wordpress/wp-blog-header.php");

    On a successful authentication, the function should return true, and a separate part of the script should redirect to a new (non-wordpress) page. On an unsuccessful authentication, the script should just reload the login page.

    If incorrect credentials are used, and the function returns false, everthing seems to work fine (the login screen is reloaded).

    However, if the correct credentials are entered, the script redirects to WordPress’ wp-login.php page, and asks me to login again – but the session variable that my script uses to check if a user has logged in does seem to be set.

    Why does wp_authenticate redirect to the wp-login.php page, and is there any way to stop it doing this?

    Thanks,
    Ben.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator bcworkz

    (@bcworkz)

    10 years, 11 months ago

    It normally would not redirect, the function has no such code. However, it does have an action, ‘wp_login_failed’ which a plugin or theme could hook into and cause a redirect. Inspect a var_dump() of the global $wp_filter to see what functions are hooked to this action. You could try removing the offending action hook once you discover what the callback function is named.

    Thread Starter BnMcG

    (@bnmcg)

    10 years, 11 months ago

    Hey,

    Thanks for your reply. I did a var_dump of $wp_filter, and although it printed a lot of text, I couldn’t find any mention of wp_login_failed or login_failed using the search tool.

    When I deliberately make the login fail (eg: entering made-up user credentials) the script works as it’s intended to, but when correct user credentials are entered it redirects to the WordPress login, or if I’m already logged into WordPress, it redirects me to the WordPress dashboard.

    Is there some kind of login_success hook that a theme or plugin could hook into? I searched a bit for “login”, but I didn’t find any likely candidates.

    Thanks!

    Moderator bcworkz

    (@bcworkz)

    10 years, 11 months ago

    How embarrassing! I misread your question, I had it in mind you were getting unwanted redirects on failure! My apologies.

    In any case, wp_authenticate() still has no redirect code, it simply returns the user object on successful authentication. Any redirects still have to be from a filter or action. For successful logins, the only possible hook is ‘authenticate’. Search that var_dump() again, this time you will certainly find something. You should find at least wp_authenticate_username_password() is called. This function also has no redirect code. But it has it’s own filter, ‘wp_authenticate_user’. Nothing is registered on my installation, but there must be some hook on one of these that is redirecting or invoking yet another hook to investigate.

    If nothing is found through this filter investigation, then the redirect is happening somewhere besides wp_authenticate().

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘wp_authenticate redirects’ is closed to new replies.