Robert Lowe

Forum Replies Created

Viewing 3 replies - 1 through 3 (of 3 total)
  • Forum: Hacks
    In reply to: When does the authenticate filter get called?
    Thread Starter Robert Lowe

    (@rmlowe)

    12 years, 9 months ago

    It’s better to use one of the site URL template tags to point to the right directory.

    Do you mean something like this?

    <?php echo site_url(); ?>

    If so I’m not sure I see how that would work—wouldn’t that in itself necessitate at least require('wp-includes/link-template.php');? In which case it seems like a catch-22.

    If you plan on putting your plugin in the repository, you shouldn’t require wp-load.php or anything.

    Do you have a citation for this? I couldn’t find anything in the guidelines.

    Besides changing the ‘authenticate’ filter to your own process, why not send your page’s login data to wp-login.php instead of your custom page that needs to require wp-load.php?

    Thanks for the suggestion, I will try this approach.

    Forum: Hacks
    In reply to: When does the authenticate filter get called?
    Thread Starter Robert Lowe

    (@rmlowe)

    12 years, 9 months ago

    bcworkz, thanks for the response.

    I’m wondering whether it would be best for me to create my own page to handle the credentials, or to try to send everything through wp-login.php.

    If I send everything through wp-login.php I it looks like I’d have to shoehorn everything into the standard log and pwd parameters.

    On the other hand, if I was to create my own page, I’m not sure what’s the minimum I’d need to require in order to use wp_signon, i.e. is it sufficient to require('../../wp-includes/user.php')? Moreover, what’s the best way to do that without making assumptions about where the plugins directory lives (since I understand it can be moved)?

    Forum: Hacks
    In reply to: When does the authenticate filter get called?
    Thread Starter Robert Lowe

    (@rmlowe)

    12 years, 10 months ago

    I guess the problem I’m having is that everything seems highly password-centric.

    In my case I want to log users in based on a redirect from another site. The redirect URL query string will include a user login name and a Message Authentication Code, but no user password. My plugin will need to validate the Message Authentication Code, and log the user in if the validation succeeds. At no point will it have access to a user password however.

    I guess this must be possible since there are a number of existing plugins that claim to provide SSO functionality. But I’m not sure how to achieve it since all the relevant functions (including wp_signon and wp_authenticate) seem to require a user password.

Viewing 3 replies - 1 through 3 (of 3 total)