[wp-hackers] Wordpress User Authentication

Brian Groce wp at briangroce.com
Fri Jun 18 21:25:33 UTC 2004 

A lot to think about there...thanks for all of the input.

In my case I have a slew of blogs I need to host on a site and have other 
areas that need to be password protected as well, so I basically just need 
to be able to tell whatever page is protected, "Hey, the user info is over 
here.  See if they're allowed in this area."

And then of course you'd have area restrictions as well...User 1 can post 
to the group blog and their own blog, but they can't post to User 2's blog.

I guess my major problem lies in how to accomplish this without totally 
messing up WP to the point I can't easily upgrade to future versions.

Brian

http://braingroce.com
============================

At 04:04 PM 6/18/2004, you wrote:
>I think we hit on two things
>
>a) Being able to authenticate using a non-WP-specific interface (eg,
>LDAP, another site, etc)
>
>b) Being able to use WP as a secure mechanism of authentication for an
>external system. For example, a script which is to large to be a WP
>plugin, but may want to use WP as a means of authentication and which
>is WP-centric.
>
>derivative of b):
>c) Foreign API access (with the ability to do more than just check
>authentication, and is secure)
>
>I think having a) and c) would make b) obsolete.
>
>I'm not sure which one of these is best for Brian Groce.
>
>
>
>Alex
>
>On Fri, 18 Jun 2004 13:35:53 -0700, Joseph Scott
><joseph at randomnetworks.com> wrote:
> >
> >
> > On Jun 18, 2004, at 12:38 PM, Alex King wrote:
> >
> > > LDAP may be the way to go for this, though I'm not sure how many
> > > places offer an LDAP server or how hard it is to install/configure.
> >
> >         LDAP is a good solution for this type of problem, but I think 
> looking
> > at that right now is one layer too deep
> >
> > >> It'd be nice to be able to include one PHP file from WP that had API
> > >> access. So, you could run a function like
> > >> check_user_auth($user, $pass);
> >
> >         For something that could be used in so many different setups I 
> think
> > this type of approach is perfect for WordPress.  Off the top of my head
> > I would consider something like this:
> >
> > - Have a function that takes the name of your chosen authentication
> > function, perhaps in wp-config.php, something like this:
> >
> >         wp_auth_func_name('ldap_auth');
> >
> > - Inside WordPress the function wp_auth_func_name would use the
> > specified function to actually perform the authentication.  If no name
> > is given then use a default function that would basically do what
> > WordPress does right now.
> >
> > - Develop an API for authentication functions, as noted above would
> > probably only need to two args, the username and password.  Return true
> > for an ok auth, false for failure?
> >
> > - Include a few functions for a couple of different auth mechanisms,
> > along with making it easy for others to write their own.
> >
> >         Basically create a plugin authentication arrangement.  This 
> would be
> > flexible for authentication, but it doesn't address some of the other
> > concerns, like if you having to create the user in WordPress first.
> > I'm not sure if it's worthwhile, but we could great a similar plugin
> > system for listing users and their info.  That would be more work than
> > just doing authentication though.
> >
> > --
> > Joseph Scott
> > http://joseph.randomnetworks.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/hackers_wordpress.org/attachments/20040618/4da2f951/attachment.htm

More information about the hackers mailing list