[wp-hackers] Wordpress User Authentication
Alex King
alex at alexking.org
Fri Jun 18 19:38:33 UTC 2004
LDAP may be the way to go for this, though I'm not sure how many places
offer an LDAP server or how hard it is to install/configure.
There is a GPL class here:
http://www.ypass.net/software/php/ldap/
There is an example class here:
http://www.zend.com/codex.php?id=961&single=1
The only real "gotcha" with using LDAP is PHP must be compiled "with
LDAP", but it's the right tool for the job.
Does anyone have experience using LDAP in PHP?
--Alex
http://www.alexking.org/
On Jun 18, 2004, at 1:16 PM, Alex wrote:
> I'd be curious if there was an API hook for this (I don't see one).
>
> It'd be nice to be able to include one PHP file from WP that had API
> access. So, you could run a function like
> check_user_auth($user, $pass);
>
> within a seperate non-WP script. This increases exposure of the
> scripts to exploit, so might be done carefully. (Mainly for shared
> hosting...if the script was able to be read/executed by another user -
> eg, a shard apache1.3 hosting environment, then it could be brute
> forced).
>
> Such a feature would be best disabled by default. Or, have some type
> of key issuance for remote scripts. Similar to amazon or google's
> APIs. You are given a randomly generated key, and you put that in your
> scripts. Otherwise, your [external] scripts can't utilize the API.
>
> Just a few ideas there.
>
> Alex
>
>
> ----- Original Message -----
> From: Brian Groce <wp at briangroce.com>
> Date: Fri, 18 Jun 2004 14:03:25 -0500
> Subject: [wp-hackers] Wordpress User Authentication
> To: hackers at wordpress.org
>
>
>
>
> Have any of you used the Wordpress user
> authentication either outside of Wordpress and/or on other Wordpress
> blogs on the same server?
>
>
> What I'm wanting to do is create a single-signon for both of these
> scenarios...one table of users, not multiple tables for each area.
> Separate tables for the rest of the data is fine.
>
>
> This is somewhat similar to "multiple blogs", but with the
> addition of being able to protect other non-blog areas (for example a
> calendar).
>
>
> Anyway, just throwing this out there to see if anyone else is doing
> this
> sort of thing before I go and try to hack away at it.
>
>
> Thanks,
>
>
> Brian
>
> http://briangroce.com
>
>
>
>
>
>
>
> noname - 1K Download
>
> _______________________________________________
> hackers mailing list
> hackers at wordpress.org
> http://wordpress.org/mailman/listinfo/hackers_wordpress.org
More information about the hackers
mailing list