[wp-hackers] Wordpress User Authentication

[Joseph Scott]

On Jun 18, 2004, at 12:38 PM, Alex King wrote:

> LDAP may be the way to go for this, though I'm not sure how many 
> places offer an LDAP server or how hard it is to install/configure.

	LDAP is a good solution for this type of problem, but I think looking 
at that right now is one layer too deep

>> It'd be nice to be able to include one PHP file from WP that had API
>> access. So, you could run a function like
>> check_user_auth($user, $pass);

	For something that could be used in so many different setups I think 
this type of approach is perfect for WordPress.  Off the top of my head 
I would consider something like this:

- Have a function that takes the name of your chosen authentication 
function, perhaps in wp-config.php, something like this:
	
	wp_auth_func_name('ldap_auth');

- Inside WordPress the function wp_auth_func_name would use the 
specified function to actually perform the authentication.  If no name 
is given then use a default function that would basically do what 
WordPress does right now.

- Develop an API for authentication functions, as noted above would 
probably only need to two args, the username and password.  Return true 
for an ok auth, false for failure?

- Include a few functions for a couple of different auth mechanisms, 
along with making it easy for others to write their own.

	Basically create a plugin authentication arrangement.  This would be 
flexible for authentication, but it doesn't address some of the other 
concerns, like if you having to create the user in WordPress first.  
I'm not sure if it's worthwhile, but we could great a similar plugin 
system for listing users and their info.  That would be more work than 
just doing authentication though.

--
Joseph Scott
http://joseph.randomnetworks.com/