[wp-hackers] Wordpress User Authentication

Alex nessence at gmail.com
Fri Jun 18 21:04:27 UTC 2004 

I think we hit on two things

a) Being able to authenticate using a non-WP-specific interface (eg,
LDAP, another site, etc)

b) Being able to use WP as a secure mechanism of authentication for an
external system. For example, a script which is to large to be a WP
plugin, but may want to use WP as a means of authentication and which
is WP-centric.

derivative of b):
c) Foreign API access (with the ability to do more than just check
authentication, and is secure)

I think having a) and c) would make b) obsolete.

I'm not sure which one of these is best for Brian Groce.



Alex

On Fri, 18 Jun 2004 13:35:53 -0700, Joseph Scott
<joseph at randomnetworks.com> wrote:
> 
> 
> On Jun 18, 2004, at 12:38 PM, Alex King wrote:
> 
> > LDAP may be the way to go for this, though I'm not sure how many
> > places offer an LDAP server or how hard it is to install/configure.
> 
>         LDAP is a good solution for this type of problem, but I think looking
> at that right now is one layer too deep
> 
> >> It'd be nice to be able to include one PHP file from WP that had API
> >> access. So, you could run a function like
> >> check_user_auth($user, $pass);
> 
>         For something that could be used in so many different setups I think
> this type of approach is perfect for WordPress.  Off the top of my head
> I would consider something like this:
> 
> - Have a function that takes the name of your chosen authentication
> function, perhaps in wp-config.php, something like this:
> 
>         wp_auth_func_name('ldap_auth');
> 
> - Inside WordPress the function wp_auth_func_name would use the
> specified function to actually perform the authentication.  If no name
> is given then use a default function that would basically do what
> WordPress does right now.
> 
> - Develop an API for authentication functions, as noted above would
> probably only need to two args, the username and password.  Return true
> for an ok auth, false for failure?
> 
> - Include a few functions for a couple of different auth mechanisms,
> along with making it easy for others to write their own.
> 
>         Basically create a plugin authentication arrangement.  This would be
> flexible for authentication, but it doesn't address some of the other
> concerns, like if you having to create the user in WordPress first.
> I'm not sure if it's worthwhile, but we could great a similar plugin
> system for listing users and their info.  That would be more work than
> just doing authentication though.
> 
> --
> Joseph Scott
> http://joseph.randomnetworks.com/
> 
> 
> 
> 
> _______________________________________________
> hackers mailing list
> hackers at wordpress.org
> http://wordpress.org/mailman/listinfo/hackers_wordpress.org
>

More information about the hackers mailing list