[wp-hackers] User Authentication

[Alex]

On Fri, 18 Jun 2004 22:17:06 -0500, Matt Mullenweg <m at mullenweg.com> wrote:
> 
> I feel like that thread has gotten totally out of control. For the people
> wanting to authenticate against WP, there seem to be two camps:
> 
> I WANT AN EASY WAY TO HAVE MEMBERS-ONLY PAGES
> 
> Just require('/path/to/wp-admin/auth.php'). No, really.

I added a little note to the wiki for this. Not sure if it was the
correct place, but it's at the bottom of Plugin/API

> 
> I WANT A KEYWORD-HEAVY WAY TO AUTHENTICATE AGAINST WORDPRESS
> 
> http://www.blogger.com/developers/api/1_docs/xmlrpc_getUserInfo.html
> 

This is good. Will WordPress implement an appkey system? I could code
this. Having an appkey would be great for security. This could just as
well be an option. (I wouldn't mind coding this...wonder how it might
take)

> No need to reinvent the wheel here. There is also these people:
> 
> I WANT TO REPLACE THE WORDPRESS LOGIN SYSTEM WITH SOMETHING ELSE
> 
> This is where we could improve. I suggest two functions:
> 
> wp_username($username) returns user ID or false if username not found
> wp_login($username, $password) returns true or false
> 
> The reason to have two is because I'd like to customize the error message
> depending on if the account exists or not. Internally we just use a
> function_exists call to allow people to overwrite these functions in
> auth.php, wp-login.php, and the XML-RPC interaface so you could write say
> an IMAP plugin that authenticated against an IMAP server, or an LDAP
> plugin, or an Allow Everybody In plugin, whatever.
> 

That sounds great. Would the person define the function inside a
plugin...or would a person have to manually require() their script? If
you use function_exists...where would someone put the overriding
wp_username/wp_login functions?

Are there currently any functions in WP that are overridable like you
suggest these functions to be?