[wp-hackers] Complex login, urgent problem
Stefano Aglietti
steagl4ml at gmail.com
Tue Jan 26 08:54:09 UTC 2010
I have a series of nanopublishing blogs that use a complex login method to
integrate into an existing community but keeping the WP accounts separated,
I use the External DB Authentication plugin to check against another DB the
logind data and let user authenticate. But there is a caveat, we have to
check if a user is logged into the original community and if so silently log
him into the various WP blogs. The external DB plugin has no modification
but I made 2 functions in the functions.php theme's file, I have a function
that give me back the user status with some info:
function login_community_user() {
require_once("Zend/Loader/Autoloader.php");
$autoloader = Zend_Loader_Autoloader::getInstance();
$autoloader->setFallbackAutoloader(true);
//Here i get an array of the community user data if authenticated
$cred =
TDev_User::getFactory(array('project_name'=>'community','dir_name'=>'tgit'))->getInternalCredentials();
global $status;
if (is_array($cred)) {
$credentials['user_login']=$cred['nick'];
$credentials['user_password']=$cred['key'];
$credentials['remember']= TRUE;
$logincookiedata= explode('|', $_COOKIE[LOGGED_IN_COOKIE]);
$logincookieusr = $logincookiedata[0];
if ($credentials['user_login'] === $logincookieusr) {
$status= "GIA' LOGGATO - $logincookieusr";
} else {
$comuser = (array)wp_signon($credentials);
$logincookiedata= explode('|', $_COOKIE[LOGGED_IN_COOKIE]);
$logincookieusr = $logincookiedata[0];
}
} else {
wp_logout();
}
}
add_action('init','login_community_user',1);
add_action('admin_init','login_community_user',1);
function redirect_login() {
require_once("Zend/Loader/Autoloader.php");
$autoloader = Zend_Loader_Autoloader::getInstance();
$autoloader->setFallbackAutoloader(true);
$cred =
TDev_User::getFactory(array('project_name'=>'community','dir_name'=>'tgit'))->getInternalCredentials();
global $status;
$credentials['user_login']=$cred['nick'];
$credentials['user_password']=$cred['key'];
$credentials['remember']= TRUE;
$logincookiedata= explode('|', $_COOKIE[LOGGED_IN_COOKIE]);
$logincookieusr = $logincookiedata[0];
if (in_array(NOMEBLOG, array("internet", "economia", "gossip", "motori"))) {
$redirectAfterLogin = 'http://community.domain.it/login.php?r=http://' .
NOMEBLOG . '.domain.it/';
} else {
$redirectAfterLogin = 'http://community.domain.it/login.php?r=http://' .
NOMEBLOG . '.domain.it/news/';
}
if (is_array($cred)) {
if ($credentials['user_login'] === $logincookieusr) {
return;
$redirect = get_option('siteurl') . '/wp-admin/index.php';
wp_redirect($redirect);
} else {
wp_redirect($redirectAfterLogin);
}
} else {
wp_redirect($redirectAfterLogin);
}
}
add_action('login_head','redirect_login',1);
All works fine if i go to and homepage i see the user logged in (the auth
cookie is set) but sometimes when i access wp-admin instead of getting the
dashboard I've been asked to loign (and this login page should never appear
cause the login is done by the community with a complex method and not using
the real password for reason it too long to explain) The login screen appear
even if the
wordpress_logged_in_hashvalue and wordpress_hashvalue cookies are correctly
set.
Maybe I'm doing something wrng but i did a lot of test anf trial with no
luck... any idea or suggestions? Thank in advance!!
More information about the wp-hackers
mailing list