[wp-trac] [WordPress Trac] #5400: Add action to wp-login

WordPress Trac wp-trac at lists.automattic.com
Thu Nov 29 15:31:30 GMT 2007 

#5400: Add action to wp-login
-------------------------+--------------------------------------------------
 Reporter:  axelseaa     |       Owner:  anonymous
     Type:  enhancement  |      Status:  new      
 Priority:  high         |   Milestone:  2.5      
Component:  General      |     Version:           
 Severity:  normal       |    Keywords:           
-------------------------+--------------------------------------------------
 I am working on the LDAP authentication plugin, and trying to modify
 things in such a way that we no longer need to override the wp_setcookie
 function.  (Mainly so we can work in conjunction with the Secure-Admin
 plugin).  The only reason we currently override that function is to modify
 the password to not store what the user has directly entered.

 The solution I have came up with is to have wordpress process an action
 that happens after wp_login is called, and before wp_setcookie is called.
 The change would be directly after line 244 in wp-login.  Below is an
 example:

 {{{
         if ( $user_login && $user_pass && empty( $errors ) ) {
                 $user = new WP_User(0, $user_login);

                 // If the user can't edit posts, send them to their
 profile.
                 if ( !$user->has_cap('edit_posts') && ( empty(
 $redirect_to ) || $redirect_to == 'wp-admin/' ) )
                         $redirect_to = get_option('siteurl') . '/wp-
 admin/profile.php';

                 if ( wp_login($user_login, $user_pass, $using_cookie) ) {
                         do_action_ref_array('wp_munge',
 array(&$user_login, &$user_pass));
                         if ( !$using_cookie )
                                 wp_setcookie($user_login, $user_pass,
 false, '', '', $rememberme);
                         do_action('wp_login', $user_login);
                         wp_safe_redirect($redirect_to);
                         exit();
                 } else {
                         if ( $using_cookie )
                                 $errors['expiredsession'] = __('Your
 session has expired.');
                 }
         }
 }}}

 Adding the wp_munge action hook would allow us to then change the password
 field and pass it back so the cookie can be create without storing the
 ldap password.

 Is this something that can be implemented?

-- 
Ticket URL: <http://trac.wordpress.org/ticket/5400>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list