[wp-trac] [WordPress Trac] #29594: Basic Cookie Authentication from External Database

WordPress Trac noreply at wordpress.org
Sun Sep 14 23:55:24 UTC 2014


#29594: Basic Cookie Authentication from External Database
-----------------------------+------------------------------
 Reporter:  LPH2005          |       Owner:
     Type:  defect (bug)     |      Status:  new
 Priority:  normal           |   Milestone:  Awaiting Review
Component:  Role/Capability  |     Version:  4.0
 Severity:  normal           |  Resolution:
 Keywords:                   |     Focuses:
-----------------------------+------------------------------

Comment (by LPH2005):

 Replying to [comment:3 nacin]:

 > Could you be more specific with what plugins you're referring to? I
 imagine SergeyBiryukov included wp-load.php and called
 wp_set_auth_cookie() and found that the cookie got set. That worked for me
 as well.

 The plugins are bridges for forum users to publish on WordPress. For
 example, XenWord bridges XenForo and WordPress. This bridge worked through
 4.0 beta 1 but now fails with the "Are you sure you want to do this?"
 error when the user (from XenForo) attempts to publish, update a plugin or
 theme. The user is logged into WP and can go to the admin panel as well as
 post comments. So - authentication happens and the user can go to the
 admin panel but receives a nonce error ("Are you sure ...")

 Sorry, this is my first time using trac and wasn't sure how to describe
 the problem.

 I can overcome this error by simply adding a wp_verify_nonce function
 setting everything always to 1. This isn't a good idea but overcomes the
 problem and the forum user can then publish a post, update plugins, etc.

 So, I return to my original question. The changes in 4.0 no longer allow
 the developer to simply use wp_set_auth_cookie to get a user to publish.
 What else is to be used to log a user into the WP admin panel AND allow
 publishing, updating ....?

 I hope that is clear.

 If this is not related to wp_set_auth_cookie, where is the token for the
 nonce supposed to be set?

--
Ticket URL: <https://core.trac.wordpress.org/ticket/29594#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list