Cedric     sagt:

am 19. Juli 2011 um 20:35 Uhr

Check this out: http://www.cedricve.me/blog/2011/07/18/how-to-make-use-of-wordpress-passwords/ It explains how you can make an external login with the credentials of a wordpress installation. I hope this can help you ;)

Blackbam     sagt:

am 20. Juli 2011 um 18:44 Uhr

Hey Cedric, thank for sharing this article about external authentication.

However your article is about logging in WordPress users into a custom session from a page outside the WordPress installation using the Username and Password of the WordPress installation. In spite of that, this article is about logging in users into WordPress using an external login mechanism (like the Username and Passwords of a huge company database) without using the WordPress Username and Password.

I hope the difference between the to lines of action is clear!

Ryan Wheale   sagt:

am 26. Januar 2012 um 03:31 Uhr

I don't understand why you would use "username_exists" and "get_userdata" if your information exists in an external database. It seems like you would just get null values. Can you elaborate? Thanks.

Blackbam     sagt:

am 28. Januar 2012 um 18:41 Uhr

This script is for undergoing the WordPress login mechanism by logging in users without knowing their actual password. If the external authentification was successful $ext_auth is true and you do not have to know any WordPress password (and therefore you do not have to synchronize or even KNOW any passwords).

The users must still exist in the WordPress database though, because WordPress will not work correctly otherwise. But you can simulate this, by writing a new user with the desired user name into the database (function: wp_create_user), if a user loggs in for the first time.

A possible use case for this is a SSO (Single Sign on) system, where you might and should not know the passwords of your users.

Is it clear now?

Ben Lobaugh     sagt:

am 23. Februar 2012 um 04:00 Uhr

Thanks for posting this. This info is stupidly hard to find. Just as a point of clarification, after you are doing the external check to see if the user is valid externally you should probably be doing another check to see if they exist in the WP DB and if not create them first right? If I am understanding what I read correctly an id for the user has to be setup already? I think with your example I will be able to get my auth plugin almost up and running :)

Blackbam     sagt:

am 26. Februar 2012 um 22:56 Uhr

1. Do the external check: The external login must be successful and the return value must be validated. If a remote request to another service is needed, use the http://codex.wordpress.org/HTTP_API">WordPress HTTP API. --> Yes

2. Doing another check to see if they exist in the WP DB and if not create them first right ---> Yes

3. EVERY user in WordPress has a unique ID, so we use this ID to identify a user in this script (Note: http://codex.wordpress.org/images/9/9e/WP3.0-ERD.png">WP Users Table). If the ID is found, our user is automatically logged in.

4. If the user NOT exists, there are two possibilities.

First possibility - The users are should be created automatically:

if($ext_auth && !username_exists($username)) {
    // create new user
   wp_create_user($username,$password,$email);
}

Add this code after this line: "$user_id = username_exists($username);". But notice, that wordpress NEEDS an user email. Username and email could be the same. If users are authenticated only using the external servers, you can generate a random password.

Second possibility - The users must register to the WordPress powered site seperatly, but still authenticate via the external service. If this possibility is chosen, do something like:

header("Location:".get_page_link(REGISTER_PAGE));

Hopefully things are easy to understand now. Maybe you can post a link to your new auth plugin here?

Ben Lobaugh     sagt:

am 26. Februar 2012 um 23:17 Uhr

Thanks, I appreciate the help. I am writing a mini tutorial on this also. I will send a pingback to this page.