plugin development - WordPress custom authentication implementation

admin管理员组

文章数量:1405188

I created a plugin to allow my website to have its own login functionality.

My project has a new requirement which is to log in to the user with my own authentication method and not the one provided by WP.

Which actions and filters do I need to use so I can create my own authentication method? And once my authentication method is successful how can I log in the user to the WP site? I don't want to use a plugin.

Would someone shed some light or point me to a guide that shows me how to achieve it.

Currently I only know that my own authentication method should be implemented in:

add_action('wp_authenticate_user', 'custom_authentication', 10, 2);

I created a plugin to allow my website to have its own login functionality.

My project has a new requirement which is to log in to the user with my own authentication method and not the one provided by WP.

Which actions and filters do I need to use so I can create my own authentication method? And once my authentication method is successful how can I log in the user to the WP site? I don't want to use a plugin.

Would someone shed some light or point me to a guide that shows me how to achieve it.

Currently I only know that my own authentication method should be implemented in:

add_action('wp_authenticate_user', 'custom_authentication', 10, 2);

• plugin-development
• authentication

Share Improve this question asked Jan 3, 2020 at 1:28 SMilenaGSMilenaG 7111 silver badge44 bronze badges 11

• What is your authentication mechanism? Is it a directory i.e. another list of users and passwords that you just want to get WordPress to check the password entered against, or an entirely separate site, or something else? – Rup Commented Jan 3, 2020 at 1:42
• 2 When you say a custom authentication method can you be more specific? E.g. you could roll a pretty simple ( insecure ) solution, but that same approach would not work for a protocol such as SAML that relies on redirecting the user. Also can you explain why you don't want to just use a plugin that already does it? – Tom J Nowell ♦ Commented Jan 3, 2020 at 1:42
• Also highly relevant: developer.wordpress/reference/hooks/wp_authenticate_user – Tom J Nowell ♦ Commented Jan 3, 2020 at 1:45
• Ok. My authentication mechanism is to check the username and password on a different database and once the user is identified I need to log in the user in the WP site. I don't want to use a plugin because I want to have the control on my own code. – SMilenaG Commented Jan 3, 2020 at 1:55
• Then yes, you probably want wp_authenticate_user and (I'd guess) a pluggable override of wp_check_password so that you can use wp_authenticate_username_password and wp_authenticate_email_password, or simply write your own authenticate_user hook and drop those two. Either way that's the code you need to look at. – Rup Commented Jan 3, 2020 at 2:00

 |  Show 6 more comments

1 Answer 1

Sorted by: Reset to default 3

This question Set up WP Authentication from External API has a link to a blog. That put me in the right direction and shed some light on my work (Thanks @Rup).

class CustomLogin
{
    /**
     * Initializes the plugin.
     *
     * To keep the initialization fast, only add filter and action hooks in the constructor.
     */
    public function __construct()
    {
        add_filter('authenticate', array($this, 'my_custom_authentication'), 10, 3);
        remove_action('authenticate', array($this, 'wp_authenticate_username_password'), 20);
        remove_action('authenticate', array($this, 'wp_authenticate_email_password'), 20);
        add_action('authenticate', array($this, 'new_wp_authenticate_email_password'), 20, 3);
    }

    public function my_custom_authentication($user, $userName, $password)
    {
        $authenticationResponse = $this->custom_authentication($userName, $password);
        if (isset($authResponse['Auth_Error']) && !empty($authResponse['Auth_Error']))
            return 0;
        $user = get_user_by('email', $authenticationResponse['Auth_Email']);
        if (!empty($user))
            return $user;
        else
            return 0;
        // Add WP_Error message where ever is convinient for you
    }

    public function new_wp_authenticate_email_password($user, $userName, $password)
    {
        if ($user instanceof WP_User) {
            return $user;
        }
        // Validations and WP_Error message
    }
}

I used a plugin and the code above first validates a user on the external service. If the user is found on the external service and then on WordPress I return the user which logs the user in, if not, I return an error message.

The numbers you see in the constructor are priorities which determine the moment that the action or filter will be triggered.

add_filter('authenticate', array($this, 'my_custom_authentication'), 10, 3);

If you want to know more about those priorities numbers please have a read to this: https://usersinsights/wordpress-user-login-hooks/

Thanks :)

本文标签： plugin developmentWordPress custom authentication implementation