2718.us blog » action hook

WordPress 2.6 + bbPress 0.9.0.2

2718.us — Sat, 16 Aug 2008 23:48:33 +0000

In case anyone was still curious following my previous headache post, it is possible to integrate WP2.6 and bbPress 0.9.0.2. I say “possible” because while I’ve got it working as far as I can tell (without having modified core code in either WP or bbP), I haven’t really tested it and it’s a mess. More or less, a specially-crafted plugin for WP plus a specially-crafted plugin for bbP got me nearly there. The one hangup was the login cookie (the new one that is at the root of the site), which while my bbPress plugin seemed to be duplicating it, WP didn’t want to recognize it (I couldn’t find any difference between the cookie set by my bbP plugin and the one set by WP, but WP didn’t like mine anyway). I got around this by bypassing the bbP login mechanism entirely and using the WP login with a redirect back to bbPress.

Of course, it’s also annoying that while there’s a set_auth_cookie action hook, there’s no clear_auth_cookie, so my plugins had to override the clear_auth_cookie function wholesale rather than hooking into it as they do with set_auth_cookie.

If you have some twisted desire to make this unholy integration that I now seem to have working and would like some of my code, leave me a comment.

Authenticating with WordPress 2.6 (part 3)

2718.us — Sun, 03 Aug 2008 23:55:48 +0000

So, as a followup to parts 1 and 2, per WordPress Trac ticket #7001, WordPress 2.6 has split up the login cookies into three parts:

what was the one and only login cookie in 2.5 is now limited to /wp-admin
there’s a copy of that one that’s just limited to /wp-content/plugins, for backward compatibility with plugins
there’s a new cookie that is at COOKIEPATH (which can be defined in your config file), that is checked by calling
```
is_user_logged_in()
```
(but perhaps this isn’t intended for secure authorization?)

So, it appears the way to go may be to change

auth_redirect()

if (!is_user_logged_in()) auth_redirect();

Maybe more to follow on this when I’ve more thoroughly explored it.

Authenticating with WordPress 2.6 (part 2)

2718.us — Wed, 30 Jul 2008 04:32:54 +0000

Having stated the problem and now played further, I’ve got good news and bad news.

The good news is that there’s an action hook, ‘set_auth_cookie’, that gets called whenever the cookies are set, so if the stuff for which you want to authenticate is on the same server but at a different path, you can create a plugin (or maybe use functions.php in your theme?) with something like the following:

function your_unique_name_here_set_auth_cookie($auth_cookie, $expire, $expiration, $user_id, $scheme) {
setcookie(AUTH_COOKIE, $auth_cookie, $expire, '/path/to/your/stuff', COOKIE_DOMAIN);
}
add_action('set_auth_cookie','your_unique_name_here_set_auth_cookie',10,5);

The bad news is that if your WordPress install is at example.com/something and you want to use it to authenticate at portal.example.com, you can’t set a cookie for portal.example.com from a script on example.com, so your only choice would be to set a cookie with path / on .example.com (note the leading period), which completely breaks the security added by the separate cookies.

Hopefully, there’ll be a “part 3″ to this wherein I solve this last problem somehow, since that’s the setup I’m dealing with.