The MU forums have moved to WordPress.org

Integrating WPMU Login system with other webservices (16 posts)

  1. warriorofdreams
    Member
    Posted 15 years ago #

    I am running the latest version of WPMU in combination with BuddyPress.

    I have created, for educational purposes, a AI (a chatbot) running on the Zend Framework. Now I want to integrate the login system of WPMU with my AI. Only users who are logged in and are member of a special group should have access.

    Now the group part is not a problem, when I have the user ID I can check this through the DB.

    The only problem is integrating the WPMU login system with my Zend app.

    Please note that I do not want to integrate Zend into WP, I only want to use the login system to check if the user is logged in and retrieve the ID of the user.

    I hope someone can help me. I've searched on the web and this forum but couldn't find anything.

    Thanks in advance!

    WoD

  2. grandslambert
    Member
    Posted 15 years ago #

    Sounds like you will need to write a WordPress plugin for this. You can hook in to the log in process to have it check other stuff, and likely your plugin should create a WordPress user so it can skip this step in the future. I created a similar plugin for an app that I wrote years ago, and I started by looking at:

    http://wordpress.org/extend/plugins/wpdirauth/

    to learn how to "hijack" the login process. Might be a good start for you as well.

  3. warriorofdreams
    Member
    Posted 15 years ago #

    The problem is that I do not want to include the Zend Framework in the WP framework. I want to create my own auth adapter wich checks if the user is logged in and gets the user id.

    I'd better explain the system:

    1. A user logs in on my AI blog and goes to the 'Talk wit Mai' page (Mai is the name of my AI).
    2. I check within my blogtemplate if the user is logged in. If not it redirects the user to a error page.
    3. If the user logged in a interface is loaded which comunicates (using AJAX) with my Zend Framework app.

    Now my Zend Framework app has to check if the user is logged in without starting up all the WP code.

    I checked your code was not able to find anything that helps.

    Is there someway to make the 'check login' independent of the rest of the WP framework?

  4. grandslambert
    Member
    Posted 15 years ago #

    Wordpress uses login cookies to check for login, and I have seen other sites that use third party applications for Wordpress login. I believe in those cases the third party app sets a cookie and Wordpress is set up to look at that cookie, but I have not done this myself so not sure how you would do it. Basically, in my understanding, the third party app would have to set a cookie that Wordpress can understand.

    The problem is that in order to log someone in to WordPress, so they can post comments and such, there has to be a Wordpress user. Ao a script is needed to create that user with the same credentials as your third party app. That is what the DirAuth tool I mentioned previously does - finds the user in the active directory and creates a Wordpress user. I suggested that as a starting point because it has all the hooks to do it - you would just need to change the user lookup code to look in your system.

    Note: I call it a third party application even though it's your application. As we are discussing WordPress, your application is considered a third party app.

  5. cafespain
    Member
    Posted 15 years ago #

    How does the login on the other system work? How does it know if a user is logged in?

    You don't need to include the Zend framework, but you will need to duplicate the authentication of the other system in someway.

  6. warriorofdreams
    Member
    Posted 15 years ago #

    @grandslambert:

    I think you do not understand me completely. I want to integrate my Zend Framework app into wordpress. Not wordpress into my Zend Framework app.

    @Cafespain:

    Currently I use the standard Auth adapter of Zend (see below). I want to replace it with a sytem that can check the WP cookie.

    $dbAdapter = Zend_Db_Table::getDefaultAdapter();
    $authAdapter = new Zend_Auth_Adapter_DbTable($dbAdapter);
    $authAdapter->setTableName('mai_users')
    	->setIdentityColumn('username')
    	->setCredentialColumn('password');
    $authAdapter->setIdentity($values['loginusername'])
    	->setCredential(sha1(md5($values['loginpassword'])));
    
    $auth = Zend_Auth::getInstance();
    $result = $auth->authenticate($authAdapter);

    Maybe I can read somehow the cookie the same way as WP does?

  7. grandslambert
    Member
    Posted 15 years ago #

    Wait, in your opening post you state:

    Please note that I do not want to integrate Zend into WP, I only want to use the login system to check if the user is logged in and retrieve the ID of the user.

    Now you say:

    I think you do not understand me completely. I want to integrate my Zend Framework app into wordpress. Not wordpress into my Zend Framework app.

    Which is it? The advice I was giving was based on your opening post. Do you want to use users from YOUR app to log in to WORDPRESS, or users from WORDPRESS to log in to YOUR app?

  8. warriorofdreams
    Member
    Posted 15 years ago #

    With:

    "Please note that I do not want to integrate Zend into WP, I only want to use the login system to check if the user is logged in and retrieve the ID of the user."

    I meant using the login system of WP, sorry if this caused any incoveniences. When users are logged in WP (using the normal WP login form) they should also be logged in in my Zend Framework app.

    Also in my first post:

    "Now I want to integrate the login system of WPMU with my AI."

    Now I also understand why you sent me your plugin, again sorry for the inconvenience.

  9. grandslambert
    Member
    Posted 15 years ago #

    No problem, now I know where you are at. BTW, that plugin is not mine, it's one that I use - don't want to take credit that isn't due.

    So, as I understand it, you want your application to look if the user is logged in to WordPress, and if so, let them use the application. For this, you will need to look at using the WordPress cookies. You can get information on how to use the cookies here:

    http://codex.wordpress.org/WordPress_Cookies

  10. warriorofdreams
    Member
    Posted 15 years ago #

    I have found the following function:

    function wp_validate_auth_cookie($cookie = '', $scheme = '')

    Line 503 pluggable.php

    I think this function validates the cookie in WP 2.7, am I correct?

    Is it possible to make this function somehow external? I could look up all the functions this function uses and then make a copy of them in my Auth adapter.

  11. warriorofdreams
    Member
    Posted 15 years ago #

    I created my own function for authentication. Maybe anyone can check it before I use it live:

    define('COOKIEHASH', 'value');
    define('LOGGED_IN_KEY', 'value');
    define('LOGGED_IN_SALT', 'value');
    function validate()
    {
    	//Get all the cookie elements
    	$cookie_name = 'wordpress_logged_in_' . COOKIEHASH;
    	$scheme = 'logged_in';
    	$cookie = $_COOKIE[$cookie_name];
    	$cookie_elements = explode('|', $cookie);
    	if(count($cookie_elements) != 3 )
    	{
    		die('Cookie elements error');
    	}
    
    	//Make sure the variables $username, $expiratio and $hmac are correct
    	list($username, $expiration, $hmac) = $cookie_elements;
    	$cookie_elements = compact('username', 'expiration', 'hmac');
    	extract($cookie_elements, EXTR_OVERWRITE);
    
    	//Check expiration
    	if($expiration < time())
    	{
    		die('Expiration error');
    	}
    
    	$key = hash_hmac('md5', $username . '|' . $expiration, LOGGED_IN_KEY . LOGGED_IN_SALT);
    	$hash = hash_hmac('md5', $username . '|' . $expiration, $key);
    
    	if($hmac != $hash)
    	{
    		die("Bad Cookie");
    	}
    	else
    	{
    		die('Good cookie');
    	}
    }
  12. lunabyte
    Member
    Posted 15 years ago #

    That's going to always die with a bad cookie error.

  13. warriorofdreams
    Member
    Posted 15 years ago #

    I know. It is just to show how the function works. I can't post my whole AI Auth controller here.

  14. lunabyte
    Member
    Posted 15 years ago #

    Yeah, just wanted to make sure you saw that. Buried in a lengthy function is could be something easily overlooked sometime, and cost a couple handfuls of hair. :D

  15. warriorofdreams
    Member
    Posted 15 years ago #

    In fact I do use those die() functions. The function will be registerd as a front conroller plugin so I need to stop the controller with die().

    I use die('-LOGOUT-'); to say to the ajax client that the users cookie is not valid.

    Does anyone see any mistakes in the function?

    I saw one:

    if(isset($_COOKIE[$cookie_name]))
    {
        $cookie = $_COOKIE[$cookie_name];
    }
    else
    {
        die('Cookie error');
    }

    This needs to replace the following line:

    $cookie = $_COOKIE[$cookie_name];

  16. deuts
    Member
    Posted 15 years ago #

    I'm also interested in this login cookie integration with a third party application. Actually, in my case,

    I just want the 'other' application whether he/she is logged in or not in the root wpmu install, if yes, then show the page, otherwise redirect to a landing error page. No need to retrieve or process user data from the WPMU users table. Simple as that.

    This is most useful especially for like when I install a simple wiki (e.g., phpwiki) in a subdirectory but the contents (which is accessible through one php file only, index.php) is only available to logged in users of the root wordpress mu site.

About this Topic

  • Started 15 years ago by warriorofdreams
  • Latest reply from deuts