Allow for custom authentication handlers for all requests.
Turn the logic used by wp_get_current_user() into a determine_current_user filter. props rmccue. fixes #26706. git-svn-id: https://develop.svn.wordpress.org/trunk@27484 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Andrew Nacin
parent
e4bb7b0e8c
commit
517de7ea31
|
|
@ -300,5 +300,7 @@ add_filter( 'heartbeat_nopriv_send', 'wp_auth_check' );
|
||||||
// Default authentication filters
|
// Default authentication filters
|
||||||
add_filter( 'authenticate', 'wp_authenticate_username_password', 20, 3 );
|
add_filter( 'authenticate', 'wp_authenticate_username_password', 20, 3 );
|
||||||
add_filter( 'authenticate', 'wp_authenticate_spam_check', 99 );
|
add_filter( 'authenticate', 'wp_authenticate_spam_check', 99 );
|
||||||
|
add_filter( 'determine_current_user', 'wp_validate_auth_cookie' );
|
||||||
|
add_filter( 'determine_current_user', 'wp_validate_logged_in_cookie', 20 );
|
||||||
|
|
||||||
unset($filter, $action);
|
unset($filter, $action);
|
||||||
|
|
|
||||||
|
|
@ -97,14 +97,23 @@ function get_currentuserinfo() {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( ! $user = wp_validate_auth_cookie() ) {
|
/**
|
||||||
if ( is_blog_admin() || is_network_admin() || empty( $_COOKIE[LOGGED_IN_COOKIE] ) || !$user = wp_validate_auth_cookie( $_COOKIE[LOGGED_IN_COOKIE], 'logged_in' ) ) {
|
* Determine the current user based on request data.
|
||||||
wp_set_current_user( 0 );
|
*
|
||||||
return false;
|
* The default filters use this to determine the current user from the
|
||||||
}
|
* request's cookies, if available.
|
||||||
|
*
|
||||||
|
* @since 3.9.0
|
||||||
|
*
|
||||||
|
* @param int|boolean $user_id User ID if determined, or false otherwise.
|
||||||
|
*/
|
||||||
|
$user_id = apply_filters( 'determine_current_user', false );
|
||||||
|
if ( ! $user_id ) {
|
||||||
|
wp_set_current_user( 0 );
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
wp_set_current_user( $user );
|
wp_set_current_user( $user_id );
|
||||||
}
|
}
|
||||||
endif;
|
endif;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -219,6 +219,32 @@ function wp_authenticate_spam_check( $user ) {
|
||||||
return $user;
|
return $user;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Validates logged in cookie.
|
||||||
|
*
|
||||||
|
* Checks the logged_in cookie if the previous auth cookie could not be
|
||||||
|
* validated and parsed.
|
||||||
|
*
|
||||||
|
* This is a callback for the determine_current_user filter, rather than API.
|
||||||
|
*
|
||||||
|
* @since 3.9.0
|
||||||
|
*
|
||||||
|
* @param int|boolean $user The user ID (or false) as received from the determine_current_user filter.
|
||||||
|
* @return int|boolean User ID if validated, or false otherwise. If it receives a user ID from
|
||||||
|
* an earlier filter callback, that value is returned.
|
||||||
|
*/
|
||||||
|
function wp_validate_logged_in_cookie( $user_id ) {
|
||||||
|
if ( $user_id ) {
|
||||||
|
return $user_id;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( is_blog_admin() || is_network_admin() || empty( $_COOKIE[LOGGED_IN_COOKIE] ) ) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
return wp_validate_auth_cookie( $_COOKIE[LOGGED_IN_COOKIE], 'logged_in' );
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Number of posts user has written.
|
* Number of posts user has written.
|
||||||
*
|
*
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue