#19821 closed enhancement (invalid)
Make wp_validate_auth_cookie() filterable
Reported by: | sirzooro | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.3.1 |
Component: | Users | Keywords: | has-patch dev-feedback |
Focuses: | Cc: |
Description
When WordPress loads, it does not call the same functions as when login form is submitted - instead it uses different ones to validate that authentication cookie is present and valid. Call stack is as follows:
settings.php WP::init() wp_get_current_user() get_currentuserinfo() wp_validate_auth_cookie()
When plugin wants to validate some extra things (e.g. decide if user can login by checking user meta), the only way is to replace one of functions defined in pluggable.php - wp_validate_auth_cookie()
seems to be a good candidate for this. Unfortunately this can be done only once, so now it is impossible to use few plugins which wants to do some extra checks at the same time. Therefore I propose to extend the wp_validate_auth_cookie()
function by adding validate_auth_cookie
filter to it - see attached patch. It will allow to hook into the cookie validation process, without the need to replace pluggable function.
Attachments (1)
Change History (6)
#2
@
12 years ago
Of course:
- User 1 successfully logs in to WP;
- User 2 tries to guess password for user 1. This WP instance has the User Locker plugin installed, so account will be locked after few invalid attempts;
- User 1 loads some WP page. At this moment his account is already locked, so it will be good to invalidate authentication cookie and force logout.
Proposed patch + coding standard