Skip to:
Content
Pages
Categories
Search
Top
Bottom

Integration with NON-WP software


  • soarchrist
    Member

    @soarchrist

    I’ve searched and there isn’t a lot of *detailed* responses on how to do this. I realize that it’s very very specific to the system and the needs of the site.

    I have my own authentication system and don’t need the bbPress system at all. How can I use only my system? I’ve read up on how WP does authentication– with one cookie containing the username and password hash (double hash I think). Do I need to create this same cookie… or can I easily just disable/remove the authentication built in and use my own?

    If so, what do I need to change? Any help would be appreciated.

Viewing 3 replies - 1 through 3 (of 3 total)

  • _ck_
    Participant

    @_ck_

    The authentication system in bbPress is completely adjustable via plugins.

    Look in the pluggable.php file, there are 4 routines that have to be replaced.

    If you look at a plugin like my “freshly baked cookies” you can sort-of see the 4 replacements you need. Actually you only need 2, because the other two are used by the first two. One creates the cookie, the other reads it. If you only want your other software to create the cookie, then in theory you only need one function replacement.

    WordPress works the same way, except after WP 2.5 they added 2 or three other kinds of cookies. The older method that WP 2.5 and bbPress 0.9 uses is easier to hook into.

    Note that a few obscure WordPress plugins like to read the cookie to gather the username which is a bad approach. No bbPress plugin that I am aware of does this yet, and I hope they won’t so we can switch to a httponly cookie which is more secure and less XSS vulnerable.

    ps. technically the auth system doesn’t even have to be via cookies but the only other ways I am aware of would be HTTPS Client Authentication which is impractical for public systems or maybe LDAP


    soarchrist
    Member

    @soarchrist

    Well, I figured that I would only have to re-write a few functions for authentication, but this would still require me to use the bbpress user table, no? For example, after I re-write the authentication functions, how does the bbpress software know who the user is… the user’s name, and so forth. Where are all of those functions that get that information? Are they included in the pluggable.php too? Is that bb_current_user()?

    I know enough PHP programming to make my own functions, but I’m just not familiar enough with how WordPress works to know what is doing what in detail. Thanks for your help _CK_. I appreciate it a lot.


    _ck_
    Participant

    @_ck_

    Yes you still need to fill the bbPress/WP user table (many plugins also refer to it directly).

    All you are replacing is authentication.

    You can write a plugin to auto-fill the user table when a newly authenticated user first tries to see a bbPress page. Actually it could go into the authentication code directly.

Viewing 3 replies - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.