http-authentication 2.0
I’ve finished updating the http-authentication plugin for WordPress 2.5.
This version of the plugin will work with WordPress 2.5.1 and above, due to a change in the wp_authenticate plugin hook.
This plugin will not work on WordPress 2.5, but if you want to test it you can download a nightly build or use Subversion WordPress 2.5.1.
You can download the plugin from the WordPress Plugin Directory.
Finally, for this release, I’m starting a new post for the plugin. Refer to the previous post for support issues, and if you don’t find an answer there, please ask here. Questions asked on the old post about this version will not be answered.
Update (2008-04-25): WordPress 2.5.1 is out.
April 16th, 2008 at 5:54 pm
[...] (2008-04-16): Changes in WordPress 2.5 are causing problems with this plugin. I’ve released an updated plugin that is compatible with the upcoming WordPress [...]
April 17th, 2008 at 3:28 pm
Sweet! Thanks for getting that wp_authenticate fix into 2.5.1. And thanks again for this plugin.
April 23rd, 2008 at 1:18 pm
Good job. Works for me on 2.6-bleeding. Now all I have to do is wait for a 2.5.1 WordPress release to recommend http auth 2.0 and WP 2.5 via documentation at work.
April 25th, 2008 at 1:14 pm
WordPress 2.5.1 is out. http-auth 2.0 works. xlnt.
April 25th, 2008 at 1:20 pm
@Mork: Thanks for the confirmation!
May 15th, 2008 at 4:05 pm
If you put the file directive on “wp-login.php” is it necessary to have a separate .htaccess file in the wp-admin directory? It seems to properly protect without the latter, but I’m not an auth expert.
The reason I ask is because when I add the prescribed htaccess file to wp-admin I lose all my css on the admin pages.
May 15th, 2008 at 4:27 pm
@rh: Doing so would leave wp-admin open to attack. It is safer to protect wp-admin as well because any attacker would first have to crack your Apache authentication to exploit a hole in WordPress.
I haven’t seen the problem you describe. Have a look through your Web server logs (especially the error log) to see if there might be a problem with your setup.
June 2nd, 2008 at 1:14 am
Image upload is broken here on 2.5.1 when using HTTP Authentication together with Admin SSL. For everything it is an asome combination. Thanks for the hard work.
All I see is a red “HTTP error. An error occured in the upload. Please try again later.” message on the upload page. File permissions are all good.
June 2nd, 2008 at 11:25 am
@Daniel: I’ll try to investigate the combination this week. Let me know if you find any additional details.
June 4th, 2008 at 5:04 pm
@Daniel: The problem appears not to be in the combination of the two plugins, but in that the WordPress uploading tool is not sending the authentication information. There is an existing ticket open about this issue:
http://trac.wordpress.org/ticket/6473
There are some helpful pointers in the forum post linked in the ticket as well, but I have not been able to verify if they work. Please let me know if you find a solution!
June 11th, 2008 at 12:31 pm
@rh: In the unlikely scenario that someone else experiences the same problem I did, here’s the solve … Our auth system is pubcookie. Declaring a “PubcookieAppID” in my .htaccess file solved the problem.
June 16th, 2008 at 11:54 am
Hi,
I adapted your plugin for Active Directory. I don’t see your email listed, so I’m leaving a note here.
I really have no idea what the proper etiquette is when one modifies software as such, but in any case, thank you very much for this plugin. It was enormously helpful. WordPress’s documentation was not particularly helpful, and the references to non-existent code within WordPress (e.g. wp-signon) seemed daunting. Using HTTP Authentication as a base, it was very easy to extend for AD authentication. (I’ve sent a submission to wordpress.org so others can use this.)
Thanks again.
June 18th, 2008 at 2:06 pm
Hi — I’ve installed http-authentication 2.0 with the latest version of WordPressMU and it _mostly_ works well. The only aspect that is not working is setting the options:
Logout URL
Automatically create accounts
Email address domain
Making a change to these fields gives me the message:
Are you sure you want to do this?
Please try again.
The changed options never get stored. Needless to say, trying again does not work. Anyone else see this issue?
Thanks for producing a great plugin!
June 18th, 2008 at 2:52 pm
@Rod: I haven’t used MU, to be honest. I assume that MU has different functions for getting and setting options, since they could be site specified.
Someone previously updated the plugin to work with MU:
http://orthrus.blogspot.com/2008/01/http-authentication-for-wordpress-mu.html
But I have not had a chance to talk with him and try to incorporate the changes into the main plugin. Let me know if you find out anything more!
July 1st, 2008 at 9:14 am
@Rod: Same issue here.
I’m trying to merge the code together, but I’m not fluent in PHP. Has anyone done the grunt work and have something that I could test? I’ll happily beta-test it.
Thanks for you work!
July 4th, 2008 at 8:54 am
[...] mélangé de Daniel Westermann-Clark et Simon [...]
July 4th, 2008 at 9:03 am
Took me some time, but I’ve posted a patched version that apparently works:
WordPress MU: plugin d’authentification HTTP
July 9th, 2008 at 2:42 pm
I’m using the HTTP authentication plugin on a combined blog/mail server. It works great, and it lets me pull the user management into a single place. Thanks for the tool!
The one thing that I needed to change was the $email_domain. On my server, the user name is a full e-mail address (i.e. login is ‘user@example.com’), so appending ‘@$email_domain’ to it actually corrupts the e-mail address.
What I ended up doing is leaving $email_domain blank, and then changing the wp_create_user call in http-authentication.php (line 139) to be:
“wp_create_user($username, $password, $username . ($email_domain ? ‘@’ . $email_domain : ”));”
This little one-line fix made the HTTP authentication plugin do exactly what I wanted it to… I think it is probably non-intrusive enough to be folded into the main distribution as well?
Anyway, thanks for a great plugin.
July 10th, 2008 at 9:58 am
@rbroemeling: Thanks for the patch! I’ve applied it to trunk:
http://dev.wp-plugins.org/changeset/54145