Sweet! Thanks for getting that wp_authenticate fix into 2.5.1. And thanks again for this plugin.

Good job. Works for me on 2.6-bleeding. Now all I have to do is wait for a 2.5.1 WordPress release to recommend http auth 2.0 and WP 2.5 via documentation at work.

WordPress 2.5.1 is out. http-auth 2.0 works. xlnt.

@Mork: Thanks for the confirmation!

If you put the file directive on “wp-login.php” is it necessary to have a separate .htaccess file in the wp-admin directory? It seems to properly protect without the latter, but I’m not an auth expert.

The reason I ask is because when I add the prescribed htaccess file to wp-admin I lose all my css on the admin pages.

@rh: Doing so would leave wp-admin open to attack. It is safer to protect wp-admin as well because any attacker would first have to crack your Apache authentication to exploit a hole in WordPress.

I haven’t seen the problem you describe. Have a look through your Web server logs (especially the error log) to see if there might be a problem with your setup.

Image upload is broken here on 2.5.1 when using HTTP Authentication together with Admin SSL. For everything it is an asome combination. Thanks for the hard work.

All I see is a red “HTTP error. An error occured in the upload. Please try again later.” message on the upload page. File permissions are all good.

@Daniel: I’ll try to investigate the combination this week. Let me know if you find any additional details.

@Daniel: The problem appears not to be in the combination of the two plugins, but in that the WordPress uploading tool is not sending the authentication information. There is an existing ticket open about this issue:

http://trac.wordpress.org/ticket/6473

There are some helpful pointers in the forum post linked in the ticket as well, but I have not been able to verify if they work. Please let me know if you find a solution!

@rh: In the unlikely scenario that someone else experiences the same problem I did, here’s the solve … Our auth system is pubcookie. Declaring a “PubcookieAppID” in my .htaccess file solved the problem.

Hi,

I adapted your plugin for Active Directory. I don’t see your email listed, so I’m leaving a note here.

I really have no idea what the proper etiquette is when one modifies software as such, but in any case, thank you very much for this plugin. It was enormously helpful. WordPress’s documentation was not particularly helpful, and the references to non-existent code within WordPress (e.g. wp-signon) seemed daunting. Using HTTP Authentication as a base, it was very easy to extend for AD authentication. (I’ve sent a submission to wordpress.org so others can use this.)

Thanks again.

Hi — I’ve installed http-authentication 2.0 with the latest version of WordPressMU and it _mostly_ works well. The only aspect that is not working is setting the options:

Logout URL
Automatically create accounts
Email address domain

Making a change to these fields gives me the message:

Are you sure you want to do this?
Please try again.

The changed options never get stored. Needless to say, trying again does not work. Anyone else see this issue?

Thanks for producing a great plugin!

@Rod: I haven’t used MU, to be honest. I assume that MU has different functions for getting and setting options, since they could be site specified.

Someone previously updated the plugin to work with MU:

http://orthrus.blogspot.com/2008/01/http-authentication-for-wordpress-mu.html

But I have not had a chance to talk with him and try to incorporate the changes into the main plugin. Let me know if you find out anything more!

@Rod: Same issue here.

I’m trying to merge the code together, but I’m not fluent in PHP. Has anyone done the grunt work and have something that I could test? I’ll happily beta-test it.

Thanks for you work!

Took me some time, but I’ve posted a patched version that apparently works:

WordPress MU: plugin d’authentification HTTP

I’m using the HTTP authentication plugin on a combined blog/mail server. It works great, and it lets me pull the user management into a single place. Thanks for the tool!

The one thing that I needed to change was the $email_domain. On my server, the user name is a full e-mail address (i.e. login is ‘user@example.com’), so appending ‘@$email_domain’ to it actually corrupts the e-mail address.

What I ended up doing is leaving $email_domain blank, and then changing the wp_create_user call in http-authentication.php (line 139) to be:

“wp_create_user($username, $password, $username . ($email_domain ? ‘@’ . $email_domain : ”));”

This little one-line fix made the HTTP authentication plugin do exactly what I wanted it to… I think it is probably non-intrusive enough to be folded into the main distribution as well?

Anyway, thanks for a great plugin.

@rbroemeling: Thanks for the patch! I’ve applied it to trunk:

http://dev.wp-plugins.org/changeset/54145

I’ve been doing some wordpress-mu work lately, prepping it for inclusion in Fedora and internal usage. I’ve hacked up a version that works for our purposes, and would like to discuss whether we can make your code natively support either wp or wpmu.

Cheers!

Bret,

By all means, send me an email (my username at this site (dwc) followed by the second-level domain (ufl.edu)). I’d definitely like to work on making the plugin support WordPress MU natively.

This is an awesome plugin. Have been using it for a year or so now.

Will this work on WordPress 2.6.1? I’m holding off upgrading to 2.6.1 untilI’m sure this plugin will work.

Daniel,

Yes, I’ve been running it here with no problems. I’ve updated the readme and pushed a new release to note this. Thanks!

I’m very interested in the MU stuff. I may try out Flavien’s patches, but if McMillan has better I’d be glad to start there.

Daniel, sorry, I didn’t get notification of your response back in August. Resent via email to your UFL addy, as well as podbop… looking forward to hearing back from ya 🙂

Fwiw, git repo of hacks in question at:

http://fedorapeople.org/gitweb?p=bretm/public_git/wordpress-mu-http-auth.git;a=summary

This looks really great — I’m creating a plugin for Ruby on Rails, and this does nearly everything I need:

http://greenfabric.com/page/integration_api_home_page

…I’m not sure if I should “branch” the code into a seperate project or not … I might have to: there’ll be a bunch of changes necessary.

Robb,

A branch seems sensible to me. Let me know if you have any questions about how the plugin works.

Got a weird issue with your plugin (or my install) and was hoping you might be able to point me to a starting point for figuring it out. Users can authenticate, but the moment they try to edit a post and click the save button, it’s not saved. They can create a new post, but editing/publishing fails. The users who have the problem are on a different domain, but are able to get into the wp-admin area, so I know the actual authentication is working. Any ideas where to start looking? This is on wp 2.6.2, and I’ll happily share anything I can find.

Scott,

Do you have access to the server logs? If there are any 401 or 403 errors, those lines would help debug.

I know that the Flash uploading tool fails (see WordPress ticket #6473), but otherwise I haven’t had any problems with the plugin on 2.6.

Seeing a lot of errors like this:
SERVER.IP-ADDRESS.GOES.HERE – – [19/Nov/2008:14:35:58 -0500] “GET /WP-DIRECTORY/wp-cron.php?check=e6e54a42282d5fd5c51d2c4a274b1217 HTTP/1.0” 401 401

I usually replicate the problem like this: I log in, and the other user logs in. I create a new test post and add content. Then the other user tries to edit that post. They put content in, click save, and the new content doesn’t show.

Thanks for your help. I really appreciate it, and the plugin as well.

Did some digging into the support codex, and looks like it might be a case of wp-cron.php not being able to be accessed by this server because the request comes from the servers external IP address. I’m disabling cron to check it out, and if that’s it, I apologize to your plugin for unfairly blaming it. Thanks for your help.

This plugin seems to have stopped working under WordPress 3.o for me. Have you tested it?
Thanks, Greg.

Sorry, should have supplied more details: the error I get is “ERROR: Invalid username”. I have “Automatically create accounts” set, but it is not creating the user if it does not already exist.
Cheers, Greg.