function authenticate($user, $username, $password) { // If previous authentication succeeded, respect that if (is_a($user, 'WP_User')) { return $user; } // Determine if user a local admin $local_admin = false; $user_obj = get_user_by('login', $username); if (user_can($user_obj, 'update_core')) { $local_admin = true; } if (empty($username) || empty($password)) { $error = new WP_Error(); if (empty($username)) { $error->add('empty_username', __('<strong>ERROR</strong>: The username field is empty.')); } if (empty($password)) { $error->add('empty_password', __('<strong>ERROR</strong>: The password field is empty.')); } return $error; } // If high security mode is enabled, remove default WP authentication hook if (str_true($this->get_setting('high_security')) && !$local_admin) { remove_filter('authenticate', 'wp_authenticate_username_password', 20, 3); } // Sweet, let's try to authenticate our user and pass against LDAP $auth_result = $this->ldap_auth($username, $password, $this->get_setting('directory')); if ($auth_result) { // Authenticated, does user have required groups, if any? if ($this->user_has_groups($username, $this->get_setting('directory'))) { $user = get_user_by('login', $username); if (!$user || strtolower($user->user_login) !== strtolower($username)) { if (!str_true($this->get_setting('create_users'))) { do_action('wp_login_failed', $username); return new WP_Error('invalid_username', __('<strong>Simple LDAP Login Error</strong>: LDAP credentials are correct, but there is no matching WordPress user and user creation is not enabled.')); } $new_user = wp_insert_user($this->get_user_data($username, $this->get_setting('directory'))); if (!is_wp_error($new_user)) { // Successful Login $new_user = new WP_User($new_user); do_action_ref_array($this->prefix . 'auth_success', array($new_user)); return $new_user; } else { do_action('wp_login_failed', $username); return new WP_Error("{$this->prefix}login_error", __('<strong>Simple LDAP Login Error</strong>: LDAP credentials are correct and user creation is allowed but an error occurred creating the user in WordPress. Actual error: ' . $new_user->get_error_message())); } } else { return new WP_User($user->ID); } } else { return new WP_Error("{$this->prefix}login_error", __('<strong>Simple LDAP Login Error</strong>: Your LDAP credentials are correct, but you are not in an authorized LDAP group.')); } } elseif (str_true($this->get_setting('high_security'))) { return new WP_Error('invalid_username', __('<strong>Simple LDAP Login</strong>: Simple LDAP Login could not authenticate your credentials. The security settings do not permit trying the WordPress user database as a fallback.')); } do_action($this->prefix . 'auth_failure'); return false; }