WordPress Auth Driver for Laravel

The WordPress Auth Driver for Laravel Composer package allows you to authenticate users in your Laravel application against an existing user table from a WordPress installation.

The package exposes two Laravel service providers:

• WordPressAuthServiceProvider extends the auth driver with a new “wordpress” user provider.
• WordPressHashServiceProvider provides a new service “wordpress-hash” which hashes values using the same library that WordPress uses.

You can find the package on Bitbucket: WordPress Auth Driver for Laravel
… and on Packagist: hampel/wordpress-auth-laravel

Installation is via Composer – add the following to your Laravel application’s composer.json file:

{
	"require": {
		"hampel/wordpress-auth-laravel": "1.0.*"
	}
}

Run composer update to install the package and its dependencies.

Next, open your Laravel config file app/config/app.php and add the two service providers to the providers array:

'providers' => array(
    ...
    'Hampel\WordPress\Auth\WordPressAuthServiceProvider',
    'Hampel\WordPress\Hashing\WordPressHashServiceProvider',
),

To tell Laravel about our new WordPress auth driver, edit your Laravel config file app/config/auth.php and change the driver to 'wordpress':

'driver' => 'wordpress',

Finally, configure a database connection in Laravel to point to your WordPress application. You can use one of the existing database connections, or create a new one. The auth provider does rely on the table prefix being set to match that used in WordPress (by default wp_), so even if you have your Laravel data in the same table as your WordPress data, you should set up a new connection (with the same database and connection information) and specify the table prefix to match that used by WordPress in wp-config.php.

For example, add a new connection to app/config/database.php:

'mysql-wordpress' => array(
    'driver'    => 'mysql',
    'host'      => 'localhost',
    'database'  => 'wordpress',
    'username'  => 'username',
    'password'  => 'password',
    'charset'   => 'utf8',
    'collation' => 'utf8_unicode_ci',
    'prefix'    => 'wp_',
),

By default, the WordPress auth driver will try and use the database configuration called mysql, so if we’ve created a new connection as per the above example, we must configure the auth driver to use it.

Create a file app/config/packages/hampel/wordpress-auth-laravel/auth.php (or for specifying different environments, create the file app/config/packages/hampel/wordpress-auth-laravel/<environment>/auth.php, where <environment> is the name of your environment configured in Laravel). For example:

<?php

return array(
    'connection' => 'mysql-wordpress',
);

?>

You are now ready to implement your authentication controller in Laravel as you normally would – the new driver takes care of checking passwords against the WordPress database automatically.

One thing to remember when passing credentials to the Auth classes – WordPress stores usernames in a column called user_login and passwords in a column called user_pass, you must specify these as the credential keys to allow the Eloquent-based driver to find the correct columns in the WordPress user table. For example:

$userdata = array(
    'user_login' => Input::get('username'),
    'user_pass' => Input::get('password')
);

if (Auth::attempt($userdata))
{
    // successfully logged in
}
else
{
    // authentication failed
}

Although they should never change (it might break a lot of applications!), the column names for usernames and passwords in WordPress are actually configurable options for the driver. To use the configuration options rather than hard-coding the column names in your application, you can use Config::get('wordpress-auth-laravel::auth.username') and Config::get('wordpress-auth-laravel::auth.password') in place of user_login and user_pass respectively.

I will write a tutorial demonstrating building a simple auth routine for Laravel using a WordPress backend so you can see how the code works.