Introduction

An issue that comes up every so often is a requirement to manage and authenticate users in Moodle from WordPress. Both Moodle and WordPress can be found on the same systems as they both use PHP and may share a database instance. Moodle even has the ability to authenticate using another database. However as this doesn’t support WordPress a workaround is needed to enable authentication.

The workaround is needed because Moodle can’t understand WordPress’ password format. Passwords are stored as a “hash”: a value which can be used to authenticate a password but can’t be used to obtain the original password. Moodle supports three common hash algorithms: MD5, SHA-1 and “crypt one-way string hashing” which is what Moodle uses internally. As WordPress uses none of these we need to add this to Moodle to authenticate users. This involves modifying Moodle’s source code which is not generally recommended as it complicates keeping up-to-date with versions. Changes to two files are needed so if you need to manage Moodle users from WordPress this may be a practical approach for you.

This post uses information originally featured in a 2010 blog post by Giuseppe Urso.

Steps

These steps have been tested with Moodle 3.6 and 3.7. We recommend creating backups of any files before modifying them.

  1. Edit auth/db/settings.php adding the following line, shown with a “+”, to the list of authentication types:
    91 // DB Password Type.
    92 $passtype = array();
    93 $passtype["plaintext"] = get_string("plaintext", "auth");
    94 $passtype["md5"] = get_string("md5", "auth");
    95 $passtype["sha1"] = get_string("sha1", "auth");
    96 $passtype["saltedcrypt"] = get_string("auth_dbsaltedcrypt", "auth_db");
    97 $passtype["internal"] = get_string("internal", "auth");
    98+$passtype["WordPress"] = "WordPress";
  2. Copy the WordPress PasswordHash class definition — class-phpass.php — into Moodle’s lib folder, e.g.:
    cp -ip /path/to/wordpress/wp-includes/class-phpass.php /path/to/moodle/lib
  3. Edit auth/db/auth.php making two changes:
    1. Add required_once(), again shown with a “+”, for the class definition copied above:
      27 defined('MOODLE_INTERNAL') || die();
      28
      29 require_once($CFG->libdir.'/authlib.php');
      30+require_once($CFG->libdir."/class-phpass.php");
    2. Modify user_login() to handle WordPress passwords, again the lines to addd shown with a “+”:
      134 if ($this->config->passtype === 'plaintext') {
          ⋮
      140 } else if ($this->config->passtype === 'saltedcrypt') {
      141    return password_verify($extpassword, $fromdb);
      142+} else if ($this->config->passtype === 'WordPress') {
      143+    $hash = new PasswordHash(8, false);
      144+    return $hash->CheckPassword($extpassword, $fromdb);
      145 } else {
      146    return false;
      147 }
  4. Configure Moodle’s External Database authentication plugin (Site administrationPluginsAuthenticationManage authentication, click Settings by External database) to use the WordPress password format we’ve added:
    1. Host: “127.0.0.1” if the database is on the same server as the web server, otherwise enter the address for the WordPress database server here.
    2. Database: “mysqli” for MySQL or MariaDB, or the type for the WordPress database.
    3. DB name: The WordPress database name.
    4. DB user: You could use the database user WordPress is using but ideally create a database user with read-only (SELECT) privileges to the WordPress tables, e.g.:
      CREATE USER [email protected]'localhost' IDENTIFIED BY 'yourpassword';
      GRANT SELECT ON wordpress.* TO [email protected]'localhost';
    5. DB password: Password corresponding to the above database user.
    6. Table: wp_users
    7. Username field: user_login
    8. Password field: user_pass
    9. Password format: WordPress
    10. Data mapping (Email address): user_email
    11. Click “Save changes”.
  5. If necessary, enable the External Database authentication plugin (Site administrationPluginsAuthenticationManage authentication, click Enable for External database).

With this you should be able to create users in WordPress who can log into Moodle with the same username and password. Note that on logging into Moodle for the first time WordPress users are prompted for their first and last name.

Importing firstname and lastname

The reason users see this is that the First name and Surname mandatory fields are not available from the wp_users table. As a workaround to this a view can be added to the WordPress database, e.g.:

CREATE VIEW wp_user_view AS SELECT user_login, user_pass, user_email, um1.meta_value AS firstname, um2.meta_value AS lastname FROM wp_users INNER JOIN wp_usermeta um1 ON um1.user_id = wp_users.ID AND um1.meta_key = 'first_name' INNER JOIN wp_usermeta um2 ON um2.user_id = wp_users.ID AND um2.meta_key = 'last_name';

Now we can change the Table setting from “wp_users” to the name of this view, i.e. “wp_user_view”, and configure the following additional fields:

  1. Data mapping (First name): firstname
  2. Data mapping (Surname): lastname

Conclusion

The steps above allow you to use WordPress to manage and authenticate users for Moodle. The drawback is that you have to modify Moodle’s source code to achieve this which introduces an extra step to manage when updating your Moodle version. However the changes are small and only affect two files.

Adding a database view to the database is necessary for Moodle to read the firstname and lastname from WordPress.

If you need help integrating Moodle with another system, such as for user authentication or course enrolment, get in touch.

About This Author

Leon Stringer

Leon had been working in IT for over 25 years starting out with connectivity systems for ICL mainframes. He also worked for an NHS trust in the West Midlands for nine years but doesn’t like to talk about this. He first encountered Moodle in 2011...