admin管理员组文章数量:1426123
Background
I'm attempting to make a seemless frontend login for a blog, while still leaving wp-login.php available to those users who know how to get there. wp-login.php is also required to authenticate frontend logins, so it cannot be removed completely.
I'm almost there, but I have one issue with login failures, specifically with an empty username.
Question
Does anybody know a way to both stop wp-login.php being displayed for empty username/password errors, while avoiding an error being displayed for the same reason when a user goes directly to wp-login.php?
My work
I located the wp_login_failed hook and created the function below. Basically it adds query args to say that the login has failed and what username was entered before redirecting the user back to the frontend login. With the query args I can then determain why the login failed and display a message to the user.
add_action('wp_login_failed', 'djg_front_end_login_fail');
function djg_front_end_login_fail($username){
$referrer = (isset($_SERVER['HTTP_REFERER'])) ? $_SERVER['HTTP_REFERER'] : $_SERVER['PHP_SELF'];
$referrer = add_query_arg('result', 'failed', $referrer);
$referrer = add_query_arg('username', $username, $referrer);
if(!empty($referrer) && !strstr($referrer, 'wp-login') && !strstr($referrer, 'wp-admin')) :
wp_redirect($referrer);
exit;
endif;
}
However, I noticed that if the username field was empty I was not being redirected and instead the user was still being shown wp-login.php.
Upon further inspection I found the wp_authenticate() function where upon I noticed that if the first login error was either empty_username or empty_password, the wp_login_failed action hook was not added. To counter this, I ustilised the authenticate filter hook and actually changed the code of the aforementioned errors, prepending djg_ to them, so that they were not ignored.
add_filter('authenticate', 'djg_authenticate_login', 99, 3);
function djg_authenticate_login($user, $username, $password){;
if(is_wp_error($user)) :
$codes = $user->get_error_codes();
$messages = $user->get_error_messages();
$user = new WP_Error;
for($i = 0; $i <= count($codes) - 1; $i++) :
$code = $codes[$i];
if(in_array($code, array('empty_username', 'empty_password'))) :
$code = 'djg_' . $code;
endif;
$user->add($code, $messages[$i]);
endfor;
endif;
return $user;
}
This works, but now if the users goes directly to the wp-login.php page, which has to remain available (as described in Background), an error is displayed -
ERROR: The username field is empty.
ERROR: The password field is empty.
Finally, after much hair pulling, I found in the wp_signon() function the code that was causing this, but to my eye I cannot see any filters that allow me to change the behaviour anywhere around the snippit. Basically it's saying that if the errors are exactly empty_username and empty_password, ignore them. -
if ( is_wp_error($user) ) {
if ( $user->get_error_codes() == array('empty_username', 'empty_password') ) {
$user = new WP_Error('', '');
}
return $user;
}
Details
wp_authenticate()is located in/wp-includes/pluggable.php- The
authenticatefilter hook is found within thewp_authenticate()function - The
wp_login_failedaction hook is found within thewp_authenticate()function wp_signon()is located in/wp-includes/user.php
Question (again)
Does anybody know a way to both stop wp-login.php being displayed for empty username errors, while avoiding an error being displayed for the same reason when a user goes directly to wp-login.php?
Background
I'm attempting to make a seemless frontend login for a blog, while still leaving wp-login.php available to those users who know how to get there. wp-login.php is also required to authenticate frontend logins, so it cannot be removed completely.
I'm almost there, but I have one issue with login failures, specifically with an empty username.
Question
Does anybody know a way to both stop wp-login.php being displayed for empty username/password errors, while avoiding an error being displayed for the same reason when a user goes directly to wp-login.php?
My work
I located the wp_login_failed hook and created the function below. Basically it adds query args to say that the login has failed and what username was entered before redirecting the user back to the frontend login. With the query args I can then determain why the login failed and display a message to the user.
add_action('wp_login_failed', 'djg_front_end_login_fail');
function djg_front_end_login_fail($username){
$referrer = (isset($_SERVER['HTTP_REFERER'])) ? $_SERVER['HTTP_REFERER'] : $_SERVER['PHP_SELF'];
$referrer = add_query_arg('result', 'failed', $referrer);
$referrer = add_query_arg('username', $username, $referrer);
if(!empty($referrer) && !strstr($referrer, 'wp-login') && !strstr($referrer, 'wp-admin')) :
wp_redirect($referrer);
exit;
endif;
}
However, I noticed that if the username field was empty I was not being redirected and instead the user was still being shown wp-login.php.
Upon further inspection I found the wp_authenticate() function where upon I noticed that if the first login error was either empty_username or empty_password, the wp_login_failed action hook was not added. To counter this, I ustilised the authenticate filter hook and actually changed the code of the aforementioned errors, prepending djg_ to them, so that they were not ignored.
add_filter('authenticate', 'djg_authenticate_login', 99, 3);
function djg_authenticate_login($user, $username, $password){;
if(is_wp_error($user)) :
$codes = $user->get_error_codes();
$messages = $user->get_error_messages();
$user = new WP_Error;
for($i = 0; $i <= count($codes) - 1; $i++) :
$code = $codes[$i];
if(in_array($code, array('empty_username', 'empty_password'))) :
$code = 'djg_' . $code;
endif;
$user->add($code, $messages[$i]);
endfor;
endif;
return $user;
}
This works, but now if the users goes directly to the wp-login.php page, which has to remain available (as described in Background), an error is displayed -
ERROR: The username field is empty.
ERROR: The password field is empty.
Finally, after much hair pulling, I found in the wp_signon() function the code that was causing this, but to my eye I cannot see any filters that allow me to change the behaviour anywhere around the snippit. Basically it's saying that if the errors are exactly empty_username and empty_password, ignore them. -
if ( is_wp_error($user) ) {
if ( $user->get_error_codes() == array('empty_username', 'empty_password') ) {
$user = new WP_Error('', '');
}
return $user;
}
Details
wp_authenticate()is located in/wp-includes/pluggable.php- The
authenticatefilter hook is found within thewp_authenticate()function - The
wp_login_failedaction hook is found within thewp_authenticate()function wp_signon()is located in/wp-includes/user.php
Question (again)
Does anybody know a way to both stop wp-login.php being displayed for empty username errors, while avoiding an error being displayed for the same reason when a user goes directly to wp-login.php?
1 Answer
Reset to default 9WordPress handles login failed in two ways:
- If it is a bad credential, and both username and password have a
value, then this action can be captured by
wp_login_failed - If both, or one, of the options are empty, then WordPress generates
the error object as the first parameter in the authenticate filter;
it does not open and
wp_login_failedaction captures this cause/event
For what we have done here, see comments in code:
add_filter( 'authenticate', function( $user, $username, $password ) {
// forcefully capture login failed to forcefully open wp_login_failed action,
// so that this event can be captured
if ( empty( $username ) || empty( $password ) ) {
do_action( 'wp_login_failed', $user );
}
return $user;
}, 10, 3 );
// to handle even you can handle the error like
add_action( 'wp_login_failed', function( $username ) {
if ( is_wp_error( $username ) ) {
// perform operation on error object for empty error
}
} );
本文标签:
版权声明:本文标题:login - Redirect user using the 'wp_login_failed' action hook if the error is 'empty_username' o 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1745453100a2658978.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论