Products
GG网络技术分享 2025-03-18 16:12 5
For a WordPress + WooCommerce setup, I\'m trying to implement email activation and Google Captcha function on login using wp_authenticate_user filter, but the order of checking these are wrong.
Ok scenario
Blank username and password without Captcha submit > get the correct error saying the password is blank.
Invalid username without password and Captcha submit > correct error message saying bad username or password.
Valid username with a wrong password with Captcha submit > bad username or password
Bad scenario
How can I change this to check Captcha after username and password validation?
Note:
If I switch email activated check to have more priority then I get that error on bad scenario.
Captcha check
function display_login_captcha() { ?><div class=\"g-recaptcha\" data-sitekey=\"<?php echo get_option(\'captcha_site_key\'); ?>\"></div>
<?php }
add_action( \"login_form\", \"display_login_captcha\" );
function verify_login_captcha($user,$password) {
if (isset($_POST[\'g-recaptcha-response\'])) {
$recaptcha_secret = get_option(\'captcha_secret_key\');
$response = wp_remote_get(\"https://www.google.com/recaptcha/api/siteverify?secret=\". $recaptcha_secret .\"&response=\". $_POST[\'g-recaptcha-response\']);
$response = json_decode($response[\"body\"], true);
if (true == $response[\"success\"]) {
return $user;
} else {
return new WP_Error(\"Captcha Invalid\", __(\" Only 3 attemps allowed, Are you Human? Please validate yourself\"));
}
} else {
return new WP_Error(\"Captcha Invalid\", __(\" Only 3 attemps allowed, It seems like we are having hard time identifying you as a human! If you are then enable JavaScript\"));
}
}
add_filter(\"wp_authenticate_user\", \"verify_login_captcha\", 10, 2);
Activation check
function custom_authenticate_user($userdata) {$isActivated = get_user_meta($userdata->ID, \'is_activated\', true);
if (!$isActivated) {
$userdata = new WP_Error(
\'inkfool_confirmation_error\',
__( \'<strong>ERROR:</strong> 111 <\'.$userdata->id.\'>Your account has to be activated before you can login. You can resend by clicking <a href=\"/sign-in/?u=\'.$userdata->ID.\'\">here</a>\', \'inkfool\' )
);
}
return $userdata;
}
add_filter(\'wp_authenticate_user\', \'custom_authenticate_user\',11,1);
The function that validates the username/email is hooked to the autenticate filter with the priority 20. And the hooks are added through wp-includes/default-filters.php as you can see below:
// Default authentication filtersadd_filter( \'authenticate\', \'wp_authenticate_username_password\', 20, 3 );
add_filter( \'authenticate\', \'wp_authenticate_email_password\', 20, 3 );
So if you want your custom validation functions to run after those default validations, then you should hook to the authenticate filter instead and use 20 (or a higher value - 21, 30, etc.) as the priority:
add_filter( \'authenticate\', \'verify_login_captcha\', 21, 3 );add_filter( \'authenticate\', \'custom_authenticate_user\', 21 );
And change your function declaration so that it looks like so, where the first parameter is either a NULL or WP_User instance on success:
function verify_login_captcha( $user, $username, $password ) {...your validation...
return $user; // You should return the WP_User instance or a WP_Error instance on error.
}
function custom_authenticate_user( $user ) {
...your validation...
return $user; // You should return the WP_User instance or a WP_Error instance on error.
}
PS: Make certain to check if the $user is a valid user object before accessing its properties and methods. See here for more details. E.g.:
function custom_authenticate_user( $user ) {if ( ! $user ) {
return $user;
}
...
}
Demand feedback