WordPress过滤器:wp_authenticate_user无法获取用户数据
问题描述:
For a WordPress + WooCommerce setup, I\'m trying to implement email activation and Google Captcha function on login using wp_authenticate_user
filter, but the order of checking these are wrong.
Ok scenario
-
Blank username and password without Captcha submit > get the correct error saying the password is blank.
-
Invalid username without password and Captcha submit > correct error message saying bad username or password.
-
Valid username with a wrong password with Captcha submit > bad username or password
Bad scenario
- valid username with a wrong password without Captcha submit > Captcha error
(expecting bad username or password).
How can I change this to check Captcha after username and password validation?
Note:
If I switch email activated check to have more priority then I get that error on bad scenario.
Captcha check
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
function display_login_captcha() { ?> <div class=\"g-recaptcha\" data-sitekey=\"<?php echo get_option(\'captcha_site_key\'); ?>\"></div> <?php } add_action( \"login_form\", \"display_login_captcha\" ); function verify_login_captcha($user,$password) { if (isset($_POST[\'g-recaptcha-response\'])) { $recaptcha_secret = get_option(\'captcha_secret_key\'); $response = wp_remote_get(\"https://www.google.com/recaptcha/api/siteverify?secret=\". $recaptcha_secret .\"&response=\". $_POST[\'g-recaptcha-response\']); $response = json_decode($response[\"body\"], true); if (true == $response[\"success\"]) { return $user; } else { return new WP_Error(\"Captcha Invalid\", __(\" Only 3 attemps allowed, Are you Human? Please validate yourself\")); } } else { return new WP_Error(\"Captcha Invalid\", __(\" Only 3 attemps allowed, It seems like we are having hard time identifying you as a human! If you are then enable JavaScript\")); } } add_filter(\"wp_authenticate_user\", \"verify_login_captcha\", 10, 2); |
Activation check
1 2 3 4 5 6 7 8 9 10 11 12 |
function custom_authenticate_user($userdata) { $isActivated = get_user_meta($userdata->ID, \'is_activated\', true); if (!$isActivated) { $userdata = new WP_Error( \'inkfool_confirmation_error\', __( \'<strong>ERROR:</strong> 111 <\'.$userdata->id.\'>Your account has to be activated before you can login. You can resend by clicking <a href=\"/sign-in/?u=\'.$userdata->ID.\'\">here</a>\', \'inkfool\' ) ); } return $userdata; } add_filter(\'wp_authenticate_user\', \'custom_authenticate_user\',11,1); |
网友观点:
The function that validates the username/email is hooked to the autenticate
filter with the priority 20
. And the hooks are added through wp-includes/default-filters.php
as you can see below:
1 2 3 4 |
// Default authentication filters add_filter( \'authenticate\', \'wp_authenticate_username_password\', 20, 3 ); add_filter( \'authenticate\', \'wp_authenticate_email_password\', 20, 3 ); |
So if you want your custom validation functions to run after those default validations, then you should hook to the authenticate
filter instead and use 20
(or a higher value - 21
, 30
, etc.) as the priority:
1 2 3 |
add_filter( \'authenticate\', \'verify_login_captcha\', 21, 3 ); add_filter( \'authenticate\', \'custom_authenticate_user\', 21 ); |
And change your function declaration so that it looks like so, where the first parameter is either a NULL
or WP_User
instance on success:
1 2 3 4 5 6 7 8 9 10 11 12 |
function verify_login_captcha( $user, $username, $password ) { ...your validation... return $user; // You should return the WP_User instance or a WP_Error instance on error. } function custom_authenticate_user( $user ) { ...your validation... return $user; // You should return the WP_User instance or a WP_Error instance on error. } |
PS: Make certain to check if the $user
is a valid user object before accessing its properties and methods. See here for more details. E.g.:
1 2 3 4 5 6 7 8 |
function custom_authenticate_user( $user ) { if ( ! $user ) { return $user; } ... } |
1. 带 [亲测] 说明源码已经被站长亲测过!
2. 下载后的源码请在24小时内删除,仅供学习用途!
3. 分享目的仅供大家学习和交流,请不要用于商业用途!
4. 本站资源售价只是赞助,收取费用仅维持本站的日常运营所需!
5. 本站所有资源来源于站长上传和网络,如有侵权请邮件联系站长!
6. 没带 [亲测] 代表站长时间紧促,站长会保持每天更新 [亲测] 源码 !
7. 盗版ripro用户购买ripro美化无担保,若设置不成功/不生效我们不支持退款!
8. 本站提供的源码、模板、插件等等其他资源,都不包含技术服务请大家谅解!
9. 如果你也有好源码或者教程,可以到审核区发布,分享有金币奖励和额外收入!
10.如果您购买了某个产品,而我们还没来得及更新,请联系站长或留言催更,谢谢理解 !
GG资源网 » WordPress过滤器:wp_authenticate_user无法获取用户数据