WordPress過濾器:wp_authenticate_user無法獲取用戶數據
問題描述:
For a WordPress + WooCommerce setup, I\'m trying to implement email activation and Google Captcha function on login using wp_authenticate_user
filter, but the order of checking these are wrong.
Ok scenario
-
Blank username and password without Captcha submit > get the correct error saying the password is blank.
-
Invalid username without password and Captcha submit > correct error message saying bad username or password.
-
Valid username with a wrong password with Captcha submit > bad username or password
Bad scenario
- valid username with a wrong password without Captcha submit > Captcha error
(expecting bad username or password).
How can I change this to check Captcha after username and password validation?
Note:
If I switch email activated check to have more priority then I get that error on bad scenario.
Captcha check
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
function display_login_captcha() { ?> <div class=\"g-recaptcha\" data-sitekey=\"<?php echo get_option(\'captcha_site_key\'); ?>\"></div> <?php } add_action( \"login_form\", \"display_login_captcha\" ); function verify_login_captcha($user,$password) { if (isset($_POST[\'g-recaptcha-response\'])) { $recaptcha_secret = get_option(\'captcha_secret_key\'); $response = wp_remote_get(\"https://www.google.com/recaptcha/api/siteverify?secret=\". $recaptcha_secret .\"&response=\". $_POST[\'g-recaptcha-response\']); $response = json_decode($response[\"body\"], true); if (true == $response[\"success\"]) { return $user; } else { return new WP_Error(\"Captcha Invalid\", __(\" Only 3 attemps allowed, Are you Human? Please validate yourself\")); } } else { return new WP_Error(\"Captcha Invalid\", __(\" Only 3 attemps allowed, It seems like we are having hard time identifying you as a human! If you are then enable JavaScript\")); } } add_filter(\"wp_authenticate_user\", \"verify_login_captcha\", 10, 2); |
Activation check
1 2 3 4 5 6 7 8 9 10 11 12 |
function custom_authenticate_user($userdata) { $isActivated = get_user_meta($userdata->ID, \'is_activated\', true); if (!$isActivated) { $userdata = new WP_Error( \'inkfool_confirmation_error\', __( \'<strong>ERROR:</strong> 111 <\'.$userdata->id.\'>Your account has to be activated before you can login. You can resend by clicking <a href=\"/sign-in/?u=\'.$userdata->ID.\'\">here</a>\', \'inkfool\' ) ); } return $userdata; } add_filter(\'wp_authenticate_user\', \'custom_authenticate_user\',11,1); |
網友觀點:
The function that validates the username/email is hooked to the autenticate
filter with the priority 20
. And the hooks are added through wp-includes/default-filters.php
as you can see below:
1 2 3 4 |
// Default authentication filters add_filter( \'authenticate\', \'wp_authenticate_username_password\', 20, 3 ); add_filter( \'authenticate\', \'wp_authenticate_email_password\', 20, 3 ); |
So if you want your custom validation functions to run after those default validations, then you should hook to the authenticate
filter instead and use 20
(or a higher value - 21
, 30
, etc.) as the priority:
1 2 3 |
add_filter( \'authenticate\', \'verify_login_captcha\', 21, 3 ); add_filter( \'authenticate\', \'custom_authenticate_user\', 21 ); |
And change your function declaration so that it looks like so, where the first parameter is either a NULL
or WP_User
instance on success:
1 2 3 4 5 6 7 8 9 10 11 12 |
function verify_login_captcha( $user, $username, $password ) { ...your validation... return $user; // You should return the WP_User instance or a WP_Error instance on error. } function custom_authenticate_user( $user ) { ...your validation... return $user; // You should return the WP_User instance or a WP_Error instance on error. } |
PS: Make certain to check if the $user
is a valid user object before accessing its properties and methods. See here for more details. E.g.:
1 2 3 4 5 6 7 8 |
function custom_authenticate_user( $user ) { if ( ! $user ) { return $user; } ... } |
1. 帶 [親測] 說明源碼已經被站長親測過!
2. 下載後的源碼請在24小時內刪除,僅供學慣用途!
3. 分享目的僅供大家學習和交流,請不要用於商業用途!
4. 本站資源售價只是贊助,收取費用僅維持本站的日常運營所需!
5. 本站所有資源來源於站長上傳和網路,如有侵權請郵件聯繫站長!
6. 沒帶 [親測] 代表站長時間緊促,站長會保持每天更新 [親測] 源碼 !
7. 盜版ripro用戶購買ripro美化無擔保,若設置不成功/不生效我們不支持退款!
8. 本站提供的源碼、模板、插件等等其他資源,都不包含技術服務請大家諒解!
9. 如果你也有好源碼或者教程,可以到審核區發布,分享有金幣獎勵和額外收入!
10.如果您購買了某個產品,而我們還沒來得及更新,請聯繫站長或留言催更,謝謝理解 !
GG資源網 » WordPress過濾器:wp_authenticate_user無法獲取用戶數據