All geek questions in one place

Wordpress Authentication Filter

I'm currently trying to override the wp_authenticate Wordpress function (without modifying the main files, mostly pluggable.php), however I'm not sure if I will do it right. There are two great links (see below), but they do not explicitly indicate what to do to prevent logging in if certain criteria are met.

In short, I am trying to ban registered users who have not activated their account. I already implemented creating a user with a unique md5 identifier in the usermeta table (attached to their user id). I am basically trying to check this "activation_key" value in the usermeta table at login, if this value exists, I want the login to not happen.

The authenticity filter seems to be exactly what I need, but after changing it and placing it in my functions.php file it doesn't seem to work! Logging in as usual.

Literature:

How to connect to a Wordpress login system to stop some users programmatically?

http://willnorris.com/2009/03/authentication-in-wordpress-28

+3
source share
1 answer

I really found a job.

Using a custom form, you can login to Wordpress using the wp_signon function.

var $creds = array();
$creds['user_login'] = 'example';
$creds['user_password'] = 'plaintextpw';
$creds['remember'] = true;
//check if user has an activation key in the usermeta table
$user = get_userdatabylogin($creds['user_login']); 
if(get_usermeta($user->ID,'activation_key')) { 
} else {
$procLogin = wp_signon( $creds, false );
if ( is_wp_error($procLogin) ) {
echo $user->get_error_message();
} 
echo 'success!';
}

hope this helps someone out there

+2
source

Source: https://habr.com/ru/post/1729240/

More articles:


All Articles