Develop Reference

Auto Login in wordpress not working properly

I'm trying to develop an auto login system, and I'm having problems with NONCE.
The code I'm using:
if ( 'REGULAR_USER' == $payload->role ) {
$user_login = $payload->preferred_username;
$user = get_user_by('email', $user_login);
$user_id = $user->ID;
clean_user_cache( $user_id);
wp_clear_auth_cookie();
wp_set_current_user($user_id, $user_login);
wp_set_auth_cookie($user_id);
do_action('wp_login', $user_login, $user);
update_user_caches( $user );
}
The variables I get from a JWT token. Everything apparently works. Login is successful.
Problems are triggered when the user tries to do some action that checks nonces.
Explaining better: the application is based on Tutor LMS. The user who automatically logs in to the site cannot, for example, finish the class. That's because at the end of classes, the Tutor triggers a function called checking_nonce(). When the check fails, the function returns: "Nonce not matched. Action failed!"
Here's the code itself that checks inside the Tutor LMS
public function checking_nonce( $request_method = null ) {
! $request_method ? $request_method = $_SERVER['REQUEST_METHOD'] : 0;
$data = strtolower( $request_method ) === 'post' ? $_POST : $_GET;
$nonce_value = sanitize_text_field( tutor_utils()->array_get( tutor()->nonce, $data, null ) );
$matched = $nonce_value && wp_verify_nonce( $nonce_value, tutor()->nonce_action );
if ( ! $matched ) {
wp_send_json_error( array( 'message' => __( 'Nonce not matched. Action failed!', 'tutor' ) ) );
exit;
}
}
A second test was done (to check role permissions). I registered the user as an administrator, did the auto login, and the problem remains.
Important detail: if that same user logs in through wp-admin and tries to finish a class, the error does not happen and everything works correctly.
Are there any different directives that need to be added to not have these issues with nonce validation?

How to get a read confirmation for a post from registered users in WordPress

I am a noob in WordPress and just built an intranet site. The login to the site is by invite only to our internal employees.
We post important internal communication on the portal and would like to know if a logged in user has read the post and on which date. The idea is to find which users have missed reading which posts?
I tried to search for plugins that will help me to get this information, however, I am drawing a complete blank. Even tried experimenting with various user statistics plugins and programs but to no avail. None of the user statistics packages shows such information.
Any help will really be appreciated. Thanks in advance.
Regards,
Mangesh

You can do this with update_post_meta() and get_post_meta().
Create this must-use plugin file and customize:
wp-content/mu-plugins/read.php
<?php // Requires PHP 5.4+.
add_action( 'init', function() {
if ( is_singular() && is_user_logged_in() ) {
$post_id = get_the_ID();
$user_id = get_current_user_id();
$read_by = get_post_meta( $post_id, '_read_by', true );
$read_by = is_array( $read_by ) ? $read_by : [];
if ( ! isset( $read_by[ $user_id ] ) ) {
$read_by[ $user_id ] = time();
update_post_meta( $post_id, '_read_by', $read_by );
}
}
} );

Prevent user to access wordpress login page

I'm using this code to prevent user to access my login page:
global $pagenow;
if ( 'wp-login.php' == $pagenow && ! in_array( ! empty( $_GET['action'] ) ? $_GET['action'] : '', array( 'lostpassword', 'logout', ) ) )
{
global $wp_query;
$wp_query->set_404();
status_header( 404 );
get_template_part( 404 );
exit();
}
It works well and I can't access login page anymore. I also use Simple History plugin to track logs and I still see that someone tries to login my site so many times.
Failed to login with username "*********" (username does not exist) warning
I was wondering why someone can access my login page. Am I missing something in above code?

WooCommerce WC()->session->get is not getting recognized

We have created a site where a user enters a coupon code and it logs them in by creating a cookie by the name of couponid, then we save that cookie to the WooCommerce session because that cookie actually is the category id from which the products are displayed.
Now sometimes the products get displayed, sometimes not, and whenever our custom cookie is set in the browser and we go to /wp-admin to login, it gives us the following error:
Fatal error: Call to a member function get() on a non-object
The above error on the login screen of WordPress is coming from the following function in our functions.php file:
function gfc_insert_coupon_code_to_session(){
if(
is_user_logged_in()
|| ! array_key_exists( 'couponid', $_COOKIE )
|| WC()->session->get( 'couponid', 0 )
){
return;
}
$couponID = esc_attr( $_COOKIE['couponid'] );
if( $couponID ){
WC()->session->set( 'couponid', $couponID );
}
}
add_action( 'woocommerce_init', 'gfc_insert_coupon_code_to_session' );

Try to use:
WC()->session->set( 'couponid', $couponID );
Before calling:
WC()->session->get( 'couponid', 0 )

Test if your are on Back Office, WC()->session isn't set:
if( !is_admin() ) {

The if( !is_admin() ) { ... } fix
did the job for me. I changed the email template and if I tried to resend the email from the backend I received this error. So the admin fix was good.

Conditional Tag - woocommerce customer - logged in - wordpress

I'm looking for the conditional tag (or code / wordpress) to check if a visitor is logged in to the 'basic' Customer role of Woocommerce.
if ( is_user_logged_in() only checks if the visitor is logged in... so this needs te be more specific but I don't know how...
thanks

As current_user_can( 'customer' ) is unreliable, you could roll your own function, as suggested here. In functions.php:
function so19916370_get_user_role( $user_id = 0 )
{
$user = ( $user_id ) ? get_userdata( $user_id ) : wp_get_current_user();
return current( $user->roles );
}
Usage, checking the ID of the current user:
if( 'customer' == so19916370_get_user_role( get_current_user_id() ) )
{
echo 'you are a customer';
}