How to disable admin login from front end? - wordpress

I'm trying to disable admin login from front end of my wordPress site but my backend login also gets disable both login shows admin cannot login here
<?php
add_filter( 'authenticate', 'wp_admin_prevent_authentication', 30, 3 );
function wp_admin_prevent_authentication( $user, $username, $password ) {
if ( $user instanceof WP_User && is_page( 'my-account' ) ) {
if ( array_intersect( (array) $user->roles, [ 'administrator' ] ) ) {
return new WP_Error( 'admin-error', 'Admins cannot login from here.' );
};
};
return $user;
};

Not sure you can use is_page() inside authenticate but you can get page name using $_SERVER['REQUEST_URI']. check the below code.
function wp_admin_prevent_authentication( $user, $username, $password ) {
$url = explode( '/', rtrim( $_SERVER['REQUEST_URI'], '/') );
// If in My account dashboard page
if( $user instanceof WP_User && end( $url ) == 'my-account' ){
if ( array_intersect( (array) $user->roles, [ 'administrator' ] ) ) {
return new WP_Error( 'admin-error', 'Admins cannot login from here.' );
}
}
return $user;
}
add_filter( 'authenticate', 'wp_admin_prevent_authentication', 30, 3 );
Tested and works.

You can try with the below code, maybe it will work for you.
function wpum_admin_prevent_authentication( $user, $username, $password ) {
if ( $user instanceof WP_User && is_page( wpum_get_core_page_id( 'login' ) ) ) {
if ( array_intersect( (array) $user->roles, [ 'administrator' ] ) ) {
return new WP_Error( 'admin-error', 'Admins cannot login from here.' );
}
}
return $user;
}
add_filter( 'authenticate', 'wpum_admin_prevent_authentication', 30, 3 );

Related

Redirect user to a personal page based on User Id

Hi I use this code to redirect users on login based on the user role.
I want to modify it to use redirect based on the user id.
How could i do this?
Thanks
function my_login_redirect( $url, $request, $user ){
if( $user && is_object( $user ) && is_a( $user, 'WP_User' ) ) {
if( $user->has_cap( 'administrator' ) ) {
$url = home_url('mypage.html');
} else {
$url = home_url('/index.php');
}
}
return $url;}add_filter('login_redirect', 'my_login_redirect', 10, 3 );
Your $user object already contains the ID.
Your code would then look like this if you want to check for user with id 79:
function my_login_redirect( $url, $request, $user ){
if ( $user && is_object( $user ) && is_a( $user, 'WP_User' ) ) {
if ( $user->ID == 79 ) {
$url = home_url( '/mypage.html' );
} else {
$url = home_url( '/index.php' );
}
}
return $url;
}
add_filter( 'login_redirect', 'my_login_redirect', 10, 3 );
Put the above in your functions.php. Tested and works.

custom error message for empty username and password using authenticate filter not working

I'm trying to override the authenticate to edit the default error message.
/**
Purposed: Custom Login Error Message
Description: This function override the default error message on login form.
**/
remove_filter( 'authenticate', 'wp_authenticate_username_password' );
add_filter( 'authenticate', 'custom_authenticate_username_password', 30, 3 );
/**
* Remove Wordpress filer and write our own with changed error text.
*/
function custom_authenticate_username_password( $user, $username, $password ) {
if ( is_a($user, 'WP_User') )
return $user;
if ( empty( $username ) || empty( $password ) ) {
if ( is_wp_error( $user ) )
return $user;
$error = new WP_Error();
if ( empty( $username ) )
$error->add('empty_email', __('The username or email field is empty.'));
if ( empty( $password ) )
$error->add('empty_password', __( 'The password field is empty' ));
return $error;
}
$user = get_user_by( 'login', $username );
if ( !$user )
return new WP_Error( 'invalid_username', sprintf( __( 'Invalid username or email address.' ), wp_lostpassword_url() ) );
$user = apply_filters( 'wp_authenticate_user', $user, $password );
if ( is_wp_error( $user ) )
return $user;
if ( ! wp_check_password( $password, $user->user_pass, $user->ID ) )
return new WP_Error( 'incorrect_password', sprintf( __( 'The password you\'ve entered is incorrect.' ),
$username, wp_lostpassword_url() ) );
return $user;
}
Unfortunately, the empty username or password error is not overriding.
The default error message for username and password are;
<strong>Error</strong> : The username field is empty.
<strong>Error</strong> : The password field is empty.
I would like to change it to;
The username or email field is empty.
The password field is empty.
However, the invalid_username and incorrect_password are working and I successfully override it.
You have an or statement and an individual statement, it's only going to return one. Try changing it around a little:
Updated
Regardless of how you would like to structure your code, I added the $error->get_error_messages(); at the end of the error. For more more information, you can have a look at this information: https://code.tutsplus.com/tutorials/wordpress-error-handling-with-wp_error-class-i--cms-21120
if ( empty( $username ) || empty( $password ) ) {
$error = new WP_Error();
if ( empty( $username ) || empty( $password ) ) {
if ( empty( $username ) ) {
$error->add( 'empty_email', __( 'The username or email field is empty.' ) );
}
if (empty( $password ) ) {
$error->add( 'empty_password', __( 'The password field is empty' ) );
}
}
return $error->get_error_messages();
} elseif ( is_wp_error( $user ) ) {
return $user->get_error_message();
}
The following code is the reason why it doesn't overriding.
if ( empty( $username ) || empty( $password ) ) {
if ( is_wp_error( $user ) )
return $user;
...
Try to remove this condition.
if (is_wp_error( $user ) )
return $user;
It should be something like this.
/**
Purposed: Custom Login Error Message
Description: This function override the default error message on login form.
**/
remove_filter( 'authenticate', 'wp_authenticate_username_password' );
add_filter( 'authenticate', 'custom_authenticate_username_password', 30, 3 );
/**
* Remove Wordpress filer and write our own with changed error text.
*/
function custom_authenticate_username_password( $user, $username, $password ) {
if (is_a($user, 'WP_User')){
return $user;
}
if (empty($username) || empty($password)) {
$error = new WP_Error();
if (empty($username )){
$error->add('empty_email', __('The username or email field is empty.'));
}
if (empty($password)){
$error->add('empty_password', __( 'The password field is empty' ));
}
return $error;
}
$user = get_user_by( 'login', $username );
if (!$user){
return new WP_Error( 'invalid_username', sprintf( __( 'Invalid username or email address.' ), wp_lostpassword_url()));
}
$user = apply_filters( 'wp_authenticate_user', $user, $password );
if (is_wp_error($user)){
return $user;
}
if (!wp_check_password( $password, $user->user_pass, $user->ID )){
return new WP_Error( 'incorrect_password', sprintf( __( 'The password you\'ve entered is incorrect.' ),
$username, wp_lostpassword_url() ) );
}
return $user;
}
Notice that I added braces to every condition to make it more clear.
You might also want to override the function wp_authenticate_email_password.
remove_filter( 'authenticate', 'wp_authenticate_email_password' );
add_filter( 'authenticate', 'custom_authenticate_email_password', 31, 3 );
function custom_authenticate_email_password( $user, $email, $password ) {
if ($user instanceof WP_User) {
return $user;
}
if (empty($email) || empty($password)) {
$error = new WP_Error();
if ( empty( $email ) ) {
// Uses 'empty_username' for back-compat with wp_signon().
$error->add( 'empty_username', __( 'The username or email field is empty.' ) );
}
if ( empty( $password ) ) {
$error->add( 'empty_password', __( 'The password field is empty.' ) );
}
return $error;
}
if (!is_email($email)) {
return $user;
}
$user = get_user_by('email', $email);
if (!$user) {
return new WP_Error('invalid_email',__( 'Invalid username or email address.' ));
}
/** This filter is documented in wp-includes/user.php */
$user = apply_filters( 'wp_authenticate_user', $user, $password );
if (is_wp_error($user)){
return $user;
}
if (!wp_check_password( $password, $user->user_pass, $user->ID)){
return new WP_Error('incorrect_password',sprintf( __( 'The password you\'ve entered is incorrect.' ),
$email, wp_lostpassword_url() ) );
}
return $user;
}
There are two functions under authenticate, wp_authenticate_username_password and wp_authenticate_email_password. Try to override both of them, maybe one of them has the error message that is not overriding, use the codes above and examine.

login with username or email in wordpress

I am working on login template...but I want to make login with username as well as email.I got code with for that but it is not worked,it is as follow:
function login_with_email_address($username) {
$user = get_user_by('email',$username);
if(!empty($user->user_login))
$username = $user->user_login;
return $username;
}
add_action('wp_authenticate','login_with_email_address',10,1);
I already put action in 'authenticate' for email verification,it is as follow:
function check_user_status($user, $username, $password) {
if (in_array( 'subscriber', (array) $user->roles ) ) {
if (get_user_meta($user->ID, 'confirm_mail', true) == 1) { return $user; }
else{ return new WP_Error('Account Not Active.'); }
}
else{ return $user; }
}
add_filter('authenticate','check_user_status', 30, 3);
Try this
remove_filter( 'authenticate', 'wp_authenticate_username_password', 20, 3 );
add_filter( 'authenticate', 'tcb_authenticate_username_password', 20, 3 );
function tcb_authenticate_username_password( $user, $username, $password ) {
if ( ! empty( $username ) && is_email( $username ) ) :
if ( $user = get_user_by_email( $username ) )
$username = $user->user_login;
endif;
return wp_authenticate_username_password( null, $username, $password );
}

Wordpress - How to login user to frontend programmatically

I created function for loging in users on frontend using this example: https://gist.github.com/iandunn/8162246
After user logs in is_user_logged_in() function returns true only inside this function where I placed code for login part.
How do I login users globally?
This is my code:
function programmatic_login( $username ) {
if ( is_user_logged_in() ) {
wp_logout();
}
add_filter( 'authenticate', 'allow_programmatic_login', 10, 3 );
$user = wp_signon( array( 'user_login' => $username ) );
remove_filter( 'authenticate', 'allow_programmatic_login', 10, 3 );
if ( is_a( $user, 'WP_User' ) ) {
$user_id = $user->ID;
if( $user ) {
wp_set_current_user( $user_id, $user->user_login );
wp_set_auth_cookie( $user_id );
do_action( 'wp_login', $user->user_login );
}
if ( is_user_logged_in() ) {
return true;
}
}
return false;
}
function allow_programmatic_login( $user, $username, $password ) {
return get_user_by( 'login', $username );
}
function process_login(){
// this comes from login form
$username = $_POST["login_username"];
programmatic_login( $username );
// it returns true only here, on any other function it returns false
if(is_user_logged_in()){
echo "ok";
}else{
echo "not ok";
}
}
This is one example where I try to check if user is logged in, outside previous function:
add_filter('wp_nav_menu_items', 'add_login_logout_link', 10, 2);
function add_login_logout_link($items, $args) {
$loginPage = get_page_by_title("Login");
$registerPage = get_page_by_title("Register");
if(is_user_logged_in()){
$items .= "<li><a href='" . wp_logout_url('index.php') . "' title='Logout'>Logout</a></li>";
}else{
$items .= "<li><a href='". site_url() . '/' . '?page_id=' . $loginPage->ID ."'>Login</a></li><li><a a href='". site_url() . '/' . '?page_id=' . $registerPage->ID ."'>Register</a></li>";
}
return $items;
}
On codex wp_set_current_user there is an example to set the current user and log them in.
$user_id = 12345;
$user = get_user_by( 'id', $user_id );
if( $user ) {
wp_set_current_user( $user_id, $user->user_login );
wp_set_auth_cookie( $user_id );
do_action( 'wp_login', $user->user_login );
}
The simplest fix is to use wp_login_form()
see reference: http://codex.wordpress.org/Function_Reference/wp_login_form
If i understand correctly this should handle everything you want.
This will set the auth cookie and can redirect to the page you want, the login works globally

Conditionally updating roles in WordPress

I actually want to create an easy function but it doesn't seem to work.
I want that when a user logs to his account on Wordpress to change his role (subscriber -> directory_1) on some condition (easy in this case to test, it should change everytime, but still not working).
Here is my code :
add_action('wp_login', 'update_roles');
function update_roles()
{
global $wpdb;
$author = wp_get_current_user();
if(current_user_can('subscriber'))
{
$author->remove_role( 'subscriber' );
$author->add_role( 'directory_1' );
}
}
Thanks for the help!
You should be using wp_update_user() to update a user's role. After you have added a role using add_role(), you can do something like this:
function custom_update_roles( $user_login, $user ) {
if ( ! empty( $user->roles ) && is_array( $user->roles ) ) {
if ( in_array( "subscriber", $user->roles ) ) {
$user_id = wp_update_user( array( 'ID' => $user->ID, 'role' => 'directory_1' ) );
if ( is_wp_error( $user_id ) ) {
// Error.
} else {
// Success.
}
} else {
// This user is not a subscriber.
}
}
}
add_action( 'wp_login', 'custom_update_roles', 10, 2 );
Refs:
http://codex.wordpress.org/Function_Reference/wp_update_user
http://codex.wordpress.org/Function_Reference/add_role

Resources