I am trying to login the user using the email only (The password is checked with an API from another system). The thing is all my code is running except for the part of autologin, below is my function:
I already tried different functionalities available online but what is happening with the below code is:
1- it will let the user login, but after refresh or going to any page which requires the user to be logged it, wordpress logs the user out.
function auth_new_user($username){
if(!username_exists($username)) {
// Generate the password and create the user
$password = wp_generate_password( 12, false );
$user_id = wp_create_user( $username, $password, $username );
// Set the nickname
wp_update_user(
array(
'ID' => $user_id,
'nickname' => $username
)
);
// Set the role
$user = new WP_User( $user_id );
$user->set_role( 'Subscriber' );
auto_login_usr($user_id,$username);
} // end if
else{
$the_user = get_user_by('email', $username);
$user_id = $the_user->ID;
echo $user_id;
auto_login_usr($user_id,$username);
}
}
function auto_login_usr($user_id, $username) {
$user = get_user_by( 'id', $user_id );
echo $user->user_login;
echo $user->password;
if( $user ) {
wp_set_current_user( $user_id, $user->user_login );
wp_set_auth_cookie( $user_id ,false, is_ssl());
do_action( 'wp_login', $user->user_login );
}
}
After logging in, WordPress automatically logs the user out ( keeps the user logged in for a second ). Note i debugged the code more than once and everything is appearing correctly ( User Id, User_login, and username).
Appreciate your help.
It is fine i fixed it myself, the headers was already sent. i should call the functions after_theme_setup:
either with a hook
Or Before calling get_header function
Related
I am using below authenticate filter to check the user's role before logging them in and its working fine as per my expectations.
add_filter( 'authenticate', 'my_admin_checkk',1000, 2);
function my_admin_checkk( $user ) {
if ( !is_wp_error($user) ) {
if ( in_array( 'stappro_founder',$user->roles ) || in_array( 'stappro_investor',$user->roles ) ){
return new WP_Error( 'login_failed', __( "Only staff can use this login.", "mysite_domain" ) );
} else {
// allow the login
return $user;
}
} else {
return $user;
}
}
This is working fine as it is not allowing users to login having stappro_founder or stappro_investor roles. This is working fine.
But I have a front end login template and login form through which I am login with these custom roles but the thing is add_filter( 'authenticate' filter getting called here whenever I am trying to login.
I have used remove_filter( 'authenticate', 'my_admin_check',1000, 1); as well but it still gets calling. Please see my full code below.
if ( isset($_POST['action']) == 'log-in' ) {
# Submit the user login inputs
$user = wp_signon(
array(
'user_login' => $_POST['user-name'],
'user_password' => $_POST['password']
)
, false );
remove_filter( 'authenticate', 'my_admin_check',1000, 1);
if ( is_wp_error($user) ) {
echo $user->get_error_message();
} else {
# Redirect to account page after successful login.
if ( $user->ID ) {
wp_set_current_user( $user->ID, $user->name );
wp_set_auth_cookie( $user->ID, true, false );
wp_redirect( home_url('profile') );
}
}
}
Can someone guide me how can I Remove Authenticate Filter here ? How can I allow users to be logged in from front end and disallow them from wp-admin from here on.
Thanks
my users come to my wordpress website from another system. This system is sending $_SESSION to my Wordpress.
I have function how to make login automatically. But problem is, that i can take just hashed password from my DB. I need to disable password hashing and my function will work.
function wpdocs_custom_login() {
if(isset($_SESSION['usr_email'])){
$user = get_user_by( 'login', $_SESSION['usr_login'] );
$creds = array(
'user_login' => $user->user_login,
'user_password' => $user->user_pass,
'remember' => true
);
$user = wp_signon( $creds, false );
if ( is_wp_error( $user ) ) {
echo $user->get_error_message();
}
}
}
// Run before the headers and cookies are sent.
add_action( 'after_setup_theme', 'wpdocs_custom_login' );
?>
Can you help me pls?
This is how you should be authenticating people if they should be logged in due to being logged in in some 3rd party system.
$user = get_user_by('login', $_SESSION['usr_login']);
if($user)
{
clean_user_cache($user->ID);
wp_set_current_user($user->ID);
if (wp_validate_auth_cookie() == FALSE)
{
wp_clear_auth_cookie();
wp_set_auth_cookie($user->ID, true);
}
}
This way you can log them in without compromising security.
Relevant docs:
clean_user_cache
wp_set_current_user
wp_validate_auth_cookie
wp_clear_auth_cookie
wp_set_auth_cookie
I have a custom post type that I would like to use to create a WP user with an action hook. Once a user has completed the form the hook should enter the basic information to begin registering a wp user i.e. username, password email.
This is the function I have so far but I don't know why it is not working.
function agency_add_tenant( $post_id) {
$username = get_post_meta ( $post_id, 'username', true );
$password = get_post_meta ( $post_id, 'password', true );
$email_address = get_post_meta ( $post_id, 'email', true );
$user_id = function wp_create_user( $username, $password, $email_address );
// Email the user
wp_mail( $email_address, 'Welcome!', 'Your Password: ' . $password );
}
I've been trying for days now to take users who have just registered to my WordPress site and automatically log them in and then redirect them to a URL of my choice.
By default, WordPress sends you a username and a password, then you must log in manually. This is a total pain. How can i overcome this.
I have my own registration page(core php page) which successfully adds users into DB. But the point is, i should avoid users to login again.
Once registration is done, it should automatically redirects to home page or profile page.
I am a newbie to wordpress functionalities. It would be grateful if someone(who have knowledge on core functionality of wordpress) at least suggests a way/solution.
Looking forward.
Thanks
// Add on function.php for Auto login after register and redirect to a home page. varified this code
function auto_login_new_user( $user_id ) {
wp_set_current_user($user_id);
wp_set_auth_cookie($user_id);
$user = get_user_by( 'id', $user_id );
do_action( 'wp_login', $user->user_login );//`[Codex Ref.][1]
wp_redirect( home_url() ); // You can change home_url() to the specific URL,such as "wp_redirect( 'http://www.wpcoke.com' )";
exit;
}
add_action( 'user_register', 'auto_login_new_user' );
Following is based on how WooCommerce creates a new user and logs him in:
$user_pass = esc_attr( $_POST['account_password'] );
$new_user_data = array(
'user_login' => $_POST['account_username'],
'user_pass' => $user_pass,
'user_email' => $_POST['account_email'],
'role' => 'subscriber'
);
$user_id = wp_insert_user( $new_user_data );
// Set the global user object
$current_user = get_user_by( 'id', $user_id );
// set the WP login cookie
$secure_cookie = is_ssl() ? true : false;
wp_set_auth_cookie( $user_id, true, $secure_cookie );
to redirect use wp_safe_redirect, e.g.
wp_safe_redirect( home_url( '/' ) );
exit;
Instead of touching core files... You can use this
$secure_cookie = is_ssl();
$secure_cookie = apply_filters('secure_signon_cookie', $secure_cookie, array());
global $auth_secure_cookie;
$auth_secure_cookie = $secure_cookie;
wp_set_auth_cookie($user_id, true, $secure_cookie);
$user_info = get_userdata($user_id);
do_action('wp_login', $user_info->user_login, $user_info);
The function wp_create_user returns the just created user_id which you can use to create a cookie and log the user in. If you wish, you can redirect the logged in user to the profile or home page.
Thanks for your support guys..i did on my own with the following code..thanks for your time and support :)
<i>$getdetails= mysql_fetch_array(mysql_query("SELECT * FROM `wp_users` WHERE `ID`='$user_id'"));
$username=$getdetails['user_login'];
$creds = array();
$creds['user_login'] = $username;
$creds['user_password'] = $password;
$creds['remember'] = true;
$user = wp_signon( $creds, false );
if ( is_wp_error($user) ){
echo $user->get_error_message();
}else{
wp_redirect( home_url() );
}
I am trying to autologin a user after registration.
I am trying this in functions.php file:
add_action( 'user_register', 'auto_login_user' );
function auto_login_user($user_id) {
$user = new WP_User($user_id);
$user_login_var = $user->user_login;
$user_email_var = stripslashes($user->user_email);
$user_pass_var = $user->user_pass;
$creds = array();
$creds['user_login'] = $user_login_var;
$creds['user_password'] = $user_pass_var;
$creds['remember'] = true;
$user = wp_signon( $creds, false );
if ( is_wp_error($user) )
echo $user->get_error_message();
}
I am getting ERROR:
The password you entered for the username "TheNewUserCreated" is incorrect. Lost your password?
How Can I take the password from the User object?
Also because this is a custom registration process in template registration.php I tried to take it with $_POST and run the function in that file but I didnt have any success that way too...
EDIT:
Ok I am getting the encrypted password, so what is the solution here, how can I autologin the user? Maybe I can do this in registration.php page?
Add below function to functions.php file
function auto_login_new_user( $user_id ) {
wp_set_current_user($user_id);
wp_set_auth_cookie($user_id);
// You can change home_url() to the specific URL,such as
//wp_redirect( 'http://www.wpcoke.com' );
wp_redirect( home_url() );
exit;
}
add_action( 'user_register', 'auto_login_new_user' );
If you are using wp_insert_user(); to register your users then to auto-login them it's simple.
This function returns the user ID if success, so use it to login that user.
$id = wp_insert_user($data);
//so if the return is not an wp error object then continue with login
if(!is_wp_error($id)){
wp_set_current_user($id); // set the current wp user
wp_set_auth_cookie($id); // start the cookie for the current registered user
}
but to follow what you have already it can be like this:
add_action( 'user_register', 'auto_login_user' );
function auto_login_user($user_id) {
wp_set_current_user($user_id); // set the current wp user
wp_set_auth_cookie($user_id); // start the cookie for the current registered user
}
//this code is a bit tricky, if you are admin and you want to create a user then your admin session will be replaced with the new user you created :)
function auto_login() {
$getuserdata=get_user_by('login',$_GET['login']);
$tuserid=$getuserdata->ID;
$user_id = $tuserid;
$user = get_user_by( 'id', $user_id );
if( $user ) {
wp_set_current_user( $user_id, $user->user_login );
wp_set_auth_cookie( $user_id );
do_action( 'wp_login', $user->user_login );
}
}
add_action('init', 'auto_login');
i had have the same problem as your and found this best solution. try this in your functions.php file. and one thing more use submit your reset form in a function in functions.php file