How can I logout from every where else this place in wordpress? [not wp_logout() because it destroys current session only]
I used this function but it did not work:
WP_User_Meta_Session_Tokens::destroy_other_sessions();
You must first get the user id, then get the token, protect it and destroy the other sessions. Here's a working example:
global $wp_session;
$user_id = get_current_user_id();
$session = wp_get_session_token();
$sessions = WP_Session_Tokens::get_instance($user_id);
$sessions->destroy_others($session);
Here is a working version hooked to the init action.
/**
* Destroys all sessions for this user except the one with the given token (presumably the one in use).
*/
add_action( 'init', 'destroy_all_other_current_user_sessions' );
function destroy_all_other_current_user_sessions() {
$manager = WP_Session_Tokens::get_instance( get_current_user_id() );
$manager->destroy_others( wp_get_session_token() );
};
Related
I'm trying to implement a custom login authentication and am using the authenticate filter.
However, my code doesn't seem to be firing and after many tests I still can't figure out why.
I've tried stripping my code down to the essentials, but it still doesn't fire and I'm logged in every time instead of being rufused.
This is my stripped down code and it is inside my own plugin that is definitely being activated OK, as shown by a display messages I've put elsewhere in the code and it's definitely in the wp_filters array.
Can anyone see why it isn't being fired?
<?php
/**
* Login functions
*/
add_filter('authenticate', 'ii_login_test', 30, 3);
/*
* Custom Login
*/
function ii_login_test($user, $username, $password) {
//return get_userdata(username_exists($username));
return new WP_Error( 'authentication_failed', __( 'ERROR: No user record found.' ));
}
You can try assigning $user to WP_error() and then return the user.
try out this code :-
<?php
/**
* Login functions
*/
add_filter('authenticate', 'ii_login_test', 30, 3);
/*
* Custom Login
*/
function ii_login_test($user, $username, $password)
{
//return get_userdata(username_exists($username));
$user = new WP_Error('authentication_failed', __('ERROR: No user record found.'));
return $user;
}
I have a multisite with a lot of sites on it, registered almost daily. I want to stop the automatic email being send for a new site.
I
n the codex, i found this filter:
apply_filters( 'send_new_site_email', bool $send, WP_Site $site, WP_User $user )
The first argument, $send, can be set to false. Then the mail will not be send.
So I am using the following add_filter function:
function disable_email($send,$site,$user){
$send = false;
return $send;
}
add_filter( 'send_new_site_email', 'disable_email',10,3 );
Why does this not work?
I think you need to increase priority, may be then it will work try something
add_filter( 'send_new_site_email', 'disable_email',25,3 );
Is there an option to destroy all other user session after a user logs in. I found an option for destroying sessions as
// get all sessions for user with ID $user_id
$sessions = WP_Session_Tokens::get_instance( $user->ID );
// we have got the sessions, destroy them all!
$sessions->destroy_all();
It can use on authenticating a user, but I am using a social login plugin for authenticating users, so need to hack the plugin for achieving the same. Can you help me figure out an option to destroy all previous sessions on or after "wp_login" action.
Resolved it!!.
destroy_all() will destroy all the sessions so when we are use this in wp_login hook it will destroy the current session too, instead we can use destroy_others() function.
The final code shown below
function your_function( $user,$user_id) {
$sessions = WP_Session_Tokens::get_instance( get_current_user_id() );
$token = wp_get_session_token();
$sessions->destroy_others( $token );
}
add_action('wp_login', 'your_function',10,2);
You could try to hook into the wp_login action. Could be done in the plugin or in your functions.php
<?php
function your_function() {
// your code
}
add_action('wp_login', 'your_function');
?>
https://codex.wordpress.org/Plugin_API/Action_Reference/wp_login
I'm trying to get update_options to work with this function. Basically, the user enters an activation code and submits it through the plugin options page. The code is sent to the third party and the status returned if successful. This all works as it should but I can't get update_options to change the status of the option in question.
Here is the update function (part of an OOP framework I'm using):
private function _admin_options_update() {
// Verify submission for processing using wp_nonce
if( wp_verify_nonce( $_REQUEST['_wpnonce'], "{$this->namespace}-update-options" ) ) {
$data = array();
/**
* Loop through each POSTed value and sanitize it to protect against malicious code. Please
* note that rich text (or full HTML fields) should not be processed by this function and
* dealt with directly.
*/
foreach( $_POST['data'] as $key => $val ) {
$data[$key] = $this->_sanitize( $val );
}
/**
* Place your options processing and storage code here
*/
// Update the options value with the data submitted
update_option( $this->option_name, $data );
// Redirect back to the options page with the message flag to show the saved message
wp_safe_redirect( $_REQUEST['_wp_http_referer'] . '&update=1' );
exit;
}
}
I'm trying to run this function:
update_option( $WPBackitup->options['status'], $license_data->license );
Figured this one out myself. Basically, the framework was sanitizing any data submitted via its form variables and then submitting it to the DB. I got the third party API to work by manually loading its return into the array that the framework sanitized and sent to the DB. Once I'd done that, update_options() worked like a charm!
I am using get_current_user_id() and wp_get_current_user() multiple times in my plugin. Are these functions going to send a database request everytime I use them or is the user object of the current user always available (cause wordpress requests it anyway on initializing)?
Would it be better to declare a global var at the start of my script with the current user info?
<?php
global $currentUser;
$currentUser = wp_get_current_user();
function function1() {
global $currentUser;
echo $currentUser->ID;
}
?>
No it will not. It will read the wordpress global variable $current_user