Can a wordpress user keep logged in another server? - wordpress

I have a woprpress site and need the user automatically login in another server no wordpress when he will visite that site. Is that possible?

You can set cookie or session or etc...
With this data you can run auto login function.
My example:
function auto_login() {
// this works perfectly
$user_login = 'admin';
// this does not work even when setting the same variable via query string ?user=admin
// $user_login = $_GET['user'];
//get user's ID
$user = get_userdatabylogin($user_login);
$user_id = $user->ID;
//login
wp_set_current_user($user_id, $user_login);
wp_set_auth_cookie($user_id);
do_action('wp_login', $user_login);
}
add_action('init', 'auto_login');

Related

Changing Roles in WooC based on Order Status

I want to be able to manually confirm offers --> Thereby changing the order status before a user gets assigned a new role on my page. I tried to combine two functions I found here but when I launched them the page crashed.
The manual confirmation is important since we have to check each person that wants to purchase a membership. The Roles are important because I use them to limit access to other parts of the website.
A users Journey:
A user comes to the website. Then has to log in or create a profile. Then they are forwarded to the site where you can get the membership. (Woocomerce and Stripe) I want to be able to manually confirm if somebody buys a membership or not. If I confirm the user gets a new role. If I don't confirm the user gets no role or is deleted ( the payments should obviously not happen in that case.
What is the problem can somebody please help?
function uiwc_change_role( $order_id ) {
// get all the order data
$order = new WC_Order($order_id);
$user = $order->get_user();
$order_status = $order->get_status();
if ('complete' == $order_status) {
if( false != $user && !user_can($user, 'administrator') ){
// our new role name
$role = 'aktives_mitglied2022';
//set the new role to our customer
$user->set_role($role);
}
//return $order_status;
}
}
//add this newly created function to the thank you page
add_action( 'woocommerce_thankyou', 'uiwc_change_role', 100, 1 );
function custom_uiwc_change_role( $order_id ) {
// get all the order data
$order = new WC_Order($order_id);
$user = $order->get_user();
$order_status = $order->get_status();
if ('complete' == $order_status) {
if( false != $user && !user_can($user, 'administrator') ){
// our new role name
$role = 'aktives_mitglied2022';
//set the new role to our customer
$user->set_role($role);
}
//return $order_status;
}
}
//add this newly created function to the thank you page
add_action( 'woocommerce_thankyou', 'custom_uiwc_change_role', 100, 1 );

Disable auto login upon registration in Wordpress

[update1] I am using the ClassiCraft theme and I have no idea where to customize the login and register forms
[update2] I know that the registration process does not go through wp_authenticate because I redefined it inside a plugin of mine
I am quite new in the Wordpress world (actually just got my hands on it for the first time yesterday) and I am having some difficulties finishing up a little project I am working on.
The project is rather simple (or so I thought) and consists in adding a confirmation link to email received upon registration in order to validate the email address provided to prevent using fake emails that the registrar does not even own.
I am about all done except that once I hit the register button it leads to log in the freshly created user.
I googled stuff like "wp disable auto login on registration" and whatnot but I have not been able to find anything that worked. I even tested a few plugins supposed to be doing exactly what I need but none of them worked.
Also, I am not using any plugins for the registration/login forms and it appears that the code in the wp-login.php file is actually not even used...
Would anyone have an idea? Thanks
Okay, so without an access to the theme, i can't really answer you.
But i can tell you what I would try.
1. Add action on user_register hook, to add a post meta that will be useful to check if user has confirm his email.
add_action( 'user_register', 'add_has_confirm_email_user_meta');
function add_has_confirm_email_user_meta( $user_id ) {
update_user_meta( $user_id, 'has_confirm_email', 0 );
}
2. Prevent the user from log in automatically after registration.
Here i can't tell you the hook that will works for you. For example, the hook for the wordpress registration is user_register, but if you have woocommerce, the hook I will use, would be woocommerce_registration_redirect. So try to find what hook is available after the registration with your theme.
In all case, the code in the function would be something like :
function custom_registration_redirect() {
// Log out the user
wp_logout();
// The login url could be an other, with woocommerce for example it is : get_permalink(get_option('woocommerce_myaccount_page_id')
$login_url = wp_login_url();
// Redirect on it
wp_redirect( $login_url);
exit;
}
It will also be necessary, to add a message on this page to alert the user, that he will receive an email to confirm his account.
3. Prevent user from login when he submit the log in form
Add action on wp_login hook to achieve that.
add_action('wp_login', 'prevent_user_from_login', 10, 2);
function prevent_user_from_login($user_login, $user = null ) {
if ( !$user ) {
$user = get_user_by('login', $user_login);
}
if ( !$user ) {
// not logged in
return;
}
// Get user meta
$has_confirm_email = get_user_meta( $user->ID, 'has_confirm_email', true );
if ( $has_confirm_email == '0' ) {
// Clear cookies, a.k.a log user out
wp_clear_auth_cookie();
$login_url = wp_login_url();
$login_url = add_query_arg( 'has_confirm_email', '0', $login_url);
wp_redirect( $login_url );
exit;
}
}
4. Add message on log in page if we get the has_confirm_email to 0
add_filter('login_message', 'has_not_confirm_email_login_message');
function has_not_confirm_email_login_message($message) {
if ( isset( $_GET['has_confirm_email'] ) && $_GET['has_confirm_email'] == 0 ) {
$message = '<div id="login_error">You have not confirmed your email.</div>';
}
return $message;
}
5. Send the email with a link to confirm his email.
You will need to generate a token to add to the url.
For the hook to change the default email sent by Wordpress, you can use wp_new_user_notification_email that is available since the 4.9 of Wordpress.
In the function itself you could do something like :
function wp_new_user_notification_email( $wp_new_user_notification_email, $user, $blogname) {
// Generate the token (there is other function available with php 7, but this one works great)
$token = bin2hex(openssl_random_pseudo_bytes(16));
// Add the token to the user
update_user_meta( $user->id, 'confirm_email_token', $token );
// Get your login url
$log_in_url = wp_login_url();
// Add user id and token to the url
$url = add_query_arg(
array(
'token' => $token,
'user_id' => $user->id
),
$log_in_url
);
//
$wp_new_user_notification_email['subject'] = 'Welcome on our website, please confirm your email';
$wp_new_user_notification_email['message'] = 'Blablabla... the url to confirm is: '. $url;
return $wp_new_user_notification_email;
}
6. Hook on the login page to check the $_GET, looking for user_id and token.
Here we check the token and the user. If everything is okay, update the user meta has_confirm_email to 1, so the user can connect, and add a message : "Your email has been confirmed, you can now log in"
add_action( 'login_init', 'custom_login_init');
function custom_login_init(){
if(!empty($_GET['token']) && !empty($_GET['user_id'])) {
if(get_the_author_meta( 'confirm_email_token', $_GET['user_id']) === $_GET['token']) {
// Set the has_confirm_email to 1 so the user can now log in
update_user_meta( $user_id, 'has_confirm_email', 1);
update_user_meta( $user_id, 'confirm_email_token', '');
echo 'Your email has been confirmed, you can now log in';
}
}
}
7. Time for thinking
Okay, after all of his, i'm gonna think a little, and read what i have tell you, to check if there is no mistake ^^. Tell me if you need more explanations.
I think this is a good start for you, and if you find the right hooks, you will achieve this rapidly.
Be careful on some hooks that i have used, because your theme may have use a custom registration or something.
Here is what I did:
added a column in the table wp_users to receive the email confirmation code
built a plugin (details here) called user-emails that allows me to bypass the first email sent upon registration by redefining the function wp_new_user_notification (in which I generate the confirmation code, add it to the user in the DB and send a confirmation email of my own sauce)
redefined the wp_authenticate function inside the same plugin user-emails to allow me to check if the email has been confirmed (column value not null)
created a page for the confirmation with the email and code passed to it that, in case of success, display a message and a link to the home page in order to login
finally got my hands on that one tiny line of code responsible for the auto login after registration located in the page user_auth.php inside the theme folder itself (that file also contains the layout for the login and registration form)
wp_set_auth_cookie( $user_id, true, $secure_cookie );
made sure to display a message after registration informing the user to check his email for the confirmation email

Buddypress - when user activates account,user role changes to default

Iam working with buddypress,
I have a two user roles,
1-student
2-faculty
and i have set default user role as subscriber.
when user registers and activates account by clicking on link sent through mail.User role changes to default(subscriber).
Any idea what is the issue? Below is the code assigning role to user on sign up.
add_action('bp_core_signup_user', 'ad_user_signup_usermeta', 10, 5);
function ad_user_signup_usermeta($user_id, $user_login, $user_password, $user_email, $usermeta) {
if(isset($_POST['signup_membership']) && !empty($_POST['signup_membership']))
update_user_meta($user_id, 'membership', $_POST['signup_membership']);
$userdata = array();
$userdata['ID'] = $user_id;
if(!empty($_POST['signup_usertype'])) {
if($_POST['signup_usertype'] == 'student') {
$userdata['role'] = 'student';
}
if($_POST['signup_usertype'] == 'instructor') {
$userdata['role'] = 'instructor';
}
}
if ($userdata['role']){
wp_update_user($userdata);
}
}
Upon activation, BuddyPress (at least version 2.0.2) updates the user's role to the default role.
https://buddypress.trac.wordpress.org/browser/tags/2.0.2/bp-members/bp-members-functions.php#L1560
You can comment out that line, or write some code to work around it. I'm using "WP Roles At Registration" and ran across the same problem. I ended up adding a filter on bp_core_signup_user to save the original role but you'll want to add something like this to your ad_user_signup_usermeta:
update_user_meta($user_id, 'temp_role', $role_name)
then reset it back in a filter for bp_core_activated_user
public function after_bp_activated_user($user_id, $key, $user) {
$user = get_userdata($user_id);
$role = get_user_meta($user_id, 'temp_role');
if ($role) {
$user->set_role($role[0]);
}
}
add_filter('bp_core_activated_user', array($this, 'after_bp_activated_user'), 30, 3);

WordPress Adding custom login authentication

I have added custom fields on registration to allow the user to input their own password and have also created code to generate a verification code which then gets emailed over to the user. Of course, the users needs to click the link in the email before they can log in.
Here's where I am stuck. I am trying to add my own authentication to check the status of the verification when the user tried to log in.
Here's my code which isn't working;
function check_validation_status($username) {
$user = get_user_by('login', $username);
$userID = $user->ID;
$status = get_user_meta($userID, 'verified', true);
if($status == '0') {
return;
}
}
add_action('wp_authenticate', 'check_validation_status');
Unfortunately this code doesn't seem to do anything. I have also tried the following (hooking into a different action)
function check_validation_status($username) {
$user = get_user_by('login', $username);
$userID = $user->ID;
$status = get_user_meta($userID, 'verified', true);
if($status == '0') {
wp_logout(); // works but doesn't show an error :(
}
}
add_action('wp_login', 'check_validation_status');
This code is successfulling logging the user straight out if they are not verified however it shows no form of error to the user, they just get redirected straight back to the login page.
Logging the user in but straight back out seems like a sloppy way to do it, is there a way to prevent the log in in the first place?
I have managed to fix this issue now. I instead needed to hook into wp_authenticate_user and return a WP_Error. Here is my working code, I hope it helps someone out in the future.
function check_validation_status($user, $password) {
$userID = $user->ID;
$status = get_user_meta($userID, 'verified', true);
if($status == '0') {
$errors = new WP_Error();
$errors->add('title_error', __('<strong>ERROR</strong>: This account has not been verified.', 'podium'));
return $errors;
}
return $user;
}
add_action('wp_authenticate_user', 'check_validation_status', 10, 2);

Cannot set user password in wordpress

i have tried everything i could find to set the user password on registration, but no success... I have the fields showing up, the verification(if the passwords match etc) i print them on screen, i print the userid on screen so every argument needed is there, but the function doesn't seem to work at all...
This doesn't work...
$newpassword = "zzzzzz";
update_user_meta($user_id, 'user_pass', $newpassword);
This doesn't work either...
add_action( 'user_register', 'ts_register_extra_fields', 10 );
function ts_register_extra_fields($user_id, $password='11',$meta = array()){
$userdata = array();
if ( $_POST['password'] !== '' ) {
$userdata['user_pass'] = $_POST['password'];
}
$new_user_id = wp_update_user( $userdata );
}
My customer needs this for tomorrow, so I'm totally lost by now, i have no clue on why it's not working...
Forgot to add, all this code is added in the functions.php of my theme. (It gets into it as i already said that i post the variables on screen).
add_action( 'user_register', 'ts_register_extra_fields', 100 );
function ts_register_extra_fields( $user_id, $password = '', $meta = array() ) {
$userdata = array();
$userdata['ID'] = $user_id;
$userdata['contacto'] = $_POST['contacto'];
$userdata['nif'] = $_POST['nif'];
if ( $_POST['password'] !== '' ) {
$userdata['user_pass'] = $_POST['password'];
echo "im in";
}
$new_user_id = wp_insert_user( $userdata );
echo "id-".$userdata['ID'];
echo "contacto-".$userdata['contacto'];
echo "nif-".$userdata['nif'];
echo "pass-".$userdata['user_pass'];
}
All those echos output the correct data... for example id = 195 the next time i try 196 etc...
contacto and nif show the data that i input in the custom registration field and the pass also shows the data that i had inputed in the custom registration field password...
First of all, I think WordPress is using MD5 encryption for passwords.
$hash = wp_hash_password( $newpassword );
// then wp_update_user with $hash as the user_pass value
Secondly, you shouldn't send passwords in clear text over the Internet. If you can encrypt the password with javascript before you send it, it would probably be a lot safer.
At last, give a shot at updating an existing user by specifying ID in wp_update_user.
A HA! Found the error. I have another plugin installed called "New User Aprovement" which required an administrator aprovement in order for the user to login. That plugin when the administrator accepted the user to login, generated another password (to be able to send the password to the user in a readable mode), invalidating the password update that i made when the user registered(because it generated a random password after the admin accept).
I found this by disabling the plugin and testing the functions.php. It did work. In order to make them both work i just erased the code in the plugin that generated a random password. Although the user doesn't receive the account summary via email. It works for my needs.
Best Regards,
Vcoder

Resources