I have added custom fields on registration to allow the user to input their own password and have also created code to generate a verification code which then gets emailed over to the user. Of course, the users needs to click the link in the email before they can log in.
Here's where I am stuck. I am trying to add my own authentication to check the status of the verification when the user tried to log in.
Here's my code which isn't working;
function check_validation_status($username) {
$user = get_user_by('login', $username);
$userID = $user->ID;
$status = get_user_meta($userID, 'verified', true);
if($status == '0') {
return;
}
}
add_action('wp_authenticate', 'check_validation_status');
Unfortunately this code doesn't seem to do anything. I have also tried the following (hooking into a different action)
function check_validation_status($username) {
$user = get_user_by('login', $username);
$userID = $user->ID;
$status = get_user_meta($userID, 'verified', true);
if($status == '0') {
wp_logout(); // works but doesn't show an error :(
}
}
add_action('wp_login', 'check_validation_status');
This code is successfulling logging the user straight out if they are not verified however it shows no form of error to the user, they just get redirected straight back to the login page.
Logging the user in but straight back out seems like a sloppy way to do it, is there a way to prevent the log in in the first place?
I have managed to fix this issue now. I instead needed to hook into wp_authenticate_user and return a WP_Error. Here is my working code, I hope it helps someone out in the future.
function check_validation_status($user, $password) {
$userID = $user->ID;
$status = get_user_meta($userID, 'verified', true);
if($status == '0') {
$errors = new WP_Error();
$errors->add('title_error', __('<strong>ERROR</strong>: This account has not been verified.', 'podium'));
return $errors;
}
return $user;
}
add_action('wp_authenticate_user', 'check_validation_status', 10, 2);
Related
I am in the process of trying to get our custom code out of core.
In this function I capture the old session ID to update a project the user may have been working on while not logged in.
function user_authenticate_finalize(&$edit) {
global $user;
watchdog('user', 'Session opened for %name.', array('%name' => $user->name));
// Update the user table timestamp noting user has logged in.
// This is also used to invalidate one-time login links.
$user->login = time();
db_query("UPDATE {users} SET login = %d WHERE uid = %d", $user->login, $user->uid);
$old_session_id = session_id(); //THIS LINE NEEDS TO BE MOVED
// Regenerate the session ID to prevent against session fixation attacks.
sess_regenerate();
tf_user_new_session_id($user, $old_session_id); //THIS LINE NEEDS TO BE MOVED
user_module_invoke('login', $edit, $user);
}
The lines right before and right after sess_regenerate();
As far as I can tell, you would have to write your own login process to accomplish this cleanly in D6. I'd probably do a hook_form_alter() and replace the submit handler on the login form with my own.
function tf_user_user($op, &$edit, &$account, $category = NULL)
{
$current_session = session_id();
if ('login' == $op)
{
setcookie('session_id_anonymous', $current_session, time() + 86400);
}
if ('load' == $op)
{
if (isset($_COOKIE['session_id_anonymous']) && $_COOKIE['session_id_anonymous'] != $current_session)
{
tf_user_new_session_id($account->uid, $_COOKIE['session_id_anonymous'], $current_session);
setcookie('session_id_anonymous', $current_session, time() - 3600);
}
}
//more code
}
I made a plugin that requires the user to validate their email address. It creates "activation_key" meta key with random string for the user and sets it to '' once the user validates. So far so good. But now I need to hook into login and check that activation_key == ''.
This is what I thought should be, but it doesn't get to here.
add_filter( 'authenticate', 'check_if_activated', 10, 3 );
function check_if_activated($user, $username, $password)
{
// check if user has activated their email
return $user;
}
Wordpress already adds filters to authenticate, so you have to register your lower.
add_filter( 'authenticate', 'check_if_activated', 50);
function check_if_activated($user)
{
// If we have an error, no need to check the activation key
// (Wrong credentials, for instance)
if (is_wp_error($user))
{
return $user;
}
// Checks the meta and returns an error if needed
$validation_key = get_user_meta($user->ID, 'activation_key', true);
return empty($validation_key) ? $user : new WP_Error('your_plugin_error_code', 'your error message');
}
I have a woprpress site and need the user automatically login in another server no wordpress when he will visite that site. Is that possible?
You can set cookie or session or etc...
With this data you can run auto login function.
My example:
function auto_login() {
// this works perfectly
$user_login = 'admin';
// this does not work even when setting the same variable via query string ?user=admin
// $user_login = $_GET['user'];
//get user's ID
$user = get_userdatabylogin($user_login);
$user_id = $user->ID;
//login
wp_set_current_user($user_id, $user_login);
wp_set_auth_cookie($user_id);
do_action('wp_login', $user_login);
}
add_action('init', 'auto_login');
Iam working with buddypress,
I have a two user roles,
1-student
2-faculty
and i have set default user role as subscriber.
when user registers and activates account by clicking on link sent through mail.User role changes to default(subscriber).
Any idea what is the issue? Below is the code assigning role to user on sign up.
add_action('bp_core_signup_user', 'ad_user_signup_usermeta', 10, 5);
function ad_user_signup_usermeta($user_id, $user_login, $user_password, $user_email, $usermeta) {
if(isset($_POST['signup_membership']) && !empty($_POST['signup_membership']))
update_user_meta($user_id, 'membership', $_POST['signup_membership']);
$userdata = array();
$userdata['ID'] = $user_id;
if(!empty($_POST['signup_usertype'])) {
if($_POST['signup_usertype'] == 'student') {
$userdata['role'] = 'student';
}
if($_POST['signup_usertype'] == 'instructor') {
$userdata['role'] = 'instructor';
}
}
if ($userdata['role']){
wp_update_user($userdata);
}
}
Upon activation, BuddyPress (at least version 2.0.2) updates the user's role to the default role.
https://buddypress.trac.wordpress.org/browser/tags/2.0.2/bp-members/bp-members-functions.php#L1560
You can comment out that line, or write some code to work around it. I'm using "WP Roles At Registration" and ran across the same problem. I ended up adding a filter on bp_core_signup_user to save the original role but you'll want to add something like this to your ad_user_signup_usermeta:
update_user_meta($user_id, 'temp_role', $role_name)
then reset it back in a filter for bp_core_activated_user
public function after_bp_activated_user($user_id, $key, $user) {
$user = get_userdata($user_id);
$role = get_user_meta($user_id, 'temp_role');
if ($role) {
$user->set_role($role[0]);
}
}
add_filter('bp_core_activated_user', array($this, 'after_bp_activated_user'), 30, 3);
I have to integrate PrestaShop 1.5 with pre-existing symfony application.
Through webservices, I can keep the databases in sync so a user can perform login with the same data on both PrestaShop and application software.
Now I want to to ensure that logging in application, the user is automatically logged in the PrestaShop platform.
Can you help me?
I don't know if you're still searching for a solution but there is a way actually.
DO MAKE SURE IT IS A SECURE LOGIN.
Since you're giving access to all prestashop data do make sure the login is very secure. I've been able to recreate it with PHP I think that with some additions you're able to recreate it the way you want it. See it as a guideline.
To create a login system by using the prestashop webservice you'll need three things
Access through webservice to the customers table
The COOKIE_KEY, defined in app/config -> parameters.php:: 'cookie_key' => '12321test';
Some expierence with PHP
The first thing is to get the customers table from the webservice.
// code placeholder
require_once('./../PSWebServiceLibrary.php');
/**
* get information from PrestaShop
*/
$webService = new PrestaShopWebservice($url, $key, $debug);
$COOKIE_KEY = 'CookieKey';
$email = $_REQUEST['email'];
$password = $_REQUEST['password'];
$optUser = array(
'resource' => 'customers',
'filter[email]' => '[' . $email . ']',
'display' => '[id,email,lastname,firstname,passwd]'
);
$resultUser = ($webService->get($optUser));
$json = json_encode($resultUser);
The second and most important thing is to Check the user input
// code placeholder
foreach ($resultUser->customers->customer as $info) {
// Prestashop uses the cookie_key in combination with a salt key. To check the password use the php function: password_verify();
$salt = substr($info->passwd, strrpos($info->passwd, ':') + 1, 2);
$ZCpassword = md5($COOKIE_KEY . $password) . ':' . $salt;
// Check if password comparison is true or false
if (password_verify($password, $info->passwd) == true) {
session_start();
$response = array();
$response['status'] = 'succes';
$response['message'] = "You did it!";
setcookie("userId", $info->id);
header('Content-type: application/json');
echo json_encode($response);
} else {
$response = array();
$response['status'] = 'error';
$response['message'] = 'Wrong password';
header('Content-type: application/json');
echo json_encode($response);
}
}
This is how to reproduce the issue to a working example.
What i've used is setting a cookie and check if it exists!
Hope this helps!