I am developing an extension for a plugin and would like to run some code after every time a user logs in. Because I extend a plugin, I wanted to use the already written functions, which inside use is_user_logged_in() calls. If I register for the wp_login action and run is_user_logged_in in my action hook it returns false, which sounds really weird.
Code I was running:
add_action('wp_login', 'exhib_persist_cookies_after_login');
/*
* This method will persist the favorite posts from the cookies just after someone logs in.
*/
function exhib_persist_cookies_after_login() {
//Check if all the required functions are available
if (is_user_logged_in()) {
error_log("persist: USER LOGGED IN");
}
else {
error_log("persist: USER NOT LOGGED IN");
}
}
And in the log I see USER NOT LOGGED IN.
Anyone has a clue why is it happening? I thought is_user_logged_in is checking for the auth cookie, which is according to the doc is already set before wp_login is getting called.
Or anyone has an another idea what action should I register, which only fires once a user logged in and the is_user_logged_in returns there true?
Before you even look at why the modification isn't working, you should think about changing how you're modifying the plugin. Directly modifying a plugin is dangerous. It breaks the upgrade path preventing you from applying upgrades in the future which could resolve critical issues with the plugin itself. The same functionality could be achieved by creating a simple plugin that contains nothing but the code you want to run.
Related
So, maybe I missed this somewhere in the docs but I couldn't find anything of the sort.
I wan't my users to have to type in their current password to be able to create a new one. From what I understand if the user is authenticated he is able to update his password without providing his current one.
Even if this might be somewhat secure I would rather have him type his old one to prevent people from going on already authenticated sessions from say family members or so and changing the pw.
Is there any way to do this?
(I have no problem using the Admin SDK since I already set up a server for these kind of things)
UPDATE: (Use - reauthenticateWithCredential)
var user = firebaseApp.auth().currentUser;
var credential = firebase.auth.EmailAuthProvider.credential(
firebase.auth().currentUser.email,
providedPassword
);
// Prompt the user to re-provide their sign-in credentials
user.reauthenticateWithCredential(credential).then(function() {
// User re-authenticated.
}).catch(function(error) {
// An error happened.
});
PREVIOUS VERSION
you can use reauthenticate API to do so. I am assuming you want to verify a current user's password before allowing the user to update it. So in web you do something like the following:
reauthenticateAndRetrieveDataWithCredential- DEPRECATED
firebase.auth().currentUser.reauthenticateAndRetrieveDataWithCredential(
firebase.auth.EmailAuthProvider.credential(
firebase.auth().currentUser.email,
providedPassword
)
);
If this succeeds, then you can call
firebase.auth().currentUser.updatePassword(newPassword);
I am using the accounts-ui package for Meteor to create a Sign-up/Log-in widget. I want users who are not signed in to be able to continue to use my app anonymously, so I want to detect when a user signs out.
As far as I can tell, there is a way to register a function when the user logs in but no similar event is triggered when the user logs out. The next best thing is the Meteor.logout(\[callback\]) command, which accepts a callback function.
I have found the following lines of code in /Users/<name>/.meteor/packages/accounts-ui-unstyled/.1.1.8.cfkrwq++os+web.browser+web.cordova/web.browser/login_buttons.js
Template.loginButtons.events({
'click #login-buttons-logout': function() {
Meteor.logout(function () {
loginButtonsSession.closeDropdown();
});
}
});
I want to add a call to a method of my own here, but I don't want this method to be called in all the projects where I use accounts-ui. I understand that I could copy the accounts-ui-unstyled/ folder to the packages folder at the root of this project, and modify it there, but then I will miss any updates that may be delivered for the package.
What is the best-practice method of intercepting the log-out call?
Another approach is just to track the logged-in state in a Tracker:
Tracker.autorun(function(){
if ( Meteor.userId() ){
... do things for a logged-in user
} else {
... do things for a logged-out user
}
});
This autorun block will run automatically whenever the login state changes as Meteor.userId() is a reactive data source.
I have a form we want users to access only once, anonymously. We hand out randomly generated usernames and passwords to allow anonymity. I would like to delete user, log off and redirect after successful submission.
I am able to delete the user with wp_delete_user($thisId); but alwyas have a "Cannot modify header information - headers already sent" error. I'm not sure how to approach this one.
I am processing in header.php
If you process in header.php it's too late because the server is already sending the page.
Try hooking your "delete_user" function in a previous action such as init or wp like this (in functions.php):
add_action('init', 'my_delete_user_process');
function my_delete_user_process(){
// Do your stuff
$user_id = get_current_user_id()
wp_delete_user($user_id);
// Do your stuff
}
Could you please advice me how to check user status upon login?
I have added a new field named user_flag in wp_users table to control user status. user_flag has value of active or deactivate.
I want to check this field's value when user logs in.
if value is active, then user can proceed login,
but if value is deactivate, then user can not login, and a message will be displayed to notify user that his account is deactivated and he need to contact admin to re-activate account for him to be able to login.
I looked at wp-login.php file but had no idea where to write code to check above logic, could you please advice me where to check user_flag at login time?
Thank you so much.
Stop trying to modify core code and learn to use the pluggable architecture. Also stop modifying the core database tables. You can store additional fields for users in the usermeta table with add_user_meta and retrieve them with get_user_meta. If you start modifying core code and database tables, you will never be able to upgrade wordpress.
To answer your question, use something like the following in functions.php
add_filter('wp_authenticate_user', function($user) {
if (get_user_meta($user->ID, 'user_flag', true) == 'active') {
return $user;
}
return new WP_Error('Account Not Active...');
}, 10, 2);
See https://codex.wordpress.org/Plugin_API/Filter_Reference/wp_authenticate_user
I'm trying to use WordPress as a website CMS for a kiosk. Each kiosk needs a unique username therefore it must be logged in to WordPress.
I believe WordPress does not use Session ID's therefore how can I ensure the user is never logged out of the site even after X days of inactivity?
Thanks in advance.
How about just simply using the auth_cookie_expiration filter
add_filter('auth_cookie_expiration', function(){
return YEAR_IN_SECONDS * 2;
});
There seems to be mixed accepted answers. First, you should never modify the wordpress core code. Ever. Secondly, per the wordpress developer codex, the "auth_cookie_expiration" filter is what needs to be used here.
add_filter ( 'auth_cookie_expiration', 'wpdev_login_session' );
function wpdev_login_session( $expire ) { // Set login session limit in seconds
return YEAR_IN_SECONDS;
// return MONTH_IN_SECONDS;
// return DAY_IN_SECONDS;
// return HOUR_IN_SECONDS;
}
I've actually created a plugin to deal with this very issue. It uses the idea of persistent login to actually keep users logged into your wordpress website all the time, kind of link how Facebook does it.
Check it out, hope it helps!
WP Persistent Login
You can try configuring the session time for Wordpress. Unfortunately, Wordpress doesn't allow you to easily manipulated this.
You can try out this plugin: http://wordpress.org/extend/plugins/configure-login-timeout/
You can use the plugin "WP Login Timeout Settings" to achieve this. Under "Settings → Login timeout", it then allows you to configure the login timeout for both a normal login and one with the "Remember Me" box ticked.
That's just the same as what the "configure-login-timeout" plugin does, which was already recommended. Just that "WP Login Timeout Settings" seems to be a bit more actively maintained at the moment.