Could you please advice me how to check user status upon login?
I have added a new field named user_flag in wp_users table to control user status. user_flag has value of active or deactivate.
I want to check this field's value when user logs in.
if value is active, then user can proceed login,
but if value is deactivate, then user can not login, and a message will be displayed to notify user that his account is deactivated and he need to contact admin to re-activate account for him to be able to login.
I looked at wp-login.php file but had no idea where to write code to check above logic, could you please advice me where to check user_flag at login time?
Thank you so much.
Stop trying to modify core code and learn to use the pluggable architecture. Also stop modifying the core database tables. You can store additional fields for users in the usermeta table with add_user_meta and retrieve them with get_user_meta. If you start modifying core code and database tables, you will never be able to upgrade wordpress.
To answer your question, use something like the following in functions.php
add_filter('wp_authenticate_user', function($user) {
if (get_user_meta($user->ID, 'user_flag', true) == 'active') {
return $user;
}
return new WP_Error('Account Not Active...');
}, 10, 2);
See https://codex.wordpress.org/Plugin_API/Filter_Reference/wp_authenticate_user
Related
Is there some API in Wordpress to 'authorize' a user? Let's say I want to implement something like:
if (1 == 1) {
user_authenticate('userXY');
}
The method user_authenticate would initialize the session and send the necessary cookies to the user.
Thank you!
There are a number of built-in WordPress functions that you may find helpful for what you're trying to do. I'm guessing the most helpful would be the wp_set_auth_cookie function (See: https://developer.wordpress.org/reference/functions/wp_set_auth_cookie/).
You may want to try something like:
wp_clear_auth_cookie();
$user = get_user_by('login', $username);
$user_id = $user->ID;
wp_set_auth_cookie($user_id);
wp_set_current_user($user_id);
or something to that effect.
Here are some other user/cookie/session functions available to you:
In the wp-includes/pluggable.php file
wp_validate_auth_cookie - Validates authentication cookie.
wp_generate_auth_cookie - Generates authentication cookie contents.
wp_parse_auth_cookie - Parses a cookie into its components.
wp_set_auth_cookie - Sets the authentication cookies based on user ID.
wp_clear_auth_cookie - Removes all of the cookies associated with authentication.
wp_get_current_user - Retrieve the current user object.
wp_set_current_user - Changes the current user by ID or name.
In the wp-includes/user.php file
wp_get_session_token - Retrieve the current session token from the logged_in cookie.
wp_get_all_sessions - Retrieve a list of sessions for the current user.
wp_destroy_current_session - Remove the current session token from the database.
wp_destroy_other_sessions - Remove all but the current session token for the current user for the database.
wp_destroy_all_sessions - Remove all session tokens for the current user from the database.
There is also a great plugin (only one file long) that does this sort of thing called User Switching (See: https://wordpress.org/plugins/user-switching/). You may also find some very helpful code from poking around that file.
So, maybe I missed this somewhere in the docs but I couldn't find anything of the sort.
I wan't my users to have to type in their current password to be able to create a new one. From what I understand if the user is authenticated he is able to update his password without providing his current one.
Even if this might be somewhat secure I would rather have him type his old one to prevent people from going on already authenticated sessions from say family members or so and changing the pw.
Is there any way to do this?
(I have no problem using the Admin SDK since I already set up a server for these kind of things)
UPDATE: (Use - reauthenticateWithCredential)
var user = firebaseApp.auth().currentUser;
var credential = firebase.auth.EmailAuthProvider.credential(
firebase.auth().currentUser.email,
providedPassword
);
// Prompt the user to re-provide their sign-in credentials
user.reauthenticateWithCredential(credential).then(function() {
// User re-authenticated.
}).catch(function(error) {
// An error happened.
});
PREVIOUS VERSION
you can use reauthenticate API to do so. I am assuming you want to verify a current user's password before allowing the user to update it. So in web you do something like the following:
reauthenticateAndRetrieveDataWithCredential- DEPRECATED
firebase.auth().currentUser.reauthenticateAndRetrieveDataWithCredential(
firebase.auth.EmailAuthProvider.credential(
firebase.auth().currentUser.email,
providedPassword
)
);
If this succeeds, then you can call
firebase.auth().currentUser.updatePassword(newPassword);
I have a website where I have to authenticate the users registered in another system (in this case the Kayako support system).
I think I have to use the APIs to resolve this problem, but I don't really know how to get started.
Can someone please help me solve this problem? How can I send the data required for the authentication and how do I manage the response I get from Kayako.
Figure out how the API of the Kayako system looks like. In WordPress you can do something similar like this in order to authenticate the users:
// this action is executed just before the invocation of the WordPress authentication process
add_action('wp_authenticate','checkTheUserAuthentication');
function checkTheUserAuthentication() {
$username=$_POST['log'];
$password=$_POST['pwd'];
// try to log into the external service or database with username and password
$ext_auth = try2AuthenticateExternalService($username,$password);
// if external authentication was successful
if($ext_auth) {
// find a way to get the user id
$user_id = username_exists($username);
// userdata will contain all information about the user
$userdata = get_userdata($user_id);
$user = set_current_user($user_id,$username);
// this will actually make the user authenticated as soon as the cookie is in the browser
wp_set_auth_cookie($user_id);
// the wp_login action is used by a lot of plugins, just decide if you need it
do_action('wp_login',$userdata->ID);
// you can redirect the authenticated user to the "logged-in-page", define('MY_PROFILE_PAGE',1); f.e. first
header("Location:".get_page_link(MY_PROFILE_PAGE));
}
}
The try2AuthenticateExternalService() method should contain some curl-request (or similar) to the remote service.
I am developing an extension for a plugin and would like to run some code after every time a user logs in. Because I extend a plugin, I wanted to use the already written functions, which inside use is_user_logged_in() calls. If I register for the wp_login action and run is_user_logged_in in my action hook it returns false, which sounds really weird.
Code I was running:
add_action('wp_login', 'exhib_persist_cookies_after_login');
/*
* This method will persist the favorite posts from the cookies just after someone logs in.
*/
function exhib_persist_cookies_after_login() {
//Check if all the required functions are available
if (is_user_logged_in()) {
error_log("persist: USER LOGGED IN");
}
else {
error_log("persist: USER NOT LOGGED IN");
}
}
And in the log I see USER NOT LOGGED IN.
Anyone has a clue why is it happening? I thought is_user_logged_in is checking for the auth cookie, which is according to the doc is already set before wp_login is getting called.
Or anyone has an another idea what action should I register, which only fires once a user logged in and the is_user_logged_in returns there true?
Before you even look at why the modification isn't working, you should think about changing how you're modifying the plugin. Directly modifying a plugin is dangerous. It breaks the upgrade path preventing you from applying upgrades in the future which could resolve critical issues with the plugin itself. The same functionality could be achieved by creating a simple plugin that contains nothing but the code you want to run.
Currently if a user is not logged in, they are redirected to the "login page" when checking out in UberCart. I need them to rather be redirected to the "registration" page.
In other words:
Go here: user/register
NOT here: user
The key here is to get it to work with UberCart. I know you can use login toboggan and other tricks to do it normally, but I can't get it to work with UberCart?
UPDATE
I still don't have a decent solution so I added bounty for this. Currently, if you have "anonymous checkout" disabled, ubertcart automatically add these messages:
You must login before you can proceed to checkout.
If you do not have an account yet, you should register now.
This is also a problem in that it doesn't make sense showing them if you go to the user page. So even my hard hack of forwarding the user to /user/register whenever it encounters "user?destination=cart/checkout" and the user is not logged, to forward them to "user/register?destination=cart/checkout" does not work that well.
Any ideas?
UPDATE 2
This is where the magic happens: line 94, uc_cart.pages.inc
// Send anonymous users to login page when anonymous checkout is disabled.
if (!$user->uid && !variable_get('uc_checkout_anonymous', TRUE)) {
drupal_set_message(t('You must login before you can proceed to checkout.'));
if (variable_get('user_register', 1) != 0) {
drupal_set_message(t('If you do not have an account yet, you should register now.', array('!url' => url('user/register', array('query' => drupal_get_destination())))));
}
drupal_goto('user', array('query' => drupal_get_destination()));
}
So, basically I need a way to override that behaviour? (i.e. without hacking core?)
You should look into the rules and token module. You will create a rule when a user logs in to redirect to the the TOKEN. Make sure you enable the token actions module as well.