WordPress过滤器：wp_authenticate_user无法获取用户数据

For a WordPress + WooCommerce setup, I'm trying to implement email activation and Google Captcha function on login using wp_authenticate_user filter, but the order of checking these are wrong.

Ok scenario

Blank username and password without Captcha submit > get the correct error saying the password is blank.
Invalid username without password and Captcha submit > correct error message saying bad username or password.
Valid username with a wrong password with Captcha submit > bad username or password

Bad scenario

valid username with a wrong password without Captcha submit > Captcha error (expecting bad username or password).

How can I change this to check Captcha after username and password validation?

Note:

If I switch email activated check to have more priority then I get that error on bad scenario.

Captcha check

function display_login_captcha() { ?>
    <div class="g-recaptcha" data-sitekey="<?php echo get_option('captcha_site_key'); ?>"></div>
<?php }
add_action( "login_form", "display_login_captcha" );

function verify_login_captcha($user,$password) {
    if (isset($_POST['g-recaptcha-response'])) {
        $recaptcha_secret = get_option('captcha_secret_key');
        $response = wp_remote_get("https://www.google.com/recaptcha/api/siteverify?secret=". $recaptcha_secret ."&response=". $_POST['g-recaptcha-response']);
        $response = json_decode($response["body"], true);
        if (true == $response["success"]) {
            return $user;
        } else {
            return new WP_Error("Captcha Invalid", __(" Only 3 attemps allowed,  Are you Human? Please validate yourself"));
        }
    } else {
        return new WP_Error("Captcha Invalid", __(" Only 3 attemps allowed, It seems like we are having hard time identifying you as a human! If you are then enable JavaScript"));
    }
}
add_filter("wp_authenticate_user", "verify_login_captcha", 10, 2);

Activation check

function custom_authenticate_user($userdata) {
    $isActivated = get_user_meta($userdata->ID, 'is_activated', true);
    if (!$isActivated) {
        $userdata = new WP_Error(
                            'inkfool_confirmation_error',
                            __( '<strong>ERROR:</strong> 111 <'.$userdata->id.'>Your account has to be activated before you can login. You can resend by clicking <a href="/sign-in/?u='.$userdata->ID.'">here</a>', 'inkfool' )
                        );
    }
    return $userdata;
}
add_filter('wp_authenticate_user', 'custom_authenticate_user',11,1);

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dongtaotao19830418 2019-01-28 07:19
关注
The function that validates the username/email is hooked to the autenticate filter with the priority 20. And the hooks are added through wp-includes/default-filters.php as you can see below:

// Default authentication filters add_filter( 'authenticate', 'wp_authenticate_username_password', 20, 3 ); add_filter( 'authenticate', 'wp_authenticate_email_password', 20, 3 );

So if you want your custom validation functions to run after those default validations, then you should hook to the authenticate filter instead and use 20 (or a higher value - 21, 30, etc.) as the priority:

add_filter( 'authenticate', 'verify_login_captcha', 21, 3 ); add_filter( 'authenticate', 'custom_authenticate_user', 21 );

And change your function declaration so that it looks like so, where the first parameter is either a NULL or WP_User instance on success:

function verify_login_captcha( $user, $username, $password ) { ...your validation... return $user; // You should return the WP_User instance or a WP_Error instance on error. } function custom_authenticate_user( $user ) { ...your validation... return $user; // You should return the WP_User instance or a WP_Error instance on error. }

PS: Make certain to check if the $user is a valid user object before accessing its properties and methods. See here for more details. E.g.:

function custom_authenticate_user( $user ) { if ( ! $user ) { return $user; } ... }
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

WordPress过滤器：wp_authenticate_user无法获取用户数据 php
2019-01-26 21:33

回答 1 已采纳 The function that validates the username/email is hooked to the autenticate filter with the priori
session_write_close（）：无法使用用户定义的保存处理程序写入会话数据。 PHP 7.3.1 php
2019-08-20 03:05

回答 1 已采纳 I don't see a reason why you need to set a shutdown handler. Sessions are automatically saved when
非法SQL，SQL未使用到索引, table:sys_permission sp, columnName:user_id java spring
2021-11-17 17:21

回答 2 已采纳你是不是没定义入参user_id
建立自定义WordPress用户流程-第1部分：替换登录页面
2020-06-08 10:44

cunjie3951的博客由于可以通过插件和主题实现... 传统上，只有网站管理员才能登录WordPress仪表板，但许多类似应用程序的新用法会发生以下变化：当需要对用户进行身份验证时，WordPress登录名会扩展到访问者和客户。 WordPress提...
为什么我会收到这些PHP警告：simplexml_load_string ajax jquery php
2016-01-29 18:46

回答 1 已采纳 To solve this problem, I decided to rewrite the translation using JavaScript instead of PHP. It is
WordPress中的PHP类：使用get_option（）赋值 php
2016-09-29 09:01

回答 1 已采纳 You should be able to set the class properties inside the constructor like this class getStuff {
Wordpress插件和访问wp-json API json php
2017-11-06 20:10

回答 1 已采纳 I would be inclined to do the following: Give every user a unique API token or other credentials
oauth2 api_WP API和OAuth-在没有WordPress的情况下使用WordPress
2020-08-28 15:58

culi3118的博客 oauth2 apiIn this tutorial, we’ll learn how to install and use WP-API with OAuth – a WordPress plugin which uses REST-like API endpoints to allow reading of WP content to unauthenticated users, and ...
如何在iOS应用程序中验证用户并从Wordpress数据库获取数据？ php
2014-08-19 12:45

回答 1 已采纳 Are you asking a question about the JSON API, or are you looking for a general solution to this pr
WP以编程方式向新用户发送邮件通知 php
2014-12-11 12:07

回答 1 已采纳 Ok, I find out what was wrong. Using the $new_user_id or $user variable won't work. But using t
Twitter API和获取用户信息PHP php twitter
2018-05-11 23:19

回答 1 已采纳 What you need in order to maintain access to user information on behalf of them is the generated o
wordpress插件API入口
2022-03-01 01:25

雨夜不眠的博客 php /** * @package Moodo Zhong * @version 1.0.0 */ /* Plugin Name: Moodo Zhong Plugin URI: http://wordpress.org/plugins/hello-dolly/ Description: 通过插件写API接口的简单方法 Author: Zhong Zhao ...
ssh2_connect导致错误324（net :: ERR_EMPTY_RESPONSE）： linux php ssh
2012-07-09 11:55

回答 2 已采纳 With phpseclib, a pure PHP SFTP implementation, you can see the full logs of what's going on. Exa
captcha 使用_使用No Captcha reCaptcha防止对WordPress进行Bot攻击
2020-08-04 00:30

culuo8053的博客在产生最终的验证结果之前，WordPress运行wp_authenticate_user过滤器，让我们添加一个额外的验证步骤。我们检查该过滤器中的用户是机器人还是人。如果是人类，我们返回用户对象，否则返回WordPress错误对象。 ...
java captcha_将CAPTCHA与WordPress注释表单集成
2020-08-30 19:55

culi4814的博客 java captchaOver the years, WordPress has become a target for spammers due to it increasing popularity. 多年来，由于WordPress越来越受欢迎，它已成为垃圾邮件发送者的目标。 Unfortunately, automated ...
java captcha_将CAPTCHA与WordPress登录表单集成
2020-08-30 17:11

culi3118的博客 java captchaIn a previous tutorial, we took a deep dive into the WordPress ... 在上一教程中，我们深入研究了WordPress...
get_the_category_list
2017-02-23 09:07

Aurora Polaris的博客 WordPress函数参考add_menu_page()函数详解add_options_page()添加选项子菜单add_action()向WordPress添加动作add_filter()添加函数到特定的过滤器query_posts()自定义查询语句wp_title()显示WordPress页面的标题wp_...
没有与WordPress的CAPTCHA reCAPTCHA集成
2020-08-30 23:04

culi3118的博客 To verify the user response (check if the user passed or failed the CAPTCHA test), send a GET request to the URL below using either cURL, Guzzle, WordPress HTTP API or any HTTP client. 要验证用户响应...
Wordpress 所有 hook 钩子
2020-05-27 12:25

weixin_45100097的博客 Wordpress 所有 hook 钩子 muplugins_loaded 在必须使用的插件加载之后。 registered_taxonomy 对于类别，post_tag 等 Registered_post_type 用于帖子，页面等 plugins_loaded 加载活动插件和可插拔功能后。 ...
[WORDPRESS系列]插件API之常用动作(action)
2015-04-20 14:07

莫冲的博客参考来源： http://www.wordpress.la/codex-%E6%8F%92%E4%BB%B6API%E4%B9%8B%E5%B8%B8%E7%94%A8%E5%8A%A8%E4%BD%9C%28action%29.html ...想了解过滤器钩子和动作钩子的定义和作用？请看插件API。 ...
没有解决我的问题, 去提问

悬赏问题

¥15 微信公众平台自制会员卡可以通过收款码收款码收款进行自动积分吗
¥15 随身WiFi网络灯亮但是没有网络，如何解决？
¥15 gdf格式的脑电数据如何处理matlab
¥20 重新写的代码替换了之后运行hbuliderx就这样了
¥100 监控抖音用户作品更新可以微信公众号提醒
¥15 UE5 如何可以不渲染HDRIBackdrop背景
¥70 2048小游戏毕设项目
¥20 mysql架构，按照姓名分表
¥15 MATLAB实现区间[a,b]上的Gauss-Legendre积分
¥15 delphi webbrowser组件网页下拉菜单自动选择问题

WordPress过滤器：wp_authenticate_user无法获取用户数据

1条回答 默认 最新

悬赏问题

1条回答默认最新