WordPress过滤器：wp_authenticate_user无法获取用户数据

For a WordPress + WooCommerce setup, I'm trying to implement email activation and Google Captcha function on login using wp_authenticate_user filter, but the order of checking these are wrong.

Ok scenario

Blank username and password without Captcha submit > get the correct error saying the password is blank.
Invalid username without password and Captcha submit > correct error message saying bad username or password.
Valid username with a wrong password with Captcha submit > bad username or password

Bad scenario

valid username with a wrong password without Captcha submit > Captcha error (expecting bad username or password).

How can I change this to check Captcha after username and password validation?

Note:

If I switch email activated check to have more priority then I get that error on bad scenario.

Captcha check

function display_login_captcha() { ?>
    <div class="g-recaptcha" data-sitekey="<?php echo get_option('captcha_site_key'); ?>"></div>
<?php }
add_action( "login_form", "display_login_captcha" );

function verify_login_captcha($user,$password) {
    if (isset($_POST['g-recaptcha-response'])) {
        $recaptcha_secret = get_option('captcha_secret_key');
        $response = wp_remote_get("https://www.google.com/recaptcha/api/siteverify?secret=". $recaptcha_secret ."&response=". $_POST['g-recaptcha-response']);
        $response = json_decode($response["body"], true);
        if (true == $response["success"]) {
            return $user;
        } else {
            return new WP_Error("Captcha Invalid", __(" Only 3 attemps allowed,  Are you Human? Please validate yourself"));
        }
    } else {
        return new WP_Error("Captcha Invalid", __(" Only 3 attemps allowed, It seems like we are having hard time identifying you as a human! If you are then enable JavaScript"));
    }
}
add_filter("wp_authenticate_user", "verify_login_captcha", 10, 2);

Activation check

function custom_authenticate_user($userdata) {
    $isActivated = get_user_meta($userdata->ID, 'is_activated', true);
    if (!$isActivated) {
        $userdata = new WP_Error(
                            'inkfool_confirmation_error',
                            __( '<strong>ERROR:</strong> 111 <'.$userdata->id.'>Your account has to be activated before you can login. You can resend by clicking <a href="/sign-in/?u='.$userdata->ID.'">here</a>', 'inkfool' )
                        );
    }
    return $userdata;
}
add_filter('wp_authenticate_user', 'custom_authenticate_user',11,1);

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dongtaotao19830418 2019-01-28 07:19
关注
The function that validates the username/email is hooked to the autenticate filter with the priority 20. And the hooks are added through wp-includes/default-filters.php as you can see below:

// Default authentication filters add_filter( 'authenticate', 'wp_authenticate_username_password', 20, 3 ); add_filter( 'authenticate', 'wp_authenticate_email_password', 20, 3 );

So if you want your custom validation functions to run after those default validations, then you should hook to the authenticate filter instead and use 20 (or a higher value - 21, 30, etc.) as the priority:

add_filter( 'authenticate', 'verify_login_captcha', 21, 3 ); add_filter( 'authenticate', 'custom_authenticate_user', 21 );

And change your function declaration so that it looks like so, where the first parameter is either a NULL or WP_User instance on success:

function verify_login_captcha( $user, $username, $password ) { ...your validation... return $user; // You should return the WP_User instance or a WP_Error instance on error. } function custom_authenticate_user( $user ) { ...your validation... return $user; // You should return the WP_User instance or a WP_Error instance on error. }

PS: Make certain to check if the $user is a valid user object before accessing its properties and methods. See here for more details. E.g.:

function custom_authenticate_user( $user ) { if ( ! $user ) { return $user; } ... }
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

WordPress过滤器：wp_authenticate_user无法获取用户数据 php
2019-01-26 21:33

回答 1 已采纳 The function that validates the username/email is hooked to the autenticate filter with the priori
session_write_close（）：无法使用用户定义的保存处理程序写入会话数据。 PHP 7.3.1 php
2019-08-20 03:05

回答 1 已采纳 I don't see a reason why you need to set a shutdown handler. Sessions are automatically saved when
非法SQL，SQL未使用到索引, table:sys_permission sp, columnName:user_id java spring
2021-11-17 17:21

回答 2 已采纳你是不是没定义入参user_id
建立自定义WordPress用户流程-第1部分：替换登录页面
2020-06-08 10:44

cunjie3951的博客由于可以通过插件和主题实现... 传统上，只有网站管理员才能登录WordPress仪表板，但许多类似应用程序的新用法会发生以下变化：当需要对用户进行身份验证时，WordPress登录名会扩展到访问者和客户。 WordPress提...
为什么我会收到这些PHP警告：simplexml_load_string ajax jquery php
2016-01-29 18:46

回答 1 已采纳 To solve this problem, I decided to rewrite the translation using JavaScript instead of PHP. It is
WordPress中的PHP类：使用get_option（）赋值 php
2016-09-29 09:01

回答 1 已采纳 You should be able to set the class properties inside the constructor like this class getStuff {
Wordpress插件和访问wp-json API json php
2017-11-06 20:10

回答 1 已采纳 I would be inclined to do the following: Give every user a unique API token or other credentials
oauth2 api_WP API和OAuth-在没有WordPress的情况下使用WordPress
2020-08-28 15:58

culi3118的博客 oauth2 apiIn this tutorial, we’ll learn how to install and use WP-API with OAuth – a WordPress plugin which uses REST-like API endpoints to allow reading of WP content to unauthenticated users, and ...
如何在iOS应用程序中验证用户并从Wordpress数据库获取数据？ php
2014-08-19 12:45

回答 1 已采纳 Are you asking a question about the JSON API, or are you looking for a general solution to this pr
WP以编程方式向新用户发送邮件通知 php
2014-12-11 12:07

回答 1 已采纳 Ok, I find out what was wrong. Using the $new_user_id or $user variable won't work. But using t
Twitter API和获取用户信息PHP php twitter
2018-05-11 23:19

回答 1 已采纳 What you need in order to maintain access to user information on behalf of them is the generated o
wordpress插件API入口
2022-03-01 01:25

雨夜不眠的博客 php /** * @package Moodo Zhong * @version 1.0.0 */ /* Plugin Name: Moodo Zhong Plugin URI: http://wordpress.org/plugins/hello-dolly/ Description: 通过插件写API接口的简单方法 Author: Zhong Zhao ...
ssh2_connect导致错误324（net :: ERR_EMPTY_RESPONSE）： linux php ssh
2012-07-09 11:55

回答 2 已采纳 With phpseclib, a pure PHP SFTP implementation, you can see the full logs of what's going on. Exa
captcha 使用_使用No Captcha reCaptcha防止对WordPress进行Bot攻击
2020-08-04 00:30

culuo8053的博客在产生最终的验证结果之前，WordPress运行wp_authenticate_user过滤器，让我们添加一个额外的验证步骤。我们检查该过滤器中的用户是机器人还是人。如果是人类，我们返回用户对象，否则返回WordPress错误对象。 ...
WordPress中常用动作钩子函数
2014-10-18 00:10

Allen_Kao的博客在WordPress 2.7中，当已登录用户在默认主题打开网站主页时，WordPress会运行以下动作钩子函数： plugins_loaded sanitize_comment_cookies setup_theme auth_cookie_malformed auth_cookie_valid set_...
java captcha_将CAPTCHA与WordPress注释表单集成
2020-08-30 19:55

culi4814的博客 java captchaOver the years, WordPress has become a target for spammers due to it increasing popularity. 多年来，由于WordPress越来越受欢迎，它已成为垃圾邮件发送者的目标。 Unfortunately, automated ...
java captcha_将CAPTCHA与WordPress登录表单集成
2020-08-30 17:11

culi3118的博客 java captchaIn a previous tutorial, we took a deep dive into the WordPress ... 在上一教程中，我们深入研究了WordPress...
wordpress 常用的钩子解析
2012-02-05 22:39

load_life的博客本文列出了WordPress 2.1及以上版本中可用于插件开发的动作钩子（hook)。 ?想了解过滤器钩子和动作钩子...想查找WordPress 2.1之前版本的过滤器钩子和动作钩子？请看Plugin API/Hooks 2.0.x。注意：为本文添加词条或
get_the_category_list
2017-02-23 09:07

Aurora Polaris的博客 WordPress函数参考add_menu_page()函数详解add_options_page()添加选项子菜单add_action()向WordPress添加动作add_filter()添加函数到特定的过滤器query_posts()自定义查询语句wp_title()显示WordPress页面的标题wp_...
没有与WordPress的CAPTCHA reCAPTCHA集成
2020-08-30 23:04

culi3118的博客 To verify the user response (check if the user passed or failed the CAPTCHA test), send a GET request to the URL below using either cURL, Guzzle, WordPress HTTP API or any HTTP client. 要验证用户响应...
没有解决我的问题, 去提问

悬赏问题

¥15 在若依框架下实现人脸识别
¥15 网络科学导论，网络控制
¥100 安卓tv程序连接SQLSERVER2008问题
¥15 利用Sentinel-2和Landsat8做一个水库的长时序NDVI的对比，为什么Snetinel-2计算的结果最小值特别小，而Lansat8就很平均
¥15 metadata提取的PDF元数据，如何转换为一个Excel
¥15 关于arduino编程toCharArray()函数的使用
¥100 vc++混合CEF采用CLR方式编译报错
¥15 coze 的插件输入飞书多维表格 app_token 后一直显示错误，如何解决？
¥15 vite+vue3+plyr播放本地public文件夹下视频无法加载
¥15 c#逐行读取txt文本，但是每一行里面数据之间空格数量不同

WordPress过滤器：wp_authenticate_user无法获取用户数据

1条回答 默认 最新

悬赏问题

1条回答默认最新