For a WordPress + WooCommerce setup, I'm trying to implement email activation and Google Captcha function on login using wp_authenticate_user
filter, but the order of checking these are wrong.
Ok scenario
Blank username and password without Captcha submit > get the correct error saying the password is blank.
Invalid username without password and Captcha submit > correct error message saying bad username or password.
Valid username with a wrong password with Captcha submit > bad username or password
Bad scenario
- valid username with a wrong password without Captcha submit > Captcha error (expecting bad username or password).
How can I change this to check Captcha after username and password validation?
Note:
If I switch email activated check to have more priority then I get that error on bad scenario.
Captcha check
function display_login_captcha() { ?>
<div class="g-recaptcha" data-sitekey="<?php echo get_option('captcha_site_key'); ?>"></div>
<?php }
add_action( "login_form", "display_login_captcha" );
function verify_login_captcha($user,$password) {
if (isset($_POST['g-recaptcha-response'])) {
$recaptcha_secret = get_option('captcha_secret_key');
$response = wp_remote_get("https://www.google.com/recaptcha/api/siteverify?secret=". $recaptcha_secret ."&response=". $_POST['g-recaptcha-response']);
$response = json_decode($response["body"], true);
if (true == $response["success"]) {
return $user;
} else {
return new WP_Error("Captcha Invalid", __(" Only 3 attemps allowed, Are you Human? Please validate yourself"));
}
} else {
return new WP_Error("Captcha Invalid", __(" Only 3 attemps allowed, It seems like we are having hard time identifying you as a human! If you are then enable JavaScript"));
}
}
add_filter("wp_authenticate_user", "verify_login_captcha", 10, 2);
Activation check
function custom_authenticate_user($userdata) {
$isActivated = get_user_meta($userdata->ID, 'is_activated', true);
if (!$isActivated) {
$userdata = new WP_Error(
'inkfool_confirmation_error',
__( '<strong>ERROR:</strong> 111 <'.$userdata->id.'>Your account has to be activated before you can login. You can resend by clicking <a href="/sign-in/?u='.$userdata->ID.'">here</a>', 'inkfool' )
);
}
return $userdata;
}
add_filter('wp_authenticate_user', 'custom_authenticate_user',11,1);