duanhunlou7051 2019-01-26 21:33
浏览 180


For a WordPress + WooCommerce setup, I'm trying to implement email activation and Google Captcha function on login using wp_authenticate_user filter, but the order of checking these are wrong.

Ok scenario

  1. Blank username and password without Captcha submit > get the correct error saying the password is blank.

  2. Invalid username without password and Captcha submit > correct error message saying bad username or password.

  3. Valid username with a wrong password with Captcha submit > bad username or password

Bad scenario

  1. valid username with a wrong password without Captcha submit > Captcha error (expecting bad username or password).

How can I change this to check Captcha after username and password validation?


If I switch email activated check to have more priority then I get that error on bad scenario.

Captcha check

function display_login_captcha() { ?>
    <div class="g-recaptcha" data-sitekey="<?php echo get_option('captcha_site_key'); ?>"></div>
<?php }
add_action( "login_form", "display_login_captcha" );

function verify_login_captcha($user,$password) {
    if (isset($_POST['g-recaptcha-response'])) {
        $recaptcha_secret = get_option('captcha_secret_key');
        $response = wp_remote_get("https://www.google.com/recaptcha/api/siteverify?secret=". $recaptcha_secret ."&response=". $_POST['g-recaptcha-response']);
        $response = json_decode($response["body"], true);
        if (true == $response["success"]) {
            return $user;
        } else {
            return new WP_Error("Captcha Invalid", __(" Only 3 attemps allowed,  Are you Human? Please validate yourself"));
    } else {
        return new WP_Error("Captcha Invalid", __(" Only 3 attemps allowed, It seems like we are having hard time identifying you as a human! If you are then enable JavaScript"));
add_filter("wp_authenticate_user", "verify_login_captcha", 10, 2);

Activation check

function custom_authenticate_user($userdata) {
    $isActivated = get_user_meta($userdata->ID, 'is_activated', true);
    if (!$isActivated) {
        $userdata = new WP_Error(
                            __( '<strong>ERROR:</strong> 111 <'.$userdata->id.'>Your account has to be activated before you can login. You can resend by clicking <a href="/sign-in/?u='.$userdata->ID.'">here</a>', 'inkfool' )
    return $userdata;
add_filter('wp_authenticate_user', 'custom_authenticate_user',11,1);
  • 写回答

1条回答 默认 最新

  • dongtaotao19830418 2019-01-28 07:19

    The function that validates the username/email is hooked to the autenticate filter with the priority 20. And the hooks are added through wp-includes/default-filters.php as you can see below:

    // Default authentication filters
    add_filter( 'authenticate', 'wp_authenticate_username_password',  20, 3 );
    add_filter( 'authenticate', 'wp_authenticate_email_password',     20, 3 );

    So if you want your custom validation functions to run after those default validations, then you should hook to the authenticate filter instead and use 20 (or a higher value - 21, 30, etc.) as the priority:

    add_filter( 'authenticate', 'verify_login_captcha', 21, 3 );
    add_filter( 'authenticate', 'custom_authenticate_user', 21 );

    And change your function declaration so that it looks like so, where the first parameter is either a NULL or WP_User instance on success:

    function verify_login_captcha( $user, $username, $password ) {
      ...your validation...
      return $user; // You should return the WP_User instance or a WP_Error instance on error.
    function custom_authenticate_user( $user ) {
      ...your validation...
      return $user; // You should return the WP_User instance or a WP_Error instance on error.

    PS: Make certain to check if the $user is a valid user object before accessing its properties and methods. See here for more details. E.g.:

    function custom_authenticate_user( $user ) {
      if ( ! $user ) {
        return $user;
    本回答被题主选为最佳回答 , 对您是否有帮助呢?



  • ¥15 GIS土地利用预测FLUS模型
  • ¥15 visual studio code打不出来中文双引号
  • ¥20 关于#matlab#的问题:ps:完美符合要求有打赏(相关搜索:自适应)
  • ¥15 声音感应灯,问题出在哪里
  • ¥15 关于#matlab#的问题:(0,0)上的贝塞尔曲线,0)上的贝塞尔曲线,并使用自适应积分计算其从t=0到不大于1的任意值区间的弧长
  • ¥20 关于#r语言#rda分析作图的问题,请各位专家解答!
  • ¥50 找回 股票行情系统的资源问题
  • ¥15 gwas 分析-plink 检查人口分层出现下面问题
  • ¥15 关于#matlab#的问题:需要 MATLAB 运行程序,对比四个多址通信方式(TDMA,FDMA,CDMA,OFDMA)的抗噪声性能
  • ¥15 有没有复现过PFENet的,如何解决?