2019-01-26 21:33
浏览 162


For a WordPress + WooCommerce setup, I'm trying to implement email activation and Google Captcha function on login using wp_authenticate_user filter, but the order of checking these are wrong.

Ok scenario

  1. Blank username and password without Captcha submit > get the correct error saying the password is blank.

  2. Invalid username without password and Captcha submit > correct error message saying bad username or password.

  3. Valid username with a wrong password with Captcha submit > bad username or password

Bad scenario

  1. valid username with a wrong password without Captcha submit > Captcha error (expecting bad username or password).

How can I change this to check Captcha after username and password validation?


If I switch email activated check to have more priority then I get that error on bad scenario.

Captcha check

function display_login_captcha() { ?>
    <div class="g-recaptcha" data-sitekey="<?php echo get_option('captcha_site_key'); ?>"></div>
<?php }
add_action( "login_form", "display_login_captcha" );

function verify_login_captcha($user,$password) {
    if (isset($_POST['g-recaptcha-response'])) {
        $recaptcha_secret = get_option('captcha_secret_key');
        $response = wp_remote_get("https://www.google.com/recaptcha/api/siteverify?secret=". $recaptcha_secret ."&response=". $_POST['g-recaptcha-response']);
        $response = json_decode($response["body"], true);
        if (true == $response["success"]) {
            return $user;
        } else {
            return new WP_Error("Captcha Invalid", __(" Only 3 attemps allowed,  Are you Human? Please validate yourself"));
    } else {
        return new WP_Error("Captcha Invalid", __(" Only 3 attemps allowed, It seems like we are having hard time identifying you as a human! If you are then enable JavaScript"));
add_filter("wp_authenticate_user", "verify_login_captcha", 10, 2);

Activation check

function custom_authenticate_user($userdata) {
    $isActivated = get_user_meta($userdata->ID, 'is_activated', true);
    if (!$isActivated) {
        $userdata = new WP_Error(
                            __( '<strong>ERROR:</strong> 111 <'.$userdata->id.'>Your account has to be activated before you can login. You can resend by clicking <a href="/sign-in/?u='.$userdata->ID.'">here</a>', 'inkfool' )
    return $userdata;
add_filter('wp_authenticate_user', 'custom_authenticate_user',11,1);
  • 写回答
  • 好问题 提建议
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • dongtaotao19830418 2019-01-28 07:19

    The function that validates the username/email is hooked to the autenticate filter with the priority 20. And the hooks are added through wp-includes/default-filters.php as you can see below:

    // Default authentication filters
    add_filter( 'authenticate', 'wp_authenticate_username_password',  20, 3 );
    add_filter( 'authenticate', 'wp_authenticate_email_password',     20, 3 );

    So if you want your custom validation functions to run after those default validations, then you should hook to the authenticate filter instead and use 20 (or a higher value - 21, 30, etc.) as the priority:

    add_filter( 'authenticate', 'verify_login_captcha', 21, 3 );
    add_filter( 'authenticate', 'custom_authenticate_user', 21 );

    And change your function declaration so that it looks like so, where the first parameter is either a NULL or WP_User instance on success:

    function verify_login_captcha( $user, $username, $password ) {
      ...your validation...
      return $user; // You should return the WP_User instance or a WP_Error instance on error.
    function custom_authenticate_user( $user ) {
      ...your validation...
      return $user; // You should return the WP_User instance or a WP_Error instance on error.

    PS: Make certain to check if the $user is a valid user object before accessing its properties and methods. See here for more details. E.g.:

    function custom_authenticate_user( $user ) {
      if ( ! $user ) {
        return $user;
    解决 无用
    打赏 举报

相关推荐 更多相似问题