WordPress custom login with error processing

2 Views

Hi I’m trying to get my WordPress custom login which is in a dropdown in header.php to display errors when an incorrect email or password is entered, or even if both or 1 is left blank.

Here is the login form I’m using

Read More
<?php
if ( ! is_user_logged_in() ) { // Display WordPress login form:
    $args = array(
      'redirect' => admin_url(), 
      'form_id' => 'loginform-custom',
      'label_username' => __( 'Username custom text' ),
      'label_password' => __( 'Password custom text' ),
      'label_remember' => __( 'Remember Me custom text' ),
      'label_log_in' => __( 'Log In custom text' ),
      'remember' => true
    );
    wp_login_form( $args );
} else { // If logged in:
    wp_loginout( home_url() ); // Display "Log Out" link.
    echo " | ";
    wp_register('', ''); // Display "Site Admin" link.
}
?>

and I have found this code from here:
https://wordpress.stackexchange.com/questions/61267/prevent-wp-login-form-from-redirecting-to-wp-admin-when-there-are-errors 

function wp_authenticate($username, $password) {
    $username = sanitize_user($username);
    $password = trim($password);

    $user = apply_filters('authenticate', null, $username, $password);

    if ( $user == null ) {
        $user = new WP_Error('authentication_failed', __('<strong>ERROR</strong>: Invalid username or incorrect password.'));
    }

    $ignore_codes = array('empty_username', 'empty_password');

    if (is_wp_error($user) && !in_array($user->get_error_code(), $ignore_codes) ) {

        // Put your code here

    }

    return $user;
}

I’ve copied the above into functions.php in my theme folder but it’s not working – do I have to call it in my form, if so how? And what code should I put where it says:

// Put your code here?

Post Views: 2

Related posts

Leave a Reply

3 comments

  1. The function wp_authenticate($username, $password) is a WP function so there is no need to add it in functions.php. It can be found in pluggable.php in the wp-includes directory.

    And yes, you have to call it in your form or the validation script, in the same way you call any other function. For example:

    $CheckValidUser = wp_authenticate($username, $password);

    I would guess you should call it before calling is_user_logged_in(), otherwise there won’t be any $username or $password as WP has already rejected the user.

    Hope this helps.

  2. Put the following code in functions.php if user click on login button without filling user name & password it will move to wp-login.php page.

    We can solve this buy writing the following code in functions.php file. 

    add_action('init', 'prevent_wp_login');

function prevent_wp_login() {
        if(isset($_POST['log']) && isset($_POST['pwd']))
        if($_POST['log']=='' && $_POST['pwd']=='')
        {
                $page = write your redirect url;
                // Redirect to the your url
                wp_redirect($page);

        exit();
        }
    }

  3. wp_signon() function using custom login and its work fine for me :

    require('wp-load.php'); 
$err = '';
$success = '';
global $wpdb,$current_user;
    $response = array();
    $data = json_decode(file_get_contents("php://input"));

    $email    = $data->email_id;
    $password = $data->password;
    $username = $wpdb->escape($email);
    $password = $wpdb->escape($password);
    $remember = true;
    if($remember) $remember = "true";
    else $remember = "false";
    $login_data = array();
    $login_data['user_login'] = $username;
    $login_data['user_password'] = $password;
    $login_data['remember'] = $remember;

    $user_verify = wp_signon( $login_data, false ); 
    set_current_user($user_verify->ID);
    if (is_user_logged_in()) 
    {
        get_currentuserinfo();

            $response['user_id']=$user_verify->ID;
            $response['first_name']=$current_user->user_firstname ;
            $response['last_name']=$current_user->user_lastname;
            $response['email']=$current_user->user_email;
      $status="success";
      $msg="";
    } else {    
      $status="failed";
      $msg="Invalid Credential.";
     }