Add error message on password protected page

5 Views

I protected a page with password. I’d like to add a short error message when the inserted password is incorrect.

How can I do this?

Read More

I add this code to show and customize the form on my page.

My functions.php 

add_filter( 'the_password_form', 'custom_password_form' );
function custom_password_form() {
global $post;
$label = 'pwbox-'.( empty( $post->ID ) ? rand() : $post->ID );
$o = '<form class="protected-post-form" action="' . get_option('siteurl') . '/wp-pass.php" method="post">' . 
'<p class="glossar-form-p">Alle weiteren Glossarbeiträge sind durch ein Passwort geschützt. </p>' . 
' <label for="' . $label . '">' . ' </label><input name="post_password" id="' . $label . '" type="password" size="20" />
<input type="submit" name="Submit" value="' . esc_attr__( "Login" ) . '" />
</form>
';
return $o;
}
Post Views: 5

Related posts

Leave a Reply

3 comments

  1. The latest entered password is stored as a secure hash in a cookie named 'wp-postpass_' . COOKIEHASH.

    When the password form is called, that cookie has been validated already by WordPress. So you just have to check if that cookie exists: If it does and the password form is displayed, the password was wrong.

    add_filter( 'the_password_form', 'wpse_71284_custom_post_password_msg' );

/**
 * Add a message to the password form.
 *
 * @wp-hook the_password_form
 * @param   string $form
 * @return  string
 */
function wpse_71284_custom_post_password_msg( $form )
{
    // No cookie, the user has not sent anything until now.
    if ( ! isset ( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] ) )
        return $form;

    // Translate and escape.
    $msg = esc_html__( 'Sorry, your password is wrong.', 'your_text_domain' );

    // We have a cookie, but it doesn’t match the password.
    $msg = "<p class='custom-password-message'>$msg</p>";

    return $msg . $form;
}

  2. Following up from fuxia‘s answer. The complete snippet, including the check if the page load came from the same page, would be:

    add_filter( 'the_password_form', 'wpse_71284_custom_post_password_msg' );

/**
 * Add a message to the password form.
 *
 * @wp-hook the_password_form
 * @param   string $form
 * @return  string
 */
function wpse_71284_custom_post_password_msg( $form )
{
    // No cookie, the user has not sent anything until now.
    if ( ! isset ( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] ) )
        return $form;

    // The refresh came from a different page, the user has not sent anything until now.
    if ( ! wp_get_raw_referer() == get_permalink() )
        return $form;

    // Translate and escape.
    $msg = esc_html__( 'Sorry, your password is wrong.', 'your_text_domain' );

    // We have a cookie, but it doesn’t match the password.
    $msg = "<p class='custom-password-message'>$msg</p>";

    return $msg . $form;
}

    Just be sure to use wp_get_raw_referer() instead of wp_get_referer() as the latter will return false in case the current page and the referrer page are the same.

  3. Maybe it’s really really late to answer. Something you need to do the following. As there is no default way to validate you need to follow few steps. Here i gonna use session variable to check matching the generated cookies. first need to start session.

    add_action('init', 'myStartSession', 1);
add_action('wp_logout', 'myEndSession');
add_action('wp_login', 'myEndSession');
function myStartSession() {
    if(!session_id()) {
        session_start();
    }
}
function myEndSession() {
    session_destroy ();
}

    Then use the following code where you want to show the error msg.

    if ( post_password_required() ) {
       $session_id = 'wp-postpass_' . get_the_ID();
       //onload
       $current_cookie = wp_unslash($_COOKIE[ 'wp-postpass_' . COOKIEHASH ]);
       //get old cookie 
       $old_cookie = isset( $_SESSION[ $session_id ] ) ? $_SESSION[ $session_id ] : '';
       //set new session
       $_SESSION[ $session_id ] = $current_cookie;
       if ( $current_cookie != $old_cookie && !empty( $old_cookie ) ){
           error_notification('<b>Error!</b> Authentication failed!');
       }
   }

    That’s it!!