How to authenticate/verify wordpress login credentials & check for user meta without logging in?

February 4, 2023February 11, 20232 Views

I have custom login form and i used wp_signon() to authenticate. However, i wanted to run an additional check for usermeta and if the user has account_status === pending, throw an error or or prevent them from getting logged in. How do i do that? I can’t seem to find a filter

Post Views: 2

1 comment

olatechpro says:

February 4, 2023 at 2:10 pm
You could do this with a low-priority authenticate filter. I’m surprised there aren’t more appropriate hooks in the login process, but I can’t see one. (There is already an example of a filter like this though: wp_authenticate_spam_check.)

If the value the filter is given is a user, that means a previous filter has accepted the username & password. We can then perform our check and then either return the user if good or an error if not:
```
function authenticate_reject_account_status_pending( $user, $username, $password ) {
    if ( $user instanceof WP_User ) {
        if ( $user[ 'account_status' ] === 'pending' ) {
            return new WP_Error( 'user_is_pending',
                __( 'Account is pending approval. Please contact support for help.' )
            );
        }
    }

    return $user;
}
add_filter( 'authenticate', 'authenticate_reject_account_status_pending', 999999, 3 );
```
I have not tested this, but the general pattern should work even if this code doesn’t. This runs before the cookie is created etc.
Log in to Reply

Leave a Reply Cancel reply

1 comment

Social Network

Related posts

Leave a Reply Cancel reply

1 comment

Social Network