Custom Login Errors and variables I can use

June 6, 20234 Views

I need to change this error message from including the username to the users email address.

I’ve checked this question and answer out and it helped, but didn’t go far enough for me.
Change login error messages

I took this code from the wp_includes/user.php core file and I know that I can use the filter login_errors to override this message. My question is what variables do I have access to in this filter? How do I switch this out for the email?

'<strong>ERROR</strong>: The password you entered for the username <strong>%1$s</strong> is incorrect. <a href="%2$s" title="Password Lost and Found">Lost your password</a>?'

Here’s what I have so far, but I don’t know what variable I need to use to get it working.

add_filter('login_errors','cc_login_error_message');

function cc_login_error_message($error){
    //check if that's the error you are looking for
    $pos = strpos($error, 'incorrect');
    if (is_int($pos)) {
        //its the right error so you can overwrite it
        $error = sprintf( __( '<strong>ERROR</strong>: The password you entered for the username <strong>%1$s</strong> is incorrect. <a href="%2$s" title="Password Lost and Found">Lost your password</a>?' ), $user_email, wp_lostpassword_url() );
    }
    return $error;
}

Any ideas?

Specifically the $user_email variable in my script returns nothing, I’m not sure if there is such a variable, but that one I just made up.

Post Views: 4

2 comments

There may be an easier way to do this, but you could rewrite the wp_authenticate_username_password() function in the wp-includesclass-wp-error.php file.

Of course you cannot edit the function directly, but since this function is a filter function, you can remove the filter, copy it, add the copied function back in and test it. After testing that it still produces the same error, you can then change the error in the copied code.

The following code removes the old WordPress function and creates a new function with a unique name.

remove_filter( 'authenticate', 'wp_authenticate_username_password' );
add_filter( 'authenticate', 'wpse_115539_authenticate_username_password', 20, 3 );
/**
 * Remove WordPress filer and write our own with changed error text.
 */
function wpse_115539_authenticate_username_password( $user, $username, $password ) {
    if ( is_a($user, 'WP_User') )
        return $user;

    if ( empty( $username ) || empty( $password ) ) {
        if ( is_wp_error( $user ) )
            return $user;

        $error = new WP_Error();

        if ( empty( $username ) )
            $error->add( 'empty_username', __('<strong>ERROR</strong>: The username field is empty.' ) );

        if ( empty( $password ) )
            $error->add( 'empty_password', __( '<strong>ERROR</strong>: The password field is empty.' ) );

        return $error;
    }

    $user = get_user_by( 'login', $username );

    if ( !$user )
        return new WP_Error( 'invalid_username', sprintf( __( '<strong>ERROR</strong>: Invalid username. <a href="%s" title="Password Lost and Found">Lost your password</a>?' ), wp_lostpassword_url() ) );

    $user = apply_filters( 'wp_authenticate_user', $user, $password );
    if ( is_wp_error( $user ) )
        return $user;

    if ( ! wp_check_password( $password, $user->user_pass, $user->ID ) )
        return new WP_Error( 'incorrect_password', sprintf( __( '<strong>ERROR</strong>: The password you entered for the username <strong>%1$s</strong> is incorrect. <a href="%2$s" title="Password Lost and Found">Lost your password</a>?' ),
        $username, wp_lostpassword_url() ) );

    return $user;
}

The next step is to test the code to make sure it is producing the same error as before. Once tested, try changing the error message as you wish. If things go too wrong, start over or comment out the first 2 lines and the WordPress function will use the old error message.

// remove_filter( 'authenticate', 'wp_authenticate_username_password', 20, 3 );
// add_filter( 'authenticate', 'wpse_115539_authenticate_username_password', 20, 3 );

You can use REQUEST variables to know the username used to login, then check if user exist to get his email (which not recommended, as someone may try to get email addresses of users):

function my_show_login_error($parm){
    $vars = print_r($_REQUEST,true);
    $my_message = '<strong>ERROR:</strong> Wrong username/password!';
    return $vars;

}
add_filter('login_errors','my_show_login_error' );

it shows:

Array ( 
    [log] => myuser 
    [pwd] => mypass 
    [otp] => 
    [wp-submit] => Log In 
    [redirect_to] => http://example.com/wp-admin/ 
    [testcookie] => 1 
)

Comments are closed.

Related posts

2 comments

Social Network