I am working on a WordPress based portal which integrates with a custom-made e-commerce.
The e-commerce serves also as a ‘control panel’: all the roles are set up there. Some users are recorded but ‘inactive’; they shouldn’t be able to log into WordPress. For this reason I need to hook into the WordPress login system.
If a user is, say, “bad_james”, he cannot login, even if he has a valid WP login and PWD. The WP admin panel doesn’t provide a a flag to block users.
Is there a way to implement a login filter?
Cheers,
Davide
You can either overload the
wp_authenticate
function (see the function in the code here: http://core.trac.wordpress.org/browser/trunk/wp-includes/pluggable.php) and return a WP_error if you don’t want to allow the user to login.Or better, use the filter
authenticate
and return null if you don’t want the user to log in, e.g.There were a few issues with mjangda answer so I’m posting a version that works with WordPress 3.2
The main issues were with the return statement. He should be returning a WP_User Object. The other issue was with the priority not being high enough.
Might be an idea or code to borrow and implement: WordPress ⺠External DB authentication « WordPress Plugins