WordPress Authenticate Filter

I’m currently trying to override WordPress’ wp_authenticate function (without modifying the core files, mainly pluggable.php), however I’m not sure if I’m going about it the correct way. There are two great references (see below), but they don’t explicitly state what to do in order to prevent the login provided certain criteria are met.

In short, I’m trying to prevent registered users who have not activated their account. I’ve already implemented creating a user with a md5 unique id in the usermeta table (attached to their user id). I’m basically trying to check for that “activation_key’ value in the usermeta table on login, if a value exists, I want to prevent the login from occurring.

Read More

The authenticate filter seems to be exactly what I need but after modifying it and placing it into my functions.php file, it doesn’t seem to work! Login occurs per usual.

References:

How do I hook into the WordPress login system to stop some users programmatically?

http://willnorris.com/2009/03/authentication-in-wordpress-28

Related posts

Leave a Reply

1 comment

  1. I actually found a work around.

    Using a custom form you can log into WordPress using the wp_signon function.

    var $creds = array();
    $creds['user_login'] = 'example';
    $creds['user_password'] = 'plaintextpw';
    $creds['remember'] = true;
    //check if user has an activation key in the usermeta table
    $user = get_userdatabylogin($creds['user_login']); 
    if(get_usermeta($user->ID,'activation_key')) { 
    } else {
    $procLogin = wp_signon( $creds, false );
    if ( is_wp_error($procLogin) ) {
    echo $user->get_error_message();
    } 
    echo 'success!';
    }
    

    hope this helps someone out there