WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Custom login page - catch login form validation failure? (5 posts)

  1. Rulatir
    Member
    Posted 1 year ago #

    I have a custom login page that submits the form to /wp-login.php because I don't want to duplicate the latter's functionality.

    I hook on wp_login_failed to redirect back to the custom login page when wrong credentials are entered, but when either field is left empty, the wp_login_failed action is not called - obviously WordPress bails out at form validation stage, before the data are sent to the routine that does the actual login and would eventually do_action('wp_login_failed')

    So the question is, how do I catch the login form validation failure without duplicating much of /wp-login.php? Is there some undocumented hook somewhere?

  2. bcworkz
    Member
    Posted 1 year ago #

    You could hook the 'authenticate' filter, or possibly the action 'wp_authenticate' (there is a note in source about possible depreciation, but it's still functional as of 3.4.2). Or my preference, just redefine the pluggable function wp_authenticate() in wp-includes/pluggable.php, from which the action 'wp_login_failed' is triggered. And from which you could cause empty fields errors to still trigger the action.

  3. Rulatir
    Member
    Posted 1 year ago #

    Thanks. I ended up using login_form_login action called at /wp-login.php:380 as of 3.4.2. Do you foresee any problems this solution might cause?

    Am I mistaken in assuming that overriding wp_authenticate() would force me to implement my own authentication?

  4. bcworkz
    Member
    Posted 1 year ago #

    Your solution should work fine.

    About wp_authenticate(), I suggested this as it would work easily with your previous implementation hooking wp_login_failed. You would only be changing the logic so all errors, even empty fields, get channelled to wp_login_failed. The call to the authenticate filter chain would remain, so whatever authentication is in place would continue to function.

    Though you would re-define the whole function of a dozen lines, nearly all would be verbatim of the original. You would just define $ignore_codes as an empty array.

  5. Rulatir
    Member
    Posted 1 year ago #

    Thanks. I prefer writing a 2-liner to duplicating a dozen-liner :)

Topic Closed

This topic has been closed to new replies.

About this Topic