Support » Plugin: All In One WP Security & Firewall » Already logged in, no captcha

  • Resolved peerv

    (@peerv)


    I have WP login form captcha activated.
    When a user who had “Remember me” checked on a previous login is coming back using the link http://www.mysite.com/wp-login.php the login form is showed without the login captcha!
    Impossible to login now.
    Easy to reach the lockout situation after several attemps.
    There is no message to the user that he is already logged in.

    This situation occurs when users start to type the link in the browser and the browser comes with a list of suggestions were the first one might be: http://www.mysite.com/wp-login.php
    which makes sense to the user because he wants to login.

    How to solve this user lockout problem?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author wpsolutions

    (@wpsolutions)

    Ok thanks for the feedback.
    I think I know how to fix this. I will do some troubleshooting and apply a fix.
    If possible, can I ask that you please kindly test my implementation independently?
    If you are interested, can you please contact me using my contact form and I can send you an updated zip file once I have implemented the solution.

    http://wpsolutions-hq.com/contact/

    • This reply was modified 3 years, 10 months ago by wpsolutions.

    Hey,

    we just found that the responsible code for this modification causes issues on a rather exotic setup we have here.
    We use AIOWPS together with Theme My Login which does call do_action(‘login_init) for all related flagged TML login pages which is actually good so far.

    in our case, this causes problems though since we flagged a custom page as the (tml) login page to route to this custom page which displays different content and functionality based on the current user status.

    so we needed to find a solution to disable the redirect case you implemented for logged-in users if the rename login feature is not used without hacking your code.

    we did it this way:

    add_action('init', function() {
    
    	global $aio_wp_security;
    
    	if( ! is_a($aio_wp_security, 'AIO_WP_Security') )
    		return;
    
    	if( remove_action('wp_loaded', array($aio_wp_security, 'aiowps_wp_loaded_handler')) ) {
    
    		$aiowps_loaded_handler = new AIOWPSecurity_WP_Loaded_Tasks();
    		remove_action('login_init', array($aiowps_loaded_handler, 'aiowps_login_init'));
    
    	}
    
    });

    but it would be easier to achieve the same thing if you’d provide a more direct way to remove this action in your plugin, ie. make available the instance object of “AIOWPSecurity_WP_Loaded_Tasks()” outside the classes scope or by adding a custom filter function in your static function aiowps_login_init().

    thanks!

    Plugin Author wpsolutions

    (@wpsolutions)

    Hi @zitrusblau,
    Thanks for the feedback and info.

    How about this:
    I will add a do_action inside the AIOWPSecurity_WP_Loaded_Tasks constructor and via this will also pass the AIOWPSecurity_WP_Loaded_Tasks object too.
    Then you can simply hook into this action and use the AIOWPSecurity_WP_Loaded_Tasks object passed to remove the “login_init” action.
    Please get in touch with me via my contact form and I can arrange to send you an updated zip file for you to test my changes.

    • This reply was modified 3 years, 8 months ago by wpsolutions.

    ok, sounds good.

    thanks!

    Plugin Author wpsolutions

    (@wpsolutions)

    Thanks for verifying the hooks I added. This code will be available in the next release.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Already logged in, no captcha’ is closed to new replies.