Custom login/registration without plugins

  • mambrogi

    (@mambrogi)


    7 years, 3 months ago

    hello everyone,

    i’ma total noob in developing in wordpress, since it’s very short time since i started messing with it.

    what i was looking for was a guide or a tutorial to customize login/registration procedures, since i want to use WP not as just a blog but restrict access to private pages only to registered/logged users.(without letting them having access to the backend)

    i have found several guides which lead me at least to have a fully functional registration form and a semi-working login system (even if i had to debug a bit)

    i don’t seem to catch the “philosophy” behind the final stages of the login phases:

    if( $username == "" || $password == "" ) {
			$err = 'Please don\'t leave the required field.';
		} else {
			$user_data = array();
			$user_data['user_login'] = $username;
			$user_data['user_password'] = $password;
			$user_data['remember'] = $remember;  
			$user = wp_signon( $user_data, false ); // <-- HERE
			
			if ( is_wp_error($user) ) {
				$err = $user->get_error_message();
				//exit(); <-- MY DEBUG in order to have error system working, otherwise it's skipped
			} else {
				wp_set_current_user( $user->ID, $username );
				do_action('set_current_user'); //<-- AND HERE
                                [....]

    as there are few variants, as per Codex guides mostly similar, but with the same result: i can’t have any auth cookie created, nor can’t find a way to check if the user is logged or not

    thank you!

Viewing 1 replies (of 1 total)
  • Moderator bcworkz

    (@bcworkz)

    7 years, 3 months ago

    do_action(‘set_current_user’) doesn’t do much of anything by default. It just initiates a set of kses formatting filters. Its main purpose is to provide a hook that plugin devs can use to initiate some of their own custom code.

    wp_signon() OTOH is very important, though you wouldn’t know by looking at its source code. The main thing it does is call wp_authenticate() and if that does not result in an error, it calls wp_set_auth_cookie().

    wp_authenticate() doesn’t look like much either, but crucially, it calls apply_filters( 'authenticate', null, $username, $password );
    There are some very important callbacks hooked into this filter that manage all of the user authentication. If you need to change how WP authenticates users, this is where to do it. You can add in additional checks or remove the default callbacks and add your own that completely takes over the authentication process.

    Authentication callbacks work by checking the passed parameters. If the first parameter is a WP_Error object, previous authentication has failed and it should be passed on. If it’s a WP_User object, previous authentication has succeeded. You can make additional checks if needed, changing the return to WP_Error on failure or passing on WP_User on success.

    If null is the first parameter passed, do your authentication checks based on the passed user and password. On success, get a WP_User object to be returned, otherwise get a WP_Error object to return.

Viewing 1 replies (of 1 total)
  • The topic ‘Custom login/registration without plugins’ is closed to new replies.