WordPress.org

Forums

Display error messages in custom login form (9 posts)

  1. hexagongirl
    Member
    Posted 2 years ago #

    I am using wp_login_form() to display a custom front-end login form.

    I am then using the following code to ensure if the user inputs invalid login credentials or leaves username/password blank, they don't see the WP login page, but get re-directed to the current page.

    add_action( 'wp_login_failed', 'hex_front_end_login_fail' ); // hook failed login
    
    function hex_front_end_login_fail( $user ) {
      $referrer = $_SERVER['HTTP_REFERER']; // where did the post submission come from?
      // if there’s a valid referrer, and it’s not the default log-in screen
      if ( !empty($referrer) && !strstr($referrer,'wp-login') && !strstr($referrer,'wp-admin') && $user!=null ) {
        if ( !strstr($referrer, '?login=failed' )) { // make sure we don’t append twice
          wp_redirect( $referrer . '?login=failed'); // let’s append some information (login=failed) to the URL for the theme to use
        } else {
          wp_redirect( $referrer );
        }
        exit;
      }
    }
    
    add_action( 'authenticate', 'hex_front_end_blank_login');
    
    function hex_front_end_blank_login(){
      $referrer = $_SERVER['HTTP_REFERER'];
      if ( !strstr($referrer,'wp-login') && $user==null ) { // login1 is the name of the loginpage.
        if ( !strstr($referrer, '?login=failed') ) { // make sure we don’t append twice
            wp_redirect( $referrer . '?login=failed' ); // let’s append some information (login=failed) to the URL for the theme to use
          } else {
            wp_redirect( $referrer );
          }
          exit;
      }
    }

    Problem: I am now trying to work out how to display the relevant error messages once the user has been re-directed. Have been pouring over it for hours & drawn a complete blank.

    Any help gratefully received!
    Thanks

  2. bcworkz
    Member
    Posted 2 years ago #

    You can display content at the top of the form by using the filter 'login_form_top'. The question is how to determine if an error occurred. I'm not sure this would work from within a filter hook function, but you could try something like

    if ( 'failed' == $_GET["login"] ) {
      //code to display error message
    }
  3. hexagongirl
    Member
    Posted 2 years ago #

    Thanks - so if I understand you right, I can use the 'login_form_top' filter to add the error text to the top of the form.

    But I'm still not sure how I'd get hold of the actual error/print it out?? (I.e. what I'd put inside the if statement you have above).

    I'm currently just displaying a generic error message, which is ok I think, but would still be handy to understand this more!

    Thanks.

  4. bcworkz
    Member
    Posted 2 years ago #

    >>"how I'd get hold of the actual error/print it out??"
    I managed to overlook that aspect of your question. I also misunderstood the purpose of the login URL parameter, so my code example is rather useless.

    First, wp_login_failed action doesn't fire for simple empty field errors, so it's not that useful as it sits. This behavior can be altered in the pluggable function wp_authenticate(), so there's still a possible solution there.

    Second, I don't fully understand how errors are returned, but apparently it's by way of the authenticate filters returning a WP_Error object instead of a WP_User object, so you can get the actual error with $errorobject->get_error_code()

    So you can get the error code, there must be a way of getting it translated to a meaningful phrase that I'm unaware of. But how to get this phrase to the login_form_top filter function? It can be placed in a global variable. You should also store pertinent information uniquely identifying the particular instance of the form so the login_form_top function can verify the error applies to the form that's being displayed, by cross checking the global info against the arguments that were passed to the filter function. Of course, on a match, it will then clear the global to prevent further confusion.

    I hope this makes some sort of sense and you find it useful. Apologies for my misleading code example.

  5. hexagongirl
    Member
    Posted 2 years ago #

    Thanks again... appreciate the explanation.

    I am starting to wonder whether it'd be simpler to just leave it with a generic error message - particularly as I've seen this recommended anyway as a security measure!

    Will post back here if I do get around to trying this out though. Thanks again.

  6. richlondon
    Member
    Posted 2 years ago #

    Hi did you have any luck with this?

    I am trying to implement error messages on a custom login form on my home page.

    thanks

  7. hexagongirl
    Member
    Posted 2 years ago #

    Hi,

    If the login failed (or in my case, if the user's permissions had expired - as it was a membership site), I redirected with a custom parameter at the end of the redirect URL - e.g.

    $redirect = $redirect.'?status=failed';
    wp_redirect($redirect);

    Then within my custom login code (executed via a shortcode - so the login form can go where you want on the page), I check for the status parameter and later on display an error message accordingly:

    if (isset($_GET["status"])) {
      if($_GET["status"] == 'failed')
      {
        $status = 'failed';
      }
      ...
    }

    Hope that helps?

  8. richlondon
    Member
    Posted 2 years ago #

    Hi,

    Thanks for this....

    I found some kind of solution for error checking which I have placed in the functions.php. However this displays the same error, whether the user has entered an incorrect username or password...
    I could do with it being more tailored.

    if(isset($_GET['login']) && $_GET['login'] == 'failed')
    {
    	?>
    <div id="login-error" style="background-color: #FFEBE8;border:1px solid #C00;padding:5px;">
    Login failed: You have entered an incorrect Username or password, pease try again.
    </div>
    	<?php
    }
    wp_login_form( $args );
  9. richlondon
    Member
    Posted 2 years ago #

    Sorry this is the script in the functions.php

    add_action( 'wp_login_failed', 'pu_login_failed' ); // hook failed login
    function pu_login_failed( $user ) {
      	// check what page the login attempt is coming from
      	$referrer = $_SERVER['HTTP_REFERER'];
      	// check that were not on the default login page
    	if ( !empty($referrer) && !strstr($referrer,'wp-login') && !strstr($referrer,'wp-admin') && $user!=null ) {
    		// make sure we don't already have a failed login attempt
    		if ( !strstr($referrer, '?login=failed' )) {
    			// Redirect to the login page and append a querystring of login failed
    	    	wp_redirect( $referrer . '?login=failed');
    	    } else {
    	      	wp_redirect( $referrer );
    	    }
    	    exit;
    	}
    }
    
    add_action( 'authenticate', 'pu_blank_login');
    function pu_blank_login( $user ){
      	// check what page the login attempt is coming from
      	$referrer = $_SERVER['HTTP_REFERER'];
      	$error = false;
      	if($user == null || $_POST['pwd'] == '')
      	{
      		$error = true;
      	}
      	// check that were not on the default login page
      	if ( !empty($referrer) && !strstr($referrer,'wp-login') && !strstr($referrer,'wp-admin') && $error ) {
      		// make sure we don't already have a failed login attempt
        	if ( !strstr($referrer, '?login=failed') ) {
        		// Redirect to the login page and append a querystring of login failed
            	wp_redirect( $referrer . '?login=failed' );
          	} else {
            	wp_redirect( $referrer );
          	}
        exit;
      	}

Topic Closed

This topic has been closed to new replies.

About this Topic