Support » Plugins and Hacks » Hacks » Display error messages in custom login form

Viewing 8 replies - 1 through 8 (of 8 total)
  • Moderator bcworkz

    (@bcworkz)

    You can display content at the top of the form by using the filter ‘login_form_top’. The question is how to determine if an error occurred. I’m not sure this would work from within a filter hook function, but you could try something like

    if ( 'failed' == $_GET["login"] ) {
      //code to display error message
    }

    Thanks – so if I understand you right, I can use the ‘login_form_top’ filter to add the error text to the top of the form.

    But I’m still not sure how I’d get hold of the actual error/print it out?? (I.e. what I’d put inside the if statement you have above).

    I’m currently just displaying a generic error message, which is ok I think, but would still be handy to understand this more!

    Thanks.

    Moderator bcworkz

    (@bcworkz)

    >>”how I’d get hold of the actual error/print it out??”
    I managed to overlook that aspect of your question. I also misunderstood the purpose of the login URL parameter, so my code example is rather useless.

    First, wp_login_failed action doesn’t fire for simple empty field errors, so it’s not that useful as it sits. This behavior can be altered in the pluggable function wp_authenticate(), so there’s still a possible solution there.

    Second, I don’t fully understand how errors are returned, but apparently it’s by way of the authenticate filters returning a WP_Error object instead of a WP_User object, so you can get the actual error with $errorobject->get_error_code()

    So you can get the error code, there must be a way of getting it translated to a meaningful phrase that I’m unaware of. But how to get this phrase to the login_form_top filter function? It can be placed in a global variable. You should also store pertinent information uniquely identifying the particular instance of the form so the login_form_top function can verify the error applies to the form that’s being displayed, by cross checking the global info against the arguments that were passed to the filter function. Of course, on a match, it will then clear the global to prevent further confusion.

    I hope this makes some sort of sense and you find it useful. Apologies for my misleading code example.

    Thanks again… appreciate the explanation.

    I am starting to wonder whether it’d be simpler to just leave it with a generic error message – particularly as I’ve seen this recommended anyway as a security measure!

    Will post back here if I do get around to trying this out though. Thanks again.

    Hi did you have any luck with this?

    I am trying to implement error messages on a custom login form on my home page.

    thanks

    Hi,

    If the login failed (or in my case, if the user’s permissions had expired – as it was a membership site), I redirected with a custom parameter at the end of the redirect URL – e.g.

    $redirect = $redirect.'?status=failed';
    wp_redirect($redirect);

    Then within my custom login code (executed via a shortcode – so the login form can go where you want on the page), I check for the status parameter and later on display an error message accordingly:

    if (isset($_GET["status"])) {
      if($_GET["status"] == 'failed')
      {
        $status = 'failed';
      }
      ...
    }

    Hope that helps?

    Hi,

    Thanks for this….

    I found some kind of solution for error checking which I have placed in the functions.php. However this displays the same error, whether the user has entered an incorrect username or password…
    I could do with it being more tailored.

    if(isset($_GET['login']) && $_GET['login'] == 'failed')
    {
    	?>
    <div id="login-error" style="background-color: #FFEBE8;border:1px solid #C00;padding:5px;">
    Login failed: You have entered an incorrect Username or password, pease try again.
    </div>
    	<?php
    }
    wp_login_form( $args );

    Sorry this is the script in the functions.php

    add_action( 'wp_login_failed', 'pu_login_failed' ); // hook failed login
    function pu_login_failed( $user ) {
      	// check what page the login attempt is coming from
      	$referrer = $_SERVER['HTTP_REFERER'];
      	// check that were not on the default login page
    	if ( !empty($referrer) && !strstr($referrer,'wp-login') && !strstr($referrer,'wp-admin') && $user!=null ) {
    		// make sure we don't already have a failed login attempt
    		if ( !strstr($referrer, '?login=failed' )) {
    			// Redirect to the login page and append a querystring of login failed
    	    	wp_redirect( $referrer . '?login=failed');
    	    } else {
    	      	wp_redirect( $referrer );
    	    }
    	    exit;
    	}
    }
    
    add_action( 'authenticate', 'pu_blank_login');
    function pu_blank_login( $user ){
      	// check what page the login attempt is coming from
      	$referrer = $_SERVER['HTTP_REFERER'];
      	$error = false;
      	if($user == null || $_POST['pwd'] == '')
      	{
      		$error = true;
      	}
      	// check that were not on the default login page
      	if ( !empty($referrer) && !strstr($referrer,'wp-login') && !strstr($referrer,'wp-admin') && $error ) {
      		// make sure we don't already have a failed login attempt
        	if ( !strstr($referrer, '?login=failed') ) {
        		// Redirect to the login page and append a querystring of login failed
            	wp_redirect( $referrer . '?login=failed' );
          	} else {
            	wp_redirect( $referrer );
          	}
        exit;
      	}

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Display error messages in custom login form’ is closed to new replies.