Login with/by Email plugins allow for any password… | WordPress.org

Ryder
(@hyflex)

8 years, 7 months ago
Hi Guys,

I am using WordPress 4.3.1 and I’ve tried two different plugins and also my own test code:
```
add_filter('authenticate','improv_allow_email_login', 20, 3);
    function improv_allow_email_login($user, $username, $password){
        if (is_email($username)){
            $user = get_user_by_email($username);
            if ($user) $username = $user->user_login;
        }
        return wp_authenticate_username_password($user, $username, $password);
    }
```
In all 3 cases for some reason it allows me to login with any password.

Let’s say the user details are:
Username: WPTest
E-Mail: wptest@wordpress.com
Password: hunter123

The following will correctly log in:
Username: WPTest
Password: hunter123

The following will correctly fail to login:
Username: WPTest
Password: thisisawrongpassword

The following will say that the password is incorrect, BUT it will still log you in…
Username: wptest@wordpress.com
Password: thisisawrongpassword

The following will correctly log in:
Username: wptest@wordpress.com
Password: hunter123

What is going on, why is this happening. I have even tried with all plugins disabled but it still happens…

Anyone know what’s wrong and how to fix?

The topic ‘Login with/by Email plugins allow for any password…’ is closed to new replies.

In: Fixing WordPress
0 replies
1 participant
Last reply from: Ryder
Last activity: 8 years, 7 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics