Login with/by Email plugins allow for any password…
-
Hi Guys,
I am using WordPress 4.3.1 and I’ve tried two different plugins and also my own test code:
add_filter('authenticate','improv_allow_email_login', 20, 3); function improv_allow_email_login($user, $username, $password){ if (is_email($username)){ $user = get_user_by_email($username); if ($user) $username = $user->user_login; } return wp_authenticate_username_password($user, $username, $password); }
In all 3 cases for some reason it allows me to login with any password.
Let’s say the user details are:
Username: WPTest
E-Mail: wptest@wordpress.com
Password: hunter123The following will correctly log in:
Username: WPTest
Password: hunter123The following will correctly fail to login:
Username: WPTest
Password: thisisawrongpasswordThe following will say that the password is incorrect, BUT it will still log you in…
Username: wptest@wordpress.com
Password: thisisawrongpasswordThe following will correctly log in:
Username: wptest@wordpress.com
Password: hunter123What is going on, why is this happening. I have even tried with all plugins disabled but it still happens…
Anyone know what’s wrong and how to fix?
- The topic ‘Login with/by Email plugins allow for any password…’ is closed to new replies.