My disclaimer ... I am new to the forum posting and apologize if I do not use the correct protocol ... please correct me where necessary.
My intention is to share a solution I implemented to return to the same page upon Login error (it works) and get any feedback if anyone sees any issues, security or otherwise. I value all constructive feedback.
I've struggled with this issue of having a special login page and then returning to that page if login fails, i.e., not going to the Admin Login page, which is distracting for the client's purposes.
So, I wanted to return to an custom error page with the same look, but with a Login Error message and a chance to Login again, or link to a form to email the issue to the client's staff.
I've implemented a solution that works, but does anyone see security issues? I would appreciate any feedback.
Here is what I did:
1. To redirect for Login Error: in the top level directory: Copied wp-login.php and renamed to my_wp-login.php. Left it in the same directory - I call this file later, below.
a. I modified the my_wp-login.php so that upon login error, the code does not enter into the HTML form, but instead redirects to my special login fail page. I put this redirect just before the form code and commented out the existing add_action code:
if ( $shake_error_codes && $wp_error->get_error_code() && in_array( $wp_error->get_error_code(), $shake_error_codes ) ) <strong>wp_redirect( site_url('/index.php/members-login-fail/')); exit;</strong>/*add_action( 'login_head', 'wp_shake_js', 12 )*/ ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
2. To link to my_wp-login.php, I copied the wp_login_form( $args = array ()),function file with rename to my_wp_login_form( $args = array ()).
a. I included this function into my functions.php file located in my template folder. I then set all of the form parameters to suit my needs and also set the redirects appropiately as follows:
b. Form action to call my_wp-login.php to process the login:
<form name="' . $args['form_id'] . '" id="' . $args['form_id'] . '" action="' . <strong>site_url( 'my_wp-login.php', 'login' )</strong> . '" method="post">
c. Submit redirect to my landing page for successful login:
'redirect' => 'http://localhost/raywebdemo/index.php/members/support-services/vendors-list/','
3. I made a custom page template file and located it in my theme directory: page-login.php (assigned this template in my Member LogIn page).
(1) In page-login.php, I set a function call to the modified login form file:
<div class= "my-wp-login"> <?php my_wp_login_form(array()); ?> </div>
In summary, I call the modified wordpress login function that links to the modified wordpress login processing file that redirects to my error page (upon failed login) or to my landing page (upon successful login).
In conclusion, it works great ... but is it secure, etc.
Any comments or feedback will be appreciated.