BuddyDev

Search

Replies

  • Participant
    Level: Guru
    Posts: 900
    Tosin on in reply to: Branded login support #23467

    Thanks for the recent update it works. Now for better security I do not use username to login but only email address with custom login error message. When I applied the code below in my functions.php. The login error that shows is (invalid request) instead of (Invalid email or password) as indicated in the code below, also the limit login attempts does not work with the code below. Is there another way to achieve login with email address only without any form of compromise with the bp branded login plugin.

     remove_filter('authenticate', 'wp_authenticate_username_password', 20);
    
     
    add_filter('authenticate', function($user, $email, $password){
    
        //Check for empty fields
        if(empty($email) || empty ($password)){        
            //create new error object and add errors to it.
            $error = new WP_Error();
    
            if(empty($email)){ //No email
                $error->add('empty_username', __('Email field is empty.'));
            }
            else if(!filter_var($email, FILTER_VALIDATE_EMAIL)){ //Invalid Email
                $error->add('invalid_username', __('Invalid email or password.'));
            }
    
            if(empty($password)){ //No password
                $error->add('empty_password', __('Password field is empty.'));
            }
    
            return $error;
        }
    
        //Check if user exists in WordPress database
        $user = get_user_by('email', $email);
    
        //bad email
        if(!$user){
            $error = new WP_Error();
            $error->add('invalid', __('Invalid email or password.'));
            return $error;
        }
        else{ //check password
            if(!wp_check_password($password, $user->user_pass, $user->ID)){ //bad password
                $error = new WP_Error();
                $error->add('invalid', __('Invalid email or password.'));
                return $error;
            }else{
                return $user; //passed
            }
        }
    }, 20, 3);
     

    Thanks for your support

  • Participant
    Level: Guru
    Posts: 900
    Tosin on in reply to: Branded login support #23456

    Hello sir,

    I will be expecting your feedback on the login attempts counter on the bp branded login using

    https://wordpress.org/plugins/limit-login-attempts-reloaded/
    or
    https://wordpress.org/plugins/limit-attempts/

  • Participant
    Level: Guru
    Posts: 900
    Tosin on in reply to: Branded login support #23365

    I was also wondering if you can enable support for either of this 2 plugins to display limit login attempts counter on the bp branded login page for security reasons.

    https://wordpress.org/plugins/limit-login-attempts-reloaded/
    or
    https://wordpress.org/plugins/limit-attempts/

  • Participant
    Level: Guru
    Posts: 900
    Tosin on in reply to: Branded login support #23364

    Hello,

    I finally found the culprit which is a plugin called page restrict at https://wordpress.org/plugins/pagerestrict/ when I deactivated the plugin the login errors are now showing

    Thanks for your patience and support

  • Participant
    Level: Guru
    Posts: 900
  • Participant
    Level: Guru
    Posts: 900
    Tosin on in reply to: Branded login support #23330

    I have removed the custom code but the error does not show inside the theme on the page but it is showing in the url address bar as below

    https://www.nigerpress.com/login/?login=failed&wp-error=%3Cstrong%3EERROR%3C%2Fstrong%3E%3A+Invalid+Email+or+Password.&pr-user-login=novagist%40yahoo.com

    I removed the custom redirection code but the ?login=failed still shows in the url as indicated above

    It’s quite weird that the error shows in the address bar but not in the theme

  • Participant
    Level: Guru
    Posts: 900
    Tosin on in reply to: Branded login support #23284
    This reply has been marked as private.
  • Participant
    Level: Guru
    Posts: 900
    Tosin on in reply to: Branded login support #23264

    Login error message is still not showing I can’t still to get Login Error messages on the new custom page template

  • Participant
    Level: Guru
    Posts: 900
    Tosin on in reply to: Branded login support #23260

    I was able to edit the login.php template in my child theme but I still don’t know how to enable the remember me to be checked by default

    Thanks

  • Participant
    Level: Guru
    Posts: 900
    Tosin on in reply to: Branded login support #23259

    Hello,

    This code below worked for the redirect but the login errors still do not show

     /**
     * Redirect failed login attempts to custom login page
     */
    add_action( 'wp_login_failed', 'pippin_login_fail' );  // hook failed login
    function pippin_login_fail( $username ) {
         $referrer = $_SERVER['HTTP_REFERER'];  // where did the post submission come from?
         // if there's a valid referrer, and it's not the default log-in screen
         if ( !empty($referrer) && !strstr($referrer,'wp-login') && !strstr($referrer,'wp-admin') ) {
              wp_redirect(get_permalink( 28880 ) . '?login=failed' );  // let's append some information (login=failed) to the URL for the theme to use
              exit;
         }
    } 

    I was wondering if there is a code I can add directly to the login.php file to display its own login error message. e.g code to display (login failed: Invalid email or password)