2. Algorithm
  3. wp login form - Is it possible to check if password is correct in wp_authenticate_user?

wp login form - Is it possible to check if password is correct in wp_authenticate_user?

admin2025-01-07  6

I'm really trying to implement Google's Captcha V3 on the wp-login page. I've seen this snippet referenced a few times in different places. The thing is, nobody seems to reference how to check the section that says "// FIXME: This one fires if your password is incorrect... Check if password was incorrect before returning this error..."

Is it possible to have an ajax check if the user's password is correct?

This would be a huge asset to WP development. 

  /**
    * These Functions Add and Verify the Invisible Google reCAPTCHA on Login
    */

    add_action('login_enqueue_scripts', 'login_recaptcha_script');

    function login_recaptcha_script() {

    wp_register_script('recaptcha_login', '.js');

    wp_enqueue_script('recaptcha_login')

    }



    add_action( 'login_form', 'display_recaptcha_on_login' );

    function display_recaptcha_on_login() {

    echo "<script>
    function onSubmit(token) {
    document.getElementById('loginform').submit();
    }
    </script>
    <button class='g-recaptcha' data-sitekey='YOUR_PUBLIC_KEY' data-callback='onSubmit' data-size='invisible' style='display:none;'>Submit</button>";

    }



    add_filter('wp_authenticate_user', 'verify_recaptcha_on_login', 10, 2);

    function verify_recaptcha_on_login($user, $password) {

    if (isset($_POST['g-recaptcha-response'])) {

    $response = wp_remote_get( ';response=' . $_POST['g-recaptcha-response'] );

    $response = json_decode($response['body'], true);

    if (true == $response['success']) {

    return $user;

    } else {

    // FIXME: This one fires if your password is incorrect... Check if password was incorrect before returning this error...

    // return new WP_Error( 'Captcha Invalid', __('<strong>ERROR</strong>: You are a bot') );

    }

    } else {

    return new WP_Error( 'Captcha Invalid', __('<strong>ERROR</strong>: You are a bot. If not then enable JavaScript.') );

    }

    }

I'm really trying to implement Google's Captcha V3 on the wp-login page. I've seen this snippet referenced a few times in different places. The thing is, nobody seems to reference how to check the section that says "// FIXME: This one fires if your password is incorrect... Check if password was incorrect before returning this error..."

Is it possible to have an ajax check if the user's password is correct?

This would be a huge asset to WP development. 

  /**
    * These Functions Add and Verify the Invisible Google reCAPTCHA on Login
    */

    add_action('login_enqueue_scripts', 'login_recaptcha_script');

    function login_recaptcha_script() {

    wp_register_script('recaptcha_login', 'https://www.google.com/recaptcha/api.js');

    wp_enqueue_script('recaptcha_login')

    }



    add_action( 'login_form', 'display_recaptcha_on_login' );

    function display_recaptcha_on_login() {

    echo "<script>
    function onSubmit(token) {
    document.getElementById('loginform').submit();
    }
    </script>
    <button class='g-recaptcha' data-sitekey='YOUR_PUBLIC_KEY' data-callback='onSubmit' data-size='invisible' style='display:none;'>Submit</button>";

    }



    add_filter('wp_authenticate_user', 'verify_recaptcha_on_login', 10, 2);

    function verify_recaptcha_on_login($user, $password) {

    if (isset($_POST['g-recaptcha-response'])) {

    $response = wp_remote_get( 'https://www.google.com/recaptcha/api/siteverify?secret=YOUR_SECRET_KEY&response=' . $_POST['g-recaptcha-response'] );

    $response = json_decode($response['body'], true);

    if (true == $response['success']) {

    return $user;

    } else {

    // FIXME: This one fires if your password is incorrect... Check if password was incorrect before returning this error...

    // return new WP_Error( 'Captcha Invalid', __('<strong>ERROR</strong>: You are a bot') );

    }

    } else {

    return new WP_Error( 'Captcha Invalid', __('<strong>ERROR</strong>: You are a bot. If not then enable JavaScript.') );

    }

    }
  • wp-login-form
  • captcha
Share Improve this question edited Sep 7, 2019 at 1:26 Antti Koskinen 5,9438 gold badges15 silver badges26 bronze badges asked Sep 6, 2019 at 18:04 Best Dev TutorialsBest Dev Tutorials 4451 gold badge7 silver badges20 bronze badges 2
  • I did that this morning. Use this plugin: wordpress.org/plugins/google-captcha – David Commented Sep 6, 2019 at 18:26
  • @Ben The plugin's screenshots show captcha V2. – Best Dev Tutorials Commented Sep 8, 2019 at 12:17
Add a comment  | 

1 Answer 1

Reset to default 0

I don't think it necessary to do the password checking inside wp_authenticate_user filter as that check is done as the next step inside wp_authenticate_email_password(), where the filter is defined. You can see this in wp-includes/user.php#L168.

The filter parameter $user is either WP_User or WP_Error depending on if the user can be found with the username used when logging in. After the filter there is a if ( is_wp_error( $user ) ) check, which, if passed, is followed by a if ( ! wp_check_password( $password, $user->user_pass, $user->ID ) ) check. If this check fails, the password is wrong for that username, otherwise given username and password are good.

转载请注明原文地址:http://conceptsofalgorithm.com/Algorithm/1736258806a541.html

wp login formIs it possible to check if password is correct in wpauthenticateuser

最新回复(0)