IT Nursery
  • 1010 Avenue of the Moon
    New York, NY 10018 US.
  • Mon - Sat 8.00 - 18.00
    Sunday: Closed
  • Get A Quote
  • WordPress

    • Unable to show error message using wp_login action

    • IT Nursery
    • May 28, 2022
    • 0

    My goal is to show an error message when i check if the user is locked or not,
    the problem is that when the function ends, it redirects to the page that must appear after succesfull login.
    Objectives:

    1. Check if the user is locked “solved”
    2. If it is, create the error message
    3. Display the error message in the page that must appear after succesfull login.

    Here is the relevant code i have at the moment:

    function userLockedControl($user_login, $user) {
    $sitesManager = \VirtualReal\Web\SitesManager::getInstance();

    $vrapi = \VirtualReal\NATS\VRAPI::getInstance();
    $nats_user_locked = $vrapi->get("xxxxxxxxxxxxxxxxx");
    $user_is_locked = $nats_user_locked["locked"];

    //$lock_message = "<div class="natsLoginError"><span>Dear user, Your account has been blocked because an strange behaviour. Please, contact with xx@xx.com</span></div>";

    if($user_is_locked == 0){
        //Cerrar sesion del usuario y mostrar el mensaje de error
        function doer_of_stuff() {
            return new WP_Error( 'broke', __( "I've fallen and can't get up", "my_textdomain" ) );
        }

        $return = doer_of_stuff();
        if( is_wp_error( $return ) ) {
            echo $return->get_error_message();
        }
    }
}
add_action('wp_login', 'userLockedControl', 10, 2);

    2 Answers
    2

    Main problem with your code is that you use wp_login action. The wp_login action hook is triggered when a user logs in by the wp_signon() function. It is the very last action taken in the function, immediately following the wp_set_auth_cookie() call.

    So first of all – the user is already authenticated and his auth cookie is already set – so he’s basically logged in.

    Another problem is that your action is called before any HTML is printed – so if you echo anything in it, then this output will be printed before opening <html> tag.

    If you want to prevent user from logging in and display some errors, you should use authenticate filter instead.

    It is called during authenticating user:

    /**
 * Filters whether a set of user login credentials are valid.
 *
 * A WP_User object is returned if the credentials authenticate a user.
 * WP_Error or null otherwise.
 *
 * @since 2.8.0
 * @since 4.5.0 `$username` now accepts an email address.
 *
 * @param null|WP_User|WP_Error $user     WP_User if the user is authenticated.
 *                                        WP_Error or null otherwise.
 * @param string                $username Username or email address.
 * @param string                $password User password
 */
$user = apply_filters( 'authenticate', null, $username, $password );

    So you can use it like so:

    function userLockedControl( $user, $username, $password ) {
    // ... rest of your code here

    if ($user_is_locked == 0 ) {
        return new WP_Error( 'broke', __( "I've fallen and can't get up", "my_textdomain" ) );  // you don't need all those functions returning errors and so one - just return an instance of the WP_Error instead of WP_User
    }
}
add_filter( 'authenticate', 'userLockedControl', 10, 3 );

    Tags:

    Leave a Reply

    Your email address will not be published. Required fields are marked *