Redirect back to same page if Login Error

  • My disclaimer … I am new to the forum posting and apologize if I do not use the correct protocol … please correct me where necessary.

    My intention is to share a solution I implemented to return to the same page upon Login error (it works) and get any feedback if anyone sees any issues, security or otherwise. I value all constructive feedback.

    I’ve struggled with this issue of having a special login page and then returning to that page if login fails, i.e., not going to the Admin Login page, which is distracting for the client’s purposes.

    So, I wanted to return to an custom error page with the same look, but with a Login Error message and a chance to Login again, or link to a form to email the issue to the client’s staff.

    I’ve implemented a solution that works, but does anyone see security issues? I would appreciate any feedback.

    Here is what I did:
    1. To redirect for Login Error: in the top level directory: Copied wp-login.php and renamed to my_wp-login.php. Left it in the same directory – I call this file later, below.

    a. I modified the my_wp-login.php so that upon login error, the code does not enter into the HTML form, but instead redirects to my special login fail page. I put this redirect just before the form code and commented out the existing add_action code:

    if ( $shake_error_codes && $wp_error->get_error_code() && in_array( $wp_error->get_error_code(), $shake_error_codes ) )
<strong>wp_redirect( site_url('/index.php/members-login-fail/')); exit;</strong>/*add_action( 'login_head', 'wp_shake_js', 12 )*/
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

    2. To link to my_wp-login.php, I copied the wp_login_form( $args = array ()),function file with rename to my_wp_login_form( $args = array ()).

    a. I included this function into my functions.php file located in my template folder. I then set all of the form parameters to suit my needs and also set the redirects appropiately as follows:

    b. Form action to call my_wp-login.php to process the login:

    <form name="' . $args['form_id'] . '" id="' . $args['form_id'] . '" action="' . <strong>site_url( 'my_wp-login.php', 'login' )</strong> . '" method="post">

    c. Submit redirect to my landing page for successful login:

    'redirect' => 'https://localhost/raywebdemo/index.php/members/support-services/vendors-list/','

    3. I made a custom page template file and located it in my theme directory: page-login.php (assigned this template in my Member LogIn page).
    (1) In page-login.php, I set a function call to the modified login form file:

    <div class= "my-wp-login">
<?php my_wp_login_form(array()); ?>
</div>

    In summary, I call the modified wordpress login function that links to the modified wordpress login processing file that redirects to my error page (upon failed login) or to my landing page (upon successful login).

    In conclusion, it works great … but is it secure, etc.

    Any comments or feedback will be appreciated.

Viewing 9 replies - 1 through 9 (of 9 total)
  • Thread Starter rhanna3

    (@rhanna3)

    As an update. the tags that show in any “code box” in my first post is an writing error. When submitting this post, I was not aware that the code would be contained within a separate box. So, for emphasis I had used “bold” to show where I added my code. Well, at least when you see the in the “code box”, you’ll see that where I added my code.

    Sorry for any confusion … in short, my code did not include any tags.

    Thread Starter rhanna3

    (@rhanna3)

    Boy am I learning … the post recognizes hmtl tags. As I can see in my last post. The tag I was refering to is the “” tag.

    Thread Starter rhanna3

    (@rhanna3)

    Ok html … try it again. The tag I was refering to is the <!– –> tag.

    Thread Starter rhanna3

    (@rhanna3)

    Ok, I won’t give in … the “strong” tag.

    Rhanna – Thank you for this! I looked for a solution like this for a long time and yours was the best I came across and I was able to get my form working exactly the way I wanted.

    I’m sorry I’m not able to answer your security questions. It looks okay to me, but I’m definitely not an expert. I feel confident enough to use it, though.

    Cheers,
    Kim

    Thanks Rhanna – Finally a workable solution. I’ve been wondering about this one for ages. I’m using a custom built sidebar login form, which means i would have to get the current permalink to redirect login failure…but this is a great start and no tampering with core files…strictly speaking.

    good job!

    Oh yes…for anyone who stumbles upon this post. Just to clarify that the wp_login_form function is in wp-includes/general-template.php

    one would still have to keep an eye on this hack during upgrades I think.

    Also, Rhanna, any idea how we can keep the error codes? Maybe pass that through as a url GET variable with the redirect?

    Thanks

    there are also hooks you can use to modify the login/register/etc forms. stuff like:

    // append fields to form
add_action('register_form', array(&$this, 'hook_register_form'));
// extra processing on registration
add_action('user_register', array(&$this, 'hook_user_register'));
// validate and display extra processing errors
add_action('registration_errors', array(&$this, 'hook_registration_errors'));

    basically, check out how the wp-user-registration plugin works.

    and, combine that with the great post by digging into wordpress custom login/register/password code should give you most of what you need for a non-hacked custom page. you can create a custom template and embed their code, so that these forms “live” within your site template. the hooks then let you add extra fields and process them accordingly.

    i’m still working out a few kinks, namely the title of this thread (getting errors to redirect to my page), but i’m hopeful there’s a hook for that ??

    update yeah looks like you’ll still need to copy stuff out of the wp-login.php as OP suggested, but you can pull the parts out and reuse them in the digwp page; just change the form submit action to your custom page.

    At some point this quit working for me. I found the problem and wanted to post it here in case it is helpful to anyone else.

    For the record, my login is set up so if there’s a validation error, it reloads the login area (staying on the same page) and displays an error message.

    My problem was that the error message was not displaying if there was a validation error. The page just reloaded as if nothing had been entered into the login form.

    The problem was one line in my functions.php file for the function my_wp_login_form.

    Near the end of the form, I had:

    <input type="hidden" name="redirect_to" value="' . esc_attr( $args['redirect'] ) . '" />

    It should have been:

    <input type="hidden" name="redirect_to" value="' . esc_url( $args['redirect'] ) . '" />

    esc_url is correct, not esc_attr.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Redirect back to same page if Login Error’ is closed to new replies.