Users can login using any password – Code heads up!
-
Hello. I was having some serious issues with logging in. Once a user has logged in they can sign out and then using their username they can sign in using any word not just their password.
After some research I deactivated a small plugin that I had created to display the password fields on the registration form. This was so users could choose their own. I found this block of code was the culprit. I’ve see this block of code on many sites regarding changing user behavior after registration. I was using it to force users to confirm registration via email, I’ll not be using it anymore unless someone can tell me if I’m using it wrong.
Here’s the code.
add_filter( 'authenticate', 'my_custom_function', 10, 3 ); function my_custom_function( $user, $username, $password ){ $user = get_userdatabylogin( $username ); if ($username!=''){ $value = get_user_meta($user->ID, 'confirmed', true); if($value!=null){ $user = new WP_Error( 'denied', __("<strong>ERROR</strong>: You need to confirm:".$value."") );//create an error remove_action('authenticate', 'wp_authenticate_username_password', 20); //key found - don't proceed! add_filter('shake_error_codes', 'my_error_shake'); //shake it up (see below) } } return $user; }
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
- The topic ‘Users can login using any password – Code heads up!’ is closed to new replies.