form()->add_error( 'username', __( 'Please enter your username or email', 'ultimate-member' ) ); } if ( isset( $submitted_data['user_login'] ) && '' === $submitted_data['user_login'] ) { UM()->form()->add_error( 'user_login', __( 'Please enter your username', 'ultimate-member' ) ); } if ( isset( $submitted_data['user_email'] ) && ( '' === $submitted_data['user_email'] || ! is_email( $submitted_data['user_email'] ) ) ) { UM()->form()->add_error( 'user_email', __( 'Please enter your email', 'ultimate-member' ) ); } if ( isset( $submitted_data['username'] ) ) { $authenticate = $submitted_data['username']; $field = 'username'; if ( is_email( $submitted_data['username'] ) ) { $data = get_user_by('email', $submitted_data['username'] ); $user_name = isset( $data->user_login ) ? $data->user_login : ''; } else { $user_name = $submitted_data['username']; } } elseif ( isset( $submitted_data['user_email'] ) ) { $authenticate = $submitted_data['user_email']; $field = 'user_email'; $data = get_user_by('email', $submitted_data['user_email'] ); $user_name = isset( $data->user_login ) ? $data->user_login : ''; } else { $field = 'user_login'; $user_name = $submitted_data['user_login']; $authenticate = $submitted_data['user_login']; } if ( $submitted_data['user_password'] == '' ) { UM()->form()->add_error( 'user_password', __( 'Please enter your password', 'ultimate-member' ) ); } $user = get_user_by( 'login', $user_name ); if ( $user && wp_check_password( $submitted_data['user_password'], $user->data->user_pass, $user->ID ) ) { UM()->login()->auth_id = username_exists( $user_name ); } else { UM()->form()->add_error( 'user_password', __( 'Password is incorrect. Please try again.', 'ultimate-member' ) ); } // Integration with 3rd-party login handlers e.g. 3rd-party reCAPTCHA etc. $third_party_codes = apply_filters( 'um_custom_authenticate_error_codes', array() ); // @since 4.18 replacement for 'wp_login_failed' action hook // see WP function wp_authenticate() $ignore_codes = array( 'empty_username', 'empty_password' ); $user = apply_filters( 'authenticate', null, $authenticate, $submitted_data['user_password'] ); if ( is_wp_error( $user ) && ! in_array( $user->get_error_code(), $ignore_codes ) ) { if ( ! empty( $third_party_codes ) && in_array( $user->get_error_code(), $third_party_codes ) ) { UM()->form()->add_error( $user->get_error_code(), $user->get_error_message() ); } else { UM()->form()->add_error( 'user_password', __( 'Password is incorrect. Please try again.', 'ultimate-member' ) ); } } $user = apply_filters( 'wp_authenticate_user', $user, $submitted_data['user_password'] ); if ( is_wp_error( $user ) && ! in_array( $user->get_error_code(), $ignore_codes ) ) { if ( ! empty( $third_party_codes ) && in_array( $user->get_error_code(), $third_party_codes ) ) { UM()->form()->add_error( $user->get_error_code(), $user->get_error_message() ); } else { UM()->form()->add_error( 'user_password', __( 'Password is incorrect. Please try again.', 'ultimate-member' ) ); } } // if there is an error notify wp if ( UM()->form()->has_error( $field ) || UM()->form()->has_error( $user_password ) || UM()->form()->count_errors() > 0 ) { do_action( 'wp_login_failed', $user_name, UM()->form()->get_wp_error() ); } } add_action( 'um_submit_form_errors_hook_login', 'um_submit_form_errors_hook_login' ); /** * Display the login errors from other plugins * * @param $args */ function um_display_login_errors( $args ) { if ( UM()->form()->count_errors() > 0 ) { $errors = UM()->form()->errors; // hook for other plugins to display error $error_keys = array_keys( $errors ); } if ( isset( $args['custom_fields'] ) ) { $custom_fields = $args['custom_fields']; } if ( ! empty( $error_keys ) && ! empty( $custom_fields ) ) { foreach ( $error_keys as $error ) { if ( trim( $error ) && ! isset( $custom_fields[ $error ] ) && ! empty( $errors[ $error ] ) ) { $error_message = apply_filters( 'login_errors', $errors[ $error ], $error ); if ( empty( $error_message ) ) { return; } echo '
' . $error_message . '
'; } } } } add_action( 'um_before_login_fields', 'um_display_login_errors' ); /** * Login checks through the frontend login * * @param array $submitted_data * @param array $form_data */ function um_submit_form_errors_hook_logincheck( $submitted_data, $form_data ) { // Logout if logged in if ( is_user_logged_in() ) { wp_logout(); } $user_id = isset( UM()->login()->auth_id ) ? UM()->login()->auth_id : ''; $status = UM()->common()->users()->get_status( $user_id ); // account status switch ( $status ) { // If user can't log in to site... case 'inactive': case 'awaiting_admin_review': case 'awaiting_email_confirmation': case 'rejected': // Not `um_safe_redirect()` because UM()->permalinks()->get_current_url() is situated on the same host. wp_safe_redirect( add_query_arg( 'err', esc_attr( $status ), UM()->permalinks()->get_current_url() ) ); exit; } if ( isset( $form_data['form_id'] ) && absint( $form_data['form_id'] ) === absint( UM()->shortcodes()->core_login_form() ) && UM()->form()->errors && ! isset( $_POST[ UM()->honeypot ] ) ) { // Not `um_safe_redirect()` because predefined login page is situated on the same host. wp_safe_redirect( um_get_core_page( 'login' ) ); exit; } } add_action( 'um_submit_form_errors_hook_logincheck', 'um_submit_form_errors_hook_logincheck', 9999, 2 ); /** * Store last login timestamp * * @param $user_id */ function um_store_lastlogin_timestamp( $user_id ) { UM()->common()->users()->set_last_login( $user_id ); } add_action( 'um_on_login_before_redirect', 'um_store_lastlogin_timestamp' ); /** * @param $login */ function um_store_lastlogin_timestamp_( $login ) { $user = get_user_by( 'login', $login ); if ( false !== $user ) { UM()->common()->users()->set_last_login( $user->ID ); $attempts = (int) get_user_meta( $user->ID, 'password_rst_attempts', true ); if ( $attempts ) { //don't create meta but update if it's exists only update_user_meta( $user->ID, 'password_rst_attempts', 0 ); } } } add_action( 'wp_login', 'um_store_lastlogin_timestamp_' ); /** * Login user process. * * @param array $submitted_data */ function um_user_login( $submitted_data ) { // phpcs:disable WordPress.Security.NonceVerification -- already verified here $rememberme = ( isset( $_REQUEST['rememberme'], $submitted_data['rememberme'] ) && 1 === (int) $submitted_data['rememberme'] ) ? 1 : 0; $user_id = isset( UM()->login()->auth_id ) ? UM()->login()->auth_id : ''; if ( empty( $user_id ) ) { // refresh page if the user_id is empty // Not `um_safe_redirect()` because UM()->permalinks()->get_current_url() is situated on the same host. wp_safe_redirect( UM()->permalinks()->get_current_url() ); exit; } um_fetch_user( $user_id ); // @todo check using the 'deny_admin_frontend_login' option if ( false !== strrpos( um_user( 'wp_roles' ), 'administrator' ) && ( ! isset( $_GET['provider'] ) && UM()->options()->get( 'deny_admin_frontend_login' ) ) ) { wp_die( esc_html__( 'This action has been prevented for security measures.', 'ultimate-member' ) ); } UM()->user()->auto_login( um_user( 'ID' ), $rememberme ); /** * Fires after successful login and before user is redirected. * * @since 1.3.x * @hook um_on_login_before_redirect * * @param {int} $user_id User ID. * * @example