Search code examples
wordpressauthenticationmessage

Wordpress custom login errors based on whether or not an advanced custom field is set true for that user

I have kind of a unique issue. I have migrated a website and rebuilt it on wordpress. Some of the users that were migrated over the passwords were not migrated with them. So for all the old users I added an advanced custom field named "password_reset" and set it to true for all the older users.

What I am trying to do is show a custom message for these users that says something like "we have updated our website please rest your password with a link to reset".

I have added the below code to a function in the functions.php file

//if migrated user needs to reset password
$username = $_POST['username'];
if (username_exists( $username ) && get_field(  'password_reset', 'user_'.$uid  ) ) {

    $error= 'Please reset your password. To reset your password <a href=" '. wp_lostpassword_url( home_url() ) . ' ">click here</a>.';

}

return $error;

since the user isn't logged in quite yet when they are to recieve this error, I am trying to use the username_exists(username). Basically I need to identify is the user name exists already and if that username has the acf field "password_reset" checked. So far I have had no luck, any help would be much appreciated.

UPDATE: here is my lates version: the messages for invalid username and incorrect password are working, Just can't get it to work with the usernames that hold the acf value

function my_custom_error_messages() {
global $errors;
$err_codes = $errors->get_error_codes();

// Invalid username.
if ( in_array( 'invalid_username', $err_codes ) ) {
    $error = '<strong>ERROR</strong>: Invalid username.';
}

// Incorrect password.
if ( in_array( 'incorrect_password', $err_codes ) ) {
    $error = '<strong>ERROR</strong>: The password you entered is incorrect.';

    if (username_exists( $username ) && get_field(  'password_reset', 'user_'.$uid  ) ) {

    $error= 'Please reset your password. To reset your password <a href=" '. wp_lostpassword_url( home_url() ) . ' ">click here</a>.';

    }
}

return $error;

}

add_filter( 'login_errors', 'my_custom_error_messages');

Solution

  • I believe the issue is that the username is not passed to the login_errors filter. The only data available within that filter is the error message that is passed (no definitive data about user accounts at all).

    I have found a different reference that may shed some light on a way to provide a customized error message without using that filter. Try using the wp_authenticate_user filter, instead:

    WordPress codex reference

    https://codex.wordpress.org/Plugin_API/Filter_Reference/wp_authenticate_user

    Reference for application of code

    https://backups.nl/internet/wordpress-revealing-username-login-trial-error/