How can I execute CAPTCHA function before check username password in WordPress login form?
I use this plugin captcha for login and comment forms. This plugin work perfect in comment forms, But the plugin in login form first check username password(1) is correct or no, then check captcha(2) as shown as below.
This is not useful for me(brute-force attack) . How can I change below function first check captcha if is correct then check username password login.
This plugin is very simple and all functions in wpCaptcha.php file. The loin function there is below.
/* Function to include captcha for login form */
function include_ctl_captcha_for_login()
{
echo '<p class="login-form-captcha">
<label><b>'. __('Captcha', 'captcha-code-authentication').' </b> <span class="required">*</span></label>
<div style="clear:both;"></div><div style="clear:both;"></div>';
ctl_captcha_generate_code();
/* Will retrieve the get varibale and prints a message from url if the captcha is wrong */
if(isset($_GET['captcha']) && $_GET['captcha'] == 'confirm_error' ) {
echo '<label style="color:#FF0000;" id="capt_err">'.esc_html($_SESSION['captcha_error']).'</label><div style="clear:both;"></div>';;
$_SESSION['captcha_error'] = '';
}
echo '<label>'.__('Type the text displayed above', 'captcha-code-authentication').':</label>
<input id="captcha_code" name="captcha_code" size="15" type="text" tabindex="30" />
</p>';
return true;
}
/* Hook to find out the errors while logging in */
function include_ctl_captcha_login_errors($errors)
{
if( isset( $_REQUEST['action'] ) && 'register' == $_REQUEST['action'] )
return($errors);
if(esc_html($_SESSION['captcha_code']) != $_REQUEST['captcha_code']){
return $errors.'<label id="capt_err" for="captcha_code_error">'.__('Captcha confirmation error!', 'captcha-code-authentication').'</label>';
}
return $errors;
}
/* Hook to redirect after captcha confirmation */
function include_ctl_captcha_login_redirect($url)
{
/* Captcha mismatch */
if(isset($_SESSION['captcha_code']) && isset($_REQUEST['captcha_code']) && esc_html($_SESSION['captcha_code']) != $_REQUEST['captcha_code']){
$_SESSION['captcha_error'] = __('Incorrect captcha confirmation!', 'captcha-code-authentication');
wp_clear_auth_cookie();
return $_SERVER["REQUEST_URI"]."/?captcha='confirm_error'";
}
/* Captcha match: take to the admin panel */
else{
return home_url('/wp-admin/');
}
}
/* <!-- Captcha for login authentication ends here --> */
Please don't suggest me to install google re-captcha plugins.
I use wp_die function(WordPress functions) for response wrong captcha then close and clear all session.
I replace :
return $_SERVER["REQUEST_URI"]."/?captcha='confirm_error'";
To
wp_die( __('Error: Incorrect CAPTCHA. Press your browser\'s back button and try again.', 'captcha-code-authentication',['back_link'=>1,'response'=>403]));
Finally function :
function include_ctl_captcha_login_redirect($url)
{
/* Captcha mismatch */
if(isset($_SESSION['captcha_code']) && isset($_REQUEST['captcha_code']) && esc_html($_SESSION['captcha_code']) != $_REQUEST['captcha_code']){
$_SESSION['captcha_error'] = __('Incorrect captcha confirmation!', 'captcha-code-authentication');
wp_clear_auth_cookie();
wp_logout();
wp_die( __('Error: Incorrect CAPTCHA. Press your browser\'s back button and try again.', 'captcha-code-authentication'),"wrong captcha",['back_link'=>1,'response'=>403]);
}
/* Captcha match: take to the admin panel */
else{
return home_url('/wp-admin/');
}
}
The above function redirect to page with message captcha is wrong and clear all sessions.
