In WordPress I need to add a filter where user role subscriber just put his email address in form to login, no need for password, just check if the email is for a subscriber and redirect him to a specific page, I tried many solutions but I didn’t get it,
Thanks
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
Yes, you can add an authenticate filter to handle the email and no password case with a higher priority than the default wp_authenticate_email_password handler. e.g. (untested)
function wpse_380353_authenticate_email_no_password( $user, $email, $password ) {
if ( is_wp_error( $user ) || ( $user instanceof WP_User ) ) {
// Already handled by a higher-priority filter
return $user;
}
if ( ! empty( $email ) && is_email( $email ) && empty( $password ) ) {
// This is an email login with empty password
$user = get_user_by( 'email', $email );
if ( $user && ! is_wp_error( $user ) ) {
// TODO: Verify that the user is someone you'd want to login without
// a password. For now, let's reject anyone who can edit posts.
if ( $user->has_cap( 'edit_posts' ) ) {
$error = new WP_Error();
// TODO: localize the error message
$error->add( 'empty_password',
'<strong>Error</strong>: This user requires a password.' );
return $error;
}
// We'll allow this user to login without a password.
// Return the user object and the calling code will handle the login.
return $user;
}
// else could not fetch the user by email address.
// You'll probably now get a 'password field is empty' error
// from a later filter.
// TODO: If you want a different error then generate it here.
}
return $user;
}
// Add an authenticate filter with a higher priority (= lower number) than
// wp_authenticate_email_password which has priority 20.
add_filter( 'authenticate', 'wpse_380353_authenticate_email_no_password', 10, 3 );
Method 2
WordPress core is full of surprises. You can do many things with that.
To provide a password less login to desired user role, you can modify how WordPress handles user login authentication. There is a filter named authenticate, which you can use to hook in, and extend the authorization process to enable that.
WordPress itself hook into this callback with 3 separate function –
wp_authenticate_cookie– This validates if the user is already logged-in.wp_authenticate_username_password– This validate user_name/password combowp_authenticate_email_password– This validates email/password combo.
Above functions are hooked with a priority of 30.
You can hook with a function here with higher priority and check if any of these validation returns a WP_Error object. For empty password, the error code would be empty_password. If the error and error code matches, you can perform further validation to test if there is a user with that login/email, and if he is a subscriber.
Sounds Good? Here’s the code –
function wpse_password_less_login_authentication( $user, $username, $password ) {
if (! is_wp_error($user) && 'empty_password ' !== $user->get_error_code()) {
return $user;
}
if (strpos($username, '@')) {
$find_user = get_user_by( 'email', $username );
} else {
$find_user = get_user_by( 'login', $username );
}
if ( $find_user && ! is_wp_error( $find_user ) && in_array( 'subscriber', $find_user->roles, true ) ) {
return $find_user;
}
return $user;
}
add_filter( 'authenticate', 'wpse_password_less_login_authentication', 40, 3 );
This function should go inside your themes functions.php (or included files) or inside an active plugin file.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0