I protected a page with password. I’d like to add a short error message when the inserted password is incorrect.
How can I do this?
I add this code to show and customize the form on my page.
My functions.php
add_filter( 'the_password_form', 'custom_password_form' );
function custom_password_form() {
global $post;
$label = 'pwbox-'.( empty( $post->ID ) ? rand() : $post->ID );
$o = '<form class="protected-post-form" action="' . get_option('siteurl') . '/wp-pass.php" method="post">' .
'<p class="glossar-form-p">Alle weiteren Glossarbeiträge sind durch ein Passwort geschützt. </p>' .
' <label for="' . $label . '">' . ' </label><input name="post_password" id="' . $label . '" type="password" size="20" />
<input type="submit" name="Submit" value="' . esc_attr__( "Login" ) . '" />
</form>
';
return $o;
}
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
The latest entered password is stored as a secure hash in a cookie named 'wp-postpass_' . COOKIEHASH.
When the password form is called, that cookie has been validated already by WordPress. So you just have to check if that cookie exists: If it does and the password form is displayed, the password was wrong.
add_filter( 'the_password_form', 'wpse_71284_custom_post_password_msg' );
/**
* Add a message to the password form.
*
* @wp-hook the_password_form
* @param string $form
* @return string
*/
function wpse_71284_custom_post_password_msg( $form )
{
// No cookie, the user has not sent anything until now.
if ( ! isset ( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] ) )
return $form;
// Translate and escape.
$msg = esc_html__( 'Sorry, your password is wrong.', 'your_text_domain' );
// We have a cookie, but it doesn’t match the password.
$msg = "<p class='custom-password-message'>$msg</p>";
return $msg . $form;
}
Method 2
Following up from fuxia‘s answer. The complete snippet, including the check if the page load came from the same page, would be:
add_filter( 'the_password_form', 'wpse_71284_custom_post_password_msg' );
/**
* Add a message to the password form.
*
* @wp-hook the_password_form
* @param string $form
* @return string
*/
function wpse_71284_custom_post_password_msg( $form )
{
// No cookie, the user has not sent anything until now.
if ( ! isset ( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] ) )
return $form;
// The refresh came from a different page, the user has not sent anything until now.
if ( ! wp_get_raw_referer() == get_permalink() )
return $form;
// Translate and escape.
$msg = esc_html__( 'Sorry, your password is wrong.', 'your_text_domain' );
// We have a cookie, but it doesn’t match the password.
$msg = "<p class='custom-password-message'>$msg</p>";
return $msg . $form;
}
Just be sure to use wp_get_raw_referer() instead of wp_get_referer() as the latter will return false in case the current page and the referrer page are the same.
Method 3
Maybe it’s really really late to answer. Something you need to do the following. As there is no default way to validate you need to follow few steps. Here i gonna use session variable to check matching the generated cookies. first need to start session.
add_action('init', 'myStartSession', 1);
add_action('wp_logout', 'myEndSession');
add_action('wp_login', 'myEndSession');
function myStartSession() {
if(!session_id()) {
session_start();
}
}
function myEndSession() {
session_destroy ();
}
Then use the following code where you want to show the error msg.
if ( post_password_required() ) {
$session_id = 'wp-postpass_' . get_the_ID();
//onload
$current_cookie = wp_unslash($_COOKIE[ 'wp-postpass_' . COOKIEHASH ]);
//get old cookie
$old_cookie = isset( $_SESSION[ $session_id ] ) ? $_SESSION[ $session_id ] : '';
//set new session
$_SESSION[ $session_id ] = $current_cookie;
if ( $current_cookie != $old_cookie && !empty( $old_cookie ) ){
error_notification('<b>Error!</b> Authentication failed!');
}
}
That’s it!!
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0