stackoom
  简体   繁体   中英

How can I redirect user during login in Wordpress?

 原文  2018-10-29 02:08:53       php/ wordpress/ woocommerce

Question

I've added an option for my users to a custom Wordpress page where a user can setup a 2 way authentication for his account. When a user enables the two way authentication I save the generated seed into his user meta. Now I have a problem because I don't know how I can check it during the login process.

I thought it might be a good option to do the normal login first and then check if the user enabled the secure feature. If yes, I could redirect him to a custom page after login where I must enter the verification code. When the code is right I can proceed the login. Is this possible this way? Because when he's already logged in and clicks the account page the user can see the page content so this security feature is then junk and not needed anymore.

Is there someone how knows Wordpress and can help / say me the best hook or place where I can add this verification?

This is not a question about coding my staff! I'll do this all by my own when I know the place and the correct process.

A picture describing my use case:

在此处输入图片说明

2 answers

solution1
 1 ACCPTED  2018-10-29 07:25:27

Basic idea is: use session/cookie (choose whichever suits you best) to identify two factor authentication. You can hook them in init .

Here is a quick example (not tested, but hope you will get the idea):

function twofactor_check () {
    //no need to do anything, if user is not logged in
    if ( !is_user_logged_in() ) {
        return;
    }

    //check two factor
    $two_factor_enabled = 'check if enabled';

    //no headache when two factor is disabled
    if ( !$two_factor_enabled ) {
        return;
    }

    //twofactor is already passed
    if ( isset($_SESSION['two_factor_verified'] ) && $_SESSION['two_factor_verified'] == 'twofactor_passed' ) {
        return;
    }

    if ( session_status() == PHP_SESSION_NONE ) {
        session_start();
    }

    //twofactor not passed. user will only get landing page.
    if ( !isset($_SESSION['two_factor_verified'] ) ) {
        $_SESSION['two_factor_verified'] = 'started';
        wp_redirect( 'url_to_two_factor_code_landing_page' );
        exit;
    }

    //on your landing page, when passed, set $_SESSION['two_factor_verified'] to 'twofactor_passed'.
    //and when failed, destroy $_SESSION['two_factor_verified'], so user can only access landing page before verifying twofactor.
    //destry $_SESSION['two_factor_verified'], when users log out. you can use 'wp_logout' hook.
}
add_action('init', 'twofactor_check');

solution2
 0  2018-10-29 06:43:37

This could solve the problem you have to check if the auth is enabled in this function and redirect the user to your page

function admin_default_page() {
  if(auth == 'yes'){
    return '/add-redirect-url-here';
  }

}

add_filter('login_redirect', 'admin_default_page');

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Wordpress user login redirect How can I redirect user if they are on the login page itself with PHP? How can i redirect to login if user tries logout route directly How can I make my WordPress site redirect to subdomain once successfully login they will redirect back to root domain I can't redirect user after login How to redirect the user to another location after login WordPress? How can I redirect users who are not logged in to my Wordpress site to a special login page? How can I capture the address that user was going to so I can redirect them after login? How to redirect the WordPress after login Best way to redirect user to login URL in WordPress?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM