Wordpress Web Application Development(Third Edition)
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Checking whether we implemented the process properly

Take a moment to think carefully about our requirements and try to figure out what we have missed.

Actually, we didn't check the activation status on login. Therefore, any user will be able to log into the system without activating their account. Now, let's fix this issue by intercepting the authentication process with another built-in action called authenticate. First, we have to add the authenticate action to the constructor of the WPWAF_Login class, as shown in the following code:

    add_filter( 'authenticate', array( $this, 'authenticate_user' ),30,     3 );

Next, we can look at the implementation of this function, as shown in the following code:

    public function authenticate_user( $user, $username, $password ) { 
      if(! empty($username) && !is_wp_error($user)){ 
        $user = get_user_by('login', $username ); 
        if (!in_array( 'administrator', (array) $user->roles ) ) { 
          $active_status = ''; 
          $active_status = get_user_meta( $user->data->ID,     'wpwa_activation_status', true ); 
          if ( 'inactive' == $active_status ) { 
            $user = new WP_Error( 'denied', __('<strong>ERROR</strong>:     Please activate your account.','wpwaf' 
     ) ); 
          } 
        } 
      } 
      return $user; 
    }

This function will be called in the authentication action by passing the user, username, and password variables as default parameters. All the user types of our application need to be activated, except for the administrator accounts. Therefore, we check the roles of the authenticated user to figure out whether they are admin. Then, we can check the activation status of other user types before authenticating. If an authenticated user is in inactive status, we can return the WP_Error object and prevent authentication from being successful.

This filter is also executed when the user logs out of the application. Therefore, we need to consider the following validation to prevent any errors in the logout process: 
    if(! empty($username) && !is_wp_error($user))

Now we have a simple and useful user registration and login system, ready to be implemented in the frontend of web applications. Make sure to check login- and registration-related plugins from the official repository to gain knowledge of complex requirements in real-world scenarios.

上一章目录下一章