views:

465

answers:

3

Hello folks,
I am working on a Wordpress based portal which integrates with a custom-made e-commerce. The e-commerce serves also as a 'control panel': all the roles are set up there. Some users are recorded but 'inactive'; they shouldn't be able to log into Wordpress. For this reason I need to hook into the Wordpress login system.

If a user is, say, "bad_james", he cannot login, even if he has a valid WP login and PWD. The WP admin panel doesn't provide a a flag to block users.

Is there a way to implement a login filter?

Cheers,
Davide

A: 

Have you looked into the Wordpress API that is available?

You should be able to get some more info from there.

Tony
It is PHP based btw
Tony
I have indeed, I am quite experienced in the Wordpress API.
nutsmuggler
A: 

Might be an idea or code to borrow and implement: WordPress › External DB authentication « WordPress Plugins

songdogtech
+2  A: 

You can either overload the wp_authenticate function (see the function in the code here: http://core.trac.wordpress.org/browser/trunk/wp-includes/pluggable.php) and return a WP_error if you don't want to allow the user to login.

Or better, use the filter authenticate and return null if you don't want the user to log in, e.g.

add_filter('authenticate', 'check_login', 10, 3);
function check_login($user, $username, $password) {
    $user = get_userdatabylogin($username); 

    if( /* check to see if user is allowed */ ) {
        return null;
    }
    return $user;
}
mjangda