Wordpress Authenticate Filter

Question

Hi All,

I'm currently trying to override Wordpress' wp_authenticate function (without modifying the core files, mainly pluggable.php), however I'm not sure if I'm going about it the correct way. There are two great references (see below), but they don't explicitly state what to do in order to prevent the login provided certain criteria are met.

In short, I'm trying to prevent registered users who have not activated their account. I've already implemented creating a user with a md5 unique id in the usermeta table (attached to their user id). I'm basically trying to check for that "activation_key' value in the usermeta table on login, if a value exists, I want to prevent the login from occurring.

The authenticate filter seems to be exactly what I need but after modifying it and placing it into my functions.php file, it doesn't seem to work! Login occurs per usual.

References:

http://stackoverflow.com/questions/1805185/how-do-i-hook-into-the-wordpress-login-system-to-stop-some-users-programmatically

http://willnorris.com/2009/03/authentication-in-wordpress-28

Answer 1

I actually found a work around.

Using a custom form you can log into Wordpress using the wp_signon function.

var $creds = array();
$creds['user_login'] = 'example';
$creds['user_password'] = 'plaintextpw';
$creds['remember'] = true;
//check if user has an activation key in the usermeta table
$user = get_userdatabylogin($creds['user_login']); 
if(get_usermeta($user->ID,'activation_key')) { 
} else {
$procLogin = wp_signon( $creds, false );
if ( is_wp_error($procLogin) ) {
echo $user->get_error_message();
} 
echo 'success!';
}

hope this helps someone out there