I want to create a function that will halt the login process in wordpress and let a user to validate an otp form or code before he logins in fully.
And i intend this interception to be just after the users email and password
This is what i tried
add_filter( 'authenticate', 'smyles_check_custom_auth', 10, 3 );
function smyles_check_custom_auth( $user, $username, $password ){
$otp_check = 'bad'; // variable returned from query but just using bad for testing
if( !$otp_check == 'good' ){
return confirm_form();
}
elseif($otp_check == 'good'){
return $user;
}
return new WP_Error( __( 'OTP Check failed' ) );
}
Yet it did not work out, it only stops the form from validating without any error message shown if i set my priority at 20,3
My goal is to allow the username and password to get validated first, and then the submit button and the username and password field will be disabled and my confirm otp code will been shown, once the user confirms the right otp he then the login process continues which is the redirect process hopefully to the admin.
If i set the priority level to 10, 3 the form gets submitted and user logins in no matter what code i have.
Workflow is this:
- User puts his usernme and password
- Wp_ authenticate () if user name and password match a user in wp_users table
- If it matches then mycustom send otp to the user email() is called.
- Wp Disable username and password boxes or field filter is called.
- mycustom confirmotp() is called which is a simple html form to collect entered otpcode.
- Mycustom verify () checkes the otpcode and return various errors like digit , is numeric, it not matche errors.
- But if the returned value from my otpvalidation query is true or okay, then…
- Wp redirect to wpdmin is called which is part of the wpsignon process.
So all my problem is to know a hook that i can hook in my otp confirm _form() so it executed after user name and password authication but before the action wpsignon() is called. Just a middle interception.