I made custom plugin about login, register, and forgot password.
And I give my plugin add_action template_redirect hooks to verify email, when user login and then redirect to homepage, and forgot password.
But I have bugs, I think the template_redirect hooks do not know which is redirect for verify and which is redirect for forgot password.
Please take a look at my code:
this is custom-plugin.php
<?php
if( ! defined('PLUGIN_PATH') ){
define('PLUGIN_PATH' , plugin_dir_path(__FILE__));
}
require_once ABSPATH . 'wp-admin/includes/plugin.php';
require_once ABSPATH . 'wp-admin/includes/upgrade.php';
require_once PLUGIN_PATH . 'includes/register.php';
require_once PLUGIN_PATH . 'includes/login.php';
require_once PLUGIN_PATH . 'includes/forgot-password.php';
require_once PLUGIN_PATH . 'includes/change-password.php';
require_once PLUGIN_PATH . 'includes/functions.php';
if( ! class_exists('main')){
class main {
function register(){
// Start session on init hook.
add_action( 'init', array('myFunctions','wpse16119876_init_session') );
add_action ('template_redirect', array( 'forgotPasswordForm', 'forgotPassword'));
add_action ('template_redirect', array( 'loginForm', 'verify'));
add_action ('template_redirect', array( 'loginForm', 'set_submit_login_func'));
}
}
$main = new main();
$main->register();
}
?>
lets assume that I insert SMTP email setting and have the form. I’m only giving functions that have wp_redirect.
And then this is login.php,
<?php
class loginForm extends registerForm{
public function set_submit_login_func(){
global $wpdb;
$account = filter_input(INPUT_POST, 'account');
$password = filter_input(INPUT_POST, 'password');
$users = $wpdb->get_row( $wpdb->prepare("SELECT * FROM {$wpdb->prefix}users WHERE user_email = '$account' OR user_login = '$account'", ARRAY_A));
ob_start();
if(isset($_POST["login"])){
if($users){
if($users->user_status == 0){
if(wp_check_password($password, $users->user_pass)){
$credentials = array(
'user_login' => $account,
'user_password' => $password
);
wp_signon($credentials, true);
wp_redirect(site_url());
exit;
} else{
$_SESSION["message"] = '<div style="background-color: indianred; color: #FFFFFF; line-height: 30px; height: 10%; text-align: center; top: 0px; width: 100%; z-index: 100; margin-bottom: 10px;">Password Salah</div>';
}
} else{
$_SESSION["message"] = '<div style="background-color: indianred; color: #FFFFFF; line-height: 30px; height: 10%; text-align: center; top: 0px; width: 100%; z-index: 100; margin-bottom: 10px;">Akun Belum di Aktifkan!</div>';
}
}else{
if($account != ($users->user_email && $user_login)){
$_SESSION["message"] = '<div style="background-color: indianred; color: #FFFFFF; line-height: 30px; height: 10%; text-align: center; top: 0px; width: 100%; z-index: 100; margin-bottom: 10px;">Akun Belum Terdaftar!</div>';
}
}
}
session_destroy();
return ob_get_clean();
}
public function verify(){
global $wpdb;
$email = $_GET["em"];
$token = $_GET["tk"];
$url = site_url() .'/login';
$registered_date = date( 'Y-m-d H:i:s', current_time( 'timestamp', 0 ) );
$users = $wpdb->get_row( $wpdb->prepare("SELECT * FROM {$wpdb->prefix}users WHERE user_email = '$email'", ARRAY_A));
if($users){
$user_token = $wpdb->get_row( $wpdb->prepare("SELECT * FROM {$wpdb->prefix}user_token WHERE token = '$token'", ARRAY_A));
if($user_token){
if(time() - $user_token->date_created < (60*60*24)){
$wpdb->update($wpdb->prefix . 'users', ["user_status" => 0, "user_registered" => $registered_date], ["user_email" => $email]);
$wpdb->delete($wpdb->prefix . 'user_token', ['email' => $email]);
$_SESSION["message"] = '<div style="background-color: darkcyan; color: #FFFFFF; line-height: 30px; height: 10%; text-align: center; top: 0px; width: 100%; z-index: 100; margin-bottom: 10px;">'.$email.' '.'telah aktif, silahkan login'.'</div>';
wp_redirect($url);
exit;
}else{
$wpdb->delete($wpdb->prefix . 'users', ['user_email' => $email]);
$wpdb->delete($wpdb->prefix . 'user_token', ['email' => $email]);
$_SESSION["message"] = '<div style="background-color: indianred; color: #FFFFFF; line-height: 30px; height: 10%; text-align: center; top: 0px; width: 100%; z-index: 100; margin-bottom: 10px;">'.'Aktivasi akun gagal! Token kadaluarsa'.'</div>';
wp_redirect($url);
exit;
}
}else{
if(($token != $user_token) === true){
$_SESSION["message"] = '<div style="background-color: indianred; color: #FFFFFF; line-height: 30px; height: 10%; text-align: center; top: 0px; width: 100%; z-index: 100; margin-bottom: 10px;">'.'Aktivasi akun gagal! Token salah'.'</div>';
wp_redirect($url);
exit;
}
}
}else{
if(($email != $users->user_email) === true){
$_SESSION["message"] = '<div style="background-color: indianred; color: #FFFFFF; line-height: 30px; height: 10%; text-align: center; top: 0px; width: 100%; z-index: 100; margin-bottom: 10px;">'.'Aktivasi akun gagal! Email salah'.'</div>';
wp_redirect($url);
exit;
}
}
session_destroy();
}
}
?>
this is forgot-password.php
<?php
class forgotPasswordForm extends loginForm{
public function forgotPassword(){
global $wpdb;
$email = $_GET["em"];
$token = $_GET["tk"];
$url = site_url() .'/login/forgotpassword';
$other_url = add_query_arg(
array(
'req:em' =>$email,
'tk' => $token
), site_url().'/changepassword'
);
$users = $wpdb->get_row( $wpdb->prepare("SELECT * FROM {$wpdb->prefix}users WHERE user_email = '$email'", ARRAY_A));
if($users){
$user_token = $wpdb->get_row( $wpdb->prepare("SELECT * FROM {$wpdb->prefix}user_token WHERE token = '$token'", ARRAY_A));
if($user_token){
if(time() - $user_token->date_created < (60*60*24)){
$_SESSION["message"] = '<div style="background-color: darkcyan ; color: #FFFFFF; line-height: 30px; height: 10%; text-align: center; top: 0px; width: 100%; z-index: 100; margin-bottom: 10px;">'.'Setel ulang kata sandi: '.$email.'</div>';
wp_redirect($other_url);
exit;
}
else{
$wpdb->delete($wpdb->prefix . 'user_token', ['email' => $email]);
$_SESSION["message"] = '<div style="background-color: indianred; color: #FFFFFF; line-height: 30px; height: 10%; text-align: center; top: 0px; width: 100%; z-index: 100; margin-bottom: 10px;">'.'Setel ulang kata sandi gagal! Token kadaluarsa'.'</div>';
wp_redirect($url);
exit;
}
}
else{
if($token != $user_token){
$_SESSION["message"] = '<div style="background-color: indianred; color: #FFFFFF; line-height: 30px; height: 10%; text-align: center; top: 0px; width: 100%; z-index: 100; margin-bottom: 10px;">'.'Setel ulang kata sandi gagal! Token salah'.'</div>';
wp_redirect($url);
exit;
}
}
}else{
if($email != $users->user_email){
$_SESSION["message"] = '<div style="background-color: indianred; color: #FFFFFF; line-height: 30px; height: 10%; text-align: center; top: 0px; width: 100%; z-index: 100; margin-bottom: 10px;">'.'Setel ulang kata sandi gagal! Email salah'.'</div>';
wp_redirect($url);
exit;
}
}
}
}
?>
and I put sendEmail functions in functions.php
<?php
class myFunctions {
protected static function _sendEmail($token, $type){
$sendto = filter_input(INPUT_POST, 'email');
$sendfrom = 'hendratrisno@gmail.com';
$headers = array("Content-type:text/html; charset=UTF-8","From: Me Myself <". $sendfrom . ">");
if($type == 'verify'){
$sendsub = 'Verify Account';
$sendmess = 'Please click to activate your account:<a href="'.site_url(). '/login/verify?em='.filter_input(INPUT_POST, 'email'). '&tk='.urlencode_deep($token).'">Activate</a>';
}
if($type == 'forgot'){
$sendsub = 'Reset Password';
$sendmess = 'Please click to reset your password:<a href="'.site_url(). '/login/forgotpassword?em='.filter_input(INPUT_POST, 'email'). '&tk='.urlencode_deep($token).'">Reset Password</a>';
}
wp_mail($sendto, $sendsub, $sendmess, $headers);
}
}
?>
and for inheritance, my code like this:
class myFunctions
class registerForm extends myFunctions
class loginForm extends registerForm
class forgotPasswordForm extends loginForm
class changePasswordForm extends forgotPasswordForm
I hope I can get help to solve this bugs. Thank You!