{dynamic}validate_login_form
> **Note:** This is a dynamic hook. The actual hook name is constructed at runtime. Fires after the login form has been validated, allowing modification of user and provider data.
add_action( '{dynamic}validate_login_form', $callback, 10, 2 );
Description
This dynamic action hook, `{dynamic}validate_login_form`, fires during the WordPress login process. Developers can use it to perform custom validation or modifications to the login form after user authentication but before the login is finalized. It receives the user object and the authentication provider as arguments. This hook is primarily for internal use within the two-factor authentication system.
Usage
add_action( '{dynamic}validate_login_form', 'your_function_name', 10, 2 );Parameters
-
$user(mixed) - This parameter contains information about the user attempting to log in.
-
$provider(mixed) - This parameter contains the user object or username that is being validated.
Examples
<?php
/**
* Example function to hook into the {dynamic}validate_login_form action.
* This function demonstrates how to add custom validation or logging
* during the login form validation process, specifically for two-factor authentication.
*
* @param WP_User|WP_Error $user The user object or a WP_Error object if validation failed.
* @param string $provider The name of the two-factor provider being used.
*/
function my_custom_login_form_validation( $user, $provider ) {
// Check if the user object is valid and not a WP_Error.
if ( is_a( $user, 'WP_User' ) ) {
// Example: Log a successful two-factor validation event.
error_log( sprintf( 'Two-factor authentication validated for user ID: %d using provider: %s', $user->ID, $provider ) );
// Example: Add a custom flag or meta to the user upon successful validation.
// Note: This might be better handled in a subsequent action hook if available,
// but for demonstration, we'll show it here.
// update_user_meta( $user->ID, 'last_successful_2fa_login', time() );
// Example: Perform additional checks specific to your plugin/theme.
// if ( ! my_plugin_is_user_eligible_for_feature( $user->ID ) ) {
// wp_die( __( 'You are not authorized to access this feature after two-factor authentication.', 'my-text-domain' ), __( 'Access Denied', 'my-text-domain' ), 403 );
// }
} elseif ( is_a( $user, 'WP_Error' ) ) {
// Example: Log or handle specific login validation errors related to two-factor.
error_log( sprintf( 'Two-factor login validation error: %s', $user->get_error_message() ) );
}
}
// Hook the custom function to the action.
// We assume WP_2FA_PREFIX is defined elsewhere and is a string like 'wp_2fa_'.
// The number of arguments (2) is important for `add_action`.
add_action( WP_2FA_PREFIX . 'validate_login_form', 'my_custom_login_form_validation', 10, 2 );
?>Placement
This code should be placed in the functions.php file of your active theme, a custom plugin, or using a code snippets plugin.
Source Code
src/includes/two-factor/providers/wp-2fa/legacy/class-frontend-login-plus-2fa-2.6.php:433
src/includes/two-factor/providers/wp-2fa/legacy/class-frontend-login-plus-2fa-2-4.php:388
src/includes/two-factor/providers/wp-2fa/legacy/class-frontend-login-plus-2fa-2-5.php:387
$this->login_uri
)
);
exit;
}
do_action( WP_2FA_PREFIX . 'validate_login_form', $user, $provider );
$this->two_factor::delete_login_nonce( $user->ID );
$rememberme = false;
$remember = ( isset( $_REQUEST['rememberme'] ) ) ? filter_var( $_REQUEST['rememberme'], FILTER_VALIDATE_BOOLEAN ) : ''; //phpcs:ignore
if ( ! empty( $remember ) ) {
$rememberme = true;