How to block specific user id in custom login form?
https://wordpress.stackexchange.com/questions/384220
-
23-04-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I've been looking for this method for weeks, but still can't find it. There are so many sites that discuss how to create a custom login page, but they don't cover how to block a specific id like the one I was looking for.
The algorithm is as below:
first I will determine the user id number that I will block via code in php.
On the front end page, the user will input their username and password. Then when they click the login button, wordpress does not immediately check the compatibility between the user's username and password.
Wordpress will first check the id of the username that has been entered by the user. If it turns out that the username has the same ID as the ID I blocked, an error message will appear and the user cannot log in, but if the username does not have the same ID as the ID I blocked, then the user can login.
I hope you guys can help. Thank you in advance
La solution
You can add a low priority authenticate hook that runs after all the other hooks and rejects authentication for a specific user ID:
function wpse_384212_ban_user_id( $user, $username, $password ) {
// At this point $user is either a WP_User object if they've successfully logged in,
// or null or a WP_Error if they haven't. We want to reject users by ID.
if ( $user instanceof WP_User ) {
// This is a successfully authenticated user. Check their ID.
$banned_user_ids = array( 3, 6, 10 ); // could also store these in a site option
if ( in_array( $user->ID, $banned_user_ids ) ) {
return new WP_Error( 'user_banned', 'You are banned' );
}
}
// Else return the user or error from previous authentication filters
return $user;
}
add_filter( 'authenticate', 'wpse_384212_ban_user_id', 999, 3 );
This rejects users who have otherwise logged in successfully. If you wanted to reject them whether they managed to log in or not, you'll need to look up the user to fetch their ID for the extra check:
function wpse_384212_ban_user_id( $user, $username, $password ) {
// At this point $user is either a WP_User object if they've successfully logged in,
// or null or a WP_Error if they haven't. We want to reject users by ID.
$banned_user_ids = array( 3, 6, 10 ); // could also store these in a site option
if ( $user instanceof WP_User ) {
// This is a successfully authenticated user. Check their ID.
if ( in_array( $user->ID, $banned_user_ids ) ) {
return new WP_Error( 'user_banned', 'You are banned' );
}
} elseif ($username) {
// Unsuccessful login but we have a username.
// Look up the user by username or email to see if they are a banned user
$login_user = get_user_by( 'login', $username );
if ( ! $login_user && is_email( $username ) ) {
$login_user = get_user_by( 'email', $username );
}
if ( $login_user instanceof WP_User ) {
// This was a failed login for a valid user. Check the user's ID
if ( in_array( $login_user->ID, $banned_user_ids ) ) {
return new WP_Error( 'user_banned', 'You are banned' );
}
}
}
// Else return the user or error from previous authentication filters
return $user;
}
add_filter( 'authenticate', 'wpse_384212_ban_user_id', 999, 3 );
If this is a multisite then these would need to go in a mu-plugin.
Autres conseils
There is a simple plugin which you could use to lock user account and it's FREE. https://wordpress.org/plugins/lock-user-account/
Simply works great!
- Install and activate the plugin
- Navigate to Users Page (From WP Dashboard)
- Select the specific user(s) you want to lock
- Choose 'lock' option from the 'Bulk action' dropdown
- That's it!
