Overriding lost password flow with pmpro_login

  • Resolved amisam666

    (@amisam666)


    1 month, 1 week ago

    I’ve inherited the maintenance of a not for profit site from a previous developer. I have next to no experience with WordPress – I develop backend microservices generally – but I’ve managed to deal with most of the configuration. The site uses a custom theme that overrides the login, registration and lost password flow (I guess this is technically all login) with the login page simply containing a short code to the pmpro_login page. In the theme folder there is a paid-membership-pro folder with a pages subfolder that contains a login.php file. This handles the custom login form, custom error notices and etc.

    This all seems to work as I would expect until you click the submit button to send the reset link email. At that point, for both error and success, the site displays the default WordPress reset password and login screens. For example, clicking on the login page link on the ‘check your email for the confirmation link’ WordPress page (wp-login.php?checkemail=confirm) takes you to the WordPress login page not the custom one.

    I’m assuming that there is a missing filter or something that is needed to override the standard pmpro login behavior but I’ve not been able to find any help on this.

    The login.php script is:


    <?php if(is_user_logged_in()) { header("Location: /"); } ?>

    <div id="register-logo">
       <?php

          if ( has_custom_logo() ) {
             $custom_logo_id = get_theme_mod( 'custom_logo' );
             $logo = wp_get_attachment_image_src( $custom_logo_id , 'full' );
             echo '<img src="'. esc_url( $logo[0] ) .'" alt="'. get_bloginfo( 'name' ) .'">';
          } else {
    	echo '<img src="'. get_template_directory_uri().'/assets/img/logos/SmallLogo.png" alt="'. get_bloginfo( 'name' ) .'">';
          }
       ?>
    </div>

    <?php
       $action = "";
       if (isset($_REQUEST['action'])) {
          $action = sanitize_text_field($_REQUEST['action']);
       }

       // Login Errors
       if (!is_user_logged_in()) {
          switch ($action) {
             case 'failed':
             case 'invalid_username':
             case 'incorrect_password':
             case 'invalid_email':
                fab_create_notice('error', 'Couldn\'t log in, password or email incorrect');
                break;
             case 'empty_username':
                fab_create_notice('error', 'You did not enter an email or username.');
                break;
             case 'empty_password':
                fab_create_notice('error', 'You did not enter a password.');
                break;
             case 'recovered':
                fab_create_notice('error', 'Your account has not yet been verified.<br>Check your email for an activation link.');
                break;
          }
       }

       // Logout Errors
       if ( isset( $_GET['loggedout'] ) ) {
          switch ( sanitize_text_field( $_GET['loggedout'] ) ) {
             case 'true':
                fab_create_notice('info', 'You are now logged out.');
                break;
             default:
                fab_create_notice('error', 'There was a problem logging you out.');
                break;
          }
       }

        // Password reset email confirmation.
       if ( isset( $_GET['checkemail'] ) ) {
          switch ( sanitize_text_field( $_GET['checkemail'] ) ) {
             case 'confirm':
                fab_create_notice('info', 'Check your email for a link to reset your password.');
                break;
             default:
                fab_create_notice('error', 'There was an unexpected error regarding your email. Please try again.');
                break;
          }
       }

       // Password errors
       if ( isset( $_GET['login'] ) ) {
          switch ( sanitize_text_field( $_GET['login'] ) ) {
             case 'invalidkey':
                fab_create_notice('error', 'Your reset password key is invalid.');
                break;
             case 'expiredkey':
                fab_create_notice('error', 'Your reset password key has expired. Please try again.');
                break;
          }
       }
       if ( isset( $_GET['password'] ) ) {
          switch( $_GET['password'] ) {
             case 'changed':
                fab_create_notice('info', 'Your password has been updated!<br>You can now log in with your new password');
                break;
             default:
                fab_create_notice('error', 'There was a problem updating your password.');
                break;
          }
       }

       // Get Errors from password reset.
       if ( isset( $_REQUEST['errors'] ) ) {
          $password_reset_errors = sanitize_text_field( $_REQUEST['errors'] );
       } elseif ( isset( $_REQUEST['error'] ) ) {
           $password_reset_errors = sanitize_text_field( $_REQUEST['error'] );
       }
       if ( isset( $password_reset_errors ) ) {
          switch ( $password_reset_errors ) {
             case 'invalidcombo':
                fab_create_notice('error', 'Invalid details, cannot send password reset.');
                break;
             case 'empty_username':
                fab_create_notice('error', 'Please enter a username or email.');
                break;
             case 'invalid_email':
                fab_create_notice('error', 'Invalid details, cannot send password reset.');
                break;
             case 'password_reset_mismatch':
                fab_create_notice('error', 'New passwords don\'t match');
                break;
             case 'password_reset_empty':
                fab_create_notice('error', 'Please complete all fields.');
                break;
             case 'retrieve_password_email_failure':
                fab_create_notice('error', 'Email could not be sent.');
             break;
          }
      }


       // ?? Login Form
       if (! in_array( $action, array( 'reset_pass', 'rp', 'lostpassword' ) )) {
    ?>

    <form name="loginform" id="login_form" action="<?php echo get_site_url(); ?>/wp-login.php" method="post">
       <div class="field-set left-icon">
          <input class="field-input" id="fab_user" placeholder="Username or Email" name="log"/>
          <span class="field-icon">
             <i class="fas fa-user"></i>
          </span>
       </div>

       <div class="field-set left-icon">
          <input class="field-input" id="fab_pwd" type="password" placeholder="Password" name="pwd"/>
          <span class="field-icon">
             <i class="fas fa-lock"></i>
          </span>
       </div>

       <div class="field-set">
          <label class="field-checkbox">
          <input type="checkbox">
             Remember me
          </label>
       </div>

       <div class="field-set">
          <input type="submit" name="wp-submit" id="fab_submit" value="Log In" disabled>
       </div>

       <div class="field-set">
         <a href="<?php echo get_site_url(); ?>/register/">Register</a> | <a href="<?php echo get_site_url(); ?>/login/?action=reset_pass">Forgot Username or Password</a>
       </div>
    </form>

    <script>
       jQuery('#fab_user').bind('keyup paste', checkEmpty);
       jQuery('#fab_pwd').bind('keyup paste', checkEmpty);

       function checkEmpty() {
          console.log("STUFF");
          if (jQuery('#fab_user').val() === "" || jQuery('#fab_pwd').val() === "") {
             jQuery('#fab_submit').attr("disabled", true);
             if (jQuery('#fab_user').val() === "" && jQuery('#fab_pwd').val() !== "") {
                jQuery('#fab_user').css("border", "1px solid red");
             } else {
                jQuery('#fab_user').css("border", "inherit");
             }
          } else {
             jQuery('#fab_submit').attr("disabled", false);
          }

       }
    </script>

    <?php
       // ?? Password Reset
        } else {
           if (in_array($action, array('reset_pass', 'lostpassword') )) {
    ?>

    <form name="lostpasswordform" action="<?php echo get_site_url(); ?>/wp-login.php?action=lostpassword" method="post">
       <div class="field-set">
          <input class="field-input" id="" placeholder="Username or Email" name="user_login"/>
       </div>
       <div class="field-set">
          <input type="submit" name="submit" id="wp-submit" value="Send Email">
       </div>

       <div class="field-set">
          <a href="<?php echo get_site_url(); ?>/register/">Register</a> | <a href="<?php echo get_site_url(); ?>/login/">Login</a>
       </div>
    </form>

    <?php
       // ?? Password Change
       } else if ($action == 'rp') {
          if ( isset( $_REQUEST['login'] ) && isset( $_REQUEST['key'] ) ) {
    ?>


    <form name="resetpassform" action="<?php echo esc_url( get_site_url() . '/wp-login.php?action=resetpass' ); ?>" method="post" autocomplete="off">
       <input type="hidden" id="user_login" name="rp_login" value="<?php echo esc_attr( sanitize_text_field( $_REQUEST['login'] ) ); ?>" autocomplete="off" />
       <input type="hidden" name="rp_key" value="<?php echo esc_attr( sanitize_text_field( $_REQUEST['key'] ) ); ?>" />

       <p>
            Enter your new password below.
       </p>

       <div class="field-set">
          <label for="pass1">New Password</label>
          <input class="field-input" id="pass1" type="password" name="pass1" autocomplete="off" size="20"/>
         <div id="pass-strength-result" class="hide-if-no-js" aria-live="polite"><?php _e( 'Strength Indicator', 'paid-memberships-pro' ); ?></div>
             <p class="<?php echo pmpro_get_element_class( 'lite' ); ?>"><?php echo wp_get_password_hint(); ?></p>
          </div>

          <div class="field-set">
             <label for="pass2">Confirm New Password</label>
             <input class="field-input" id="pass2" type="password" name="pass2" autocomplete="off" size="20"/>
          </div>

          <div class="field-set">
             <input type="submit" name="submit" id="resetpass-button" value="Change Password" />
         </div>

    </form>


    <?php
          }
       }
    }


    /**
     * Create a custom notice
     */
    function fab_create_notice( $theme = 'error', $message = 'Error, task could not be completed.') {
       switch ($theme) {
          case 'error':
             echo '<div class="form_notice form_error"><i class="fas fa-exclamation-circle"></i>'.$message.'</div>';
             break;
          case 'warning':
             echo '<div class="form_notice form_warning"><i class="fas fa-exclamation-triangle"></i>'.$message.'</div>';
             break;
          case 'info':
             echo '<div class="form_notice form_info"><i class="fas fa-info-circle"></i>'.$message.'</div>';
             break;
         }
    }

    ?>

    Thanks

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support Jarryd Long

    (@jarryd-long)

    Hi there, thank you for reaching out to the Paid Memberships Pro team.

    It sounds like the login template that has been overridden in the theme is outdated and could be missing recent improvements and bug fixes.

    Please try renaming the theme/paid-memberships-pro/pages/login.php file to something else (_login.php will do) – run a test login and see if the issue persists as this will ensure that the core Paid Memberships Pro login template is loaded.

    If this works, you can copy the latest login.php template from https://github.com/strangerstudios/paid-memberships-pro/blob/dev/shortcodes/pmpro_login.php and apply any of the changes you may have previously had to the updated template.

    Kind Regards,
    Jarryd
    Support Manager at Paid Memberships Pro

    Thread Starter amisam666

    (@amisam666)

    Thanks Jarryd, that does indeed seem to be the problem. Is it possible to get a copy of the original login script that mine was based upon? There seems to be very little commonality between the new pmpro script and my script. Or can you point me at any documentation that would walk me through how to override the components on the widget – as far as I can tell, the changes that were originally made align with what the current login page does (e.g. errors displayed as a banner in the widget) with the addition of our logo/name at the top of the widget. The rest is just rewording of some of the links and moving the field titles into the field – non of which are particularly critical.

    Plugin Support Jarryd Long

    (@jarryd-long)

    You can copy and compare the current login page structure from here: https://github.com/strangerstudios/paid-memberships-pro/blob/dev/shortcodes/pmpro_login.php

    There’s a third-party online tool called Diff Checker (https://www.diffchecker.com/) where you can paste in your current code in the left and the latest code in the right and it will show you what differences have been made between the files.

    This should help you apply the same changes to the latest version of the file.

    Kind Regards,
    Jarryd
    Support Manager at Paid Memberships Pro

    Thread Starter amisam666

    (@amisam666)

    The problem with the login page structure in that link is that it is the current version and bears no resemblance to the script that we were using. It may be better if you can tell me if there is any documentation that details how to override the PMPro login screens.

    Thanks

    Alistair

    Plugin Support Jarryd Long

    (@jarryd-long)

    Your login page may be using something completely custom if it doesn’t resemble anything similar to the original login.php page.

    If you can default back to using the core PMPro login page I would recommend doing so. However due to what appears to be extensive changes to the custom login form, I would recommend reaching out to a developer for further assistance. Alternatively, please consider posting a project on https://jobs.wordpress.net for assistance.

    If you have any other questions or feedback related to your request, please reach out to us on https://paidmembershipspro.com/support and we’d be happy to help.

    Kind Regards,
    Jarryd
    Support Manager at Paid Memberships Pro

Viewing 5 replies - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.