Plugin is not working with custom login page

@stasonkiev : Have you already solved this? I have to add some additional code to the plugin so it works with other login screens. WARNING: Not well tested, no warranties, works for me.

// line 620
			} else {
				if ( ! $this->is_two_screen_signin_enabled() ) {
					return new WP_Error( 'invalid_google_authenticator_token', __( '<strong>ERROR</strong>: The Google Authenticator code is incorrect or has expired.', 'google-authenticator' ) );
				} else {
					wp_logout();
					if( ! function_exists( 'login_header' )) {
						$this->redirect_to_secondary_login_screen( $username, $password );
					} else {
						$this->secondary_login_screen();
					}
					exit;
				}
			}
		}
	}
	// Google Authenticator isn't enabled for this account,
	// just resume normal authentication.
	return $userstate;
}

/*
 * Redirect to wordpress login.
 * https://stackoverflow.com/a/5576700
 */
function redirect_to_secondary_login_screen( $username, $password ) {

	$redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : admin_url();
	?>
	<form name="loginform" id="loginform" action="<?php echo esc_url( site_url( 'wp-login.php', 'login_post' ) ); ?>" method="post">
		<input type="hidden" name="log" value="<?php echo esc_attr( $username ); ?>" />
		<input type="hidden" name="pwd" value="<?php echo esc_attr( $password ); ?>" />
		<?php if ( array_key_exists( 'rememberme', $_REQUEST ) && 'forever' === $_REQUEST[ 'rememberme']): ?>
				<input name="rememberme" type="hidden" id="rememberme" value="forever" />
		<?php endif; ?>
		<p><?php esc_html_e( 'Redirecting to Google Authenticator login.', 'google-authenticator' ); ?></p>
		<p class="submit">
			<input type="hidden" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Log In'); ?>" />
			<input type="hidden" name="redirect_to" value="<?php echo esc_attr($redirect_to); ?>" />
			<input type="hidden" name="testcookie" value="1" />
		</p>
	</form>

	<script type="text/javascript">
		document.getElementById('loginform').submit();
	</script>
	<?php
}

What is the best way to submit code? I add the diff to this ticket?

Patch:

Index: trunk/google-authenticator.php
===================================================================
--- trunk/google-authenticator.php	(revision 2866575)
+++ trunk/google-authenticator.php	(working copy)
@@ -173,7 +173,7 @@
  * Create a new random secret for the Google Authenticator app.
  * 16 characters, randomly chosen from the allowed Base32 characters
  * equals 10 bytes = 80 bits, as 256^10 = 32^16 = 2^80
- */ 
+ */
 function create_secret() {
     $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567'; // allowed characters in Base32
     $secret = '';
@@ -585,10 +585,10 @@
 
 		// Get the users secret
 		$GA_secret = trim( get_user_option( 'googleauthenticator_secret', $user->ID ) );
-		
+
 		// Figure out if user is using relaxed mode ?
 		$GA_relaxedmode = trim( get_user_option( 'googleauthenticator_relaxedmode', $user->ID ) );
-		
+
 		// Get the verification code entered by the user trying to login
 		if ( !empty( $_POST['googleotp'] )) { // Prevent PHP notices when using app password login
 			$otp = trim( $_POST[ 'googleotp' ] );
@@ -616,13 +616,17 @@
 				} else {
 					// Wrong XMLRPC/APP password !
 					return new WP_Error( 'invalid_google_authenticator_password', __( '<strong>ERROR</strong>: The Google Authenticator password is incorrect.', 'google-authenticator' ) );
-				} 		 
+				}
 			} else {
 				if ( ! $this->is_two_screen_signin_enabled() ) {
 					return new WP_Error( 'invalid_google_authenticator_token', __( '<strong>ERROR</strong>: The Google Authenticator code is incorrect or has expired.', 'google-authenticator' ) );
 				} else {
 					wp_logout();
-					$this->secondary_login_screen();
+					if( ! function_exists( 'login_header' )) {
+						$this->redirect_to_secondary_login_screen( $username, $password );
+					} else {
+						$this->secondary_login_screen();
+					}
 					exit;
 				}
 			}
@@ -633,6 +637,34 @@
 	return $userstate;
 }
 
+/*
+ * Redirect to wordpress login.
+ * https://stackoverflow.com/a/5576700
+ */
+function redirect_to_secondary_login_screen( $username, $password ) {
+
+	$redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : admin_url();
+	?>
+	<form name="loginform" id="loginform" action="<?php echo esc_url( site_url( 'wp-login.php', 'login_post' ) ); ?>" method="post">
+		<input type="hidden" name="log" value="<?php echo esc_attr( $username ); ?>" />
+		<input type="hidden" name="pwd" value="<?php echo esc_attr( $password ); ?>" />
+		<?php if ( array_key_exists( 'rememberme', $_REQUEST ) && 'forever' === $_REQUEST[ 'rememberme']): ?>
+				<input name="rememberme" type="hidden" id="rememberme" value="forever" />
+		<?php endif; ?>
+		<p><?php esc_html_e( 'Redirecting to Google Authenticator login.', 'google-authenticator' ); ?></p>
+		<p class="submit">
+			<input type="hidden" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Log In'); ?>" />
+			<input type="hidden" name="redirect_to" value="<?php echo esc_attr($redirect_to); ?>" />
+			<input type="hidden" name="testcookie" value="1" />
+		</p>
+	</form>
+
+	<script type="text/javascript">
+		document.getElementById('loginform').submit();
+	</script>
+	<?php
+}
+
 function secondary_login_screen() {
 	$redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : admin_url();
 	login_header( esc_html__('Secondary Login Screen', 'google-authenticator' ) );
@@ -686,7 +718,7 @@
 	// If editing of Google Authenticator settings has been disabled, just return
 	$GA_hidefromuser = trim( get_user_option( 'googleauthenticator_hidefromuser', $user_id ) );
 	if ( $GA_hidefromuser == 'enabled') return;
-	
+
 	$GA_secret			= trim( get_user_option( 'googleauthenticator_secret', $user_id ) );
 	$GA_enabled			= trim( get_user_option( 'googleauthenticator_enabled', $user_id ) );
 	$GA_relaxedmode		= trim( get_user_option( 'googleauthenticator_relaxedmode', $user_id ) );
@@ -693,7 +725,7 @@
 	$GA_description		= trim( get_user_option( 'googleauthenticator_description', $user_id ) );
 	$GA_pwdenabled		= trim( get_user_option( 'googleauthenticator_pwdenabled', $user_id ) );
 	$GA_password		= trim( get_user_option( 'googleauthenticator_passwords', $user_id ) );
-	
+
 	// We dont store the generated app password in cleartext so there is no point in trying
 	// to show the user anything except from the fact that a password exists.
 	if ( $GA_password != '' ) {
@@ -704,7 +736,7 @@
 	if ( '' == $GA_secret ) {
 		$GA_secret = array_key_exists( 'GA_secret', $_REQUEST ) ? sanitize_text_field( $_REQUEST[ 'GA_secret' ] ) : $this->create_secret();
 	}
-	
+
 	if ( '' == $GA_description ) {
 		// Super admins and users with accounts on more than one site get the network name as the helpful name,
 		// everyone else gets the site that they're on
@@ -714,7 +746,7 @@
 			$GA_description = sanitize_text_field( get_bloginfo( 'name' ) );
 		}
 	}
-	
+
 	echo "<h3>".__( 'Google Authenticator Settings', 'google-authenticator' )."</h3>\n";
 
 	echo "<table class=\"form-table\">\n";
@@ -818,7 +850,7 @@
   			var qrcode="otpauth://totp/WordPress:"+escape(jQuery('#GA_description').val())+"?secret="+jQuery('#GA_secret').val()+"&issuer=WordPress";
 			jQuery('#GA_QRCODE').qrcode(qrcode);
  			jQuery('#GA_QR_INFO').show('slow');
-  		});  	
+  		});
 	});
 
 	// If the user starts modifying the description, hide the qrcode
@@ -839,9 +871,9 @@
 		jQuery.post(ajaxurl, data, function(response) {
   			jQuery('#GA_password').val(response['new-secret'].match(new RegExp(".{0,4}","g")).join(' '));
   			jQuery('#GA_passworddesc').show();
-  		});  	
+  		});
 	});
-	
+
 	jQuery('#GA_enabled').bind('change',function() {
 		GoogleAuthenticator_apppasswordcontrol();
 	});
@@ -850,7 +882,7 @@
 		jQuery('#GA_passworddesc').hide();
 		GoogleAuthenticator_apppasswordcontrol();
 	});
-	
+
 	function GoogleAuthenticator_apppasswordcontrol() {
 		if (jQuery('#GA_enabled').is(':checked')) {
 			jQuery('#GA_pwdenabled').removeAttr('disabled');
@@ -893,7 +925,7 @@
 	$GA_secret	= trim( $_POST['GA_secret'] );
 	$GA_pwdenabled	= ! empty( $_POST['GA_pwdenabled'] );
 	$GA_password	= str_replace(' ', '', trim( $_POST['GA_password'] ) );
-	
+
 	if ( ! $GA_enabled ) {
 		$GA_enabled = 'disabled';
 	} else {
@@ -912,7 +944,7 @@
 	} else {
 		$GA_pwdenabled = 'enabled';
 	}
-	
+
 	// Only store password if a new one has been generated.
 	if (strtoupper($GA_password) != 'XXXXXXXXXXXXXXXX' ) {
 		// Store the password in a format that can be expanded easily later on if needed.
@@ -919,7 +951,7 @@
 		$GA_password = array( 'appname' => 'Default', 'password' => wp_hash_password( $GA_password ) );
 		update_user_option( $user_id, 'googleauthenticator_passwords', json_encode( $GA_password ), true );
 	}
-	
+
 	update_user_option( $user_id, 'googleauthenticator_enabled', $GA_enabled, true );
 	update_user_option( $user_id, 'googleauthenticator_description', $GA_description, true );
 	update_user_option( $user_id, 'googleauthenticator_relaxedmode', $GA_relaxedmode, true );
@@ -963,7 +995,7 @@
  */
 function edit_user_profile_update() {
 	global $user_id;
-	
+
 	$GA_enabled	     = ! empty( $_POST['GA_enabled'] );
 	$GA_hidefromuser = ! empty( $_POST['GA_hidefromuser'] );
 
@@ -993,7 +1025,7 @@
 
 	// Some AJAX security.
 	check_ajax_referer( 'GoogleAuthenticatoraction', 'nonce' );
-	
+
 	// Create new secret.
 	$secret = $this->create_secret();
 
@@ -1002,7 +1034,7 @@
 	echo json_encode( $result );
 
 	// die() is required to return a proper result
-	die(); 
+	die();
 }
 
 } // end class

• This reply was modified 1 year, 9 months ago by ootwch.

Even better solution that does not require a change to the plugin itself:

<?php
/**
 * Redirects login from custom or woocommerce login when google-authenticator is used.
 *
 */

/**
 * Google Authenticatore for Custom Login.
 */
class Google_Authenticator_Custom_Login {

    public $google_authenticator;
    
    public function __construct() {
        add_action('plugins_loaded', 'init');
    }

    function init() {

        if ( ! class_exists( 'GoogleAuthenticator' ) ) {
            return;
        }

        $this->google_authenticator = \GoogleAuthenticator::instance;

        // Smaller priority than the google authenticator itself.
        add_filter( 'authenticate', array( $this, 'redirect_to_otp' ), 40, 3 );

      }



    /*
    * Redirect to wordpress login.
    * https://stackoverflow.com/a/5576700
    */
    public function redirect_to_otp( $user, $username = '', $password = '' ) {

        // Only redirect if needed.
        if( function_exists( 'login_header' )) {
            return $user;
        } 

        $redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : admin_url();
        ?>
        <form name="loginform" id="loginform" action="<?php echo esc_url( site_url( 'wp-login.php', 'login_post' ) ); ?>" method="post">
            <input type="hidden" name="log" value="<?php echo esc_attr( $username ); ?>" />
            <input type="hidden" name="pwd" value="<?php echo esc_attr( $password ); ?>" />
            <?php if ( array_key_exists( 'rememberme', $_REQUEST ) && 'forever' === $_REQUEST[ 'rememberme']): ?>
                    <input name="rememberme" type="hidden" id="rememberme" value="forever" />
            <?php endif; ?>
            <p><?php esc_html_e( 'Redirecting to Google Authenticator login.', 'google-authenticator' ); ?></p>
            <p class="submit">
                <input type="hidden" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Log In'); ?>" />
                <input type="hidden" name="redirect_to" value="<?php echo esc_attr($redirect_to); ?>" />
                <input type="hidden" name="testcookie" value="1" />
            </p>
        </form>

        <script type="text/javascript">
            document.getElementById('loginform').submit();
        </script>
        <?php
    }

}


new Google_Authenticator_Custom_Login();