• Resolved proximity2008

    (@proximity2008)


    I have a membership site. Non paying members are created with real emails, but bogus user names: “xx.john.doe”. It’s a simple way to identify non-paying members.
    However:
    xx.john.doe can still reset his password – and therefore log in. This is easy to prevent in standard WP:

    add_action('password_reset', [$this, 'prevent_password_change_for_xx_users'], 10, 2);

    but TML bypasses this. I can see there are https://docs.thememylogin.com/article/87-disabling-an-action but I don’t see how to use it in this case?

Viewing 1 replies (of 1 total)
  • Thread Starter proximity2008

    (@proximity2008)

    Actually pretty straight forward once I dug into it. It’s just WordPress filters after all.

    add_filter('lostpassword_errors', [$this, 'prevent_password_change_for_xx_users'], 10, 2);

    public function lostpassword_errors($errors, WP_USER $user_data) 
    {
    if($user_data->user_login) {
    $lowercased_login = strtolower($user_data->user_login);
    if (strpos($lowercased_login, 'xx') === 0) {
    $errors->add('user_email', 'Trial members are not allowed to do this.');
    }
    }
    return $errors;
    }


Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.