Preventing auto login after registration

While we’re at it, at which point can we add user_nicename before the user is created? It’s not by simply adding ‘user_nicename‘ to $userData is it? as your field names do not map directly to wp_insert_user‘s fields.

Hi @pao2

As for preventing the autologin:
The “shouldAutoLogin” property is a protected property, that you can not modify but you shouldn’t modify that anyway. Since if you want to preven the login with social login, then you should do that by enabling our “Support login restrictions” feature on the General tab:

• https://nextendweb.com/nextend-social-login-docs/global-settings/#support-login-restriction

and then you should stop the login by returning a WP_Error on the “authenticate” or “wp_authenticate_user” filters, like we mention at the top of our documentation:

• https://nextendweb.com/nextend-social-login-docs/login-restriction/

As for the “user_nicename”:
Yes, that won’t work. If you would like to store some extra information when the registration happens with social login, then instead you should do that after our registration has already happened.
Our “nsl_register_new_user” action runs after we have registered a new account, so you could hook a function there and update user.

Please note that we can not provide support for custom coding and problems caused by custom codes, but in our Developer documentation you can find multiple examples:

• https://nextendweb.com/nextend-social-login-docs/backend-developer/

Best regards,
Laszlo.

Thank you, for the first point i want the user to be able to login using Social login but i only want to prevent auto login when the user first registers, so after the authentication the user won’t be logged in automatically and is redirected to somewhere else instead.

By glancing at the code we know that the shouldAutoLogin flag should prevent that if set to false, but as you said it’s protected and i couldn’t see any hook that could modify that value, so is there any alternative to achieve that?

Hi @pao2

To prevent the login only for the first time when the registration happens with social login, you just need to hook the function to the ?“authenticate” or “wp_authenticate_user” filters inside a function that you hooked to our “nsl_register_new_user” action. As I mentioned above, this action only runs when Nextend Social Login registers a new user.

Please note that, as I mentioned above, we can not provide support for custom coding, but I created a basic code example for you that shows what I meant exactly:

add_action('nsl_register_new_user', function ($user_id) {
    add_filter('authenticate', function($user, $username, $password){
        return new WP_Error( 'authentication_failed', __( 'Your reason for the failed login.' ) );
    },10,3);
});

The other advantage of this method is that, when the login is prevented you can also override the redirects URL via the “nsl_disabled_login_redirect_url” filter. In addition, when we get a WP_ERROR back we will fire the wp_login_failed action. So e.g. plugins which are logging failed login attempts are also getting informed about the failed login attempts. So this is a complete solution.

Best regards,
Laszlo.

Still not preventing the login after using the code above, authenticate or wp_authenticate_user, even after setting up the redirection url in nsl_disabled_login_redirect_url. Did i miss anything?

Nevermind, what i did instead:

Use {provider_id}_register_redirect_url to set a redirect url to a page (in my case the login page) where i would do this inside the template_redirect hook:

wp_destroy_current_session();
wp_clear_auth_cookie();
wp_set_current_user(0);

Not ideal, but it worked i think.

Hi @pao2

I have just checked the sample code that I sent you and it prevented the login after the registration with social login. Are you sure you tried to connect with a social media account that’s email address is not registered on your site, yet? ( If there is an account with the email address already then that won’t count as a registration but rather as a linking action, so the mentioned action won’t run. )

If you tried it with an actual registration with social login, and the code still didn’t prevent the login then I think you added the code part at a wrong place, so your function never gets hooked to the “nsl_register_new_user” action, or maybe you hook it too late. By echoing something out with an “exit;” statements at the various parts, you could check if your code runs at all or not.

I always delete the user after registering so pretty sure the email would no longer be registered each time. Tried it again, no avail.

The hook nsl_register_new_user itself was called no problem, i tried doing wp_update_user() in it just before the authenticate bit, and it worked.

Now for the authenticate filter, doesn’t seem to do anything, even with priorities of 5, 10, and 99.

Anyway, here’s how my settings look https://drive.google.com/file/d/1G6UzRkADZc7NFg13e680Dp5llOT33Wcu/view?usp=sharing

Hi @pao2

In your screenshot I can see that you have our “Support login restrictions” feature disabled. As I mentioned above, that setting needs to be enabled in order to be able to prevent the login over the “authenticate” and “wp_authenticate_user” filters.

Enabling that option will most likely fix the problem.

Hmm okay, i didn’t realise. Now though, how do you suppress the WP_Error message and the “authentication error” page before redirecting, cause you know, it’s actually a successful registration?

Update:

Used wp_login_failed to check for the error key passed by WP_Error earlier, and do a redirect accordingly if the key exists. So we won’t need nsl_disabled_login_redirect_url in this case.

Thank you @laszloszalvak

Hi @pao2

I am sorry, but you can’t, as basically that is what prevents the login. If there is no WP_ERROR, that means the login is allowed.

If your goal is to make Nextend Social Login not to display the error message in its floating popup ( that we display when you use the OAuth redirect uri proxy page ), then you could either:

Hide that element on your custom error page with a CSS that you load only on that particular page, e.g.:

div#nsl-notices-fallback .error{
  display: none;
}

Or you could get our error messages before we display them. To prevent displaying the error message multiple times, we automatically clear the error messages after the first time we get them. Something like this could probably get our error message early:

add_action('wp_print_footer_scripts', function () {
    if (class_exists('NSL\Notices') && NSL\Notices::hasErrors()) {
        NSL\Notices::getErrors();
    }
}, 1);

Whatever you will do, you need to make sure you only add one of these only on the page, where you want to hide the error. If you add them to a place that is loaded everywhere, then we won’t display any error messages!

Anyways please note that as I mentioned earlier we can not provide support for custom coding. So if you have further questions or problems related to our codes, then you will need to check our codes.