Hi Steven,
this may not be most elegant way, but I achieved this by just adding the URL I want the user to see after login to the redirect in the “passwordless_login.php file.
/**
* Automatically logs in a user with the correct nonce
*
* @since v.1.0
*
* @return string
*/
add_action( 'init', 'wpa_autologin_via_url' );
function wpa_autologin_via_url(){
if( isset( $_GET['token'] ) && isset( $_GET['uid'] ) && isset( $_GET['nonce'] ) ){
$uid = sanitize_key( $_GET['uid'] );
$token = sanitize_key( $_REQUEST['token'] );
$nonce = sanitize_key( $_REQUEST['nonce'] );
$hash_meta = get_user_meta( $uid, 'wpa_' . $uid, true);
$hash_meta_expiration = get_user_meta( $uid, 'wpa_' . $uid . '_expiration', true);
$arr_params = array( 'uid', 'token', 'nonce' );
$current_page_url = remove_query_arg( $arr_params, wpa_curpageurl() );
require_once( ABSPATH . 'wp-includes/class-phpass.php');
$wp_hasher = new PasswordHash(8, TRUE);
$time = time();
if ( ! $wp_hasher->CheckPassword($token . $hash_meta_expiration, $hash_meta) || $hash_meta_expiration < $time || ! wp_verify_nonce( $nonce, 'wpa_passwordless_login_request' ) ){
wp_redirect( $current_page_url . '?wpa_error_token=true' );
exit;
} else {
wp_set_auth_cookie( $uid );
delete_user_meta($uid, 'wpa_' . $uid );
delete_user_meta($uid, 'wpa_' . $uid . '_expiration');
$total_logins = get_option( 'wpa_total_logins', 0);
update_option( 'wpa_total_logins', $total_logins + 1);
//Old redirect
//wp_redirect( $current_page_url );
//Custom redirect
wp_redirect( 'https://YOUR-LANDING-PAGE.COM' );
exit;
}
}
}
A better way would be to write a small plugin overwriting the existing redirect, so you don′t get in trouble when updating the Plugin.
Best,
Marc
