WordPress.org

Making WordPress.org

Changeset 10844


Ignore:
Timestamp:
03/25/2021 07:32:50 AM (8 weeks ago)
Author:
dd32
Message:

Login: Don't show the "Account disabled" error message when someone attempts to login with the username 'admin', instead, give a nicer error message suggesting they're in the wrong location.

This was adapted from the WordCamp login message.

See #5590.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/common/includes/wporg-sso/wp-plugin.php

    r10579 r10844  
    5555                remove_action( 'after_password_reset', 'wp_password_change_notification' );
    5656
     57                // Disable the 'admin' user with a nicer message. Must be before authenticate_block_check.
     58                add_filter( 'authenticate', array( $this, 'authenticate_admin_check' ), 4, 2 );
     59
    5760                add_filter( 'allow_password_reset', array( $this, 'disable_password_reset_for_blocked_users' ), 10, 2 );
    5861                add_filter( 'authenticate', array( $this, 'authenticate_block_check' ), 5, 2 );
     
    8386            add_filter( 'pre_site_option_registration', array( $this, 'inherit_registration_option' ) );
    8487            return $value;
     88        }
     89        /**
     90         * Checks if the authenticated is "admin" and returns a nicer error message.
     91         *
     92         * @param WP_User|WP_Error|null $user WP_User or WP_Error object if a previous
     93         *                                    callback failed authentication.
     94         * @param string $user_login The user login attmpting to login.
     95         * @return WP_User|WP_Error WP_User on success, WP_Error on failure.
     96         */
     97        public function authenticate_admin_check( $user, $user_login ) {
     98
     99            if ( 'admin' === $user_login ) {
     100
     101                // Returning a WP_Error from an authenticate filter doesn't block auth, as a later hooked item can return truthful.
     102                remove_all_actions( 'authenticate' );
     103
     104                return new WP_Error(
     105                    'admin_wrong_place',
     106                    sprintf(
     107                        '<strong>%s</strong><br><br>%s',
     108                        __( 'Are you in the right place?', 'wporg' ),
     109                        __( 'This login form is for the WordPress.org website, rather than your personal WordPress site.', 'wporg' )
     110                    )
     111                );
     112            }
     113
     114            return $user;
    85115        }
    86116
Note: See TracChangeset for help on using the changeset viewer.