Because I couldn’t find an answer on this, I handled it myself by setting my own cookie in the function and checking that. Here is the revised function:
function custom_login_init () {
$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'login';
if ( isset( $_POST['wp-submit'] ) ) {
$action = 'post-data';
} else if ( isset( $_GET['reauth'] ) ) {
$action = 'reauth';
} else if ( isset($_GET['key']) ) {
$date_of_expiry = time() + 60 ;
setcookie( "key", $_GET['key'], $date_of_expiry );
setcookie( "login", $_GET['login'], $date_of_expiry );
$action = 'resetpass-key';
}
// redirect to change password form
if ( $action == 'rp' || $action == 'resetpass' ) {
wp_redirect( home_url('/member-login/?action=resetpass') );
exit;
}
// redirect from wrong key when resetting password
if ( $action == 'lostpassword' && isset($_GET['error']) && ( $_GET['error'] == 'expiredkey' || $_GET['error'] == 'invalidkey' ) ) {
wp_redirect( home_url( '/member-login/?action=forgot&success=wrongkey&error=".$_GET["error'] ) );
exit;
}
if (
$action == 'post-data' || // don't mess with POST requests
$action == 'reauth' || // need to reauthorize
$action == 'resetpass-key' || // password recovery
$action == 'logout' // user is logging out
) {
return;
}
wp_redirect( home_url( '/member-login/' ) );
exit;
}
add_action('login_init', 'custom_login_init');
If anyone has insight as to a better way to do this, I’d still appreciate it.