I’m assuming that where you said “I need help to validate/connect the new custom field to a data column in wp_users
called serials” that you actually meant wp_usermeta
field where the meta key is “serials”.
To validate any additional fields as part of the login, you use the wp_authenticate_user
filter.
Start by checking to see if $user
is a WP error, and if it is, there’s no point in continuing as the login failed anyway. If it’s not an error, move on to check if your custom field is empty as you’ll want to make sure it’s filled out. If the field is empty, return an error.
Lastly, if it’s a valid user and the value is given in the field, then retrieve the db value (as mentioned above, assuming this is a user meta key in wp_usermeta since there are not custom fields in wp_users). If comparing the values fails, return an error.
add_filter( 'wp_authenticate_user', 'my_validate_pin', 10, 2 );
function my_validate_pin( $user, $password ) {
// Validate PIN if we're not already in an error.
if ( ! is_wp_error( $user ) ) {
$pin = get_user_meta( $user->ID, 'serials', true );
// Error if field is empty.
if ( ! isset( $_POST['my_extra_field_name'] ) ) {
remove_action( 'authenticate', 'wp_authenticate_username_password', 20 );
$user = new WP_Error( 'failed', __("<strong>ERROR</strong>: Must include PIN") );
}
// Assuming you're looking for form value to match the db value.
if ( $pin != $_POST['my_extra_field_name'] ) {
// If values don't match, return error
remove_action( 'authenticate', 'wp_authenticate_username_password', 20 );
$user = new WP_Error( 'failed', __("<strong>ERROR</strong>: Invalid PIN") );
}
}
return $user;
}