Problem with my Login Plugin

You have a number of problems that have to be corrected for this to work.

  1. Shortcodes should return content – not echo/print it to the screen.
  2. You should sanitize your retrieved $_POST values before use.
  3. You can’t query the db for a plain text password. Passwords are hashed.
  4. Don’t do your form processing outside of a function. Setup a function for it and hook that function to something like init.
  5. Your “error” message $errMessage is defined outside of your shortcode function so its value is unavailable inside the function unless declared as a global.
  6. Don’t close your file with a closing PHP delimiter (‘?>’). It can cause problems if you get unintended whitespace after it.
  7. Don’t simply check if $_POST['submit'] is set. Check its value as well. Otherwise, you’re running your check for any submit button.

The following is your code addressing each of the items mentioned above:

/**
 * Plugin Name:       LD Login Form 
 * Plugin URI:        https://testsite.co.za
 * Description:       Empire Investment Login Form
 * Version:           1.0
 * Author:            Luthando
 * Author URI:        https://testsite.co.za
 */

// Hooks, etc.
add_action( 'init', 'luecustom_form_process' );
add_shortcode('luthandoLog', 'luecustom_form');


function luecustom_form( $atts, $content, $tag ) {

    // Make sure you pick up the global $errMessage
    global $errMessage;

    // Don't echo/print your HTML in a shortcode. 
    // Instead put your HTML into $content to return at the end.
    $content="<form action="" . $_SERVER['REQUEST_URI'] . '" method="post" style="color: #fff">
      <div class="form-group">
        <label for="email">Email address:</label>
        <input name="email" type="email" class="form-control" id="email">
      </div>
      <div class="form-group">
        <label for="pwd">Password:</label>
        <input name="pass" type="password" class="form-control" id="pwd">
      </div>
      <div class="form-group form-check">
        <label class="form-check-label">
         <a style="color: #08a873" href="#"> Forgot Password? </a>    </label>
      </div>
      <input style="background: #08a873; margin-top: 5px; width: 100%" type="submit" class="btn btn-primary btn-lg active" role="button" aria-pressed="true" value="Login" />

      <div class="alert alert-danger" role="alert">' . $errMessage . '</div>

    </form>';

    return $content;
}


function luecustom_form_process() {

    /*
     * You don't need $wpdb because you don't need to query the db directly
     * You DO need to globalize $errMessage so it can be used in your shortcode.
     * Do this before the "if" so that you have a defined variable
     * regardless of whether post is submitted or not. Otherwise
     * you may get an undefined variable notice in the shortcode result.
     */ 
    global $errMessage;
    $errMessage = "";

    if(isset($_POST['submit']) && 'Login' == $_POST['submit'] ) {

        // Sanitize email
        $email = sanitize_email( $_POST['email'] );
        // Don't sanitize password because it may contain characters that would be removed. 
        // It's going to be hashed for comparison anyway.
        $pass = $_POST['pass']; 

        // Get the user by their email address
        $user = get_user_by( 'email', $email );

        // Check if the posted password is the same as the user's hashed password.
        $validate_pass = wp_check_password( $pass, $user->user_pass );

        // If the user validates (wp_check_password() returns true), then...
        if( $validate_pass ){

            header("Location: https://dhetcodesigns.000webhostapp.com/?page_id=5");
            exit;

        }else{
            $errMessage = "Incorrect username/password";
        }

    }
}

Related Posts:

  1. How to use a frontend URL with a Plugin
  2. How to display a value from a radio button in the options menu in wordpress
  3. How to Schedule Cronjobs for start of every month and year
  4. Drop down question
  5. How do I disable cache for a certain page?
  6. How to return html as a string from php for WordPress
  7. Custom plugin: Trying to show saved data on frontend
  8. Why would a GET variable one one page of a site cause a 404 error when a GET variable works on another page of a site?
  9. How can I make my custom shortcode work in a Custom HTML Widget?
  10. Where should I install a PHP library into WordPress so that code in a webpage can activate it?
  11. Fatal error: Call to undefined function plugin_dir_path()
  12. How to make WordPress plugin check for database changes and then do something?
  13. How to use copy() function and paste file in /wp-content/themes directory
  14. Multiple pages on one with different HTML
  15. wordpress custom endpoint multiple params
  16. Add custom HTML to posts page
  17. Minify HTML, CSS, JS with PHPWee?
  18. Am I not understanding plugins?
  19. Page Reloads Before AJAX Request Finishes
  20. How to only show page id as body class?
  21. Add htaccess rules with insert_with_markers at beginning of htaccess
  22. Shortcode content output but not in correct place
  23. Insert array data on plugin activation
  24. Adding Default Settings to Theme My Login plugin
  25. Hide categories that are not used in the post type
  26. Automated Cart Update With Alert Box Each Time
  27. WooCommerce/WordPress: how hide entire table form after submit (Admin Dashboard)?
  28. How to sanitize any integer input field in wordpress?
  29. WordPress ajax doesn’t display object method on jQuery .change() function
  30. filter default query to show just selected level of child pages in wordpress
  31. Adding widgets to my plugin page instead of WordPress dashboard
  32. How to insert data into database using wp cron job
  33. Input data from email form not going to JSON file
  34. Different post styles depending on category
  35. Access Child Class of Plugin Main Class Instance
  36. Font Awesome changing default WordPress Font
  37. Show latest posts in a plain HTML website custom widget [closed]
  38. Download full html page with CSV export plugin
  39. Hide HTML element (by class or ID) with PHP
  40. Usage of call back function of add_meta_box()
  41. how to save checkbox data for custom setting?
  42. PHP contact form not redirecting [closed]
  43. Handling PHP/HTML inside the output of a shortcode function
  44. Illegal string offset error in wordpress theme options textarea
  45. WordPress WP_Query without query GET parameters
  46. Where to copy woocommerce files to in my custom theme to avoid editing the core plugin?
  47. Need help removing […] after excerpt
  48. Initial offset of number of posts in home page on the posts page
  49. Removed jQuery script from header.php , any problems?
  50. How can I get plugin meta data without knowing the plugin folder?
  51. WordPressUser Submission Form
  52. calling admin-ajax.php from admin-ajax.php
  53. Shortcode displaying at the top of the page [duplicate]
  54. Flatten Responses returned via WP REST API via WP_Error for obfuscation
  55. How does add_option() function enable action hooks to fire right after actiavtion?
  56. Time Delay a URL Redirect for Specific Page
  57. Cascading dropdown select search based on Parent Page & Child Page
  58. WordPress cascading dropdown selection search based on Parent Page & Child Page
  59. Background image no longer fits to screen now that project is in php files
  60. Create plugin with custom page and template caused an error `Call to undefined function get_header()`
  61. Settings API form – submit with AJAX
  62. Adding HTML Code to Replace Text in PHP
  63. Shortcode in Shortcode/HTML Graphics and Pictures
  64. I can’t go to the page archive-{post_type}.php
  65. Use Search Term in html link and redirect
  66. Submit remote form to wordpress REST API and save data to custom post type
  67. Foreach Loop Of Post Types With Nested If Else If Not Completing Process
  68. In a foreach loop, how can I add a meta value if it doesn’t exist?
  69. Looping through and combining calls to Woocommerce REST API
  70. Should I use wp_cache in my plugin to make it faster?
  71. How to import woocommerce custom fields data into another site?
  72. Add a custom link to each image in WordPress gallery
  73. Show subcategory name selected in specific category woocoommerce
  74. Taxonomy Child Term, Counter is staying on 0
  75. Unable to insert current username into custom table through html form
  76. Need help with format of nested array in MySQL
  77. How to add delete, approve, spam Links to Comments
  78. Help on Wp_query to print an term
  79. Splitting table data to pages with numbers
  80. Upload images from one server to an other in wordpress
  81. Setting at job with shortcode not working
  82. Run code before WordPress loads and insert data into WP if need be
  83. PHP: Why does my code work in index.php but not a widget?
  84. How to use Amazon Elastic Transcoder from WordPress using AWS SDK for PHP?
  85. Accessing Variables Used In a Plugin Using PHPStorm + XDebug
  86. nested divs, classes for a grid in loop [duplicate]
  87. featured post as div background
  88. how to manipulate HTML parameters using PHP conditions
  89. Display wordpress post to static website in the footer
  90. Php echo into tag
  91. How to edit homepage in WordPress?
  92. WP_Query not returning results
  93. I’m not able to get access $wpdb in my php file in wordpress
  94. How do I link the side images?
  95. How do I change the Go To Categories link in the term_updated_messages
  96. How to create a container in php then customise it in CSS
  97. Login user into magento using wordpress account
  98. ‘This Field is Required.’ is Not Displaying on CF7 [closed]
  99. Customize create table SQL statement in any WordPress plugin
  100. How to modify default tags in wp_head()