WP注册页填写密码,设置安全验证

By | April 6, 2015

超简单的方法

今天要介绍的一个超级简单的方法是在一个老外的博客ThematoSoup上发现的,原文地址请看结尾参考文章中的链接。先看最终效果图

custom-register2

步骤如下:

1. 通过register_form action向注册表单添加密码、重复密码和防机器人的验证输入框,防止机器人注册的方法是要求用户填写要注册的网站的名称,这个方法很棒,比验证码方便的多。

<?php
// Add Password, Repeat Password and Are You Human fields to WordPress registration form
// https://wp.me/p1Ehkq-gn
add_action(
'register_form'
,
'ts_show_extra_register_fields'
);
function
ts_show_extra_register_fields(){
?>
    
<p>
    
<label
for
=
"password"
>Password<br/>
    
<input id=
"password"
class
=
"input"
type=
"password"
tabindex=
"30"
size=
"25"
value=
""
name=
"password"
/>
    
</label>
    
</p>
    
<p>
    
<label
for
=
"repeat_password"
>Repeat password<br/>
    
<input id=
"repeat_password"
class
=
"input"
type=
"password"
tabindex=
"40"
size=
"25"
value=
""
name=
"repeat_password"
/>
    
</label>
    
</p>
    
<p>
    
<label
for
=
"are_you_human"
style=
"font-size:11px"
>Sorry, but we must check
if
you are human. What is the name of website you are registering
for
?<br/>
    
<input id=
"are_you_human"
class
=
"input"
type=
"text"
tabindex=
"40"
size=
"25"
value=
""
name=
"are_you_human"
/>
    
</label>
    
</p>
<?php
}

2. 检查用户的输入,两次输入的密码是否一致,是否正确填写网站名称

// Check the form for errors
add_action(
'register_post'
,
'ts_check_extra_register_fields'
, 10, 3 );
function
ts_check_extra_register_fields(
$login
,
$email
,
$errors
) {
    
if
(
$_POST
[
'password'
] !==
$_POST
[
'repeat_password'
] ) {
        
$errors
->add(
'passwords_not_matched'
,
"<strong>ERROR</strong>: Passwords must match"
);
    
}
    
if
(
strlen
(
$_POST
[
'password'
] ) < 8 ) {
        
$errors
->add(
'password_too_short'
,
"<strong>ERROR</strong>: Passwords must be at least eight characters long"
);
    
}
    
if
(
$_POST
[
'are_you_human'
] !== get_bloginfo(
'name'
) ) {
        
$errors
->add(
'not_human'
,
"<strong>ERROR</strong>: Your name is Bot? James Bot? Check bellow the form, there's a Back to [sitename] link."
);
    
}
}

3. 存储用户输入的密码,如果用户没有填写密码,什么也不做,让WordPress自动生成密码。

// Storing WordPress user-selected password into database on registration
// https://wp.me/p1Ehkq-gn
add_action(
'user_register'
,
'ts_register_extra_fields'
, 100 );
function
ts_register_extra_fields(
$user_id
){
    
$userdata
=
array
();
    
$userdata
[
'ID'
] =
$user_id
;
    
if
(
$_POST
[
'password'
] !==
''
) {
        
$userdata
[
'user_pass'
] =
$_POST
[
'password'
];
    
}
    
$new_user_id
= wp_update_user(
$userdata
);
}

4. 最后就要处理那句不协调的“A password will be e-mailed to you”,通过gettext filter处理一下即可。

// Editing WordPress registration confirmation message
// https://wp.me/p1Ehkq-gn
add_filter(
'gettext'
,
'ts_edit_password_email_text'
);
function
ts_edit_password_email_text (
$text
) {
    
if
(
$text
==
'A password will be e-mailed to you.'
) {
        
$text
=
'If you leave password fields empty one will be generated for you. Password must be at least eight characters long.'
;
    
}
    
return
$text
;
}

仅仅4步就完成了这个实用的功能,是不是超简单!这些代码可以放到主题的functions.php中,但不推荐这样,其实做成插件和放到functions.php中在性能上没有很大区别,但functions.php的可移植性和方便性会大打折扣,建议做成插件。

Leave a Reply