[Resolved] Unable to auto login from CRED form

[Author]

Posts

[himanshuS]

I am using the standard auto-login code and it does not work anymore.

<?php
/**
 * New custom code snippet (replace this with snippet description).
 */

toolset_snippet_security_check() or die( 'Direct access is not allowed' );

// Put the code of your snippet below this comment.
add_action( 'cred_save_data', 'tssupp_cred_autologin', 10, 2 );
    
function tssupp_cred_autologin( $post_id, $form_data ){
  if ( %placeholder% == $form_data['id'] ) { // Edit as required
    if ( !empty( $_REQUEST['user_email'] ) && !empty( $_REQUEST['user_pass'] ) ) {
        
      // get the user credentials from the $_POST object
      $user = array(
        'user_login' => substr( $_REQUEST['user_email'], 0, strpos( $_REQUEST['user_email'], "@")),
        'user_password' => $_REQUEST['user_pass'],
        'remember' => true
      );
      $login = wp_signon( $user, false );
      if ( is_wp_error($login) ) {
        error_log('error during auto login, user_login was: ' . substr( $_REQUEST['user_email'], 0, strpos( $_REQUEST['user_email'], "@")));
        error_log( $login->get_error_message() );
      }
    }
  }
}

The user is created just fine and the email notifications capture the right info. What could be the issue?

The form is using autogenerate username and password feature. Can that be an issue?

The form ID is accurate. I have triple-checked.

[Nigel]

"it does not work anymore"

That means it used to work? What changes have you made?

I assume this line contains something other than the placeholder on your actual site:

  if ( %placeholder% == $form_data['id'] ) { // Edit as required

You have error logging in the event of failure in your code. If the code fails to log in the user, what do the error logs report?

[Shane]

Hi Himanshu,

Do you have any updates for us here?

Please let me know so we can continue investigating.

Thanks,
Shane

[himanshuS]

Shane,

The form ID is accurate and the user is still not able to auto-login. I have the debug information to share with you. Can you enable private replies?

[Shane]

Hi Himanshu,

I've enabled the private fields.

However I noticed that you mentioned the use of the autogenerated password. Unfortunately in a case like this where the password isn't entered into the form, then the code isn't able to log the user in.

Specifically this line below is taking the password from the form and logging in the user.

'user_password' => $_REQUEST['user_pass'],

SO the user needs to actually enter a password on the form for it to work.

Thanks,
Shane

[himanshuS]

Hey Shane,

Is there a way to use the autogenerated password to auto-login? It defeats the purpose of the auto-generated password and breaks the flow if the user cannot auto-login. In fact, how would the user log in if they don't have a password? They will have to reset the password.

[Shane]

Hi himanshu,

Unfortunately no given how the wp_signon function works. It requires that the password being provided for the user to log in.

Given that the password is auto generated there is no way for us to get this password except through the email that is sent with the user's auto generated password.

This is also custom code so what we can do here is quite limited.

Thanks,
Shane

[himanshuS]

Shane,

I am happy to write the custom code to get the auto-generated password from WP. Can you tell me when does that happen in the process and which hook in CRED can be used to capture the password and then pass it to a later hook? Maybe I need to use another hook or change priority to auto-login user AND send the password over email? May be the email notification hook can be used?

[himanshuS]

Shane,
I was also wondering if there is a way to have a hidden field for passwords on the registration form that has a default password.

That password is used to login user and then I send an email to the user with this default password and they can change it later.

Will that work?

[Shane]

Hi Himanshu,

I was also wondering if there is a way to have a hidden field for passwords on the registration form that has a default password.

This would be a better solution as there will be a password field for you to get the password from the post request to log in the user.

You can use some javascript to populate the field with a randomly generated password then use the hook you already have to log the user in.

It might be trickier to get the password at the point when it is generated.

Thanks,
Shane

[himanshuS]

Update:

I added a hidden password field. Just one field.

Added a default value to the field and then I was able to auto-login the user

[himanshuS]

My issue is resolved now. Thank you!