The issue here is that the user created a manual login form Your Email Address Your Password They wanted to know if this code was safe to use.

Login Form Field Label Text

Ce fil est résolu. Voici une description du problème et la solution proposée.

Problem:

The issue here is that the user created a manual login form

<form name="loginform" id="loginform" action="https://mydomain.com/wp-login.php" method="post">
            <div class="wp-success"></div>
            <p class="login-username">
                <label for="user_login">Your Email Address</label>
                <input type="text" name="log" id="user_login" class="input" value="" size="20" />
            </p>
            <p class="login-password">
                <label for="user_pass">Your Password</label>
                <input type="password" name="pwd" id="user_pass" class="input" value="" size="20" />
            </p>          
            <p class="login-submit">
                <input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="Log In" />
                <input type="hidden" name="redirect_to" value="https://mydomain.com/my-account/" />
            </p>
            <input type="hidden" name="wpv_login_form" value="on"/><input type="hidden" name="wpv_login_form_redirect_on_fail" value="https://mydomain.com/incorrect-password/" />
        </form>

They wanted to know if this code was safe to use.

Solution:

Yes this is ok, the authentications are handled by the wordpress api itself so the form just serves as an interface to that API.

There shouldn't be any security issues.

This support ticket is created Il y a 6 années et 3 mois. There's a good chance that you are reading advice that it now obsolete.

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

Aucun de nos assistants n'est disponible aujourd'hui sur le forum Jeu d'outils. Veuillez créer un ticket, et nous nous le traiterons dès notre prochaine connexion. Merci de votre compréhension.

Sun	Mon	Tue	Wed	Thu	Fri	Sat
-	9:00 – 12:00	9:00 – 12:00	9:00 – 12:00	9:00 – 12:00	9:00 – 12:00	-
-	13:00 – 18:00	13:00 – 18:00	13:00 – 18:00	14:00 – 18:00	13:00 – 18:00	-

Supporter timezone: America/Jamaica (GMT-05:00)

Marqué : Toolset Forms, User-registration forms

Ce sujet contient 2 réponses, a 2 voix.

Dernière mise à jour par julieP Il y a 6 années et 3 mois.

Assisté par: Shane.

Auteur

Publications

août 16, 2018 at 11:48 am #1084579

julieP

I want my users to sign in using their email address (I don't want to give them the option of using their username).

The Toolset [wpv-login-form] shortcode contains a label 'Username or email'. In order to customise this, I looked at the page source, extracted the form contents and created a shortcode for it of my own (see code below).

This works but I'd appreciate confirmation that it's OK to do it this way and it doesn't it pose any security issues.

<form name="loginform" id="loginform" action="<em><u>lien caché</u></em>" method="post">
			<div class="wp-success"></div>
			<p class="login-username">
				<label for="user_login">Your Email Address</label>
				<input type="text" name="log" id="user_login" class="input" value="" size="20" />
			</p>
			<p class="login-password">
				<label for="user_pass">Your Password</label>
				<input type="password" name="pwd" id="user_pass" class="input" value="" size="20" />
			</p>			
			<p class="login-submit">
				<input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="Log In" />
				<input type="hidden" name="redirect_to" value="<em><u>lien caché</u></em>" />
			</p>
			<input type="hidden" name="wpv_login_form" value="on"/><input type="hidden" name="wpv_login_form_redirect_on_fail" value="<em><u>lien caché</u></em>" />
		</form>

Thanks

août 16, 2018 at 2:56 pm #1084667

Shane

Supporter

Les langues: Anglais (English )

Fuseau horaire: America/Jamaica (GMT-05:00)

Hi Julie,

Yes this is ok, the authentications are handled by the wordpress api itself so the form just serves as an interface to that API.

You shouldn't face any issues.

Thanks,
Shane

août 17, 2018 at 6:07 am #1085453

julieP

Awesome, thank you!