Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

For those struggling with custom login page #228

Open
8biteric opened this issue Dec 6, 2019 · 1 comment
Open

For those struggling with custom login page #228

8biteric opened this issue Dec 6, 2019 · 1 comment

Comments

@8biteric
Copy link

8biteric commented Dec 6, 2019
edited

I am working on a private corporate intranet built in Wordpress, using Azure for logins. This plugin worked perfectly, outside of my attempt at a custom login page. I was running into antiforgery issues as detailed in #159.

I wanted to bypass wp-login.php probably for reasons similar to others – didn't want to confuse people with two options to login: do they enter their credentials in the wordpress fields, or do they click the Sign In Using Azure link?

Tried everything to get around wp-login.php, but i gave up – was on a crunch and had to move to Plan B quickly. So for those in a similar boat, here's what I did:

  1. Added the following code snippet to my header. Redirect code is there in case people request a specific page without being logged in.
<?php
$actual_link = "https://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";

if ( !is_user_logged_in() ) {
	wp_redirect( '[YOUR URL HERE]/wp-login.php?redirect_to=' . urlencode($actual_link) . '');
} else {
	echo '<!-- User is logged in -->';
}
?>

  1. Used Peter's Login Redirect to forward all users elsewhere once they logged in. This was to prevent users from ending up at the Wordpress dashboard. (Note: you'll need to make sure "Allow a POST or GET "redirect_to" variable to take redirect precedence" is set to Yes, so that redirect in the code above is respected.

  2. I modified the hell out of wp-login.php, and simply hid all the stuff I didn't want users messing with (pretty much everything but the Azure sign-in link). This function will get you there:

function hide_login_elements() { ?>
	<style type="text/css">
		body.login { background-color: #000; }
		body.login h1 a { background-image: url([CUSTOM LOGO URL GOES HERE]; background-size: 320px; width: 320px; }

		.aadsso-login-form-text a { color: #f2b41c; line-height: 2em; }

		body.login div#login p#backtoblog, body.login div#login form#loginform input, body.login div#login form#loginform p label, body.login div#login form#loginform label,
			body.login div#login form#loginform p.forgetmenot, body.login div#login form#loginform p.submit input#wp-submit,
			body.login div#login p#nav a { display: none; }
		body.login .button.wp-hide-pw { display: none !important; }
		body.login div#login form#loginform { background-color: #222; border: 0; }
	</style>
<?php }
add_action( 'login_enqueue_scripts', 'hide_login_elements' );

That's pretty much it. Things seems to be working well. We're not live yet, and if there's any bugs that pop up, I'll be sure to post them here.
@8biteric 8biteric mentioned this issue Dec 6, 2019
Open
@i-am-dan
Copy link

i-am-dan commented Sep 11, 2020
edited

Hey. Thank you so much for this! I'm having issue understanding how to use the apply_filter('authenticate'). Don't I need to call this hook for me to get the access token? If so, where do I place this code? I see that you don't have anywhere on your code.

Thank you!

EDIT: So you are not using a custom login page?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@i-am-dan @8biteric