function override_authentication($user, $username, $password) { // Mirror standard WP authentication if (is_a($user, 'WP_User')) { return $user; } if (!empty($username)) { // We have a login attempt so we are going to take over the authentication here // 1. Check the user exists if ($user = get_user_by('login', $username)) { // 2. We have a user so check if they have an expired password. if (!shrkey_has_usermeta_oncer($user->ID, '_shrkey_password_expired')) { // No expired password setting for this user so fall through to original authentication return; } // 3. We now need to authentication this user ourselves before we can continue $authenticated = wp_authenticate_username_password('', $username, $password); if (is_wp_error($authenticated)) { // The credentials are not valid, so we'll return and fall through to the original function return; } // We are still here so remove the original authentication method as we no longer need it remove_action('authenticate', 'wp_authenticate_username_password', 20, 3); // 4. Show the change password form as we want to force a password change at this point $this->show_reset_password_form($authenticated, wp_generate_password(35, false), isset($_POST['redirect_to']) ? $_POST['redirect_to'] : false); // Exit because we don't want to continue processing or pass anything along the chain at this point exit; } else { // Invalid username - return and fall through to the original authentication function handle it return; } } return; }
function add_user_action($actions, $user_object) { if (!shrkey_has_usermeta_oncer($user_object->ID, '_shrkey_password_expired')) { $actions['userexpirepassword'] = "******" . wp_nonce_url("users.php?action=userexpirepassword&user="******"' title='" . __('Expire users password', 'expirepassword') . "'>" . __('Expire Password', 'expirepassword') . "</a>"; } return $actions; }