First of all, I would advise against editing the core files as it will be overwritten when you next update WordPress.
Also, you should update WordPress, because it will often include security updates. (It's recently been reported that there has been a spate of attacks on sites using outdated WordPress versions)
In order to achieve what you actually want to do, I recommend you use hooks as the best way to edit WordPress.
As such, to create an extra field on your login page, you may use the login_form action hook:
In theme's functions.php:
add_action('login_form','my_added_login_field');
function my_added_login_field(){
//Your HTML
?>
<p>
<label for="my_extra_field">My extra field<br>
<input type="text" tabindex="20" size="20" value="" class="input" id="my_extra_field" name="my_extra_field_name"></label>
</p>
<?php
}
Next we need to verify that what they entered into the field matched what you have stored. In the following code, I've assumed you've stored the identification code as a user meta value with meta key my_ident_code. You should do this rather than create your own column!. See the Codex pages for
add_user_meta
functionupdate_user_meta
functionget_user_meta
function
To verify a users you can use the authenticate filter. This passes the entered username and password. If the identification code is correct, return null to allow WordPress to verify the password and username. If it is not correct, remove the WordPress' authentication and return an error. This forces the user back to the log-in page, where they'll see the error displayed.
Also add following code to your theme's functions.php :
add_filter( 'authenticate', 'my_custom_authenticate', 10, 3 );
function my_custom_authenticate( $user, $username, $password ){
//Get POSTED value
$my_value = $_POST['my_extra_field_name'];
//Get user object
$user = get_user_by('login', $username );
//Get stored value
$stored_value = get_user_meta($user->ID, 'my_ident_code', true);
if(!$user || empty($my_value) || $my_value !=$stored_value){
//User note found, or no value entered or doesn't match stored value - don't proceed.
remove_action('authenticate', 'wp_authenticate_username_password', 20);
remove_action('authenticate', 'wp_authenticate_email_password', 20);
//Create an error to return to user
return new WP_Error( 'denied', __("<strong>ERROR</strong>: You're unique identifier was invalid.") );
}
//Make sure you return null
return null;
}
Copyright © 2024 The Infinite Info