WORDPRESS CUSTOM LOGIN PAGE WITHOUT USING A PLUGIN – THE RIGHT WAY

WordPress is one of the most widely use Blog Engine today and many web developers are using WordPress as CMS to build Blog, Personal and Business site, on past few days, I was working on a WordPress site that need Custom Login page functionality, you may see a lot of plugins out there to create wordpress login page but this tutorial might helpful to all web developer who interested to learn in wordpress.

In this tutorial I will explain how to make a wordpress custom login page without using any plugin.

PHP code

This contains php script to validate and accept posted data from our HTML form.

PHP

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36

<?php     global $wpdb;     $err = ”;     $success = ”;     if(isset($_POST['task']) && $_POST['task'] == ‘login’ )     {         //We shall SQL escape all inputs to avoid sql injection.         $username = $wpdb->escape($_POST['log']);         $password = $wpdb->escape($_POST['pwd']);         $remember = $wpdb->escape($_POST['remember']);         if( $username == “” || $password == “” ) {             $err = ‘Please don\’t leave the required field.’;         } else {             $user_data = array();             $user_data['user_login'] = $username;             $user_data['user_password'] = $password;             $user_data['remember'] = $remember;             $user = wp_signon( $user_data, false );             if ( is_wp_error($user) ) {                 $err = $user->get_error_message();                 exit();             } else {                 wp_set_current_user( $user->ID, $username );                 do_action(‘set_current_user’);                 echo ‘<script type=”text/javascript”>window.location=’. get_bloginfo(‘url’) .’</script>’;                 exit();             }         }     } ?>

Confused?

Okay, let me explain further the lists of WordPress function we’re using.

• is_wp_error: this will check whether variable is a WordPress Error.
• wp_set_current_user: We use this wordpress built in function because many user report when using wp_signon() function logs a user in but for some reason the global user variables such as $current_user and $user_ID are not populated until the page is refreshed and calling get_currentuserinfo() doesn’t populate as well. Theis_user_logged_in() function also returns false.

HTML code

This contains HTML code for our login page.

XHTML

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

<form method=”post”>         <h2>Already have an account? Please login.</span></h2>         <p>             <?php             if( !empty($sucess) )                 echo $sucess;             if( !empty($err) )                 echo $err;             ?>         </p>         <p><label for=”log”>Email</label>             <input type=”text” name=”log” id=”log” value=”" /></p>         <p><label for=”pwd”>Password</label>             <input type=”password” name=”pwd” id=”pwd” value=”" /></p>         <p><input type=”submit” value=”Login” class=”button” /></p>         <label><input type=”checkbox” name=”remember” value=”true” /> Remember Me</label>         <input type=”hidden” name=”task” value=”login” />     </form>

I’ve added one hidden field to validated if the form submitted is the Login page.

Full Code

Below is the complete custom login page source code, try it yourself and you can share your opinion below.

XHTML

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71

<?php /* Template Name: Login Page */ the_post(); get_header(); ?> <div class=”wrapper”>     <?php         global $wpdb;         $err = ”;         $success = ”;         if(isset($_POST['task']) && $_POST['task'] == ‘login’ )         {             //We shall SQL escape all inputs to avoid sql injection.             $username = $wpdb->escape($_POST['log']);             $password = $wpdb->escape($_POST['pwd']);             $remember = $wpdb->escape($_POST['remember']);             if( $username == “” || $password == “” ) {                 $err = ‘Please don\’t leave the required field.’;             } else {                 $user_data = array();                 $user_data['user_login'] = $username;                 $user_data['user_password'] = $password;                 $user_data['remember'] = $remember;                 $user = wp_signon( $user_data, false );                 if ( is_wp_error($user) ) {                     $err = $user->get_error_message();                     exit();                 } else {                     wp_set_current_user( $user->ID, $username );                     do_action(‘set_current_user’);                     echo ‘<script type=”text/javascript”>window.location=’. get_bloginfo(‘url’) .’</script>’;                     exit();                 }             }         }     ?>     <form method=”post”>         <h2>Already have an account? Please login.</span></h2>         <p>             <?php             if( !empty($sucess) )                 echo $sucess;             if( !empty($err) )                 echo $err;             ?>         </p>         <p><label for=”log”>Email</label>             <input type=”text” name=”log” id=”log” value=”" /></p>         <p><label for=”pwd”>Password</label>             <input type=”password” name=”pwd” id=”pwd” value=”" /></p>         <p><input type=”submit” value=”Login” class=”button” /></p>         <label><input type=”checkbox” name=”remember” value=”true” /> Remember Me</label>         <input type=”hidden” name=”task” value=”login” />     </form> </div> <?php get_footer() ?>

For the detailed tutorial how to create basic custom page template visit WP Codex.

That’s it happy coding, if you have question, clarification just use the comment below or contact me directly.