WordPress user Authentication


I am currently working on a plugin using WordPress. I created a register page that allow users to register, this information is then stored in custom database table called finusers.

This is what I have done so far:

The code below is used to register users into custom table called finusers.

  function db_insert($emailAdd, $password){
        global $wpdb, $formErr;

        if(1 > count($formErr->get_error_messages())){
            $table = $wpdb->prefix."finusers";
            $checksql = "SELECT * FROM $table WHERE email_address='$emailAdd'";
            $checkdb = $wpdb->query($checksql);

            if($checkdb !=0){
                echo "Email address is registered to a user";
            }else {
                $data = array("email_address"=>$emailAdd, "password"=>$password); 
                $format = array('%s'); 

                echo "You have successfully registered";

after the user has register, I then use the following function to authenticate the user

 function authenticate($emailAdd, $password){
        global $formErr;

        $username = $emailAdd;
        $password = $password;

        $check = wp_authenticate_username_password(NULL, $username, $password);

        if(1 > count($formErr->get_error_messages())){
                echo "Falied";
                echo "Success";

The problem that I am having here is, the wp_authenticate_username_password function is checking the the default users table to perform user authentication. How do I make it so that the user authentication is done using the custom table called finusers and not the default table users.

Note: I do realize that code is it is prone to sql injection. Also any suggestions on how I can refine my code will be very helpful

Metal Zer0 4 months 0 Answers 23 views 0

Leave an answer