Home Carbon Ads Login User into WordPress without Password

Login User into WordPress without Password

wordpress-without-password

This post is a part 14 of Creating a WordPress Admin Theme post series.

In this tutorial I will show you how to create a front-end login and registration form which allows users to login with their username only. And then I will show you how to hack the WordPress admin login form so that you can login with username only.

Creating a Login Form Widget without Password field

Let’s see the code how to create a front-end widget which let’s you login into WordPress without password.

Put this code in your a theme or plugin file.

<?php

class No_Password_Widget extends WP_Widget
{
    public function __construct() {
        parent::__construct("no-password-widget", "No Password Login Form", array("description" => __("Displays a Login form which allows to login without password")));
        }
       
    public function widget($args, $instance)
    {
        if(is_user_logged_in())
        {
            echo "You are logged in";
        }
        else
        {
            ?>
                <form method="get" action="<?php echo get_site_url() . '/wp-admin/admin-ajax.php'; ?>">
                    <input type="text" name="username" placeholder="Username" required>
                    <input type="text" name="action" value="login" style="display: none">
                    <input type="submit">
                </form>
            <?php
        }
    }
}

register_widget("No_Password_Widget");

function redirect_to_home()
{
    header("Location: " . get_site_url());
}

function login()
{
    if(isset($_GET["username"]))
    {
        //now login user
        $user = get_user_by("login", $_GET["username"] );
        if($user != "FALSE")
        {
            wp_set_auth_cookie($user->ID);
        }
    }

    header("Location: " . $_SERVER["HTTP_REFERER"]);
    die();
}

add_action("wp_ajax_login", "redirect_to_home");
add_action("wp_ajax_nopriv_login", "login");

Let’s see how the code works:

  • Here we created a REST API named “login”.
  • We created a widget which displays a form.
  • When user submits the form the user is redirected to the “login” REST API url. There wp_set_auth_cookie is used to login user only with user id.
  • wp_set_auth_cookie creates a user logged in session cookie with only user id.
  • Here I have not applied any styles to the form to just keep the code small. You can apply styles to it.

Here is the screenshots of the widget
Screen Shot 2014-10-15 at 2.53.42 pm

Screen Shot 2014-10-15 at 2.53.20 pm

You can use this same logic and create a login form without password anywhere in your website not just in widget.

Manipulating Admin Panel Login Form to Login without Password

Let’s see the code which allows users to login from admin panel without password:

<?php

function admin_login($user, $username, $password) {
    $user = get_user_by("login", $username);

    if($user != "FALSE")
    {
        wp_set_auth_cookie($user->ID);
    }
    else
    {
        return null;
    }
    return $user;
}


function hide_password_field()
{
    ?>
        <style type="text/css">
            body.login div#login form#loginform p:nth-child(2) {
                display: none;
            }
        </style>
    <?php
}

add_filter("authenticate", "admin_login", 10, 3);
add_action("login_head", "hide_password_field");

Let’s understand how the code works:

  • We used the “login_head” to add CSS styles to the head section of wp-login.php page. We used it to hide password label and field. And also login error messages.
  • “authenticate” filter allows us to verify username and password by our own customized way. “null” values indicates credentials are wrong and returning WP_User object tells WordPress to login the user just by username and no further checks. If there is no registered user with the provided username then we display the message “Check Username” using “login_erros” filter.

Here is the screenshots of the admin login page:
Screen Shot 2014-10-15 at 3.43.02 pm

Screen Shot 2014-10-15 at 3.43.09 pm

Screen Shot 2014-10-15 at 3.43.16 pm

Narayan Prusty
wikiHow Style PopupWordPress Frontend Twitter OAuth Login
Comments: 12
  1. Usman
    2 years ago

    hy Narayan Prusty you did the great job.. i was searching this long time ago…….now i just want frontend user login page like woocommerce my-account page…instead of widget. did this possible or if can you help plz

    ReplyCancel
  2. 3 years ago

    Hi Narayan,
    I want to login, WordPress dashboard from my website’s admin panel. I want to just click on login button or link on my website’s dashboard to login WordPress without entering Username or Password. I think, i will send query string url link with uname and password and recieve here in wordpress that uname and password for login. Please let me know how to achieve this. . Is it possible to achieve or not?

    ReplyCancel
  3. Marlene
    3 years ago

    Thanks so much for this! How can I modify this so that the text field also allows an email for login versus just username?

    ReplyCancel
  4. anil
    3 years ago

    How can i show error if email is wrong for user?

    ReplyCancel
  5. 3 years ago

    Hi

    Very interesting!

    It would be nice if you could extend this tutorial to show multiple users logging in with their own username AND e-mail/mobile phone number. Then be redirected to their own custom dashboard page.

    Thanks for the tutorial!

    ps
    I will see if you have a tutorial on how you made the commenting form.

    ReplyCancel
  6. Martin
    4 years ago

    Hi, is there a way to implement this second code into the default wp-login.php page?
    Thanks, help much appreciated

    ReplyCancel
  7. 4 years ago

    i am trying to set up user accounts, each user account will have its own username that will be shared with the public. I want me to be able to log into that user account by just typing in the account name and pressing log in. Each account will redirect to a different page(store) but this should not effect the admin login which will still have a password.

    ReplyCancel
  8. gwings
    5 years ago

    Would it be possible to create an exception on this rule? For example: if user = “admin” it will ask for a password. In all other cases it would not…

    ReplyCancel
    • 5 years ago

      Yes use is_admin() to check

      ReplyCancel
      • gwings
        5 years ago

        Thanks Narayan!
        I’ve only used your functions ‘admin_login’ and ‘hide_password_field’ from your code, which works great!. However, I can’t seem to figure out where to put this ‘is_admin()’ check. I’ve tried to find out where it reads the username by placing triggers like “if(is_admin()) show me a message box” but the messagebox already appears when loading the wp-login page. So it’s already executing the code before I even fill out my username and click “Login”.

        Oh, by the way, I read that “is_admin()” if for checking if a user is on an admin page. Instead I should use “(current_user_can( ‘manage_options’ ))” to check if user is an admin.

        Can you please help me to make this work? Thank you so much in advance!

        ReplyCancel
      • gwings
        5 years ago

        Hi Narayan! Any ideas?

        Thanks in advance!

        ReplyCancel
      • Heikki H.
        4 years ago

        Check the WordPress codex page for that function. It’s not for that purpose.

        ReplyCancel

Leave a Reply

To create code blocks or other preformatted text, indent by four spaces:

    This will be displayed in a monospaced font. The first four
    spaces will be stripped off, but all other whitespace
    will be preserved.
    
    Markdown is turned off in code blocks:
     [This is not a link](http://example.com)

To create not a block, but an inline code span, use backticks:

Here is some inline `code`.

Narayan Prusty

I am a full-stack web developer. I specialize in Blockchain and JavaScript. This is my personal blog where I write about programming and technologies that I learn and feel interesting to share.

Image5 years ago 12 Comments WordPress
Share this
Related Articles