Auth0 Home Blog Docs

Auth0 login widget

I can’t get this code to work with the Auth0 login widget but it does work with the wordpress default login. Does anyone know if there is something in the code that specifically doesn’t work with Auth0?

function restrict_email($value)

{

$email = $_REQUEST[‘bemail’];

if(!check_validity($email))

{

global $pmpro_msg, $pmpro_msgt;

$pmpro_msg = “Please enter a valid email address”;

$pmpro_msgt = “pmpro_error”;

$value = false;

}

return value;

}

add_filter(‘pmpro_registration_checks’,‘restrict_email’, 10, 1);

function getDomainFromEmail($email)

{

// Get the data after the @ sign

$domain = substr(strrchr($email, "@"), 1);



return $domain;

}

function check_validity($email)

{

$domain = getDomainFromEmail($email);

$valid_domains = array(“yahoo.com”, “.gmail.com", ".domain.uk”);

foreach($valid_domains as $valid_domain)

{

$components = explode(".", $valid_domain);

$domain_to_check = explode(".", $domain);

if($components[0] == “*” && sizeof($domain_to_check > 2))

{

if($components[1] == $domain_to_check[1] && $components[2] == $domain_to_check[2])

{

return true;

}

}

else

{

if(!(strpos($valid_domain, $domain) === false))

return true;

}

}

return false;

}

I confess I lack sufficient knowledge in PHP and Wordpress to comment on if that particular code has anything that would make it immediately incompatible with how the Auth0 Login plugin works.

However, from what you shared it seems that your goal is to prevent certain email domains from being able to access the application. If this assumption is correct then I would recommend, if you haven’t already, to consider moving this logic into a tenant rule (https://auth0.com/docs/rules).

The above would be applicable because I’m assuming you will be moving your Wordpress application to have authentication through Auth0 so this would mean any user would go through Auth0 and if the email domain does not satisfy your conditions it would be denied access.

The above would also have the added benefit that if you extend this logic to additional applications then having it in a rules would make this a much simpler task.

Oh, sorry I don’t actually want to restrict any email domains from signing up. I was planning on combining this code with another so that certain email domains would have more access to our content. The other code works with Auth0 so I didn’t bring it up.

Okay, then please disregard what I said…

You mention that you have other code that works so it may be useful to still share it even it’s just for other people to be able to compare the differences. In addition to that you also provide more information about exactly not working means; where does it fails, with which error, etc.

Ok, that makes sense. There are no error messages but it doesn’t work because if I try to register with a domain that’s not listed in the valid_domains array I can still register. If the code did work it wouldn’t allow me to register.

The code that does work is:

/* When registering, add the member to a specific membership level

  • @param integer $user_id*/

//Disables the pmpro redirect to levels page when user tries to register

add_filter(“pmpro_login_redirect”, “__return_false”);

function my_pmpro_default_registration_level($user_id) {

//Give all members who register membership level 1

pmpro_changeMembershipLevel(1, $user_id);

}

add_action(‘user_register’, ‘my_pmpro_default_registration_level’);

This is mostly guessing, but it seems the functional code depend on user identifier while the other one requires an email. If you haven’t done so already I would find out how to output debug text within Wordpress and then instrument your code with output messages to understand if the code does not run or does not run because of missing data; basically old-style debugging.