Your logic isn’t right.
If the cookie is set when this function is called, that means the hash didn’t match so it’s an incorrect password.
function my_password_form() {
global $post;
$attempted = $_SESSION['pass_attempt'] ?: false;
$label="pwbox-" . ( empty( $post->ID ) ? rand() : $post->ID );
$wrongPassword = '';
// If cookie is set password is wrong.
if ( isset( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] ) && $attempted !== $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] ) {
$wrongPassword = '<span style="color:#00000;font-weight:bold;">The password you have entered is invalid.</span>';
// Store attempted password for comparison.
// So we can show invalid password message only once.
$_SESSION['pass_attempt'] = $_COOKIE[ 'wp-postpass_' . COOKIEHASH ];
}
$form = '<form class="protected-post-form" action="' . esc_url( site_url( 'wp-login.php?action=postpass', 'login_post' ) ) . '" method="post">
' . __( '<h3><strong>Please enter password to access Q-Notes</strong></h3><h1> </h1>' ) . '
<label class="pass-label" for="' . $label . '">' . __( 'Password:' ) . ' </label><input name="post_password" id="' . $label . '" type="password" size="20" maxlength="20" /><input type="submit" name="Submit" value="' . esc_attr__( 'Supplier Login' ) . '" />
</form><p>' . $wrongPassword . '</p>';
return $form;
}
add_filter( 'the_password_form', 'my_password_form' );
add_action(
'wp_loaded',
function() {
if ( isset( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] ) ) {
// Start session to compare pass hashs.
session_start();
}
}
);
EDIT
To show the invalid password message only once I have added some session code to compare the password hash to see if its a new attempt.
6
solved WordPress Password Page – Wrong Password Message Not Working [closed]