In my plugin I have the following code:
add_action('wp_authenticate','filmcustom_otptoken_authenticate');
function filmcustom_otptoken_authenticate($username){
$otpresult = $_POST['otptoken'];
$user = get_user_by('login',$username);
$shouldbe = filmcustom_otptoken_validate($username);
if (!$user||$shouldbe!=$otpresult) {
remove_action('authenticate', 'wp_authenticate_username_password', 20);
$user = new WP_Error( 'denied', __("<strong>ERROR</strong>: You need an OTP.") );
}
return $user;
}However, when I put the wrong OTP in, it doesn't say "ERROR: You need an OTP", it says "ERROR: Invalid username or incorrect password." What am I doing wrong here?