admin-ajax is defined on my DEV install and STAGING install, and still suffers from the issue described here, where admin ajax returns 403 if the password is incorrect.
FYI the demo site shows 500 internal server error on admin-ajax.php when you load the home page.
QUESTION: Is there any to modify is_wp_error to include a case for 403 on admin-ajax?
COPY CODE
add_action( 'wp_ajax_nopriv_kleoajaxlogin', 'kleo_ajax_login' );
if (!function_exists('kleo_ajax_login')):
function kleo_ajax_login()
{
// Check the nonce, if it fails the function will break
check_ajax_referer( 'kleo-ajax-login-nonce', 'security' );
// Nonce is checked, get the POST data and sign in user
$info = array();
$info['user_login'] = $_POST['log'];
$info['user_password'] = $_POST['pwd'];
$info['remember'] = true;
$info = apply_filters('kleo_ajaxlogin_atts', $info);
$user_signon = wp_signon( $info, false );
if ( is_wp_error($user_signon) ){
echo json_encode(array('loggedin'=>false, 'message'=> '<i class="icon-warning-sign"></i> ' . __('Wrong username or password. Please try again.', 'kleo_framework')));
} else {
$redirecturl = apply_filters( 'login_redirect', '', '', $user_signon );
echo json_encode(array('loggedin'=>true, 'redirecturl' => $redirecturl, 'message'=> '<i class="icon-ok-sign"></i> ' . __('Login successful, redirecting...','kleo_framework')));
}
die();
}
endif;
add_action( 'wp_ajax_kleoajaxlogin', 'kleo_ajax_login_priv' );
if (!function_exists('kleo_ajax_login_priv')):
function kleo_ajax_login_priv() {
$link = "javascript:window.location.reload();return false;";
echo json_encode(array('loggedin'=>false, 'message'=> '<i class="icon-warning-sign"></i> ' . sprintf(__('You are already logged in. Please <a href="#" onclick="%s">refresh</a> page','kleo_framework'),$link)));
die();
}
endif;
