Wordpress自定义用户身份验证

I have inserted two custom fields called user_login_status and activation_code in wp_usermeta table.

My code on login page

function dlf_auth( $username, $password ) {

global $user;
get_currentuserinfo();
$creds = array();
$creds['user_login'] = $username;
$creds['user_password'] =  $password;
$creds['remember'] = true;
$user = wp_signon( $creds, false );


if ( is_wp_error($user) ) {

       //get user email
       $email = $_POST['login_name'];
       $users= get_user_by( 'email', $email );//
       $key = 'user_login_status';
       //get user login status
       $user_status = get_user_meta( $users->ID, $key);
       $user_approve = $user_status[0];
       $error_msg = '';

       //if email does not exist in DB
       if(!email_exists( $email ) ){
       $error_msg = 'ERROR: E-mail address does not exist.';       

       //if user is not approved
       }elseif($user_approve == 0){
       $error_msg = 'ERROR: Your account is not activated.';

       //if invalid email or password
       }else{
       $error_msg = 'ERROR: Invalid e-mail address or password.';
       }

       echo $error_msg;
} 

if ( !is_wp_error($user)) {
    wp_redirect(site_url().'/overview');
    exit();
}

}

Here I am not able to validate user if the account is not yet activated. User can still able to login.

How can I check authentication using users meta_data as well ? I do not wanmt to modify core wp_user table.

Is the function wp_signon not checking additional meta_data validation ?

WordPress in itself does not something like validation, so thats something you added yourself. Therefor you should check for the approve info before using wp_signon to log a user in.

I am facing same problem few days ago than i found the solution for this i need to use custom user authentication on ajax base please check below code

<?php


    function custom_login_form() {

        if(!empty($_POST) && $_POST['action'] == 'custom_login_form') {
            $creds = array();
            $creds['user_login'] = $_REQUEST['username'];
            $creds['user_password'] = $_REQUEST['password'];
            $creds['remember'] = false;
            $user = wp_signon( $creds, false ); 

            if(!is_wp_error($user)) {
                if(!empty($user) ) {

                /* Use custom query or condition here for check extra values */

                    $customCondition = true
                     if($customCondition) {
                         return true;

                    } else {
                        wp_logout();
                        return false;
                    }
                } else {
                    return false;
                }
            } else {

                return false;
            }
        } else {

            return false;
        }

    }