Primary responsibility
Renders the app’s primary login button and owns the login-related per-button settings (require-login, login fields shown, post-login redirect, magic-link enable, social-login provider toggles, phone-code login enable).
The button itself is a thin shell — the actual login flow lives in mam_login_manager (includes/user-roles/login-manager.php, ~1762 lines). When a user taps Login the app POSTs to either:
wp_ajax_nopriv_mam_user_roles_cred_handler(legacy, frozen — older mobile clients)wp_ajax_nopriv_mam_login_handler(modern alias)
Both route to the same handler.
Settings categories
| Category slug | Tab title | Purpose |
|---|---|---|
login |
Login | Core auth toggles |
style |
Style | Button colors, icon |
messages |
Messages | UI copy (missing-password, validation errors) |
Settings exposed (selected)
| Setting | Type | Environment | Purpose |
|---|---|---|---|
require_login |
yes-no | global | If on, the app blocks the home screen until login |
magic_link_enabled |
yes-no | global | Enable email-based magic-link login |
phone_code_enabled |
yes-no | global | Enable SMS phone-code login |
social_login_facebook |
yes-no | global | Enable Facebook OAuth |
social_login_google |
yes-no | global | Enable Google OAuth |
social_login_apple |
yes-no | global | Enable Sign in with Apple |
post_login_redirect |
text | per-button | Button to navigate to after successful login |
missing_password_message |
text | global | UI message when password field is empty |
The full list is read from app_settings() and rendered into the per-button settings page.
JSON keys consumed
The Login button reads:
local-app-login-*settings (per the schema above)- The current user’s role from
MAM_Current_Request->user_role()to decide whether to render the button at all (already-logged-in users see the Logout button instead)
AJAX actions
| Action | Auth | Handler | Purpose |
|---|---|---|---|
mam_user_roles_cred_handler |
both | mam_login_manager::login_handler |
Frozen contract — legacy login endpoint, older mobile clients call it |
mam_login_handler |
both | same | Modern alias |
Hooks involved
| Hook | Type | Role |
|---|---|---|
mam_before_login_start |
Action | Fired before login validation |
mam_user_logged_in |
Action | Fired after successful login |
mam_login_missing_password_message |
Filter | Override the missing-password UI copy |
mam_notification_send_message |
Action | Fired with mam-user-roles-welcome_email after first-time registration |
Gotchas
- Class name is frozen.
local_app_login_buttonappears in every customer site’slocal-app-button-array*. Renaming orphans every saved login button. - Two AJAX action names. Old mobile clients hit
mam_user_roles_cred_handler; modern callers can usemam_login_handler. Both route to the same handler. The legacy name can’t be removed until the customer-app fleet upgrades. require_login = onsuppresses the home screen until the user is authenticated. If you turn this on without configuring an unauth-friendly login flow, anonymous users see a blank app.- Magic-link / phone-code / social all require additional configuration outside this button (SMTP for magic link, SMS provider for phone code, OAuth credentials for social). The toggles enable the UI; they don’t provision the underlying transport.
Related articles
- Content classes overview
- Content class: Logout button
- Hook: mam_user_logged_in
- Hook: mam_login_missing_password_message
- Hook: mam_notification_send_message
- Notification types registry
Metadata
| Field | Value |
|---|---|
| Article type | Screen Reference |
| Plugin slug | mam-main |
| Applies to plugin version | 2.1.11+ |
| Category | App Settings Reference |
| Audience | WordPress admin / PHP developer |
| Class name | local_app_login_button (frozen — appears in customer button arrays) |
| Source file | includes/content-classes/local-app-login-class.php |
| Last verified | 2026-05-02 |
