/** * Redirect the user after they login * * @param mixed $return * @return null */ function hma_do_login_redirect($return) { if (is_wp_error($return)) { do_action('hma_login_submitted_error', $return); if (isset($_REQUEST['login_source']) && $_REQUEST['login_source'] == 'popup') { $redirect = add_query_arg('message', $return->get_error_code(), get_bloginfo('login_inline_url', 'display')); } else { $redirect = add_query_arg('message', $return->get_error_code(), get_bloginfo('login_url', 'display')); } if (!empty($_REQUEST['redirect_to'])) { add_query_arg('redirect_to', $_REQUEST['redirect_to'], $redirect); } if (!empty($_REQUEST['referer'])) { $redirect = add_query_arg('referer', $_REQUEST['referer'], $redirect); } elseif (wp_get_referer()) { $redirect = add_query_arg('referer', wp_get_referer(), $redirect); } wp_redirect(hm_parse_redirect($redirect), 303); exit; } else { if (!empty($_REQUEST['redirect_to'])) { $redirect = urldecode($_REQUEST['redirect_to']); } elseif (!empty($_POST['referer'])) { //success $redirect = $_POST['referer']; } else { $redirect = get_bloginfo('url'); } do_action('hma_login_submitted_success', $redirect); $redirect = apply_filters('hma_login_redirect', $redirect, $user); wp_redirect(hm_parse_redirect($redirect), 303); exit; } }
/** * Called when this rule is matched for the page load * */ public function matched_rule() { global $wp; // check request methods match if ($this->request_methods && !in_array(strtolower($_SERVER['REQUEST_METHOD']), $this->request_methods)) { header('HTTP/1.1 403 Forbidden'); exit; } do_action('hm_parse_request_' . $this->get_regex(), $wp); $bail = false; foreach ($this->request_callbacks as $callback) { $return = call_user_func_array($callback, array($wp, $this)); // Avoid counting `null`/no return as an error $bail |= $return === false; } // If a callback returned false, bail from the request if ($bail) { return; } $t = $this; // set up the hooks for everything add_action('template_redirect', function ($template) use($t) { global $wp_query; // check permissions $permission = $t->access_rule; $redirect = ''; switch ($permission) { case 'logged_out_only': $redirect = is_user_logged_in(); break; case 'logged_in_only': $redirect = !is_user_logged_in(); break; case 'displayed_user_only': $redirect = !is_user_logged_in() || get_query_var('author') != get_current_user_id(); break; } if ($redirect) { $redirect = home_url('/'); // If there is a "redirect_to" redirect there if (!empty($_REQUEST['redirect_to'])) { $redirect = hm_parse_redirect(urldecode(esc_url($_REQUEST['redirect_to']))); } wp_redirect($redirect); exit; } foreach ($t->query_callbacks as $callback) { call_user_func_array($callback, array($wp_query, $t)); } if ($t->template) { if (is_file($template)) { include $t->template; } else { locate_template($t->template, true); } exit; } }); add_filter('parse_query', $closure = function (WP_Query $query) use($t, &$closure) { // only run this hook once remove_filter('parse_query', $closure); foreach ($t->parse_query_callbacks as $callback) { call_user_func_array($callback, array($query)); } }); add_filter('redirect_canonical', function ($redirect_to) use($t) { if ($t->disable_canonical) { return null; } return $redirect_to; }); add_filter('body_class', function ($classes) use($t) { foreach ($t->body_class_callbacks as $callback) { $classes = call_user_func_array($callback, array($classes)); } return $classes; }); add_filter('wp_title', function ($title, $sep = '') use($t) { foreach ($t->title_callbacks as $callback) { $title = call_user_func_array($callback, array($title, $sep)); } return $title; }, 10, 2); add_action('admin_bar_menu', function () use($t) { global $wp_admin_bar; foreach ($t->admin_bar_callbacks as $callback) { $title = call_user_func_array($callback, array($wp_admin_bar)); } }); }
/** * Logs a user in * * @param: username (string) * @param: password (string) * @param: password_hashed (bool) [default: false] * @param: redirect_to (string) [optional] * @param: remember (bool) [default: false] * @param: allow_email_login (bool) [default: true] * * @return: error array (message => string, number => (int) true on success * 101: already logged in * 102: no username * 103: unrocognized username * 104: incorrect password * 105: success */ function hma_log_user_in($args) { $args = apply_filters('hma_log_user_in_args', $args); if (empty($args['username'])) { hm_error_message(apply_filters('hma_login_no_username_error_message', 'Please enter your username'), 'login'); return new WP_Error('no-username', 'Please enter your username'); } $user = hma_parse_user($args['username']); $defaults = array('remember' => false, 'allow_email_login' => true, 'password_hashed' => false); // Strip any tags then may have been put into the array // TODO array_map? foreach ($args as $i => $a) { if (is_string($a)) { $args[$i] = strip_tags($a); } } $args = wp_parse_args($args, $defaults); extract($args, EXTR_SKIP); if (!is_numeric($user->ID)) { hm_error_message(apply_filters('hma_login_unrecognized_username_error_message', 'The username you entered was not recognized'), 'login'); return new WP_Error('unrecognized-username', 'The username you entered was not recognized'); } if ($password_hashed != true) { if (!wp_check_password($password, $user->user_pass)) { hm_error_message(apply_filters('hma_login_incorrect_password_error_message', 'The password you entered is incorrect'), 'login'); return new WP_Error('incorrect-password', 'The password you entered is incorrect'); } } else { if ($password != $user->user_pass) { hm_error_message(apply_filters('hma_login_incorrect_password_error_message', 'The password you entered is incorrect'), 'login'); return new WP_Error('incorrect-password', 'The password you entered is incorrect'); } } wp_set_auth_cookie($user->ID, $remember); wp_set_current_user($user->ID); do_action('wp_login', $user->user_login); do_action('hma_log_user_in', $user); if ($redirect_to == 'referer') { $redirect_to = wp_get_referer(); } if ($redirect_to) { wp_redirect(hm_parse_redirect(apply_filters('hma_login_redirect', $redirect_to, $user))); exit; } return true; }
/** * Check the permissions for the current rule and redirect as needed * * Supported permission values are * * logged_out_only * logged_in_only * displayed_user_only => relies on get_query_var( 'author' ) * * @param string $template * @param string $rule * @return null */ function hm_restrict_access_to_rule($template, $rule) { if (empty($rule[3]['permission'])) { return; } $permission = $rule[3]['permission']; $redirect = false; switch ($permission) { case 'logged_out_only': $redirect = is_user_logged_in(); break; case 'logged_in_only': $redirect = !is_user_logged_in(); break; case 'displayed_user_only': $redirect = get_query_var('author') != get_current_user_id(); break; } if (!$redirect) { return; } $redirect = home_url('/'); // If there is a "redirect_to" redirect there if (!empty($_REQUEST['redirect_to'])) { $redirect = hm_parse_redirect(urldecode(esc_url($_REQUEST['redirect_to']))); } wp_redirect($redirect); exit; }