/** * Checks if a user is logged in, if not it redirects them to the login page. * * @since 0.0.1 */ function auth_redirect() { // Checks if a user is logged in, if not redirects them to the login page $secure = is_ssl() || force_ssl_admin(); /** * Filter whether to use a secure authentication redirect. * * @since 0.0.1 * * @param bool $secure Whether to use a secure authentication redirect. Default false. */ $secure = apply_filters('secure_auth_redirect', $secure); // If https is required and request is http, redirect if ($secure && !is_ssl() && false !== strpos($_SERVER['REQUEST_URI'], 'hq-admin')) { if (0 === strpos($_SERVER['REQUEST_URI'], 'http')) { hq_redirect(set_url_scheme($_SERVER['REQUEST_URI'], 'https')); exit; } else { hq_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); exit; } } if (is_user_admin()) { $scheme = 'logged_in'; } else { /** * Filter the authentication redirect scheme. * * @since 0.0.1 * * @param string $scheme Authentication redirect scheme. Default empty. */ $scheme = apply_filters('auth_redirect_scheme', ''); } if ($user_id = hq_validate_auth_cookie('', $scheme)) { /** * Fires before the authentication redirect. * * @since 0.0.1 * * @param int $user_id User ID. */ do_action('auth_redirect', $user_id); // If the user wants ssl but the session is not ssl, redirect. if (!$secure && get_user_option('use_ssl', $user_id) && false !== strpos($_SERVER['REQUEST_URI'], 'hq-admin')) { if (0 === strpos($_SERVER['REQUEST_URI'], 'http')) { hq_redirect(set_url_scheme($_SERVER['REQUEST_URI'], 'https')); exit; } else { hq_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); exit; } } return; // The cookie is good so we're done } // The cookie is no good so force login nocache_headers(); $redirect = strpos($_SERVER['REQUEST_URI'], '/options.php') && hq_get_referer() ? hq_get_referer() : set_url_scheme('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); $login_url = hq_login_url($redirect, true); hq_redirect($login_url); exit; }
/** * Validate the logged-in cookie. * * Checks the logged-in cookie if the previous auth cookie could not be * validated and parsed. * * This is a callback for the determine_current_user filter, rather than API. * * @since 0.0.1 * * @param int|bool $user_id The user ID (or false) as received from the * determine_current_user filter. * @return int|false User ID if validated, false otherwise. If a user ID from * an earlier filter callback is received, that value is returned. */ function hq_validate_logged_in_cookie($user_id) { if ($user_id) { return $user_id; } if (is_blog_admin() || is_network_admin() || empty($_COOKIE[LOGGED_IN_COOKIE])) { return false; } return hq_validate_auth_cookie($_COOKIE[LOGGED_IN_COOKIE], 'logged_in'); }