/**
* Redirect the user after they login
*
* @param mixed $return
* @return null
*/
function hma_do_login_redirect($return)
{
if (is_wp_error($return)) {
do_action('hma_login_submitted_error', $return);
if (isset($_REQUEST['login_source']) && $_REQUEST['login_source'] == 'popup') {
$redirect = add_query_arg('message', $return->get_error_code(), get_bloginfo('login_inline_url', 'display'));
} else {
$redirect = add_query_arg('message', $return->get_error_code(), get_bloginfo('login_url', 'display'));
}
if (!empty($_REQUEST['redirect_to'])) {
add_query_arg('redirect_to', $_REQUEST['redirect_to'], $redirect);
}
if (!empty($_REQUEST['referer'])) {
$redirect = add_query_arg('referer', $_REQUEST['referer'], $redirect);
} elseif (wp_get_referer()) {
$redirect = add_query_arg('referer', wp_get_referer(), $redirect);
}
wp_redirect(hm_parse_redirect($redirect), 303);
exit;
} else {
if (!empty($_REQUEST['redirect_to'])) {
$redirect = urldecode($_REQUEST['redirect_to']);
} elseif (!empty($_POST['referer'])) {
//success
$redirect = $_POST['referer'];
} else {
$redirect = get_bloginfo('url');
}
do_action('hma_login_submitted_success', $redirect);
$redirect = apply_filters('hma_login_redirect', $redirect, $user);
wp_redirect(hm_parse_redirect($redirect), 303);
exit;
}
}
/**
* Called when this rule is matched for the page load
*
*/
public function matched_rule()
{
global $wp;
// check request methods match
if ($this->request_methods && !in_array(strtolower($_SERVER['REQUEST_METHOD']), $this->request_methods)) {
header('HTTP/1.1 403 Forbidden');
exit;
}
do_action('hm_parse_request_' . $this->get_regex(), $wp);
$bail = false;
foreach ($this->request_callbacks as $callback) {
$return = call_user_func_array($callback, array($wp, $this));
// Avoid counting `null`/no return as an error
$bail |= $return === false;
}
// If a callback returned false, bail from the request
if ($bail) {
return;
}
$t = $this;
// set up the hooks for everything
add_action('template_redirect', function ($template) use($t) {
global $wp_query;
// check permissions
$permission = $t->access_rule;
$redirect = '';
switch ($permission) {
case 'logged_out_only':
$redirect = is_user_logged_in();
break;
case 'logged_in_only':
$redirect = !is_user_logged_in();
break;
case 'displayed_user_only':
$redirect = !is_user_logged_in() || get_query_var('author') != get_current_user_id();
break;
}
if ($redirect) {
$redirect = home_url('/');
// If there is a "redirect_to" redirect there
if (!empty($_REQUEST['redirect_to'])) {
$redirect = hm_parse_redirect(urldecode(esc_url($_REQUEST['redirect_to'])));
}
wp_redirect($redirect);
exit;
}
foreach ($t->query_callbacks as $callback) {
call_user_func_array($callback, array($wp_query, $t));
}
if ($t->template) {
if (is_file($template)) {
include $t->template;
} else {
locate_template($t->template, true);
}
exit;
}
});
add_filter('parse_query', $closure = function (WP_Query $query) use($t, &$closure) {
// only run this hook once
remove_filter('parse_query', $closure);
foreach ($t->parse_query_callbacks as $callback) {
call_user_func_array($callback, array($query));
}
});
add_filter('redirect_canonical', function ($redirect_to) use($t) {
if ($t->disable_canonical) {
return null;
}
return $redirect_to;
});
add_filter('body_class', function ($classes) use($t) {
foreach ($t->body_class_callbacks as $callback) {
$classes = call_user_func_array($callback, array($classes));
}
return $classes;
});
add_filter('wp_title', function ($title, $sep = '') use($t) {
foreach ($t->title_callbacks as $callback) {
$title = call_user_func_array($callback, array($title, $sep));
}
return $title;
}, 10, 2);
add_action('admin_bar_menu', function () use($t) {
global $wp_admin_bar;
foreach ($t->admin_bar_callbacks as $callback) {
$title = call_user_func_array($callback, array($wp_admin_bar));
}
});
}
/**
* Logs a user in
*
* @param: username (string)
* @param: password (string)
* @param: password_hashed (bool) [default: false]
* @param: redirect_to (string) [optional]
* @param: remember (bool) [default: false]
* @param: allow_email_login (bool) [default: true]
*
* @return: error array (message => string, number => (int) true on success
* 101: already logged in
* 102: no username
* 103: unrocognized username
* 104: incorrect password
* 105: success
*/
function hma_log_user_in($args)
{
$args = apply_filters('hma_log_user_in_args', $args);
if (empty($args['username'])) {
hm_error_message(apply_filters('hma_login_no_username_error_message', 'Please enter your username'), 'login');
return new WP_Error('no-username', 'Please enter your username');
}
$user = hma_parse_user($args['username']);
$defaults = array('remember' => false, 'allow_email_login' => true, 'password_hashed' => false);
// Strip any tags then may have been put into the array
// TODO array_map?
foreach ($args as $i => $a) {
if (is_string($a)) {
$args[$i] = strip_tags($a);
}
}
$args = wp_parse_args($args, $defaults);
extract($args, EXTR_SKIP);
if (!is_numeric($user->ID)) {
hm_error_message(apply_filters('hma_login_unrecognized_username_error_message', 'The username you entered was not recognized'), 'login');
return new WP_Error('unrecognized-username', 'The username you entered was not recognized');
}
if ($password_hashed != true) {
if (!wp_check_password($password, $user->user_pass)) {
hm_error_message(apply_filters('hma_login_incorrect_password_error_message', 'The password you entered is incorrect'), 'login');
return new WP_Error('incorrect-password', 'The password you entered is incorrect');
}
} else {
if ($password != $user->user_pass) {
hm_error_message(apply_filters('hma_login_incorrect_password_error_message', 'The password you entered is incorrect'), 'login');
return new WP_Error('incorrect-password', 'The password you entered is incorrect');
}
}
wp_set_auth_cookie($user->ID, $remember);
wp_set_current_user($user->ID);
do_action('wp_login', $user->user_login);
do_action('hma_log_user_in', $user);
if ($redirect_to == 'referer') {
$redirect_to = wp_get_referer();
}
if ($redirect_to) {
wp_redirect(hm_parse_redirect(apply_filters('hma_login_redirect', $redirect_to, $user)));
exit;
}
return true;
}
/**
* Check the permissions for the current rule and redirect as needed
*
* Supported permission values are
*
* logged_out_only
* logged_in_only
* displayed_user_only => relies on get_query_var( 'author' )
*
* @param string $template
* @param string $rule
* @return null
*/
function hm_restrict_access_to_rule($template, $rule)
{
if (empty($rule[3]['permission'])) {
return;
}
$permission = $rule[3]['permission'];
$redirect = false;
switch ($permission) {
case 'logged_out_only':
$redirect = is_user_logged_in();
break;
case 'logged_in_only':
$redirect = !is_user_logged_in();
break;
case 'displayed_user_only':
$redirect = get_query_var('author') != get_current_user_id();
break;
}
if (!$redirect) {
return;
}
$redirect = home_url('/');
// If there is a "redirect_to" redirect there
if (!empty($_REQUEST['redirect_to'])) {
$redirect = hm_parse_redirect(urldecode(esc_url($_REQUEST['redirect_to'])));
}
wp_redirect($redirect);
exit;
}
