/** * Checks SSL connection and user permissions before render or process * registration form. * * @since 4.1.0 * * @access private * @param Domainmap_Reseller $reseller Current reseller. */ private function _check_ssl_and_security($reseller) { // check if user has permissions if (!check_admin_referer(Domainmap_Plugin::ACTION_SHOW_REGISTRATION_FORM, 'nonce') || !current_user_can('manage_network_options')) { status_header(403); exit; } // check if ssl connection is not used if ($reseller->registration_over_ssl() && !is_ssl()) { // ssl connection is not used, so if you logged in then redirect him // to https page, otherwise redirect him to login page $user_id = get_current_user_id(); if ($user_id) { // propagate SSL auth cookie wp_set_auth_cookie($user_id, true, true); // redirect to https version of this registration page wp_redirect(add_query_arg(array('action' => Domainmap_Plugin::ACTION_SHOW_REGISTRATION_FORM, 'nonce' => wp_create_nonce(Domainmap_Plugin::ACTION_SHOW_REGISTRATION_FORM), 'reseller' => filter_input(INPUT_GET, 'reseller')), admin_url('admin-ajax.php', 'https'))); exit; } else { // redirect to login form $this->redirect_to_login_form(); } } }