My Private Site - Version 3.0.3

Version Description

  • Added Advanced feature allowing users to specify custom password reset page
Download this release

Release Info

Developer dgewirtz
Plugin Icon 128x128 My Private Site
Version 3.0.3
Comparing to
See all releases

Code changes from version 3.0.2 to 3.0.3

Files changed (5) hide show
  1. admin/advanced.php +44 -1
  2. css/adminstyles.css +1 -0
  3. includes/public.php +269 -261
  4. jonradio-private-site.php +1 -1
  5. readme.txt +5 -2
admin/advanced.php CHANGED
@@ -9,7 +9,6 @@
9
  * Copyright (c) 2015-2020 by David Gewirtz
10
  */
11
 
12
-
13
  //// advanced - MENU ////
14
  function my_private_site_admin_advanced_menu() {
15
  $args = array(
@@ -79,9 +78,20 @@ function my_private_site_admin_advanced_section_data($section_options) {
79
  'name' => 'Custom Login URL',
80
  'id' => 'jr_ps_admin_advanced_url',
81
  'type' => 'text',
 
82
  ));
83
  my_private_site_preload_cmb2_field_filter('jr_ps_admin_advanced_url', $handler_function);
84
 
 
 
 
 
 
 
 
 
 
 
85
  // although this feature was in Jonradio's original code, there's nothing he does with it other than set it
86
  // $section_options->add_field(array(
87
  // 'name' => 'Validate Login URL',
@@ -223,6 +233,28 @@ function my_private_site_tab_advanced_process_buttons() {
223
  $url = '';
224
  }
225
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
226
  if (isset($_POST["jr_ps_admin_advanced_enable_custom_login"])) {
227
  // make sure a valid URL has been provided or set to empty
228
 
@@ -284,6 +316,17 @@ function my_private_site_admin_advanced_preload($data, $object_id, $args, $field
284
  return false;
285
  }
286
  break;
 
 
 
 
 
 
 
 
 
 
 
287
  case 'jr_ps_admin_advanced_validate_login_url':
288
  if (isset($settings['custom_login_onsite'])) {
289
  return $settings['custom_login_onsite'];
9
  * Copyright (c) 2015-2020 by David Gewirtz
10
  */
11
 
 
12
  //// advanced - MENU ////
13
  function my_private_site_admin_advanced_menu() {
14
  $args = array(
78
  'name' => 'Custom Login URL',
79
  'id' => 'jr_ps_admin_advanced_url',
80
  'type' => 'text',
81
+ 'desc' => 'Add custom login page URL. Must begin with ' . $home_url . '.',
82
  ));
83
  my_private_site_preload_cmb2_field_filter('jr_ps_admin_advanced_url', $handler_function);
84
 
85
+ if (!function_exists('my_private_site_pp_plugin_updater')) {
86
+ $section_options->add_field(array(
87
+ 'name' => 'Add Password Reset URL',
88
+ 'id' => 'jr_ps_admin_advanced_password_reset_url',
89
+ 'type' => 'text',
90
+ 'desc' => 'Add public password reset page URL. Must begin with ' . $home_url . '.',
91
+ ));
92
+ my_private_site_preload_cmb2_field_filter('jr_ps_admin_advanced_password_reset_url', $handler_function);
93
+ }
94
+
95
  // although this feature was in Jonradio's original code, there's nothing he does with it other than set it
96
  // $section_options->add_field(array(
97
  // 'name' => 'Validate Login URL',
233
  $url = '';
234
  }
235
 
236
+ if (!function_exists('my_private_site_pp_plugin_updater')) {
237
+ if (isset($_POST["jr_ps_admin_advanced_password_reset_url"])) {
238
+ $reset_url = my_private_site_validate_url($_POST["jr_ps_admin_advanced_password_reset_url"]);
239
+ if($_POST["jr_ps_admin_advanced_password_reset_url"] != '' and $reset_url == false){
240
+ my_private_site_flag_cmb2_submit_button_error('jr_ps_button_advanced_save',
241
+ 'Valid password reset URL must be provided.');
242
+ return;
243
+ }
244
+ if ($reset_url == false) {
245
+ $settings['excl_url'] = array();
246
+ } else {
247
+ $settings['excl_url'] = array(); // clear it just to be sure
248
+ $url_array = jr_v1_prep_url($reset_url);
249
+ $add_array = array(
250
+ $reset_url,
251
+ $url_array,
252
+ );
253
+ $settings['excl_url'] = array($add_array);
254
+ }
255
+ }
256
+ }
257
+
258
  if (isset($_POST["jr_ps_admin_advanced_enable_custom_login"])) {
259
  // make sure a valid URL has been provided or set to empty
260
 
316
  return false;
317
  }
318
  break;
319
+ case 'jr_ps_admin_advanced_password_reset_url':
320
+ if (!function_exists('my_private_site_pp_plugin_updater')) {
321
+ if (isset($settings['excl_url'])) {
322
+ if (isset($settings["excl_url"][0][0])) {
323
+ return $settings["excl_url"][0][0];
324
+ }
325
+ } else {
326
+ return false;
327
+ }
328
+ }
329
+ break;
330
  case 'jr_ps_admin_advanced_validate_login_url':
331
  if (isset($settings['custom_login_onsite'])) {
332
  return $settings['custom_login_onsite'];
css/adminstyles.css CHANGED
@@ -6,6 +6,7 @@
6
  width: 500px;
7
  }
8
 
 
9
  #jr_ps_admin_advanced_url {
10
  width: 500px;
11
  }
6
  width: 500px;
7
  }
8
 
9
+ #jr_ps_admin_advanced_password_reset_url,
10
  #jr_ps_admin_advanced_url {
11
  width: 500px;
12
  }
includes/public.php CHANGED
@@ -5,7 +5,7 @@
5
  */
6
 
7
  // Exit if .php file accessed directly
8
- if ( !defined( 'ABSPATH' ) ) exit;
9
 
10
  /* Earliest Action Hook possible is 'template_redirect',
11
  AFTER Rewrite: URL changed with Pretty Permalinks and
@@ -16,304 +16,312 @@ if ( !defined( 'ABSPATH' ) ) exit;
16
  is being used:
17
  'get_header'
18
  */
19
- add_action( 'get_header', 'jr_ps_force_login' );
20
 
21
- add_action( 'login_init', 'jr_ps_login' );
22
- add_filter( 'login_url', 'jr_ps_login_url' );
23
- add_action( 'wp_login_failed', 'jr_ps_login_failed' );
24
- add_action( 'wp_authenticate', 'jr_ps_wp_authenticate', 10, 2 );
25
 
26
- $settings = get_option( 'jr_ps_settings' );
27
- if ( $settings['wplogin_php'] ) {
28
- /* Run this Filter "last" (Priority=100) to be sure that Paid Memberships Pro
29
- has already runs its Filter.
30
- */
31
- add_filter( 'login_redirect', 'jr_ps_login_redirect_filter', 100, 3 );
32
- /* Since it is defined when the plugin is loaded,
33
- wait to check for the Paid Memberships Pro function.
34
- */
35
- add_action( 'plugins_loaded', 'jr_ps_plugins_loaded' );
36
- function jr_ps_plugins_loaded() {
37
- if ( function_exists( 'pmpro_login_redirect' ) ) {
38
- add_filter( 'pmpro_login_redirect_url', 'jr_ps_pmpro_login_redirect_url_filter', 10, 3 );
39
- function jr_ps_pmpro_login_redirect_url_filter( $redirect_to, $requested_redirect_to, $user ) {
40
- $redirect = jr_ps_login_redirect_filter( $redirect_to, $requested_redirect_to, $user );
41
- DEFINE( 'JR_PS_PMPRO_RUN', TRUE );
42
- return $redirect;
43
- }
44
- }
45
- }
46
- function jr_ps_login_redirect_filter( $redirect_to, $requested_redirect_to, $user ) {
47
- if ( !defined( 'JR_PS_PMPRO_RUN' ) ) {
48
- if ( '' === $requested_redirect_to ) {
49
- $redirect_to = jr_ps_after_login_url();
50
- }
51
- }
52
- return $redirect_to;
53
- }
 
54
  }
55
 
56
  /**
57
  * Login Detection
58
- *
59
- * Set a global variable, $jr_ps_is_login, whenever a login occurs
60
  *
61
  * @return NULL Nothing is returned
62
  */
63
  function jr_ps_login() {
64
- global $jr_ps_is_login;
65
- $jr_ps_is_login = TRUE;
66
  }
67
 
68
  /**
69
  * Present a login screen to anyone not logged in
70
- *
71
  * Check for already logged in or just logged in.
72
  * Only called when is_admin() is FALSE
73
  *
74
  * @return NULL Nothing is returned
75
  */
76
  function jr_ps_force_login() {
77
- /* return statements are performed only if User does not need to login.
78
-
79
- First, check if User is on a Login panel.
80
- */
81
- global $jr_ps_is_login, $jr_ps_plugin_data;
82
- if ( isset( $jr_ps_is_login ) ) {
83
- return;
84
- }
85
-
86
- $settings = get_option( 'jr_ps_settings' );
87
-
88
- /* Next, check if User is already logged in, and has a Role on this Site.
89
- */
90
- $role = TRUE;
91
- if ( is_user_logged_in() ) {
92
- if ( is_multisite() ) {
93
- if ( is_user_member_of_blog() ) {
94
- return;
95
- } else {
96
- /* User is logged on to a Site where he/she has no Role.
97
- */
98
- if ( $settings['check_role'] ) {
99
- $role = FALSE;
100
- } else {
101
- /* User can see all of public site.
102
- */
103
- return;
104
- }
105
- }
106
- } else {
107
- return;
108
- }
109
- }
110
-
111
- /* URL of current page without http://, i.e. - starting with domain
112
- */
113
- $current_url = $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
114
- if ( $settings['excl_home'] && jr_v1_same_url( get_home_url(), $current_url ) ) {
115
- return;
116
- }
117
- if ( $settings['custom_login'] && !empty( $settings['login_url'] ) && jr_v1_same_url( $settings['login_url'], $current_url ) ) {
118
- return;
119
- }
120
- if ( isset( $settings['excl_url'] ) ) {
121
- foreach ( $settings['excl_url'] as $arr ) {
122
- /* Test the pre-parsed URL in the URL Exclusion list
123
- */
124
- if ( jr_v1_same_url( $arr[1], $current_url ) ) {
125
- return;
126
- }
127
- }
128
- }
129
- if ( isset( $settings['excl_url_prefix'] ) ) {
130
- foreach ( $settings['excl_url_prefix'] as $arr ) {
131
- /* Test the pre-parsed URL in the Prefix URL Exclusion list
132
- */
133
- if ( jr_v1_same_prefix_url( $arr[1], $current_url ) ) {
134
- return;
135
- }
136
- }
137
- }
138
-
139
- if ( $settings['reveal_registration'] ) {
140
- $buddypress_path = 'buddypress/bp-loader.php';
141
- $buddypress_active = is_plugin_active( $buddypress_path );
142
- /* URL of Registration Page varies between Multisite (Network)
143
- and Single Site WordPress.
144
- Plus, wp_registration_url function was introduced in
145
- WordPress Version 3.6.
146
- */
147
- if ( is_multisite() ) {
148
- $reg_url = get_site_url( 0, 'wp-signup.php' );
149
- $buddypress_active = $buddypress_active || is_plugin_active_for_network( $buddypress_path );
150
- } else {
151
- if ( function_exists( 'wp_registration_url' ) ) {
152
- $reg_url = wp_registration_url();
153
- } else {
154
- $reg_url = get_site_url( 0, 'wp-login.php?action=register' );
155
- }
156
- }
157
- if ( jr_v1_same_url( $reg_url, $current_url )
158
- || ( $buddypress_active
159
- && ( jr_v1_same_url( get_site_url( 0, 'register' ), $current_url )
160
- || jr_v1_same_url( get_site_url( 0, 'activate' ),
161
- parse_url( $current_url, PHP_URL_HOST )
162
- . parse_url( $current_url, PHP_URL_PATH ) ) ) ) ) {
163
- /* BuddyPress plugin redirects Registration URL to
164
- either {current site}/register/ or {main site}/register/
165
- and has its own Activation at /activate/?key=...
166
- */
167
- return;
168
- }
169
- }
170
-
171
- /* Must exclude all of the pages generated by the Theme My Login plugin
172
- */
173
- $theme_my_login_path = 'theme-my-login/theme-my-login.php';
174
- $theme_my_login_active = is_plugin_active( $theme_my_login_path );
175
- if ( is_multisite() ) {
176
- $theme_my_login_active = $theme_my_login_active || is_plugin_active_for_network( $theme_my_login_path );
177
- }
178
- if ( $theme_my_login_active ) {
179
- if ( NULL !== ( $page = get_post( $null = NULL ) ) ) {
180
- /* Some Versions of WordPress required that get_post() have a parameter
181
- */
182
- if ( ( 'page' === $page->post_type )
183
- && in_array( $page->post_name, array( 'login', 'logout', 'lostpassword', 'register', 'resetpass' ) )
184
- && stripos( $page->post_content, 'theme-my-login' ) ) {
185
- return;
186
- }
187
- }
188
- }
189
-
190
- /* Point of No Return:
191
- We now know that the Visitor must be forced to login
192
- if the Visitor wants to see the current URL.
193
- */
194
- if ( !$role ) {
195
- /* User is logged on to a Site where he/she has no Role.
196
- */
197
- $message = 'You (User "'
198
- . wp_get_current_user()->user_login
199
- . '") cannot view this Site ("'
200
- . get_bloginfo( 'name', 'display' )
201
- . '").<hr />'
202
- . 'Your User ID has not been defined to this Site. '
203
- . 'If you believe that you should be able to access this Site, '
204
- . 'please contact your network administrator or this site\'s webmaster, '
205
- . 'and mention that your access was blocked by the <em>'
206
- . $jr_ps_plugin_data['Name']
207
- . '</em> plugin.';
208
- wp_die( $message );
209
- }
210
-
211
- if ( $settings['custom_login'] && !empty( $settings['login_url'] ) ) {
212
- $url = jr_ps_login_url( $settings['login_url'] );
213
- } else {
214
- /* wp_login_url() returns the standard WordPress login URL,
215
- but the login_url Filter adds the ?redirect_to= query in the URL.
216
- */
217
- $url = wp_login_url();
218
- }
219
 
220
- /* wp_redirect( $url ) goes to $url right after exit on the line that follows.
221
- */
222
- wp_redirect( $url );
223
- exit;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
224
  }
225
 
226
  /**
227
  * Add Landing Location to Login URL
228
- *
229
  * Although written to modify the Login URL in the Meta Widget,
230
  * to implement Landing Location, wp_login_url() is also called
231
  * near the end of jr_ps_force_login() above.
232
  *
233
- * @param string $login_url Login URL
234
- * @param string $redirect Path to redirect to on login.
235
- * @return string Login URL
236
  */
237
- function jr_ps_login_url( $login_url ) {
238
- /* remove_query_arg() simply returns $login_url if a ?redirect_to= query is not present in the URL.
239
- */
240
- $url = remove_query_arg( 'redirect_to', $login_url );
241
- /* $redirect_to is the URL passed to the standard WordPress login URL,
242
- via the ?redirect_to= URL query parameter, to go to after login is complete.
243
- */
244
- $redirect_to = jr_ps_after_login_url();
245
- /* Also avoids situations where specific URL is requested,
246
- but URL is blank.
247
- */
248
- if ( !empty( $redirect_to ) ) {
249
- $url = add_query_arg( 'redirect_to', urlencode( $redirect_to ), $url );
250
- }
251
- return $url;
252
  }
253
 
254
  function jr_ps_after_login_url() {
255
- $settings = get_option( 'jr_ps_settings' );
256
- switch ( $settings['landing'] ) {
257
- case 'return':
258
- // $_SERVER['HTTPS'] can be off in IIS
259
- if ( empty( $_SERVER['HTTPS'] ) || ( $_SERVER['HTTPS'] == 'off' ) ) {
260
- $http = 'http://';
261
- } else {
262
- $http = 'https://';
263
- }
264
- if (strpos($_SERVER['REQUEST_URI'], 'resetpass') !== false) {
265
- $after_login_url = get_home_url();
266
- }
267
- else {
268
- $after_login_url = $http . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
269
- }
270
- break;
271
- case 'home':
272
- $after_login_url = get_home_url();
273
- break;
274
- case 'admin':
275
- $after_login_url = get_admin_url();
276
- break;
277
- case 'url':
278
- if (strpos($after_login_url, 'resetpass') !== false) {
279
- $after_login_url = get_home_url();
280
- }
281
- else {
282
- $after_login_url = trim( $settings['specific_url'] );
283
- }
284
- break;
285
- case 'omit':
286
- $after_login_url = '';
287
- break;
288
- }
289
- return $after_login_url;
290
  }
291
 
292
  function jr_ps_login_failed() {
293
- $settings = get_option( 'jr_ps_settings' );
294
- if ( $settings['custom_login'] && !empty( $settings['login_url'] ) ) {
295
- /* wp_redirect( $url ) goes to $url right after exit on the line that follows.
296
- */
297
- wp_redirect( jr_ps_login_url( $settings['login_url'] ) );
298
- exit;
299
- } else {
300
- return;
301
- }
302
  }
303
 
304
- function jr_ps_wp_authenticate( $username, $password ) {
305
- foreach ( array( $username, $password ) as $auth ) {
306
- if ( empty( $auth ) ) {
307
- jr_ps_login_failed();
308
- } else {
309
- /* Also catch blanks.
310
- */
311
- $trim_auth = rtrim( $auth );
312
- if ( empty( $auth ) ) {
313
- jr_ps_login_failed();
314
- }
315
- }
316
- }
 
 
 
317
  }
318
 
319
  ?>
5
  */
6
 
7
  // Exit if .php file accessed directly
8
+ if (!defined('ABSPATH')) exit;
9
 
10
  /* Earliest Action Hook possible is 'template_redirect',
11
  AFTER Rewrite: URL changed with Pretty Permalinks and
16
  is being used:
17
  'get_header'
18
  */
19
+ add_action('get_header', 'jr_ps_force_login');
20
 
21
+ add_action('login_init', 'jr_ps_login');
22
+ add_filter('login_url', 'jr_ps_login_url');
23
+ add_action('wp_login_failed', 'jr_ps_login_failed');
24
+ add_action('wp_authenticate', 'jr_ps_wp_authenticate', 10, 2);
25
 
26
+ $settings = get_option('jr_ps_settings');
27
+ if ($settings['wplogin_php']) {
28
+ /* Run this Filter "last" (Priority=100) to be sure that Paid Memberships Pro
29
+ has already runs its Filter.
30
+ */
31
+ add_filter('login_redirect', 'jr_ps_login_redirect_filter', 100, 3);
32
+ /* Since it is defined when the plugin is loaded,
33
+ wait to check for the Paid Memberships Pro function.
34
+ */
35
+ add_action('plugins_loaded', 'jr_ps_plugins_loaded');
36
+ function jr_ps_plugins_loaded() {
37
+ if (function_exists('pmpro_login_redirect')) {
38
+ add_filter('pmpro_login_redirect_url', 'jr_ps_pmpro_login_redirect_url_filter', 10, 3);
39
+ function jr_ps_pmpro_login_redirect_url_filter($redirect_to, $requested_redirect_to, $user) {
40
+ $redirect = jr_ps_login_redirect_filter($redirect_to, $requested_redirect_to, $user);
41
+ DEFINE('JR_PS_PMPRO_RUN', true);
42
+ return $redirect;
43
+ }
44
+ }
45
+ }
46
+
47
+ function jr_ps_login_redirect_filter($redirect_to, $requested_redirect_to, $user) {
48
+ if (!defined('JR_PS_PMPRO_RUN')) {
49
+ if ('' === $requested_redirect_to) {
50
+ $redirect_to = jr_ps_after_login_url();
51
+ }
52
+ }
53
+ return $redirect_to;
54
+ }
55
  }
56
 
57
  /**
58
  * Login Detection
59
+ *
60
+ * Set a global variable, $jr_ps_is_login, whenever a login occurs
61
  *
62
  * @return NULL Nothing is returned
63
  */
64
  function jr_ps_login() {
65
+ global $jr_ps_is_login;
66
+ $jr_ps_is_login = true;
67
  }
68
 
69
  /**
70
  * Present a login screen to anyone not logged in
71
+ *
72
  * Check for already logged in or just logged in.
73
  * Only called when is_admin() is FALSE
74
  *
75
  * @return NULL Nothing is returned
76
  */
77
  function jr_ps_force_login() {
78
+ /* return statements are performed only if User does not need to login.
79
+
80
+ First, check if User is on a Login panel.
81
+ */
82
+ global $jr_ps_is_login, $jr_ps_plugin_data;
83
+ if (isset($jr_ps_is_login)) {
84
+ return;
85
+ }
86
+
87
+ $settings = get_option('jr_ps_settings');
88
+
89
+ /* Next, check if User is already logged in, and has a Role on this Site.
90
+ */
91
+ $role = true;
92
+ if (is_user_logged_in()) {
93
+ if (is_multisite()) {
94
+ if (is_user_member_of_blog()) {
95
+ return;
96
+ } else {
97
+ /* User is logged on to a Site where he/she has no Role.
98
+ */
99
+ if ($settings['check_role']) {
100
+ $role = false;
101
+ } else {
102
+ /* User can see all of public site.
103
+ */
104
+ return;
105
+ }
106
+ }
107
+ } else {
108
+ return;
109
+ }
110
+ }
111
+
112
+ /* URL of current page without http://, i.e. - starting with domain
113
+ */
114
+ $current_url = $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
115
+ if ($settings['excl_home'] && jr_v1_same_url(get_home_url(), $current_url)) {
116
+ return;
117
+ }
118
+ if ($settings['custom_login'] && !empty($settings['login_url']) && jr_v1_same_url($settings['login_url'], $current_url)) {
119
+ return;
120
+ }
121
+ if (isset($settings['excl_url'])) {
122
+ foreach ($settings['excl_url'] as $arr) {
123
+ /* Test the pre-parsed URL in the URL Exclusion list
124
+ */
125
+ if (jr_v1_same_url($arr[1], $current_url)) {
126
+ return;
127
+ }
128
+ }
129
+ }
130
+ if (isset($settings['excl_url_prefix'])) {
131
+ foreach ($settings['excl_url_prefix'] as $arr) {
132
+ /* Test the pre-parsed URL in the Prefix URL Exclusion list
133
+ */
134
+ if (jr_v1_same_prefix_url($arr[1], $current_url)) {
135
+ return;
136
+ }
137
+ }
138
+ }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
139
 
140
+ if ($settings['reveal_registration']) {
141
+ $buddypress_path = 'buddypress/bp-loader.php';
142
+ $buddypress_active = is_plugin_active($buddypress_path);
143
+ /* URL of Registration Page varies between Multisite (Network)
144
+ and Single Site WordPress.
145
+ Plus, wp_registration_url function was introduced in
146
+ WordPress Version 3.6.
147
+ */
148
+ if (is_multisite()) {
149
+ $reg_url = get_site_url(0, 'wp-signup.php');
150
+ $buddypress_active = $buddypress_active || is_plugin_active_for_network($buddypress_path);
151
+ } else {
152
+ if (function_exists('wp_registration_url')) {
153
+ $reg_url = wp_registration_url();
154
+ } else {
155
+ $reg_url = get_site_url(0, 'wp-login.php?action=register');
156
+ }
157
+ }
158
+ if (jr_v1_same_url($reg_url, $current_url)
159
+ || ($buddypress_active
160
+ && (jr_v1_same_url(get_site_url(0, 'register'), $current_url)
161
+ || jr_v1_same_url(get_site_url(0, 'activate'),
162
+ parse_url($current_url, PHP_URL_HOST)
163
+ . parse_url($current_url, PHP_URL_PATH))))) {
164
+ /* BuddyPress plugin redirects Registration URL to
165
+ either {current site}/register/ or {main site}/register/
166
+ and has its own Activation at /activate/?key=...
167
+ */
168
+ return;
169
+ }
170
+ }
171
+
172
+ /* Must exclude all of the pages generated by the Theme My Login plugin
173
+ */
174
+ $theme_my_login_path = 'theme-my-login/theme-my-login.php';
175
+ $theme_my_login_active = is_plugin_active($theme_my_login_path);
176
+ if (is_multisite()) {
177
+ $theme_my_login_active = $theme_my_login_active || is_plugin_active_for_network($theme_my_login_path);
178
+ }
179
+ if ($theme_my_login_active) {
180
+ if (NULL !== ($page = get_post($null = NULL))) {
181
+ /* Some Versions of WordPress required that get_post() have a parameter
182
+ */
183
+ if (('page' === $page->post_type)
184
+ && in_array($page->post_name, array(
185
+ 'login',
186
+ 'logout',
187
+ 'lostpassword',
188
+ 'register',
189
+ 'resetpass',
190
+ ))
191
+ && stripos($page->post_content, 'theme-my-login')) {
192
+ return;
193
+ }
194
+ }
195
+ }
196
+
197
+ /* Point of No Return:
198
+ We now know that the Visitor must be forced to login
199
+ if the Visitor wants to see the current URL.
200
+ */
201
+ if (!$role) {
202
+ /* User is logged on to a Site where he/she has no Role.
203
+ */
204
+ $message = 'You (User "'
205
+ . wp_get_current_user()->user_login
206
+ . '") cannot view this Site ("'
207
+ . get_bloginfo('name', 'display')
208
+ . '").<hr />'
209
+ . 'Your User ID has not been defined to this Site. '
210
+ . 'If you believe that you should be able to access this Site, '
211
+ . 'please contact your network administrator or this site\'s webmaster, '
212
+ . 'and mention that your access was blocked by the <em>'
213
+ . $jr_ps_plugin_data['Name']
214
+ . '</em> plugin.';
215
+ wp_die($message);
216
+ }
217
+
218
+ if ($settings['custom_login'] && !empty($settings['login_url'])) {
219
+ $url = jr_ps_login_url($settings['login_url']);
220
+ } else {
221
+ /* wp_login_url() returns the standard WordPress login URL,
222
+ but the login_url Filter adds the ?redirect_to= query in the URL.
223
+ */
224
+ $url = wp_login_url();
225
+ }
226
+
227
+ /* wp_redirect( $url ) goes to $url right after exit on the line that follows.
228
+ */
229
+ wp_redirect($url);
230
+ exit;
231
  }
232
 
233
  /**
234
  * Add Landing Location to Login URL
235
+ *
236
  * Although written to modify the Login URL in the Meta Widget,
237
  * to implement Landing Location, wp_login_url() is also called
238
  * near the end of jr_ps_force_login() above.
239
  *
240
+ * @param string $login_url Login URL
241
+ * @param string $redirect Path to redirect to on login.
242
+ * @return string Login URL
243
  */
244
+ function jr_ps_login_url($login_url) {
245
+ /* remove_query_arg() simply returns $login_url if a ?redirect_to= query is not present in the URL.
246
+ */
247
+ $url = remove_query_arg('redirect_to', $login_url);
248
+ /* $redirect_to is the URL passed to the standard WordPress login URL,
249
+ via the ?redirect_to= URL query parameter, to go to after login is complete.
250
+ */
251
+ $redirect_to = jr_ps_after_login_url();
252
+ /* Also avoids situations where specific URL is requested,
253
+ but URL is blank.
254
+ */
255
+ if (!empty($redirect_to)) {
256
+ $url = add_query_arg('redirect_to', urlencode($redirect_to), $url);
257
+ }
258
+ return $url;
259
  }
260
 
261
  function jr_ps_after_login_url() {
262
+ $settings = get_option('jr_ps_settings');
263
+ switch ($settings['landing']) {
264
+ case 'return':
265
+ // $_SERVER['HTTPS'] can be off in IIS
266
+ if (empty($_SERVER['HTTPS']) || ($_SERVER['HTTPS'] == 'off')) {
267
+ $http = 'http://';
268
+ } else {
269
+ $http = 'https://';
270
+ }
271
+ if (strpos($_SERVER['REQUEST_URI'], 'resetpass') !== false) {
272
+ $after_login_url = get_home_url();
273
+ } else {
274
+ $after_login_url = $http . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
275
+ }
276
+ break;
277
+ case 'home':
278
+ $after_login_url = get_home_url();
279
+ break;
280
+ case 'admin':
281
+ $after_login_url = get_admin_url();
282
+ break;
283
+ case 'url':
284
+ if (strpos($after_login_url, 'resetpass') !== false) {
285
+ $after_login_url = get_home_url();
286
+ } else {
287
+ $after_login_url = trim($settings['specific_url']);
288
+ }
289
+ break;
290
+ case 'omit':
291
+ $after_login_url = '';
292
+ break;
293
+ }
294
+ return $after_login_url;
 
 
295
  }
296
 
297
  function jr_ps_login_failed() {
298
+ $settings = get_option('jr_ps_settings');
299
+ if ($settings['custom_login'] && !empty($settings['login_url'])) {
300
+ /* wp_redirect( $url ) goes to $url right after exit on the line that follows.
301
+ */
302
+ wp_redirect(jr_ps_login_url($settings['login_url']));
303
+ exit;
304
+ } else {
305
+ return;
306
+ }
307
  }
308
 
309
+ function jr_ps_wp_authenticate($username, $password) {
310
+ foreach (array(
311
+ $username,
312
+ $password,
313
+ ) as $auth) {
314
+ if (empty($auth)) {
315
+ jr_ps_login_failed();
316
+ } else {
317
+ /* Also catch blanks.
318
+ */
319
+ $trim_auth = rtrim($auth);
320
+ if (empty($auth)) {
321
+ jr_ps_login_failed();
322
+ }
323
+ }
324
+ }
325
  }
326
 
327
  ?>
jonradio-private-site.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: My Private Site
4
  Plugin URI: http://zatzlabs.com/plugins/
5
  Description: Easily secure posts, pages, or your entire WordPress site by requiring visitors to login.
6
- Version: 3.0.2
7
  Author: David Gewirtz
8
  Author URI: http://zatzlabs.com/plugins/
9
  License: GPLv2
3
  Plugin Name: My Private Site
4
  Plugin URI: http://zatzlabs.com/plugins/
5
  Description: Easily secure posts, pages, or your entire WordPress site by requiring visitors to login.
6
+ Version: 3.0.3
7
  Author: David Gewirtz
8
  Author URI: http://zatzlabs.com/plugins/
9
  License: GPLv2
readme.txt CHANGED
@@ -3,8 +3,8 @@ Contributors: dgewirtz
3
  Donate link: http://zatzlabs.com/lab-notes/
4
  Tags: login, visibility, private, security, plugin, pages, page, posts, post
5
  Requires at least: 3.0
6
- Tested up to: 5.5
7
- Stable tag: 3.0.2
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -90,6 +90,9 @@ Whenever you change your WordPress Permalinks (Settings-Permalinks in Admin pane
90
 
91
  == Changelog ==
92
 
 
 
 
93
  = 3.0.2 =
94
  * Fixed duplicate header bug found on some systems
95
 
3
  Donate link: http://zatzlabs.com/lab-notes/
4
  Tags: login, visibility, private, security, plugin, pages, page, posts, post
5
  Requires at least: 3.0
6
+ Tested up to: 5.8
7
+ Stable tag: 3.0.3
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
90
 
91
  == Changelog ==
92
 
93
+ = 3.0.3 =
94
+ * Added Advanced feature allowing users to specify custom password reset page
95
+
96
  = 3.0.2 =
97
  * Fixed duplicate header bug found on some systems
98