Version Description
- Feature - Added exceptions for AJAX, Cron and WP-CLI requests.
- Fix - Only allow Multisite users access to their assigned sites.
Download this release
Release Info
Developer | kevinvess |
Plugin | Force Login |
Version | 4.0 |
Comparing to | |
See all releases |
Code changes from version 3.3 to 4.0
- readme.txt +34 -17
- wp-force-login.php +21 -7
readme.txt
CHANGED
@@ -4,7 +4,7 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=kevin
|
|
4 |
Tags: access, closed, force user login, hidden, login, password, privacy, private, protected, registered only, restricted
|
5 |
Requires at least: 2.7
|
6 |
Tested up to: 4.4
|
7 |
-
Stable tag:
|
8 |
License: GPLv2 or later
|
9 |
|
10 |
Force Login is a simple lightweight plugin that requires visitors to log in to interact with the website.
|
@@ -42,7 +42,7 @@ Upload the Force Login plugin to your site, then Activate it.
|
|
42 |
|
43 |
By default, the plugin sends visitors back to the URL they tried to visit. However, you can set a specific URL to always redirect users to by adding the following filter to your functions.php file.
|
44 |
|
45 |
-
The URL must be absolute (as in, http://example.com/mypage
|
46 |
|
47 |
`
|
48 |
/**
|
@@ -58,7 +58,7 @@ add_filter('v_forcelogin_redirect', 'my_forcelogin_redirect', 10, 1);
|
|
58 |
|
59 |
= 2. How can I add exceptions for certain pages or posts? =
|
60 |
|
61 |
-
You can specify an array of URLs to whitelist by adding the following filter to your functions.php file. Each URL must be absolute (as in, http://example.com/mypage
|
62 |
|
63 |
`
|
64 |
/**
|
@@ -74,7 +74,17 @@ function my_forcelogin_whitelist( $whitelist ) {
|
|
74 |
add_filter('v_forcelogin_whitelist', 'my_forcelogin_whitelist', 10, 1);
|
75 |
`
|
76 |
|
77 |
-
= 3. How
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
78 |
|
79 |
By default, the plugin blocks access to all page URLs; you will need to whitelist the XML-RPC page to allow the WordPress app to access your site for remote publishing.
|
80 |
|
@@ -94,45 +104,52 @@ add_filter('v_forcelogin_whitelist', 'my_forcelogin_whitelist', 10, 1);
|
|
94 |
|
95 |
== Changelog ==
|
96 |
|
|
|
|
|
|
|
|
|
97 |
= 3.3 =
|
98 |
-
|
99 |
|
100 |
= 3.2 =
|
101 |
-
|
102 |
|
103 |
= 3.1 =
|
104 |
-
- Rewrote v_getUrl function to use HTTP_HOST instead of SERVER_NAME - props [Arlen22](https://github.com/Arlen22).
|
105 |
|
106 |
= 3.0 =
|
107 |
-
- Added
|
108 |
-
- Added
|
109 |
|
110 |
= 2.1 =
|
111 |
-
- Rewrote v_getUrl function to include the server port - props [Nicolas](http://profiles.wordpress.org/nottavi).
|
112 |
|
113 |
= 2.0 =
|
114 |
-
- Added redirect to send visitors back to the URL they tried to visit after logging in.
|
115 |
|
116 |
= 1.3 =
|
117 |
-
- Fixed password reset URL from being blocked - props [estebillan](http://profiles.wordpress.org/estebillan).
|
118 |
|
119 |
= 1.2 =
|
120 |
-
- Streamlined code
|
121 |
|
122 |
= 1.1 =
|
123 |
-
- Whitelisted the registration page and the Lost Password page - props [jabdo](http://profiles.wordpress.org/jabdo).
|
124 |
|
125 |
|
126 |
== Upgrade Notice ==
|
127 |
|
|
|
|
|
|
|
128 |
= 3.2 =
|
129 |
-
Removed function v_getUrl.
|
130 |
|
131 |
= 3.0 =
|
132 |
-
New features: added
|
133 |
|
134 |
= 2.0 =
|
135 |
-
New feature: added redirect to send visitors back to the URL they tried to visit after logging
|
136 |
|
137 |
= 1.3 =
|
138 |
Fixes bug with password reset URL from being blocked.
|
4 |
Tags: access, closed, force user login, hidden, login, password, privacy, private, protected, registered only, restricted
|
5 |
Requires at least: 2.7
|
6 |
Tested up to: 4.4
|
7 |
+
Stable tag: 4.0
|
8 |
License: GPLv2 or later
|
9 |
|
10 |
Force Login is a simple lightweight plugin that requires visitors to log in to interact with the website.
|
42 |
|
43 |
By default, the plugin sends visitors back to the URL they tried to visit. However, you can set a specific URL to always redirect users to by adding the following filter to your functions.php file.
|
44 |
|
45 |
+
The URL must be absolute (as in, <http://example.com/mypage/>). Recommended: [site_url( '/mypage/' )](https://codex.wordpress.org/Function_Reference/site_url).
|
46 |
|
47 |
`
|
48 |
/**
|
58 |
|
59 |
= 2. How can I add exceptions for certain pages or posts? =
|
60 |
|
61 |
+
You can specify an array of URLs to whitelist by adding the following filter to your functions.php file. Each URL must be absolute (as in, <http://example.com/mypage/>). Recommended: [site_url( '/mypage/' )](https://codex.wordpress.org/Function_Reference/site_url).
|
62 |
|
63 |
`
|
64 |
/**
|
74 |
add_filter('v_forcelogin_whitelist', 'my_forcelogin_whitelist', 10, 1);
|
75 |
`
|
76 |
|
77 |
+
= 3. How can I add exceptions for dynamic URLs? =
|
78 |
+
|
79 |
+
Some URLs have unique query strings appended to the end of it, which is composed of a series of parameter-value pairs.
|
80 |
+
|
81 |
+
For example:
|
82 |
+
<http://example.com/mypage/?parameter=value>
|
83 |
+
|
84 |
+
Checkout the [Force Login Wiki on GitHub](https://github.com/kevinvess/wp-force-login/wiki/Whitelist-Dynamic-URLs) for examples of the different methods for whitelisting dynamic URLs.
|
85 |
+
|
86 |
+
|
87 |
+
= 4. How do I get the WordPress mobile app to work? =
|
88 |
|
89 |
By default, the plugin blocks access to all page URLs; you will need to whitelist the XML-RPC page to allow the WordPress app to access your site for remote publishing.
|
90 |
|
104 |
|
105 |
== Changelog ==
|
106 |
|
107 |
+
= 4.0 =
|
108 |
+
* Feature - Added exceptions for AJAX, Cron and WP-CLI requests.
|
109 |
+
* Fix - Only allow Multisite users access to their assigned sites.
|
110 |
+
|
111 |
= 3.3 =
|
112 |
+
* Fix - Check for existence of explicit port number before appending port - props [Björn Ali Göransson](https://github.com/bjorn-ali-goransson).
|
113 |
|
114 |
= 3.2 =
|
115 |
+
* Tweak - Removed v_getUrl() function to reduce possible duplicates of global functions - props [Joachim Happel](https://github.com/johappel).
|
116 |
|
117 |
= 3.1 =
|
118 |
+
* Fix - Rewrote v_getUrl() function to use HTTP_HOST instead of SERVER_NAME - props [Arlen22](https://github.com/Arlen22).
|
119 |
|
120 |
= 3.0 =
|
121 |
+
* Feature - Added filter to set a specific URL to redirect to on login.
|
122 |
+
* Feature - Added filter to allow whitelisting of additional URLs.
|
123 |
|
124 |
= 2.1 =
|
125 |
+
* Fix - Rewrote v_getUrl function to include the server port - props [Nicolas](http://profiles.wordpress.org/nottavi).
|
126 |
|
127 |
= 2.0 =
|
128 |
+
* Feature - Added redirect to send visitors back to the URL they tried to visit after logging in.
|
129 |
|
130 |
= 1.3 =
|
131 |
+
* Fix - Fixed password reset URL from being blocked - props [estebillan](http://profiles.wordpress.org/estebillan).
|
132 |
|
133 |
= 1.2 =
|
134 |
+
* Tweak - Streamlined code
|
135 |
|
136 |
= 1.1 =
|
137 |
+
* Fix - Whitelisted the registration page and the Lost Password page - props [jabdo](http://profiles.wordpress.org/jabdo).
|
138 |
|
139 |
|
140 |
== Upgrade Notice ==
|
141 |
|
142 |
+
= 4.0 =
|
143 |
+
New feature: added exceptions for AJAX, Cron, and WP-CLI requests. Fix: Multisite users can only access their assigned sites.
|
144 |
+
|
145 |
= 3.2 =
|
146 |
+
Removed function v_getUrl().
|
147 |
|
148 |
= 3.0 =
|
149 |
+
New features: added filters for customizing the plugin.
|
150 |
|
151 |
= 2.0 =
|
152 |
+
New feature: added redirect to send visitors back to the URL they tried to visit after logging-in.
|
153 |
|
154 |
= 1.3 =
|
155 |
Fixes bug with password reset URL from being blocked.
|
wp-force-login.php
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
Plugin Name: Force Login
|
4 |
Plugin URI: http://vess.me/
|
5 |
Description: Easily hide your WordPress site from public viewing by requiring visitors to log in first. Activate to turn on.
|
6 |
-
Version:
|
7 |
Author: Kevin Vess
|
8 |
Author URI: http://vess.me/
|
9 |
License: GPLv2 or later
|
@@ -26,25 +26,39 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
26 |
*/
|
27 |
|
28 |
function v_forcelogin() {
|
29 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
30 |
// Get URL
|
31 |
$url = isset( $_SERVER['HTTPS'] ) && 'on' === $_SERVER['HTTPS'] ? 'https' : 'http';
|
32 |
$url .= '://' . $_SERVER['HTTP_HOST'];
|
33 |
-
|
34 |
// port is prepopulated here sometimes
|
35 |
-
if( strpos( $_SERVER['HTTP_HOST'], ':' ) === FALSE ) {
|
36 |
$url .= in_array( $_SERVER['SERVER_PORT'], array('80', '443') ) ? '' : ':' . $_SERVER['SERVER_PORT'];
|
37 |
}
|
38 |
$url .= $_SERVER['REQUEST_URI'];
|
39 |
|
40 |
// Apply filters
|
41 |
-
$whitelist = apply_filters('v_forcelogin_whitelist', array());
|
42 |
-
$redirect_url = apply_filters('v_forcelogin_redirect', $url);
|
43 |
|
44 |
// Redirect visitors
|
45 |
-
if( preg_replace('/\?.*/', '', $url) != preg_replace('/\?.*/', '', wp_login_url()) && !in_array($url, $whitelist) ) {
|
46 |
wp_safe_redirect( wp_login_url( $redirect_url ), 302 ); exit();
|
47 |
}
|
48 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
49 |
}
|
50 |
add_action('init', 'v_forcelogin');
|
3 |
Plugin Name: Force Login
|
4 |
Plugin URI: http://vess.me/
|
5 |
Description: Easily hide your WordPress site from public viewing by requiring visitors to log in first. Activate to turn on.
|
6 |
+
Version: 4.0
|
7 |
Author: Kevin Vess
|
8 |
Author URI: http://vess.me/
|
9 |
License: GPLv2 or later
|
26 |
*/
|
27 |
|
28 |
function v_forcelogin() {
|
29 |
+
|
30 |
+
// Exceptions for AJAX, Cron, or WP-CLI requests
|
31 |
+
if ( ( defined( 'DOING_AJAX' ) && DOING_AJAX ) || ( defined( 'DOING_CRON' ) && DOING_CRON ) || ( defined( 'WP_CLI' ) && WP_CLI ) ) {
|
32 |
+
return;
|
33 |
+
}
|
34 |
+
|
35 |
+
// Redirect unauthorized visitors
|
36 |
+
if ( !is_user_logged_in() ) {
|
37 |
// Get URL
|
38 |
$url = isset( $_SERVER['HTTPS'] ) && 'on' === $_SERVER['HTTPS'] ? 'https' : 'http';
|
39 |
$url .= '://' . $_SERVER['HTTP_HOST'];
|
|
|
40 |
// port is prepopulated here sometimes
|
41 |
+
if ( strpos( $_SERVER['HTTP_HOST'], ':' ) === FALSE ) {
|
42 |
$url .= in_array( $_SERVER['SERVER_PORT'], array('80', '443') ) ? '' : ':' . $_SERVER['SERVER_PORT'];
|
43 |
}
|
44 |
$url .= $_SERVER['REQUEST_URI'];
|
45 |
|
46 |
// Apply filters
|
47 |
+
$whitelist = apply_filters( 'v_forcelogin_whitelist', array() );
|
48 |
+
$redirect_url = apply_filters( 'v_forcelogin_redirect', $url );
|
49 |
|
50 |
// Redirect visitors
|
51 |
+
if ( preg_replace('/\?.*/', '', $url) != preg_replace('/\?.*/', '', wp_login_url()) && !in_array($url, $whitelist) ) {
|
52 |
wp_safe_redirect( wp_login_url( $redirect_url ), 302 ); exit();
|
53 |
}
|
54 |
}
|
55 |
+
else {
|
56 |
+
// Only allow Multisite users access to their assigned sites
|
57 |
+
if ( function_exists('is_multisite') && is_multisite() ) {
|
58 |
+
global $current_user; get_currentuserinfo();
|
59 |
+
if ( !is_user_member_of_blog( $current_user->ID ) )
|
60 |
+
wp_die( __( "You're not authorized to access this site." ), __( get_option('blogname') . ' › Error' ) );
|
61 |
+
}
|
62 |
+
}
|
63 |
}
|
64 |
add_action('init', 'v_forcelogin');
|