Force Login - Version 4.0

Version Description

  • Feature - Added exceptions for AJAX, Cron and WP-CLI requests.
  • Fix - Only allow Multisite users access to their assigned sites.
Download this release

Release Info

Developer kevinvess
Plugin Icon 128x128 Force Login
Version 4.0
Comparing to
See all releases

Code changes from version 3.3 to 4.0

Files changed (2) hide show
  1. readme.txt +34 -17
  2. wp-force-login.php +21 -7
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=kevin
4
  Tags: access, closed, force user login, hidden, login, password, privacy, private, protected, registered only, restricted
5
  Requires at least: 2.7
6
  Tested up to: 4.4
7
- Stable tag: 3.3
8
  License: GPLv2 or later
9
 
10
  Force Login is a simple lightweight plugin that requires visitors to log in to interact with the website.
@@ -42,7 +42,7 @@ Upload the Force Login plugin to your site, then Activate it.
42
 
43
  By default, the plugin sends visitors back to the URL they tried to visit. However, you can set a specific URL to always redirect users to by adding the following filter to your functions.php file.
44
 
45
- The URL must be absolute (as in, http://example.com/mypage/). Recommended: [site_url( '/mypage/' )](https://codex.wordpress.org/Function_Reference/site_url).
46
 
47
  `
48
  /**
@@ -58,7 +58,7 @@ add_filter('v_forcelogin_redirect', 'my_forcelogin_redirect', 10, 1);
58
 
59
  = 2. How can I add exceptions for certain pages or posts? =
60
 
61
- You can specify an array of URLs to whitelist by adding the following filter to your functions.php file. Each URL must be absolute (as in, http://example.com/mypage/). Recommended: [site_url( '/mypage/' )](https://codex.wordpress.org/Function_Reference/site_url).
62
 
63
  `
64
  /**
@@ -74,7 +74,17 @@ function my_forcelogin_whitelist( $whitelist ) {
74
  add_filter('v_forcelogin_whitelist', 'my_forcelogin_whitelist', 10, 1);
75
  `
76
 
77
- = 3. How do I get the WordPress mobile app to work? =
 
 
 
 
 
 
 
 
 
 
78
 
79
  By default, the plugin blocks access to all page URLs; you will need to whitelist the XML-RPC page to allow the WordPress app to access your site for remote publishing.
80
 
@@ -94,45 +104,52 @@ add_filter('v_forcelogin_whitelist', 'my_forcelogin_whitelist', 10, 1);
94
 
95
  == Changelog ==
96
 
 
 
 
 
97
  = 3.3 =
98
- - Fix - Check for existence of explicit port number before appending port - props [Björn Ali Göransson](https://github.com/bjorn-ali-goransson).
99
 
100
  = 3.2 =
101
- - Streamlined - removed v_getUrl function to reduce possible duplicates of global functions - props [johappel](https://github.com/johappel).
102
 
103
  = 3.1 =
104
- - Rewrote v_getUrl function to use HTTP_HOST instead of SERVER_NAME - props [Arlen22](https://github.com/Arlen22).
105
 
106
  = 3.0 =
107
- - Added hook to set a specific URL to redirect to on login.
108
- - Added hook to allow whitelisting of additional URLs.
109
 
110
  = 2.1 =
111
- - Rewrote v_getUrl function to include the server port - props [Nicolas](http://profiles.wordpress.org/nottavi).
112
 
113
  = 2.0 =
114
- - Added redirect to send visitors back to the URL they tried to visit after logging in.
115
 
116
  = 1.3 =
117
- - Fixed password reset URL from being blocked - props [estebillan](http://profiles.wordpress.org/estebillan).
118
 
119
  = 1.2 =
120
- - Streamlined code
121
 
122
  = 1.1 =
123
- - Whitelisted the registration page and the Lost Password page - props [jabdo](http://profiles.wordpress.org/jabdo).
124
 
125
 
126
  == Upgrade Notice ==
127
 
 
 
 
128
  = 3.2 =
129
- Removed function v_getUrl.
130
 
131
  = 3.0 =
132
- New features: added developer hooks for customizing the plugin.
133
 
134
  = 2.0 =
135
- New feature: added redirect to send visitors back to the URL they tried to visit after logging in.
136
 
137
  = 1.3 =
138
  Fixes bug with password reset URL from being blocked.
4
  Tags: access, closed, force user login, hidden, login, password, privacy, private, protected, registered only, restricted
5
  Requires at least: 2.7
6
  Tested up to: 4.4
7
+ Stable tag: 4.0
8
  License: GPLv2 or later
9
 
10
  Force Login is a simple lightweight plugin that requires visitors to log in to interact with the website.
42
 
43
  By default, the plugin sends visitors back to the URL they tried to visit. However, you can set a specific URL to always redirect users to by adding the following filter to your functions.php file.
44
 
45
+ The URL must be absolute (as in, <http://example.com/mypage/>). Recommended: [site_url( '/mypage/' )](https://codex.wordpress.org/Function_Reference/site_url).
46
 
47
  `
48
  /**
58
 
59
  = 2. How can I add exceptions for certain pages or posts? =
60
 
61
+ You can specify an array of URLs to whitelist by adding the following filter to your functions.php file. Each URL must be absolute (as in, <http://example.com/mypage/>). Recommended: [site_url( '/mypage/' )](https://codex.wordpress.org/Function_Reference/site_url).
62
 
63
  `
64
  /**
74
  add_filter('v_forcelogin_whitelist', 'my_forcelogin_whitelist', 10, 1);
75
  `
76
 
77
+ = 3. How can I add exceptions for dynamic URLs? =
78
+
79
+ Some URLs have unique query strings appended to the end of it, which is composed of a series of parameter-value pairs.
80
+
81
+ For example:
82
+ <http://example.com/mypage/?parameter=value>
83
+
84
+ Checkout the [Force Login Wiki on GitHub](https://github.com/kevinvess/wp-force-login/wiki/Whitelist-Dynamic-URLs) for examples of the different methods for whitelisting dynamic URLs.
85
+
86
+
87
+ = 4. How do I get the WordPress mobile app to work? =
88
 
89
  By default, the plugin blocks access to all page URLs; you will need to whitelist the XML-RPC page to allow the WordPress app to access your site for remote publishing.
90
 
104
 
105
  == Changelog ==
106
 
107
+ = 4.0 =
108
+ * Feature - Added exceptions for AJAX, Cron and WP-CLI requests.
109
+ * Fix - Only allow Multisite users access to their assigned sites.
110
+
111
  = 3.3 =
112
+ * Fix - Check for existence of explicit port number before appending port - props [Björn Ali Göransson](https://github.com/bjorn-ali-goransson).
113
 
114
  = 3.2 =
115
+ * Tweak - Removed v_getUrl() function to reduce possible duplicates of global functions - props [Joachim Happel](https://github.com/johappel).
116
 
117
  = 3.1 =
118
+ * Fix - Rewrote v_getUrl() function to use HTTP_HOST instead of SERVER_NAME - props [Arlen22](https://github.com/Arlen22).
119
 
120
  = 3.0 =
121
+ * Feature - Added filter to set a specific URL to redirect to on login.
122
+ * Feature - Added filter to allow whitelisting of additional URLs.
123
 
124
  = 2.1 =
125
+ * Fix - Rewrote v_getUrl function to include the server port - props [Nicolas](http://profiles.wordpress.org/nottavi).
126
 
127
  = 2.0 =
128
+ * Feature - Added redirect to send visitors back to the URL they tried to visit after logging in.
129
 
130
  = 1.3 =
131
+ * Fix - Fixed password reset URL from being blocked - props [estebillan](http://profiles.wordpress.org/estebillan).
132
 
133
  = 1.2 =
134
+ * Tweak - Streamlined code
135
 
136
  = 1.1 =
137
+ * Fix - Whitelisted the registration page and the Lost Password page - props [jabdo](http://profiles.wordpress.org/jabdo).
138
 
139
 
140
  == Upgrade Notice ==
141
 
142
+ = 4.0 =
143
+ New feature: added exceptions for AJAX, Cron, and WP-CLI requests. Fix: Multisite users can only access their assigned sites.
144
+
145
  = 3.2 =
146
+ Removed function v_getUrl().
147
 
148
  = 3.0 =
149
+ New features: added filters for customizing the plugin.
150
 
151
  = 2.0 =
152
+ New feature: added redirect to send visitors back to the URL they tried to visit after logging-in.
153
 
154
  = 1.3 =
155
  Fixes bug with password reset URL from being blocked.
wp-force-login.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: Force Login
4
  Plugin URI: http://vess.me/
5
  Description: Easily hide your WordPress site from public viewing by requiring visitors to log in first. Activate to turn on.
6
- Version: 3.3
7
  Author: Kevin Vess
8
  Author URI: http://vess.me/
9
  License: GPLv2 or later
@@ -26,25 +26,39 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26
  */
27
 
28
  function v_forcelogin() {
29
- if( !is_user_logged_in() ) {
 
 
 
 
 
 
 
30
  // Get URL
31
  $url = isset( $_SERVER['HTTPS'] ) && 'on' === $_SERVER['HTTPS'] ? 'https' : 'http';
32
  $url .= '://' . $_SERVER['HTTP_HOST'];
33
-
34
  // port is prepopulated here sometimes
35
- if( strpos( $_SERVER['HTTP_HOST'], ':' ) === FALSE ) {
36
  $url .= in_array( $_SERVER['SERVER_PORT'], array('80', '443') ) ? '' : ':' . $_SERVER['SERVER_PORT'];
37
  }
38
  $url .= $_SERVER['REQUEST_URI'];
39
 
40
  // Apply filters
41
- $whitelist = apply_filters('v_forcelogin_whitelist', array());
42
- $redirect_url = apply_filters('v_forcelogin_redirect', $url);
43
 
44
  // Redirect visitors
45
- if( preg_replace('/\?.*/', '', $url) != preg_replace('/\?.*/', '', wp_login_url()) && !in_array($url, $whitelist) ) {
46
  wp_safe_redirect( wp_login_url( $redirect_url ), 302 ); exit();
47
  }
48
  }
 
 
 
 
 
 
 
 
49
  }
50
  add_action('init', 'v_forcelogin');
3
  Plugin Name: Force Login
4
  Plugin URI: http://vess.me/
5
  Description: Easily hide your WordPress site from public viewing by requiring visitors to log in first. Activate to turn on.
6
+ Version: 4.0
7
  Author: Kevin Vess
8
  Author URI: http://vess.me/
9
  License: GPLv2 or later
26
  */
27
 
28
  function v_forcelogin() {
29
+
30
+ // Exceptions for AJAX, Cron, or WP-CLI requests
31
+ if ( ( defined( 'DOING_AJAX' ) && DOING_AJAX ) || ( defined( 'DOING_CRON' ) && DOING_CRON ) || ( defined( 'WP_CLI' ) && WP_CLI ) ) {
32
+ return;
33
+ }
34
+
35
+ // Redirect unauthorized visitors
36
+ if ( !is_user_logged_in() ) {
37
  // Get URL
38
  $url = isset( $_SERVER['HTTPS'] ) && 'on' === $_SERVER['HTTPS'] ? 'https' : 'http';
39
  $url .= '://' . $_SERVER['HTTP_HOST'];
 
40
  // port is prepopulated here sometimes
41
+ if ( strpos( $_SERVER['HTTP_HOST'], ':' ) === FALSE ) {
42
  $url .= in_array( $_SERVER['SERVER_PORT'], array('80', '443') ) ? '' : ':' . $_SERVER['SERVER_PORT'];
43
  }
44
  $url .= $_SERVER['REQUEST_URI'];
45
 
46
  // Apply filters
47
+ $whitelist = apply_filters( 'v_forcelogin_whitelist', array() );
48
+ $redirect_url = apply_filters( 'v_forcelogin_redirect', $url );
49
 
50
  // Redirect visitors
51
+ if ( preg_replace('/\?.*/', '', $url) != preg_replace('/\?.*/', '', wp_login_url()) && !in_array($url, $whitelist) ) {
52
  wp_safe_redirect( wp_login_url( $redirect_url ), 302 ); exit();
53
  }
54
  }
55
+ else {
56
+ // Only allow Multisite users access to their assigned sites
57
+ if ( function_exists('is_multisite') && is_multisite() ) {
58
+ global $current_user; get_currentuserinfo();
59
+ if ( !is_user_member_of_blog( $current_user->ID ) )
60
+ wp_die( __( "You're not authorized to access this site." ), __( get_option('blogname') . ' &rsaquo; Error' ) );
61
+ }
62
+ }
63
  }
64
  add_action('init', 'v_forcelogin');