Version Description
- Tweak - Improved the visited $url variable.
- Tweak - Changed code to comply with WordPress standards - props Alex Bordei.
Download this release
Release Info
Developer | kevinvess |
Plugin | Force Login |
Version | 5.4 |
Comparing to | |
See all releases |
Code changes from version 5.3 to 5.4
- readme.txt +16 -11
- wp-force-login.php +12 -15
readme.txt
CHANGED
@@ -3,8 +3,8 @@ Contributors: kevinvess
|
|
3 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=forcelogin%40vess%2eme&lc=US&item_name=Force%20Login%20for%20WordPress¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted
|
4 |
Tags: privacy, private, protected, registered only, restricted, access, closed, force user login, hidden, login, password
|
5 |
Requires at least: 2.7
|
6 |
-
Tested up to: 5.
|
7 |
-
Stable tag: 5.
|
8 |
License: GPLv2 or later
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
@@ -51,9 +51,10 @@ The URL must be absolute (as in, <http://example.com/mypage/>). Recommended: [ho
|
|
51 |
/**
|
52 |
* Set the URL to redirect to on login.
|
53 |
*
|
54 |
-
* @
|
|
|
55 |
*/
|
56 |
-
function my_forcelogin_redirect() {
|
57 |
return home_url( '/mypage/' );
|
58 |
}
|
59 |
add_filter( 'v_forcelogin_redirect', 'my_forcelogin_redirect' );
|
@@ -144,8 +145,12 @@ add_action( 'login_enqueue_scripts', 'my_forcelogin_hide_backtoblog' );
|
|
144 |
|
145 |
== Changelog ==
|
146 |
|
|
|
|
|
|
|
|
|
147 |
= 5.3 =
|
148 |
-
* Feature - Added nocache_headers() to prevent caching for the different browsers - props [Chris Harmoney](https://github.com/
|
149 |
* Tweak - Removed $url parameter from whitelist filter.
|
150 |
|
151 |
= 5.2 =
|
@@ -157,13 +162,13 @@ add_action( 'login_enqueue_scripts', 'my_forcelogin_hide_backtoblog' );
|
|
157 |
* Fix - Improved the REST API restriction to allow alternative modes of authentication.
|
158 |
|
159 |
= 5.1 =
|
160 |
-
* Tweak - Restrict access to the REST API for authorized users only - props [Andrew Duthie](https://github.com/
|
161 |
* Tweak - Added load_plugin_textdomain() to properly prepare for localization at translate.wordpress.org.
|
162 |
|
163 |
= 5.0 =
|
164 |
* Feature - Added filter to bypass Force Login redirect for whitelisting pages without specifying a URL.
|
165 |
* Tweak - Changed the hook for Force Login to run at a later stage in the WordPress tree.
|
166 |
-
* Fix - Replaced deprecated function - props [Just-Johnny](https://github.com/
|
167 |
|
168 |
= 4.2 =
|
169 |
* Tweak - Made plugin translation ready.
|
@@ -176,26 +181,26 @@ add_action( 'login_enqueue_scripts', 'my_forcelogin_hide_backtoblog' );
|
|
176 |
* Fix - Only allow Multisite users access to their assigned sites.
|
177 |
|
178 |
= 3.3 =
|
179 |
-
* Fix - Check for existence of explicit port number before appending port - props [Björn Ali Göransson](https://github.com/
|
180 |
|
181 |
= 3.2 =
|
182 |
* Tweak - Removed v_getUrl() function to reduce possible duplicates of global functions - props [Joachim Happel](https://github.com/johappel).
|
183 |
|
184 |
= 3.1 =
|
185 |
-
* Fix - Rewrote v_getUrl() function to use HTTP_HOST instead of SERVER_NAME - props [Arlen22](https://github.com/
|
186 |
|
187 |
= 3.0 =
|
188 |
* Feature - Added filter to set a specific URL to redirect to on login.
|
189 |
* Feature - Added filter to allow whitelisting of additional URLs.
|
190 |
|
191 |
= 2.1 =
|
192 |
-
* Fix - Rewrote v_getUrl function to include the server port - props [Nicolas](
|
193 |
|
194 |
= 2.0 =
|
195 |
* Feature - Added redirect to send visitors back to the URL they tried to visit after logging in.
|
196 |
|
197 |
= 1.3 =
|
198 |
-
* Fix - Fixed password reset URL from being blocked - props [estebillan](
|
199 |
|
200 |
= 1.2 =
|
201 |
* Tweak - Streamlined code
|
3 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=forcelogin%40vess%2eme&lc=US&item_name=Force%20Login%20for%20WordPress¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted
|
4 |
Tags: privacy, private, protected, registered only, restricted, access, closed, force user login, hidden, login, password
|
5 |
Requires at least: 2.7
|
6 |
+
Tested up to: 5.4
|
7 |
+
Stable tag: 5.4
|
8 |
License: GPLv2 or later
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
51 |
/**
|
52 |
* Set the URL to redirect to on login.
|
53 |
*
|
54 |
+
* @param string $url The visited URL.
|
55 |
+
* @return string The URL to redirect to on login. Must be absolute.
|
56 |
*/
|
57 |
+
function my_forcelogin_redirect( $url ) {
|
58 |
return home_url( '/mypage/' );
|
59 |
}
|
60 |
add_filter( 'v_forcelogin_redirect', 'my_forcelogin_redirect' );
|
145 |
|
146 |
== Changelog ==
|
147 |
|
148 |
+
= 5.4 =
|
149 |
+
* Tweak - Improved the visited $url variable.
|
150 |
+
* Tweak - Changed code to comply with WordPress standards - props [Alex Bordei](https://github.com/kevinvess/wp-force-login/pull/43).
|
151 |
+
|
152 |
= 5.3 =
|
153 |
+
* Feature - Added nocache_headers() to prevent caching for the different browsers - props [Chris Harmoney](https://github.com/kevinvess/wp-force-login/pull/42).
|
154 |
* Tweak - Removed $url parameter from whitelist filter.
|
155 |
|
156 |
= 5.2 =
|
162 |
* Fix - Improved the REST API restriction to allow alternative modes of authentication.
|
163 |
|
164 |
= 5.1 =
|
165 |
+
* Tweak - Restrict access to the REST API for authorized users only - props [Andrew Duthie](https://github.com/kevinvess/wp-force-login/pull/34).
|
166 |
* Tweak - Added load_plugin_textdomain() to properly prepare for localization at translate.wordpress.org.
|
167 |
|
168 |
= 5.0 =
|
169 |
* Feature - Added filter to bypass Force Login redirect for whitelisting pages without specifying a URL.
|
170 |
* Tweak - Changed the hook for Force Login to run at a later stage in the WordPress tree.
|
171 |
+
* Fix - Replaced deprecated function - props [Just-Johnny](https://github.com/kevinvess/wp-force-login/issues/26).
|
172 |
|
173 |
= 4.2 =
|
174 |
* Tweak - Made plugin translation ready.
|
181 |
* Fix - Only allow Multisite users access to their assigned sites.
|
182 |
|
183 |
= 3.3 =
|
184 |
+
* Fix - Check for existence of explicit port number before appending port - props [Björn Ali Göransson](https://github.com/kevinvess/wp-force-login/pull/10).
|
185 |
|
186 |
= 3.2 =
|
187 |
* Tweak - Removed v_getUrl() function to reduce possible duplicates of global functions - props [Joachim Happel](https://github.com/johappel).
|
188 |
|
189 |
= 3.1 =
|
190 |
+
* Fix - Rewrote v_getUrl() function to use HTTP_HOST instead of SERVER_NAME - props [Arlen22](https://github.com/kevinvess/wp-force-login/issues/7).
|
191 |
|
192 |
= 3.0 =
|
193 |
* Feature - Added filter to set a specific URL to redirect to on login.
|
194 |
* Feature - Added filter to allow whitelisting of additional URLs.
|
195 |
|
196 |
= 2.1 =
|
197 |
+
* Fix - Rewrote v_getUrl function to include the server port - props [Nicolas](https://wordpress.org/support/topic/infinite-loop-when-server-port-is-not-standard/).
|
198 |
|
199 |
= 2.0 =
|
200 |
* Feature - Added redirect to send visitors back to the URL they tried to visit after logging in.
|
201 |
|
202 |
= 1.3 =
|
203 |
+
* Fix - Fixed password reset URL from being blocked - props [estebillan](https://wordpress.org/support/topic/password-reset-url-is-blocked/).
|
204 |
|
205 |
= 1.2 =
|
206 |
* Tweak - Streamlined code
|
wp-force-login.php
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
Plugin Name: Force Login
|
4 |
Plugin URI: https://wordpress.org/plugins/wp-force-login/
|
5 |
Description: Easily hide your WordPress site from public viewing by requiring visitors to log in first. Activate to turn on.
|
6 |
-
Version: 5.
|
7 |
Author: Kevin Vess
|
8 |
Author URI: http://vess.me/
|
9 |
|
@@ -24,13 +24,8 @@ function v_forcelogin() {
|
|
24 |
// Redirect unauthorized visitors
|
25 |
if ( ! is_user_logged_in() ) {
|
26 |
// Get visited URL
|
27 |
-
$
|
28 |
-
$url
|
29 |
-
// port is prepopulated here sometimes
|
30 |
-
if ( strpos( $_SERVER['HTTP_HOST'], ':' ) === FALSE ) {
|
31 |
-
$url .= in_array( $_SERVER['SERVER_PORT'], array('80', '443') ) ? '' : ':' . $_SERVER['SERVER_PORT'];
|
32 |
-
}
|
33 |
-
$url .= $_SERVER['REQUEST_URI'];
|
34 |
|
35 |
/**
|
36 |
* Bypass filters.
|
@@ -39,7 +34,7 @@ function v_forcelogin() {
|
|
39 |
* @since 4.0.0 The `$bypass` filter was added.
|
40 |
* @since 5.2.0 The `$url` parameter was added.
|
41 |
*/
|
42 |
-
$bypass
|
43 |
$whitelist = apply_filters( 'v_forcelogin_whitelist', array() );
|
44 |
|
45 |
if ( preg_replace( '/\?.*/', '', $url ) !== preg_replace( '/\?.*/', '', wp_login_url() ) && ! $bypass && ! in_array( $url, $whitelist ) ) {
|
@@ -48,13 +43,13 @@ function v_forcelogin() {
|
|
48 |
// Set the headers to prevent caching
|
49 |
nocache_headers();
|
50 |
// Redirect
|
51 |
-
wp_safe_redirect( wp_login_url( $redirect_url ), 302 );
|
|
|
52 |
}
|
53 |
-
}
|
54 |
-
elseif ( function_exists('is_multisite') && is_multisite() ) {
|
55 |
// Only allow Multisite users access to their assigned sites
|
56 |
-
if ( ! is_user_member_of_blog() && ! current_user_can('setup_network') ) {
|
57 |
-
wp_die( __( "You're not authorized to access this site.", 'wp-force-login' ), get_option('blogname') . ' › ' . __(
|
58 |
}
|
59 |
}
|
60 |
}
|
@@ -66,10 +61,12 @@ add_action( 'template_redirect', 'v_forcelogin' );
|
|
66 |
* @since 5.1.0
|
67 |
* @param WP_Error|null|bool $result WP_Error if authentication error, null if authentication
|
68 |
* method wasn't used, true if authentication succeeded.
|
|
|
|
|
69 |
*/
|
70 |
function v_forcelogin_rest_access( $result ) {
|
71 |
if ( null === $result && ! is_user_logged_in() ) {
|
72 |
-
return new WP_Error( 'rest_unauthorized', __(
|
73 |
}
|
74 |
return $result;
|
75 |
}
|
3 |
Plugin Name: Force Login
|
4 |
Plugin URI: https://wordpress.org/plugins/wp-force-login/
|
5 |
Description: Easily hide your WordPress site from public viewing by requiring visitors to log in first. Activate to turn on.
|
6 |
+
Version: 5.4
|
7 |
Author: Kevin Vess
|
8 |
Author URI: http://vess.me/
|
9 |
|
24 |
// Redirect unauthorized visitors
|
25 |
if ( ! is_user_logged_in() ) {
|
26 |
// Get visited URL
|
27 |
+
$schema = isset( $_SERVER['HTTPS'] ) && 'on' === $_SERVER['HTTPS'] ? 'https://' : 'http://';
|
28 |
+
$url = $schema . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
|
|
|
|
|
|
|
|
|
|
|
29 |
|
30 |
/**
|
31 |
* Bypass filters.
|
34 |
* @since 4.0.0 The `$bypass` filter was added.
|
35 |
* @since 5.2.0 The `$url` parameter was added.
|
36 |
*/
|
37 |
+
$bypass = apply_filters( 'v_forcelogin_bypass', false, $url );
|
38 |
$whitelist = apply_filters( 'v_forcelogin_whitelist', array() );
|
39 |
|
40 |
if ( preg_replace( '/\?.*/', '', $url ) !== preg_replace( '/\?.*/', '', wp_login_url() ) && ! $bypass && ! in_array( $url, $whitelist ) ) {
|
43 |
// Set the headers to prevent caching
|
44 |
nocache_headers();
|
45 |
// Redirect
|
46 |
+
wp_safe_redirect( wp_login_url( $redirect_url ), 302 );
|
47 |
+
exit;
|
48 |
}
|
49 |
+
} elseif ( function_exists( 'is_multisite' ) && is_multisite() ) {
|
|
|
50 |
// Only allow Multisite users access to their assigned sites
|
51 |
+
if ( ! is_user_member_of_blog() && ! current_user_can( 'setup_network' ) ) {
|
52 |
+
wp_die( __( "You're not authorized to access this site.", 'wp-force-login' ), get_option( 'blogname' ) . ' › ' . __( 'Error', 'wp-force-login' ) );
|
53 |
}
|
54 |
}
|
55 |
}
|
61 |
* @since 5.1.0
|
62 |
* @param WP_Error|null|bool $result WP_Error if authentication error, null if authentication
|
63 |
* method wasn't used, true if authentication succeeded.
|
64 |
+
*
|
65 |
+
* @return WP_Error|null|bool
|
66 |
*/
|
67 |
function v_forcelogin_rest_access( $result ) {
|
68 |
if ( null === $result && ! is_user_logged_in() ) {
|
69 |
+
return new WP_Error( 'rest_unauthorized', __( 'Only authenticated users can access the REST API.', 'wp-force-login' ), array( 'status' => rest_authorization_required_code() ) );
|
70 |
}
|
71 |
return $result;
|
72 |
}
|