Force Login - Version 5.4

Version Description

Tweak - Improved the visited $url variable.
Tweak - Changed code to comply with WordPress standards - props Alex Bordei.

Release Info

Developer	kevinvess
Plugin	Force Login
Version	5.4
Comparing to
See all releases

Code changes from version 5.3 to 5.4

Files changed (2) hide show

readme.txt +16 -11
wp-force-login.php +12 -15

readme.txt CHANGED Viewed

	@@ -3,8 +3,8 @@ Contributors: kevinvess
3	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=forcelogin%40vess%2eme&lc=US&item_name=Force%20Login%20for%20WordPress&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted
4	Tags: privacy, private, protected, registered only, restricted, access, closed, force user login, hidden, login, password
5	Requires at least: 2.7
6	- Tested up to: 5.0
7	- Stable tag: 5.3
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
	@@ -51,9 +51,10 @@ The URL must be absolute (as in, <http://example.com/mypage/>). Recommended: [ho
51	/**
52	* Set the URL to redirect to on login.
53	*
54	- * @~~return~~ string ~~URL~~ to ~~redirect~~ ~~to on login~~. ~~Must be absolute.~~

55	*/
56	- function my_forcelogin_redirect() {
57	return home_url( '/mypage/' );
58	}
59	add_filter( 'v_forcelogin_redirect', 'my_forcelogin_redirect' );
	@@ -144,8 +145,12 @@ add_action( 'login_enqueue_scripts', 'my_forcelogin_hide_backtoblog' );
144
145	== Changelog ==
146




147	= 5.3 =
148	- * Feature - Added nocache_headers() to prevent caching for the different browsers - props [Chris Harmoney](https://github.com/~~charmoney~~).
149	* Tweak - Removed $url parameter from whitelist filter.
150
151	= 5.2 =
	@@ -157,13 +162,13 @@ add_action( 'login_enqueue_scripts', 'my_forcelogin_hide_backtoblog' );
157	* Fix - Improved the REST API restriction to allow alternative modes of authentication.
158
159	= 5.1 =
160	- * Tweak - Restrict access to the REST API for authorized users only - props [Andrew Duthie](https://github.com/~~aduth~~).
161	* Tweak - Added load_plugin_textdomain() to properly prepare for localization at translate.wordpress.org.
162
163	= 5.0 =
164	* Feature - Added filter to bypass Force Login redirect for whitelisting pages without specifying a URL.
165	* Tweak - Changed the hook for Force Login to run at a later stage in the WordPress tree.
166	- * Fix - Replaced deprecated function - props [Just-Johnny](https://github.com/~~Just~~-~~Johnny~~).
167
168	= 4.2 =
169	* Tweak - Made plugin translation ready.
	@@ -176,26 +181,26 @@ add_action( 'login_enqueue_scripts', 'my_forcelogin_hide_backtoblog' );
176	* Fix - Only allow Multisite users access to their assigned sites.
177
178	= 3.3 =
179	- * Fix - Check for existence of explicit port number before appending port - props [Björn Ali Göransson](https://github.com/~~bjorn~~-~~ali~~-~~goransson~~).
180
181	= 3.2 =
182	* Tweak - Removed v_getUrl() function to reduce possible duplicates of global functions - props [Joachim Happel](https://github.com/johappel).
183
184	= 3.1 =
185	- * Fix - Rewrote v_getUrl() function to use HTTP_HOST instead of SERVER_NAME - props [Arlen22](https://github.com/~~Arlen22~~).
186
187	= 3.0 =
188	* Feature - Added filter to set a specific URL to redirect to on login.
189	* Feature - Added filter to allow whitelisting of additional URLs.
190
191	= 2.1 =
192	- * Fix - Rewrote v_getUrl function to include the server port - props [Nicolas](~~http~~://~~profiles.~~wordpress.org/~~nottavi~~).
193
194	= 2.0 =
195	* Feature - Added redirect to send visitors back to the URL they tried to visit after logging in.
196
197	= 1.3 =
198	- * Fix - Fixed password reset URL from being blocked - props [estebillan](~~http~~://~~profiles.~~wordpress.org/~~estebillan~~).
199
200	= 1.2 =
201	* Tweak - Streamlined code


3	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=forcelogin%40vess%2eme&lc=US&item_name=Force%20Login%20for%20WordPress&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted
4	Tags: privacy, private, protected, registered only, restricted, access, closed, force user login, hidden, login, password
5	Requires at least: 2.7
6	+ Tested up to: 5.4
7	+ Stable tag: 5.4
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10

51	/**
52	* Set the URL to redirect to on login.
53	*
54	+ * @param string $url The visited URL.
55	+ * @return string The URL to redirect to on login. Must be absolute.
56	*/
57	+ function my_forcelogin_redirect( $url ) {
58	return home_url( '/mypage/' );
59	}
60	add_filter( 'v_forcelogin_redirect', 'my_forcelogin_redirect' );

145
146	== Changelog ==
147
148	+ = 5.4 =
149	+ * Tweak - Improved the visited $url variable.
150	+ * Tweak - Changed code to comply with WordPress standards - props [Alex Bordei](https://github.com/kevinvess/wp-force-login/pull/43).
151	+
152	= 5.3 =
153	+ * Feature - Added nocache_headers() to prevent caching for the different browsers - props [Chris Harmoney](https://github.com/kevinvess/wp-force-login/pull/42).
154	* Tweak - Removed $url parameter from whitelist filter.
155
156	= 5.2 =

162	* Fix - Improved the REST API restriction to allow alternative modes of authentication.
163
164	= 5.1 =
165	+ * Tweak - Restrict access to the REST API for authorized users only - props [Andrew Duthie](https://github.com/kevinvess/wp-force-login/pull/34).
166	* Tweak - Added load_plugin_textdomain() to properly prepare for localization at translate.wordpress.org.
167
168	= 5.0 =
169	* Feature - Added filter to bypass Force Login redirect for whitelisting pages without specifying a URL.
170	* Tweak - Changed the hook for Force Login to run at a later stage in the WordPress tree.
171	+ * Fix - Replaced deprecated function - props [Just-Johnny](https://github.com/kevinvess/wp-force-login/issues/26).
172
173	= 4.2 =
174	* Tweak - Made plugin translation ready.

181	* Fix - Only allow Multisite users access to their assigned sites.
182
183	= 3.3 =
184	+ * Fix - Check for existence of explicit port number before appending port - props [Björn Ali Göransson](https://github.com/kevinvess/wp-force-login/pull/10).
185
186	= 3.2 =
187	* Tweak - Removed v_getUrl() function to reduce possible duplicates of global functions - props [Joachim Happel](https://github.com/johappel).
188
189	= 3.1 =
190	+ * Fix - Rewrote v_getUrl() function to use HTTP_HOST instead of SERVER_NAME - props [Arlen22](https://github.com/kevinvess/wp-force-login/issues/7).
191
192	= 3.0 =
193	* Feature - Added filter to set a specific URL to redirect to on login.
194	* Feature - Added filter to allow whitelisting of additional URLs.
195
196	= 2.1 =
197	+ * Fix - Rewrote v_getUrl function to include the server port - props [Nicolas](https://wordpress.org/support/topic/infinite-loop-when-server-port-is-not-standard/).
198
199	= 2.0 =
200	* Feature - Added redirect to send visitors back to the URL they tried to visit after logging in.
201
202	= 1.3 =
203	+ * Fix - Fixed password reset URL from being blocked - props [estebillan](https://wordpress.org/support/topic/password-reset-url-is-blocked/).
204
205	= 1.2 =
206	* Tweak - Streamlined code

wp-force-login.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	Plugin Name: Force Login
4	Plugin URI: https://wordpress.org/plugins/wp-force-login/
5	Description: Easily hide your WordPress site from public viewing by requiring visitors to log in first. Activate to turn on.
6	- Version: 5.3
7	Author: Kevin Vess
8	Author URI: http://vess.me/
9
	@@ -24,13 +24,8 @@ function v_forcelogin() {
24	// Redirect unauthorized visitors
25	if ( ! is_user_logged_in() ) {
26	// Get visited URL
27	- $~~url~~ = isset( $_SERVER['HTTPS'] ) && 'on' === $_SERVER['HTTPS'] ? 'https' : 'http';
28	- $url .= '~~://~~' . $_SERVER['~~HTTP_HOST~~'];
29	- // port is prepopulated here sometimes
30	- if ( strpos( $_SERVER['HTTP_HOST'], ':' ) === FALSE ) {
31	- $url .= in_array( $_SERVER['SERVER_PORT'], array('80', '443') ) ? '' : ':' . $_SERVER['SERVER_PORT'];
32	- }
33	- $url .= $_SERVER['REQUEST_URI'];
34
35	/**
36	* Bypass filters.
	@@ -39,7 +34,7 @@ function v_forcelogin() {
39	* @since 4.0.0 The `$bypass` filter was added.
40	* @since 5.2.0 The `$url` parameter was added.
41	*/
42	- $bypass = apply_filters( 'v_forcelogin_bypass', false, $url );
43	$whitelist = apply_filters( 'v_forcelogin_whitelist', array() );
44
45	if ( preg_replace( '/\?./', '', $url ) !== preg_replace( '/\?./', '', wp_login_url() ) && ! $bypass && ! in_array( $url, $whitelist ) ) {
	@@ -48,13 +43,13 @@ function v_forcelogin() {
48	// Set the headers to prevent caching
49	nocache_headers();
50	// Redirect
51	- wp_safe_redirect( wp_login_url( $redirect_url ), 302 ); ~~exit;~~

52	}
53	- }
54	- elseif ( function_exists('is_multisite') && is_multisite() ) {
55	// Only allow Multisite users access to their assigned sites
56	- if ( ! is_user_member_of_blog() && ! current_user_can('setup_network') ) {
57	- wp_die( __( "You're not authorized to access this site.", 'wp-force-login' ), get_option('blogname') . ' &rsaquo; ' . __( "Error", 'wp-force-login' ) );
58	}
59	}
60	}
	@@ -66,10 +61,12 @@ add_action( 'template_redirect', 'v_forcelogin' );
66	* @since 5.1.0
67	* @param WP_Error\|null\|bool $result WP_Error if authentication error, null if authentication
68	* method wasn't used, true if authentication succeeded.


69	*/
70	function v_forcelogin_rest_access( $result ) {
71	if ( null === $result && ! is_user_logged_in() ) {
72	- return new WP_Error( 'rest_unauthorized', __( "Only authenticated users can access the REST API.", 'wp-force-login' ), array( 'status' => rest_authorization_required_code() ) );
73	}
74	return $result;
75	}


3	Plugin Name: Force Login
4	Plugin URI: https://wordpress.org/plugins/wp-force-login/
5	Description: Easily hide your WordPress site from public viewing by requiring visitors to log in first. Activate to turn on.
6	+ Version: 5.4
7	Author: Kevin Vess
8	Author URI: http://vess.me/
9

24	// Redirect unauthorized visitors
25	if ( ! is_user_logged_in() ) {
26	// Get visited URL
27	+ $schema = isset( $_SERVER['HTTPS'] ) && 'on' === $_SERVER['HTTPS'] ? 'https://' : 'http://';
28	+ $url = $schema . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];





29
30	/**
31	* Bypass filters.

34	* @since 4.0.0 The `$bypass` filter was added.
35	* @since 5.2.0 The `$url` parameter was added.
36	*/
37	+ $bypass = apply_filters( 'v_forcelogin_bypass', false, $url );
38	$whitelist = apply_filters( 'v_forcelogin_whitelist', array() );
39
40	if ( preg_replace( '/\?./', '', $url ) !== preg_replace( '/\?./', '', wp_login_url() ) && ! $bypass && ! in_array( $url, $whitelist ) ) {

43	// Set the headers to prevent caching
44	nocache_headers();
45	// Redirect
46	+ wp_safe_redirect( wp_login_url( $redirect_url ), 302 );
47	+ exit;
48	}
49	+ } elseif ( function_exists( 'is_multisite' ) && is_multisite() ) {

50	// Only allow Multisite users access to their assigned sites
51	+ if ( ! is_user_member_of_blog() && ! current_user_can( 'setup_network' ) ) {
52	+ wp_die( __( "You're not authorized to access this site.", 'wp-force-login' ), get_option( 'blogname' ) . ' &rsaquo; ' . __( 'Error', 'wp-force-login' ) );
53	}
54	}
55	}

61	* @since 5.1.0
62	* @param WP_Error\|null\|bool $result WP_Error if authentication error, null if authentication
63	* method wasn't used, true if authentication succeeded.
64	+ *
65	+ * @return WP_Error\|null\|bool
66	*/
67	function v_forcelogin_rest_access( $result ) {
68	if ( null === $result && ! is_user_logged_in() ) {
69	+ return new WP_Error( 'rest_unauthorized', __( 'Only authenticated users can access the REST API.', 'wp-force-login' ), array( 'status' => rest_authorization_required_code() ) );
70	}
71	return $result;
72	}