Version Description
- Feature - Added filter for Multisite unauthorized error message.
- Tweak - Allow logged-in Multisite users to access bypassed pages of other sites.
Download this release
Release Info
Developer | kevinvess |
Plugin | Force Login |
Version | 5.6 |
Comparing to | |
See all releases |
Code changes from version 5.5 to 5.6
- readme.txt +8 -13
- wp-force-login.php +47 -39
readme.txt
CHANGED
@@ -3,8 +3,8 @@ Contributors: kevinvess
|
|
3 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=forcelogin%40vess%2eme&lc=US&item_name=Force%20Login%20for%20WordPress¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted
|
4 |
Tags: privacy, private, protected, registered only, restricted, access, closed, force user login, hidden, login, password
|
5 |
Requires at least: 4.6
|
6 |
-
Tested up to: 5.
|
7 |
-
Stable tag: 5.
|
8 |
License: GPLv2 or later
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
@@ -79,18 +79,9 @@ function my_forcelogin_bypass( $bypass, $visited_url ) {
|
|
79 |
add_filter( 'v_forcelogin_bypass', 'my_forcelogin_bypass', 10, 2 );
|
80 |
`
|
81 |
|
82 |
-
|
83 |
|
84 |
-
|
85 |
-
|
86 |
-
For example:
|
87 |
-
`
|
88 |
-
//example.com/mypage/?parameter=value
|
89 |
-
`
|
90 |
-
|
91 |
-
Checkout the [Force Login Wiki on GitHub](https://github.com/kevinvess/wp-force-login/wiki/Bypass-Dynamic-URLs) for examples of the different methods for allowing dynamic URLs.
|
92 |
-
|
93 |
-
= 4. How do I hide the "← Back to {sitename}" link? =
|
94 |
|
95 |
The WordPress login screen includes a "← Back to {sitename}" link below the login form; which may not actually take you back to the site while Force Login is activated. You can hide this link by adding the following action to your functions.php file.
|
96 |
|
@@ -107,6 +98,10 @@ add_action( 'login_enqueue_scripts', 'my_forcelogin_hide_backtoblog' );
|
|
107 |
|
108 |
== Changelog ==
|
109 |
|
|
|
|
|
|
|
|
|
110 |
= 5.5 =
|
111 |
* Tweak - Deprecated whitelist filter, use v_forcelogin_bypass instead.
|
112 |
|
3 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=forcelogin%40vess%2eme&lc=US&item_name=Force%20Login%20for%20WordPress¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted
|
4 |
Tags: privacy, private, protected, registered only, restricted, access, closed, force user login, hidden, login, password
|
5 |
Requires at least: 4.6
|
6 |
+
Tested up to: 5.7
|
7 |
+
Stable tag: 5.6
|
8 |
License: GPLv2 or later
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
79 |
add_filter( 'v_forcelogin_bypass', 'my_forcelogin_bypass', 10, 2 );
|
80 |
`
|
81 |
|
82 |
+
Checkout the [Force Login Wiki on GitHub](https://github.com/kevinvess/wp-force-login/wiki/Bypass-Dynamic-URLs) for additional examples of some different methods for allowing dynamic URLs.
|
83 |
|
84 |
+
= 3. How do I hide the "← Back to {sitename}" link? =
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
85 |
|
86 |
The WordPress login screen includes a "← Back to {sitename}" link below the login form; which may not actually take you back to the site while Force Login is activated. You can hide this link by adding the following action to your functions.php file.
|
87 |
|
98 |
|
99 |
== Changelog ==
|
100 |
|
101 |
+
= 5.6 =
|
102 |
+
* Feature - Added filter for Multisite unauthorized error message.
|
103 |
+
* Tweak - Allow logged-in Multisite users to access bypassed pages of other sites.
|
104 |
+
|
105 |
= 5.5 =
|
106 |
* Tweak - Deprecated whitelist filter, use v_forcelogin_bypass instead.
|
107 |
|
wp-force-login.php
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
Plugin Name: Force Login
|
4 |
Plugin URI: https://wordpress.org/plugins/wp-force-login/
|
5 |
Description: Easily hide your WordPress site from public viewing by requiring visitors to log in first. Activate to turn on.
|
6 |
-
Version: 5.
|
7 |
Author: Kevin Vess
|
8 |
Author URI: http://vess.me/
|
9 |
|
@@ -21,48 +21,56 @@ function v_forcelogin() {
|
|
21 |
return;
|
22 |
}
|
23 |
|
24 |
-
//
|
25 |
-
if ( !
|
26 |
-
|
27 |
-
|
28 |
-
$url = $schema . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
|
29 |
|
30 |
-
|
31 |
-
|
32 |
-
|
33 |
-
* @since 3.0.0
|
34 |
-
* @deprecated 5.5.0 Use {@see 'v_forcelogin_bypass'} instead.
|
35 |
-
*
|
36 |
-
* @param array An array of absolute URLs.
|
37 |
-
*/
|
38 |
-
$allowed = apply_filters_deprecated( 'v_forcelogin_whitelist', array( array() ), '5.5.0', 'v_forcelogin_bypass' );
|
39 |
|
40 |
-
|
41 |
-
|
42 |
-
|
43 |
-
|
44 |
-
|
45 |
-
|
46 |
-
|
47 |
-
|
48 |
-
|
49 |
-
$bypass = apply_filters( 'v_forcelogin_bypass', in_array( $url, $allowed ), $url );
|
50 |
|
51 |
-
|
52 |
-
|
53 |
-
|
54 |
-
|
55 |
-
|
56 |
-
|
57 |
-
|
58 |
-
|
59 |
-
|
60 |
-
|
61 |
-
|
62 |
-
|
63 |
-
|
64 |
-
|
65 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
66 |
}
|
67 |
add_action( 'template_redirect', 'v_forcelogin' );
|
68 |
|
3 |
Plugin Name: Force Login
|
4 |
Plugin URI: https://wordpress.org/plugins/wp-force-login/
|
5 |
Description: Easily hide your WordPress site from public viewing by requiring visitors to log in first. Activate to turn on.
|
6 |
+
Version: 5.6
|
7 |
Author: Kevin Vess
|
8 |
Author URI: http://vess.me/
|
9 |
|
21 |
return;
|
22 |
}
|
23 |
|
24 |
+
// Bail if the current visitor is a logged in user, unless Multisite is enabled
|
25 |
+
if ( is_user_logged_in() && ! is_multisite() ) {
|
26 |
+
return;
|
27 |
+
}
|
|
|
28 |
|
29 |
+
// Get visited URL
|
30 |
+
$schema = isset( $_SERVER['HTTPS'] ) && 'on' === $_SERVER['HTTPS'] ? 'https://' : 'http://';
|
31 |
+
$url = $schema . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
|
|
|
|
|
|
|
|
|
|
|
|
|
32 |
|
33 |
+
/**
|
34 |
+
* Whitelist filter.
|
35 |
+
*
|
36 |
+
* @since 3.0.0
|
37 |
+
* @deprecated 5.5.0 Use {@see 'v_forcelogin_bypass'} instead.
|
38 |
+
*
|
39 |
+
* @param array An array of absolute URLs.
|
40 |
+
*/
|
41 |
+
$allowed = apply_filters_deprecated( 'v_forcelogin_whitelist', array( array() ), '5.5.0', 'v_forcelogin_bypass' );
|
|
|
42 |
|
43 |
+
/**
|
44 |
+
* Bypass filter.
|
45 |
+
*
|
46 |
+
* @since 5.0.0
|
47 |
+
* @since 5.2.0 Added the `$url` parameter.
|
48 |
+
*
|
49 |
+
* @param bool Whether to disable Force Login. Default false.
|
50 |
+
* @param string $url The visited URL.
|
51 |
+
*/
|
52 |
+
$bypass = apply_filters( 'v_forcelogin_bypass', in_array( $url, $allowed ), $url );
|
53 |
+
|
54 |
+
// Bail if bypass is enabled
|
55 |
+
if ( $bypass ) {
|
56 |
+
return;
|
57 |
}
|
58 |
+
|
59 |
+
// Only allow Multisite users access to their assigned sites
|
60 |
+
if ( is_multisite() && ! is_user_member_of_blog() && ! current_user_can( 'setup_network' ) ) {
|
61 |
+
$message = apply_filters( 'v_forcelogin_multisite_message', __( "You're not authorized to access this site.", 'wp-force-login' ), $url );
|
62 |
+
wp_die( $message, get_option( 'blogname' ) . ' › ' . __( 'Error', 'wp-force-login' ) );
|
63 |
+
}
|
64 |
+
|
65 |
+
// Determine redirect URL
|
66 |
+
$redirect_url = apply_filters( 'v_forcelogin_redirect', $url );
|
67 |
+
|
68 |
+
// Set the headers to prevent caching
|
69 |
+
nocache_headers();
|
70 |
+
|
71 |
+
// Redirect unauthorized visitors
|
72 |
+
wp_safe_redirect( wp_login_url( $redirect_url ), 302 );
|
73 |
+
exit;
|
74 |
}
|
75 |
add_action( 'template_redirect', 'v_forcelogin' );
|
76 |
|