Force Login - Version 5.6

Version Description

  • Feature - Added filter for Multisite unauthorized error message.
  • Tweak - Allow logged-in Multisite users to access bypassed pages of other sites.
Download this release

Release Info

Developer kevinvess
Plugin Icon 128x128 Force Login
Version 5.6
Comparing to
See all releases

Code changes from version 5.5 to 5.6

Files changed (2) hide show
  1. readme.txt +8 -13
  2. wp-force-login.php +47 -39
readme.txt CHANGED
@@ -3,8 +3,8 @@ Contributors: kevinvess
3
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=forcelogin%40vess%2eme&lc=US&item_name=Force%20Login%20for%20WordPress&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted
4
  Tags: privacy, private, protected, registered only, restricted, access, closed, force user login, hidden, login, password
5
  Requires at least: 4.6
6
- Tested up to: 5.5
7
- Stable tag: 5.5
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -79,18 +79,9 @@ function my_forcelogin_bypass( $bypass, $visited_url ) {
79
  add_filter( 'v_forcelogin_bypass', 'my_forcelogin_bypass', 10, 2 );
80
  `
81
 
82
- = 3. How can I add exceptions for dynamic URLs? =
83
 
84
- Some URLs have unique query strings appended to the end of it, which is composed of a series of parameter-value pairs.
85
-
86
- For example:
87
- `
88
- //example.com/mypage/?parameter=value
89
- `
90
-
91
- Checkout the [Force Login Wiki on GitHub](https://github.com/kevinvess/wp-force-login/wiki/Bypass-Dynamic-URLs) for examples of the different methods for allowing dynamic URLs.
92
-
93
- = 4. How do I hide the "← Back to {sitename}" link? =
94
 
95
  The WordPress login screen includes a "← Back to {sitename}" link below the login form; which may not actually take you back to the site while Force Login is activated. You can hide this link by adding the following action to your functions.php file.
96
 
@@ -107,6 +98,10 @@ add_action( 'login_enqueue_scripts', 'my_forcelogin_hide_backtoblog' );
107
 
108
  == Changelog ==
109
 
 
 
 
 
110
  = 5.5 =
111
  * Tweak - Deprecated whitelist filter, use v_forcelogin_bypass instead.
112
 
3
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=forcelogin%40vess%2eme&lc=US&item_name=Force%20Login%20for%20WordPress&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted
4
  Tags: privacy, private, protected, registered only, restricted, access, closed, force user login, hidden, login, password
5
  Requires at least: 4.6
6
+ Tested up to: 5.7
7
+ Stable tag: 5.6
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
79
  add_filter( 'v_forcelogin_bypass', 'my_forcelogin_bypass', 10, 2 );
80
  `
81
 
82
+ Checkout the [Force Login Wiki on GitHub](https://github.com/kevinvess/wp-force-login/wiki/Bypass-Dynamic-URLs) for additional examples of some different methods for allowing dynamic URLs.
83
 
84
+ = 3. How do I hide the "← Back to {sitename}" link? =
 
 
 
 
 
 
 
 
 
85
 
86
  The WordPress login screen includes a "← Back to {sitename}" link below the login form; which may not actually take you back to the site while Force Login is activated. You can hide this link by adding the following action to your functions.php file.
87
 
98
 
99
  == Changelog ==
100
 
101
+ = 5.6 =
102
+ * Feature - Added filter for Multisite unauthorized error message.
103
+ * Tweak - Allow logged-in Multisite users to access bypassed pages of other sites.
104
+
105
  = 5.5 =
106
  * Tweak - Deprecated whitelist filter, use v_forcelogin_bypass instead.
107
 
wp-force-login.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: Force Login
4
  Plugin URI: https://wordpress.org/plugins/wp-force-login/
5
  Description: Easily hide your WordPress site from public viewing by requiring visitors to log in first. Activate to turn on.
6
- Version: 5.5
7
  Author: Kevin Vess
8
  Author URI: http://vess.me/
9
 
@@ -21,48 +21,56 @@ function v_forcelogin() {
21
  return;
22
  }
23
 
24
- // Redirect unauthorized visitors
25
- if ( ! is_user_logged_in() ) {
26
- // Get visited URL
27
- $schema = isset( $_SERVER['HTTPS'] ) && 'on' === $_SERVER['HTTPS'] ? 'https://' : 'http://';
28
- $url = $schema . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
29
 
30
- /**
31
- * Whitelist filter.
32
- *
33
- * @since 3.0.0
34
- * @deprecated 5.5.0 Use {@see 'v_forcelogin_bypass'} instead.
35
- *
36
- * @param array An array of absolute URLs.
37
- */
38
- $allowed = apply_filters_deprecated( 'v_forcelogin_whitelist', array( array() ), '5.5.0', 'v_forcelogin_bypass' );
39
 
40
- /**
41
- * Bypass filter.
42
- *
43
- * @since 5.0.0
44
- * @since 5.2.0 Added the `$url` parameter.
45
- *
46
- * @param bool Whether to disable Force Login. Default false.
47
- * @param string $url The visited URL.
48
- */
49
- $bypass = apply_filters( 'v_forcelogin_bypass', in_array( $url, $allowed ), $url );
50
 
51
- if ( preg_replace( '/\?.*/', '', $url ) !== preg_replace( '/\?.*/', '', wp_login_url() ) && ! $bypass ) {
52
- // Determine redirect URL
53
- $redirect_url = apply_filters( 'v_forcelogin_redirect', $url );
54
- // Set the headers to prevent caching
55
- nocache_headers();
56
- // Redirect
57
- wp_safe_redirect( wp_login_url( $redirect_url ), 302 );
58
- exit;
59
- }
60
- } elseif ( function_exists( 'is_multisite' ) && is_multisite() ) {
61
- // Only allow Multisite users access to their assigned sites
62
- if ( ! is_user_member_of_blog() && ! current_user_can( 'setup_network' ) ) {
63
- wp_die( __( "You're not authorized to access this site.", 'wp-force-login' ), get_option( 'blogname' ) . ' › ' . __( 'Error', 'wp-force-login' ) );
64
- }
65
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
66
  }
67
  add_action( 'template_redirect', 'v_forcelogin' );
68
 
3
  Plugin Name: Force Login
4
  Plugin URI: https://wordpress.org/plugins/wp-force-login/
5
  Description: Easily hide your WordPress site from public viewing by requiring visitors to log in first. Activate to turn on.
6
+ Version: 5.6
7
  Author: Kevin Vess
8
  Author URI: http://vess.me/
9
 
21
  return;
22
  }
23
 
24
+ // Bail if the current visitor is a logged in user, unless Multisite is enabled
25
+ if ( is_user_logged_in() && ! is_multisite() ) {
26
+ return;
27
+ }
 
28
 
29
+ // Get visited URL
30
+ $schema = isset( $_SERVER['HTTPS'] ) && 'on' === $_SERVER['HTTPS'] ? 'https://' : 'http://';
31
+ $url = $schema . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
 
 
 
 
 
 
32
 
33
+ /**
34
+ * Whitelist filter.
35
+ *
36
+ * @since 3.0.0
37
+ * @deprecated 5.5.0 Use {@see 'v_forcelogin_bypass'} instead.
38
+ *
39
+ * @param array An array of absolute URLs.
40
+ */
41
+ $allowed = apply_filters_deprecated( 'v_forcelogin_whitelist', array( array() ), '5.5.0', 'v_forcelogin_bypass' );
 
42
 
43
+ /**
44
+ * Bypass filter.
45
+ *
46
+ * @since 5.0.0
47
+ * @since 5.2.0 Added the `$url` parameter.
48
+ *
49
+ * @param bool Whether to disable Force Login. Default false.
50
+ * @param string $url The visited URL.
51
+ */
52
+ $bypass = apply_filters( 'v_forcelogin_bypass', in_array( $url, $allowed ), $url );
53
+
54
+ // Bail if bypass is enabled
55
+ if ( $bypass ) {
56
+ return;
57
  }
58
+
59
+ // Only allow Multisite users access to their assigned sites
60
+ if ( is_multisite() && ! is_user_member_of_blog() && ! current_user_can( 'setup_network' ) ) {
61
+ $message = apply_filters( 'v_forcelogin_multisite_message', __( "You're not authorized to access this site.", 'wp-force-login' ), $url );
62
+ wp_die( $message, get_option( 'blogname' ) . ' › ' . __( 'Error', 'wp-force-login' ) );
63
+ }
64
+
65
+ // Determine redirect URL
66
+ $redirect_url = apply_filters( 'v_forcelogin_redirect', $url );
67
+
68
+ // Set the headers to prevent caching
69
+ nocache_headers();
70
+
71
+ // Redirect unauthorized visitors
72
+ wp_safe_redirect( wp_login_url( $redirect_url ), 302 );
73
+ exit;
74
  }
75
  add_action( 'template_redirect', 'v_forcelogin' );
76