| 301 | /** |
| 302 | * Catches invalid access to BuddyPress pages and redirects them accordingly. |
| 303 | * |
| 304 | * @package BuddyPress Core |
| 305 | * @since 1.3 |
| 306 | */ |
| 307 | function bp_core_catch_no_access() { |
| 308 | global $bp, $wp_query, $bp_unfiltered_uri, $bp_no_status_set; |
| 309 | |
| 310 | // If bp_core_redirect() and $bp_no_status_set is true, |
| 311 | // we are redirecting to an accessible page, so skip this check. |
| 312 | if ( $bp_no_status_set ) |
| 313 | return false; |
| 314 | |
| 315 | // If the displayed user was marked as a spammer and the logged-in user is not a super admin, redirect |
| 316 | if ( isset( $bp->displayed_user->id ) && bp_core_is_user_spammer( $bp->displayed_user->id ) ) { |
| 317 | if ( !is_super_admin() ) |
| 318 | bp_core_redirect( $bp->root_domain ); |
| 319 | else |
| 320 | bp_core_add_message( __( 'This user has been marked as a spammer. Only site admins can view this profile.', 'buddypress' ), 'error' ); |
| 321 | } |
| 322 | |
| 323 | // If BP_ENABLE_ROOT_PROFILES is not defined and the displayed user does not exist, redirect |
| 324 | if ( !$bp->displayed_user->id && $bp_unfiltered_uri[0] == $bp->members->slug && isset( $bp_unfiltered_uri[1] ) ) |
| 325 | bp_core_redirect( $bp->root_domain ); |
| 326 | |
| 327 | // Access control! |
| 328 | if ( !$wp_query->queried_object && !bp_is_blog_page() ) { |
| 329 | if ( is_user_logged_in() ) { |
| 330 | bp_core_no_access( array( 'redirect' => false, 'message' => __( 'You do not have access to that page', 'buddypress' ) ) ); |
| 331 | } else { |
| 332 | bp_core_no_access(); |
| 333 | } |
| 334 | } |
| 335 | } |
| 336 | add_action( 'wp', 'bp_core_catch_no_access' ); |
| 337 | |
| 338 | /** |
| 339 | * Redirects a user to login for BP pages that require access control and adds an error message (if one is provided). |
| 340 | * If authenticated, redirects user back to requested content by default. |
| 341 | * |
| 342 | * @package BuddyPress Core |
| 343 | * @since 1.3 |
| 344 | */ |
| 345 | function bp_core_no_access( $args = '' ) { |
| 346 | global $bp; |
| 347 | |
| 348 | $defaults = array( |
| 349 | 'mode' => '1', // 1 = $root, 2 = wp-login.php |
| 350 | 'message' => __( 'You must log in to access the page you requested.', 'buddypress' ), |
| 351 | 'redirect' => wp_guess_url(), // the URL you get redirected to when a user successfully logs in |
| 352 | 'root' => $bp->root_domain // the landing page you get redirected to when a user doesn't have access |
| 353 | ); |
| 354 | |
| 355 | $r = wp_parse_args( $args, $defaults ); |
| 356 | extract( $r, EXTR_SKIP ); |
| 357 | |
| 358 | // Group filtering |
| 359 | // When a user doesn't have access to a group's activity / secondary page, redirect to group's homepage |
| 360 | if ( !$redirect ) { |
| 361 | if ( bp_is_active( $bp->groups->slug ) && bp_is_current_component( $bp->groups->slug ) ) { |
| 362 | $root = bp_get_group_permalink( $bp->groups->current_group ); |
| 363 | $message = false; |
| 364 | } |
| 365 | } |
| 366 | |
| 367 | // Apply filters to these variables |
| 368 | $mode = apply_filters( 'bp_no_access_mode', $mode, $root, $redirect, $message ); |
| 369 | $redirect = apply_filters( 'bp_no_access_redirect', $redirect, $root, $message, $mode ); |
| 370 | $root = trailingslashit( apply_filters( 'bp_no_access_root', $root, $redirect, $message, $mode ) ); |
| 371 | $message = apply_filters( 'bp_no_access_message', $message, $root, $redirect, $mode ); |
| 372 | |
| 373 | switch ( $mode ) { |
| 374 | // Option to redirect to wp-login.php |
| 375 | // Error message is displayed with bp_core_no_access_wp_login_error() |
| 376 | case 2 : |
| 377 | $redirect ? |
| 378 | bp_core_redirect( wp_login_url( $redirect ) . '&action=bpnoaccess' ) : |
| 379 | bp_core_redirect( $root ); |
| 380 | break; |
| 381 | |
| 382 | // Redirect to root with "redirect_to" parameter |
| 383 | // Error message is displayed with bp_core_add_message() |
| 384 | case 1 : |
| 385 | default : |
| 386 | $redirect ? |
| 387 | $url = add_query_arg( 'redirect_to', urlencode( $redirect ), $root ) : |
| 388 | $url = $root; |
| 389 | |
| 390 | if ( $message ) |
| 391 | bp_core_add_message( $message, 'error' ); |
| 392 | |
| 393 | bp_core_redirect( $url ); |
| 394 | break; |
| 395 | } |
| 396 | } |
| 397 | |
| 398 | /** |
| 399 | * Adds an error message to wp-login.php. |
| 400 | * Hooks into the "bpnoaccess" action defined in bp_core_no_access(). |
| 401 | * |
| 402 | * @package BuddyPress Core |
| 403 | * @global $error |
| 404 | * @since 1.3 |
| 405 | */ |
| 406 | function bp_core_no_access_wp_login_error() { |
| 407 | global $error; |
| 408 | |
| 409 | $error = apply_filters( 'bp_wp_login_error', __( 'You must log in to access the page you requested.', 'buddypress' ), $_REQUEST['redirect_to'] ); |
| 410 | |
| 411 | // shake shake shake! |
| 412 | add_action( 'login_head', 'wp_shake_js', 12 ); |
| 413 | } |
| 414 | add_action( 'login_form_bpnoaccess', 'bp_core_no_access_wp_login_error' ); |
| 415 | |