Skip to:
Content

Changeset 11610


Ignore:
Timestamp:
06/23/17 17:10:48 (7 months ago)
Author:
r-a-y
Message:

Core: Redirect login links to their rightful spot if already authenticated.

Previously, if a logged-in user clicked on a login link with the
'redirect_to' parameter, the user would need to re-authenticate in order
to get redirected to the given URL.

This commit bypasses the re-authentication process for logged-in users,
which improves the user experience for those clicking on login links via
email. wp_safe_redirect() is used to avoid redirecting to external
links that are not whitelisted by WordPress.

See #7349.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-core/bp-core-catchuri.php

    r11599 r11610  
    671671        case 2 : 
    672672            if ( !empty( $redirect ) ) { 
    673                 bp_core_redirect( add_query_arg( array( 'action' => 'bpnoaccess' ), wp_login_url( $redirect ) ) ); 
     673                bp_core_redirect( add_query_arg( array( 
     674                    'bp-auth' => 1, 
     675                    'action'  => 'bpnoaccess' 
     676                ), wp_login_url( $redirect ) ) ); 
    674677            } else { 
    675678                bp_core_redirect( $root ); 
     
    697700    } 
    698701} 
     702 
     703/** 
     704 * Login redirector. 
     705 * 
     706 * If a link is not publicly available, we can send members from external 
     707 * locations, like following links in an email, through the login screen. 
     708 * 
     709 * If a user clicks on this link and is already logged in, we should attempt 
     710 * to redirect the user to the authorized content instead of forcing the user 
     711 * to re-authenticate. 
     712 * 
     713 * @since 2.9.0 
     714 */ 
     715function bp_login_redirector() { 
     716    // Redirect links must include the `redirect_to` and `bp-auth` parameters. 
     717    if ( empty( $_GET['redirect_to'] ) || empty( $_GET['bp-auth'] ) ) { 
     718        return; 
     719    } 
     720 
     721    /* 
     722     * If the user is already logged in, 
     723     * skip the login form and redirect them to the content. 
     724     */ 
     725    if ( bp_loggedin_user_id() ) { 
     726        wp_safe_redirect( esc_url_raw( $_GET['redirect_to'] ) ); 
     727        exit; 
     728    } 
     729} 
     730add_action( 'login_init', 'bp_login_redirector', 1 ); 
    699731 
    700732/** 
Note: See TracChangeset for help on using the changeset viewer.