Skip to:
Content

Changeset 11610


Ignore:
Timestamp:
06/23/2017 05:10:48 PM (12 months ago)
Author:
r-a-y
Message:

Core: Redirect login links to their rightful spot if already authenticated.

Previously, if a logged-in user clicked on a login link with the
'redirect_to' parameter, the user would need to re-authenticate in order
to get redirected to the given URL.

This commit bypasses the re-authentication process for logged-in users,
which improves the user experience for those clicking on login links via
email. wp_safe_redirect() is used to avoid redirecting to external
links that are not whitelisted by WordPress.

See #7349.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-core/bp-core-catchuri.php

    r11599 r11610  
    671671        case 2 :
    672672            if ( !empty( $redirect ) ) {
    673                 bp_core_redirect( add_query_arg( array( 'action' => 'bpnoaccess' ), wp_login_url( $redirect ) ) );
     673                bp_core_redirect( add_query_arg( array(
     674                    'bp-auth' => 1,
     675                    'action'  => 'bpnoaccess'
     676                ), wp_login_url( $redirect ) ) );
    674677            } else {
    675678                bp_core_redirect( $root );
     
    697700    }
    698701}
     702
     703/**
     704 * Login redirector.
     705 *
     706 * If a link is not publicly available, we can send members from external
     707 * locations, like following links in an email, through the login screen.
     708 *
     709 * If a user clicks on this link and is already logged in, we should attempt
     710 * to redirect the user to the authorized content instead of forcing the user
     711 * to re-authenticate.
     712 *
     713 * @since 2.9.0
     714 */
     715function bp_login_redirector() {
     716    // Redirect links must include the `redirect_to` and `bp-auth` parameters.
     717    if ( empty( $_GET['redirect_to'] ) || empty( $_GET['bp-auth'] ) ) {
     718        return;
     719    }
     720
     721    /*
     722     * If the user is already logged in,
     723     * skip the login form and redirect them to the content.
     724     */
     725    if ( bp_loggedin_user_id() ) {
     726        wp_safe_redirect( esc_url_raw( $_GET['redirect_to'] ) );
     727        exit;
     728    }
     729}
     730add_action( 'login_init', 'bp_login_redirector', 1 );
    699731
    700732/**
Note: See TracChangeset for help on using the changeset viewer.