Skip to:

Opened 12 years ago

Closed 12 years ago

Last modified 12 years ago

#4199 closed enhancement (fixed)

Improve the logic of bp_core_login_redirect()

Reported by: boonebgorges's profile boonebgorges Owned by:
Milestone: 1.6 Priority: normal
Severity: normal Version:
Component: Core Keywords: has-patch commit


The function bp_core_login_redirect() is intended to prevent users from being redirected to the Dashboard after logging in. This works well for many BP use cases, as most users never need to see the Dashboard. However, it can be quite annoying for users who *do* need to see the Dashboard, such as Administrators, because (for example) WP email notifications of things like pending comments contain direct links to wp-admin pages. Moreover, some BP sites run plugins that require users to have regular access to the Dashboard.

My suggested solution is in the attached patch. It does the following:

  • login_redirect gets processed twice in a normal login: once when wp-login.php is rendered, and again just after login succeeds. Filtering both instances means any check for the current user will fail on the first instance of the filter, and the redirect_to parameter will be wiped out. I've refactored so that BP only modifies login_redirect after a successful login (which is the only time it matters anyway).
  • Allow the logged-in user to access the Dashboard with the cap 'edit_posts' (Contributors or greater)
  • Introduce a filter bp_core_login_redirect, which will allow plugin authors to make exceptions to our rules without unhooking our function altogether

Attachments (1)

4199.01.patch (2.7 KB) - added by boonebgorges 12 years ago.

Download all attachments as: .zip

Change History (5)

#1 @DJPaul
12 years ago

  • Keywords commit added

Haven't tested, but looks okay. I would suggest that it uses the $redirect_to parameter throughout.

#2 @boonebgorges
12 years ago

Thanks for having a look, Paul. Agreed on $redirect_to.

#3 @boonebgorges
12 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [6031]) Refactors bp_core_login_redirect() for better extensibility and flow

This patch does the following:

  • Eases the restriction on login redirects to wp-admin. Previously, all such redirects were bounced back to the home page. While this restriction makes sense for the majority of users on the majority of BP installs (who never need to see the Dashboard), it was a pain for Administrators and other users who have legitimate reasons to visit wp-admin pages, especially when clicking directly on links in WP notification emails. This changeset allows login redirects to wp-admin to succeed when users are of the Contributor level or higher.
  • Introduces a filter bp_core_login_redirect, which allows plugins to override the default behavior of bp_core_login_redirect() for some users, without requiring that they unhook the function altogether.

Fixes #4199
Props djpaul, Jonathan Davis for help conceputalizing and testing

#4 @boonebgorges
12 years ago

(In [6034]) Use the passed redirect_to value for checks in bp_core_login_redirect() instead of REQUEST global

The redirect_to value passed to the login_redirect filter in wp-login.php is a
cleaned up version of _REQUESTredirect_to?, and is a more reliable indicator
of where the link is trying to send the user. So it's a good idea to use it
when checking for the presence of 'wp-admin' rather than referencing the
global directly.

See #4199

Note: See TracTickets for help on using tickets.