Skip to:
Content

Opened 8 months ago

Closed 8 months ago

Last modified 8 months ago

#7507 closed defect (bug) (invalid)

buddypress logout button for menu

Reported by: masoud1111 Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.8.2
Component: Core Keywords:
Cc:

Description

hello.
i have disabled backend login/resetpass/signup for all users. (no wp-login.php)
1 - for more security
2 - because i want to use my custom pages
with these codes in functions.php:

function possibly_redirect(){
  global $pagenow;
  if( 'wp-login.php' == $pagenow ) {
    if ( isset( $_POST['wp-submit'] ) ||   // in case of LOGIN
      ( isset($_GET['checkemail']) && $_GET['checkemail']=='confirm') ||   // in case of LOST PASSWORD
      ( isset($_GET['checkemail']) && $_GET['checkemail']=='resetpassword') ||   // in case of LOST PASSWORD
      ( isset($_GET['checkemail']) && $_GET['checkemail']=='registered') ) return;    // in case of REGISTER
elseif ( is_user_logged_in() && ( isset($_GET['action']) && $_GET['action']=='logout') ) return;  
    else { 	// force them to 404
    	global $wp_query;
        $wp_query->set_404();
        status_header( 404 );
        get_template_part( 404 ); 
        exit();
 }
  }
}
add_action('init','possibly_redirect');

add_action( 'init', 'signup_redirect_remove_init', 9 );
function signup_redirect_remove_init(){
	remove_action( 'bp_init', 'bp_core_wpsignup_redirect' );

add_filter('option_users_can_register', function($value) {
    $script = basename(parse_url($_SERVER['SCRIPT_NAME'], PHP_URL_PATH));
    if ($script == 'wp-login.php') {
        $value = false;
    }
     return $value;
});

add_filter('redirect_canonical', 'bs_no_redirect_404');
function bs_no_redirect_404($redirect_url)
{    if (is_404()) {
        return false;
    }
    return $redirect_url;
}


add_action('init', 'remove_default_redirect');
add_filter('auth_redirect_scheme', 'stop_redirect', 9999);

function stop_redirect($scheme)
{
    if ( $user_id = wp_validate_auth_cookie( '',  $scheme) ) {
        return $scheme;
    }
	global $wp_query;
        $wp_query->set_404();
        status_header( 404 );
        get_template_part( 404 ); 
        exit();
}

function remove_default_redirect()
{
    remove_action('template_redirect', 'wp_redirect_admin_locations', 1000);
}

// for masking the logout url
add_filter( 'logout_url', 'new_custom_logout_url', 10, 2 );
add_action( 'wp_loaded', 'new_custom_logout_action' );
/**
 * Replace default log-out URL.
 * @wp-hook logout_url
 * @param   string $logout_url
 * @param   string $redirect
 * @return  string
 */
function new_custom_logout_url( $logout_url, $redirect )
{
    $url = add_query_arg( 'logout', 1, home_url( '/' ) );
    $redirect = home_url();
    if ( ! empty ( $redirect ) )
        $url = add_query_arg( 'redirect', $redirect, $url );
    return $url;
}
/**
 * Log the user out.
 * @wp-hook wp_loaded
 * @return  void
 */
function new_custom_logout_action()
{
    if ( ! isset ( $_GET['logout'] ) )
        return;
    wp_logout();
    $loc = isset ( $_GET['redirect'] ) ? $_GET['redirect'] : home_url( '/' ) ;
    wp_redirect( $loc );
    exit;
}

all the plugins are off + 2017 theme.
from Dashboard > Appearance > Menus > Buddypress > Logged-in > add logout button to menu

the button must only be visible to logged-in users.
how ever if you go to this page (/wp-admin) as a visitor (not logged in), you will see the button! and you can click on it.
this url as an example:
www.example.com/wp-admin

Change History (2)

#1 @hnla
8 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

@masoud1111 this is really something you should ask on the help forum, trac is for specific core issues and enhancements.

Ask the question on:
https://buddypress.org/support/

You'll get more eyes on the issue there.

#2 @masoud1111
8 months ago

@hnla

i thought this might be a bug that i found,
that when i disable wp-backend, and you go to .../wp-admin, the logout button is available to visitors.

so i came here to report it.
i'm sorry if i was wrong about it.
thank you .

Note: See TracTickets for help on using tickets.