Advertisements

auth_redirect

Definition:
function auth_redirect() {}

Checks if a user is logged in, if not it redirects them to the login page.

Defined filters

  • secure_auth_redirect
    apply_filters('secure_auth_redirect', $secure)
  • auth_redirect_scheme
    apply_filters( 'auth_redirect_scheme', '' )

Defined actions

  • auth_redirect
    do_action('auth_redirect', $user_id);

Source code

function auth_redirect() {

	// Checks if a user is logged in, if not redirects them to the login page



	$secure = ( is_ssl() || force_ssl_admin() );



	$secure = apply_filters('secure_auth_redirect', $secure);



	// If https is required and request is http, redirect

	if ( $secure && !is_ssl() && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin') ) {

		if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {

			wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));

			exit();

		} else {

			wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);

			exit();

		}

	}



	if ( is_user_admin() )

		$scheme = 'logged_in';

	else

		$scheme = apply_filters( 'auth_redirect_scheme', '' );



	if ( $user_id = wp_validate_auth_cookie( '',  $scheme) ) {

		do_action('auth_redirect', $user_id);



		// If the user wants ssl but the session is not ssl, redirect.

		if ( !$secure && get_user_option('use_ssl', $user_id) && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin') ) {

			if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {

				wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));

				exit();

			} else {

				wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);

				exit();

			}

		}



		return;  // The cookie is good so we're done

	}



	// The cookie is no good so force login

	nocache_headers();



	if ( is_ssl() )

		$proto = 'https://';

	else

		$proto = 'http://';



	$redirect = ( strpos($_SERVER['REQUEST_URI'], '/options.php') && wp_get_referer() ) ? wp_get_referer() : $proto . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];



	$login_url = wp_login_url($redirect, true);



	wp_redirect($login_url);

	exit();

}

547

Advertisements

3 Responses to “auth_redirect”

  1. Hi there;

    i already asked this question at the official WP forum; but without any luck.
    I just installed 3.2.1, fresh install, no plugins. My problem is that this function `auth_redirect()` will always fail at the 3rd if(), kicking me back to the login screen.

    In the function code it says `if ( $user_id = wp_validate_auth_cookie( ”, $scheme) )` – but i dont see $user_id declared anywhere in this function – not via `global $user_id` and not via `$user_id = …`, or am i missing something?

    Is this a bug, or where is $user_id set?

  2. As you can see at https://hitchhackerguide.com/2011/02/12/wp_validate_auth_cookie/ the wp_validate_auth_cookie function would validate the cookie and return the user_id on success. You should try clearing your cookies, sometimes they might get messed up during development.
    You could try an incognito window in Chrome to check if the cookie causes the problem.

    • Ah thanks,

      Cookies are set in the browser, but the corresponding session files in \tmp\ are empty (0 Bytes). Think its some session issue with my webserver config here – have to set it up on Windows/IIS; but it works as expected on my other XAMPP installation.

      And function wp_validate_auth_cookie() returns the $user_id – i did read that line as `if ( $user_id == …` before 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: