BuddyPress

I need to be able to limit access to certain components, such as members & groups to only users who have logged in. Other than changing my the themes to do a check on logged in users which I don’t really want to do as this limits what I can display. For example I still want to be able to display the site wide activity widget but if a non-logged in user clicks on a link that takes them to a member or group area they are prompted to log in.

I have had a hunt around but do not see a a hook in Buddypress that does a security check like this. Am I missing something?

Thanks!

bp doesn’t have that type of security system yet.

ok thanks at least I was not missing anything.

I have been thinking about how to do this myself but without a major hack to the core bp I do not see any way to implement something like that.

I don’t think it would be a major hack. More than likely you don’t even need to touch the core. bp looks for a bp-custom.php file in the /mu-plugins directory and if it exists it loads it before all else.

You could check the current component var in bp and see if they are logged in or not. Lemme go try something.

OK. I think I have a simple and quick solution for you. Something along the lines of this:

function oci_restrict_access(){
global $bp;

if ((MEMBERS_SLUG == $bp->current_component || BP_GROUPS_SLUG == $bp->current_component) && !is_user_logged_in()){
die(‘no access’);
}
}
add_action( ‘wp’, ‘oci_restrict_access’, 3 );

We can stick that in bp-custom.php. Gimme about a couple of hours to finish this and do some testing. I gotta pack up shop here and move to a different location at the moment.

Be back.

OK. Don’t use the code above obviously.

Try this:

function oci_restrict_access(){
global $bp, $bp_unfiltered_uri;

if (!is_user_logged_in() &&
(MEMBERS_SLUG == $bp_unfiltered_uri[0] && !empty( $bp->current_action ) ||
BP_GROUPS_SLUG == $bp->current_component && !empty( $bp->current_action ))){

bp_core_redirect( $bp->root_domain );
}
}
add_action( ‘wp’, ‘oci_restrict_access’, 3 );

That should restrict any user who is not logged in from going anywhere in /members or /groups except for the members and groups directories. It sends them back to the site home page.

If you don’t want visitors seeing the directories then remove the && !empty( $bp->current_action ) parts in that function. $bp->current_action is anything after /members and /groups. The directories get triggered by just /members and /groups

If you don’t have a file called bp-custom.php in your /mu-plugins directory then create one and put that in there. If you do have one just drop that code in there.

You can change where the function sends them by replacing the bp_core_redirect( $bp->root_domain ); statement with something of your choosing. I just used that for testing. You can make them end up where ever you want:

get_bloginfo('siteurl') . '/wp-login.php?redirect_to=' . urlencode( $bp->root_domain )

I haven’t tested that but I stole that from the admin bar login code.
Lemme know how it works for ya.

Great! I dreamt about something like the last night but your implementation is nice a simple. I was going to look at adding a much more complex option.

I will implement when I get back from my run & let you know.

Just an update it works nicely. Now to integrate it into a ThickBox popup.

Can you make this has a plugin?

Awesome Burt!

thanks for making this

here’s a quick question

is there a way to echo ” you must be logged in to view this ” ;

before redirecting to the home-page/login page

?

something like this?
‘
echo “You must be Logged-In to view this page”;
sleep[5];
bp_core_redirect( $bp->root_domain );
‘

how would I add additional “Areas” like the /events page that contains the member created events stuff (the bp-events plugins)

I want that hidden as well….

enlightnemental1, to add more restricted areas you just add to the ‘or’ list of url components. If bp-events plugin adds itself to bp as a component then try this:

[snip]
 if (!is_user_logged_in() &&
(MEMBERS_SLUG == $bp_unfiltered_uri[0] && !empty( $bp->current_action ) ||
BP_GROUPS_SLUG == $bp->current_component && !empty( $bp->current_action ) ||
'events' == $bp->current_component
[endsnip]

It all depends on the url of what you want to restrict. The above chunk of code will restrict mysite.org/members, mysite.org/groups, mysite.org/events and not the member or groups directories.

gpo1 you just need to create a php file and drop it in /mu-plugins instead of putting the code in bp-custom.php. You can use the plugin header below:

/*
Plugin Name: bpRestrict – BuddyPress Plugin
Plugin URI: http://code.ourcommoninterest.org/
Description: Restricts non-logged in users from certain areas
Author: Burt Adsit
Version: 0.1
Author URI: http://code.ourcommoninterest.org/
License: GNU GENERAL PUBLIC LICENSE 3.0 http://www.gnu.org/licenses/gpl.txt
*/

yes sir,

that worked great!

I’ve edited the original code to:
‘
echo “You must be Logged-In to view this page”; //displays message
exit(); //stops page from loading
‘

but I want it to redirect after echoing the above line

anyone?

(Thanks again Burt)

You probably could put some kind of delay in there before the redirect: sleep(10); for a 10 second delay.

i did exactly that….. and it doesn’t work

‘

echo “you must be logged in sucka!”;

sleep(4);

bp_core_redirect( $bp->root_domain );

exit();

‘

the above echos the text…. but doesn’t seem to complete the redirect