Skip to:
Content
Pages
Categories
Search
Top
Bottom

Securing components from non logged in users

  • Avatar of Mspecht
    mspecht
    Participant

    @mspecht

    I need to be able to limit access to certain components, such as members & groups to only users who have logged in. Other than changing my the themes to do a check on logged in users which I don’t really want to do as this limits what I can display. For example I still want to be able to display the site wide activity widget but if a non-logged in user clicks on a link that takes them to a member or group area they are prompted to log in.

    I have had a hunt around but do not see a a hook in Buddypress that does a security check like this. Am I missing something?

    Thanks!

Viewing 24 replies - 26 through 49 (of 49 total)
  • Avatar of Peterverkooijen
    peterverkooijen
    Participant

    @peterverkooijen

    This works great for me

    Que? What works great for you? Is the clue in the previous posts?

    Avatar of Peterverkooijen
    peterverkooijen
    Participant

    @peterverkooijen

    OK, I think I get it, I’ve added this as bp-custom.php to mu-plugins:

    \’<?

    function oci_restrict_access(){

    global $bp, $bp_unfiltered_uri;

    if (!is_user_logged_in() &&

    (BP_MEMBERS_SLUG == $bp_unfiltered_uri[0] ||

    BP_GROUPS_SLUG == $bp->current_component )){

    bp_core_redirect( $bp->root_domain );

    }

    }

    add_action( \’wp\’, \’oci_restrict_access\’, 3 );

    ?>\’

    It works great for the the groups section, but does nothing for the members section.

    It’s also not entirely clear to me how to add the error message. Can someone put the whole thing together?

    Avatar of Burt Adsit
    Burt Adsit
    Participant

    @burtadsit

    Peter you have to be running the latest trunk for the change to the members slug to be effective. On anything less it will make the function fail. Recent trunk does not live in /mu-plugins. Leave it like it is on your site.

    Avatar of Peterverkooijen
    peterverkooijen
    Participant

    @peterverkooijen

    OK! I now have this in bp-custom.php:

    ‘<?

    function js_restrict_access(){

    global $bp, $bp_unfiltered_uri;

    if (!is_user_logged_in() &&

    (MEMBERS_SLUG == $bp_unfiltered_uri[0] ||

    BP_GROUPS_SLUG == $bp->current_component ||

    BP_BLOGS_SLUG == $bp->current_component)){

    bp_core_redirect( get_option(‘home’) . “/register?s=1″ );

    }

    }

    add_action( ‘wp’, ‘js_restrict_access’, 3 );

    ?>’

    And this in register.php:

    ‘<?php

    if($_REQUEST["s"]){?>

    <script type=”text/javascript”>

    jQuery(document).ready(function () {

    setTimeout(function(){ jQuery(“#error”).fadeOut(“slow”); }, 6000);

    });

    </script>

    <div id=”error” class=”error”>

    <h3>The page you were trying to access is for members only. Please login or register to continue.</h3>

    </div>

    <?php } ?>’

    Does exactly what I want. Thanks Burtadsit! :-)

    It would be even nicer if the Ajax would first show the message and then replace it with the registration form: ‘<?php bp_core_signup_do_signup() ?>’

    I’ll try to figure that out next weekend…

    Avatar of Timothy West
    trcwest
    Participant

    @trcwest

    @Peterverkooijen

    Great stuff i have that implimented nicely on my signup.php page..

    thanks

    Avatar of wpmubp.org
    wpmubp
    Participant

    @takuya

    What if I wanna block viewing user profiles and groups, but not limiting access to the directories of each?

    Avatar of Peterverkooijen
    peterverkooijen
    Participant

    @peterverkooijen

    I think Burtsadit’s original code did show the directories:

    ‘MEMBERS_SLUG == $bp_unfiltered_uri[0] && !empty( $bp->current_action ) ||

    BP_GROUPS_SLUG == $bp->current_component && !empty( $bp->current_action )’

    I took out the ‘&& !empty( $bp->current_action )’ parts. Put them back in and see what happens. Haven’t tried that myself.

    Avatar of Enlightenmental1
    enlightenmental1
    Participant

    @enlightenmental1

    i see you have a jquery fade…. looks cool

    is this using the deault jquery from wpmu?

    mine does not fade…. wondering if I need additional jquery.js script

    Avatar of Peterverkooijen
    peterverkooijen
    Participant

    @peterverkooijen

    One problem:

    When you try to enter the members section when you\’re not logged in, you\’re forwarded to the registration page with that fancy fade-out error message. In the address bar you\’ll have something like this:

    http://mywebsite.com/register?s=1

    Unfortunately when you then log in on that page, you\’ll get the error message again while you\’re getting logged in and you\’ll stay on register?s=1 where you\’ll see this message in the page:

    You\’re logged in already. No need to register again!

    Did I introduce mistakes in my version of the code?

    Is it possible to expand this code with an \”if logged in, forward to homepage in 0 seconds\” bit of php magic?:

    ‘<?php

    if($_REQUEST["s"]){?>

    <script type=”text/javascript”>

    jQuery(document).ready(function () {

    setTimeout(function(){ jQuery(“#error”).fadeOut(“slow”); }, 6000);

    });

    </script>

    <div id=”error” class=”error”>

    <h3>The page you were trying to access is for members only. Please login or register to continue.</h3>

    </div>

    <?php } ?>’

    If that code gets too long, it is possible to turn it into an nice include or function, perhaps somehow included in bp-custom.php?

    Avatar of Thebigk
    thebigk
    Participant

    @thebigk

    Ahoy!

    Do I need to make any changes to make Burt\’s mod work on RC2 ?

    And…will this prevent the search engine bots from grabbing member profile information?

    Avatar of wpmubp.org
    wpmubp
    Participant

    @takuya

    oops, the code doesn’t work anymore on rc2.

    Avatar of Thebigk
    thebigk
    Participant

    @thebigk

    Burt, please fix this! Please :)

    Avatar of Thebigk
    thebigk
    Participant

    @thebigk

    We seriously need you, Burt!

    Avatar of Peterverkooijen
    peterverkooijen
    Participant

    @peterverkooijen

    Will the option to restrict the members, groups and blogs sections to members-only be part of Buddypress 1.0 final?

    Avatar of Thebigk
    thebigk
    Participant

    @thebigk

    I wish I were a developer. Right now, all I can do is – knock knock!

    anyone listening?

    Avatar of Thebigk
    thebigk
    Participant

    @thebigk

    Sorry for double posting in this thread. But can someone please suggest a fix for this? I need it badly :(

    No idea if this will work, but try replacing

    MEMBERS_SLUG

    with

    BP_MEMBERS_SLUG

    Avatar of Enlightenmental1
    enlightenmental1
    Participant

    @enlightenmental1

    my original bp-customs.php still works fine for me on RC2… here it is:

    <?

    function js_restrict_access(){

    global $bp, $bp_unfiltered_uri;

    if (!is_user_logged_in() &&

    (BP_MEMBERS_SLUG == $bp_unfiltered_uri[0] ||

    BP_GROUPS_SLUG == $bp->current_component ||

    BP_BLOGS_SLUG == $bp->current_component)){

    bp_core_redirect( get_option(‘home’) . “/register” );

    }

    add_action( ‘wp’, ‘js_restrict_access’, 3 );

    ?>

    Avatar of Peterverkooijen
    peterverkooijen
    Participant

    @peterverkooijen

    Is there still no clean version of this functionality, built in version 1.0 or in a proper plugin, including redirects (or working Ajax) with clear ‘restricted area, please login’ messages for the user?

    This issue is not resolved imho.

    Avatar of Peterverkooijen
    peterverkooijen
    Participant

    @peterverkooijen

    Would it be possible to extend this plugin to work for the members and groups sections in BP?

    Avatar of Jeff Sayre
    Jeff Sayre
    Participant

    @jeffsayre

    Peterverkooijen-

    This issue is not resolved imho.

    Your issue is not what this thread is about. The issue of the OP was resolved and so he marked it as such.

    Posting a new request in a one-month old thread marked resolved will not get much attention. See here for more details: http://buddypress.org/forums/topic.php?id=2543

    But, to provide some insight into your question, a couple of us are currently working on a full-featured privacy (authorization) component for BuddyPress. It is a ways off from being made available.

    Avatar of Peterverkooijen
    peterverkooijen
    Participant

    @peterverkooijen

    I think there was one } missing in Enlightenmental1′s latest version:

    <?
    function js_restrict_access(){
    global $bp, $bp_unfiltered_uri;

    if (!is_user_logged_in() &&
    (BP_MEMBERS_SLUG == $bp_unfiltered_uri[0] ||
    BP_GROUPS_SLUG == $bp->current_component ||
    BP_BLOGS_SLUG == $bp->current_component)){

    bp_core_redirect( get_option('home') . "/register" );

    }
    }
    add_action( 'wp', 'js_restrict_access', 3 );

    ?>

    How can I make this work for a custom page/component? How is BP_GROUPS_SLUG etc. defined?

    I’ve tried adding this to the top of my custom page, but that did not do the trick:

    /* Define the slug for the component */
    if ( !defined( 'BP_EVENTS_SLUG' ) )
    define ( 'BP_EVENTS_SLUG', 'events' );

    This doesn’t work either:

    if (!is_user_logged_in() &&
    (BP_MEMBERS_SLUG == $bp_unfiltered_uri[0] ||
    BP_GROUPS_SLUG == $bp->current_component ||
    BP_BLOGS_SLUG == $bp->current_component ||
    get_option('home').'/events' == $bp->current_component)){
    ...

    Avatar of Peterverkooijen
    peterverkooijen
    Participant

    @peterverkooijen

    How can I apply this to a custom page?

    Avatar of Peterverkooijen
    peterverkooijen
    Participant

    @peterverkooijen

    I see the blunt solution is to just add this to the top of a template page:

    if (!is_user_logged_in() ){
    bp_core_redirect( $bp->root_domain.'/register' );
    }

    I still have no good solution for a ‘restricted access’ message, but hopefully users will get the point…

Viewing 24 replies - 26 through 49 (of 49 total)

You must be logged in to reply to this topic.