Skip to:
Content
Pages
Categories
Search
Top
Bottom

Securing components from non logged in users

  • @mspecht

    Participant

    I need to be able to limit access to certain components, such as members & groups to only users who have logged in. Other than changing my the themes to do a check on logged in users which I don’t really want to do as this limits what I can display. For example I still want to be able to display the site wide activity widget but if a non-logged in user clicks on a link that takes them to a member or group area they are prompted to log in.

    I have had a hunt around but do not see a a hook in Buddypress that does a security check like this. Am I missing something?

    Thanks!

Viewing 25 replies - 1 through 25 (of 49 total)
  • @burtadsit

    Participant

    bp doesn’t have that type of security system yet.

    @mspecht

    Participant

    ok thanks at least I was not missing anything.

    I have been thinking about how to do this myself but without a major hack to the core bp I do not see any way to implement something like that.

    @burtadsit

    Participant

    I don’t think it would be a major hack. More than likely you don’t even need to touch the core. bp looks for a bp-custom.php file in the /mu-plugins directory and if it exists it loads it before all else.

    You could check the current component var in bp and see if they are logged in or not. Lemme go try something.

    OK. I think I have a simple and quick solution for you. Something along the lines of this:

    function oci_restrict_access(){

    global $bp;

    if ((MEMBERS_SLUG == $bp->current_component || BP_GROUPS_SLUG == $bp->current_component) && !is_user_logged_in()){

    die(‘no access’);

    }

    }

    add_action( ‘wp’, ‘oci_restrict_access’, 3 );

    We can stick that in bp-custom.php. Gimme about a couple of hours to finish this and do some testing. I gotta pack up shop here and move to a different location at the moment.

    Be back.

    @burtadsit

    Participant

    OK. Don’t use the code above obviously. :)

    Try this:

    function oci_restrict_access(){

    global $bp, $bp_unfiltered_uri;

    if (!is_user_logged_in() &&

    (MEMBERS_SLUG == $bp_unfiltered_uri[0] && !empty( $bp->current_action ) ||

    BP_GROUPS_SLUG == $bp->current_component && !empty( $bp->current_action ))){

    bp_core_redirect( $bp->root_domain );

    }

    }

    add_action( ‘wp’, ‘oci_restrict_access’, 3 );

    That should restrict any user who is not logged in from going anywhere in /members or /groups except for the members and groups directories. It sends them back to the site home page.

    If you don’t want visitors seeing the directories then remove the && !empty( $bp->current_action ) parts in that function. $bp->current_action is anything after /members and /groups. The directories get triggered by just /members and /groups

    If you don’t have a file called bp-custom.php in your /mu-plugins directory then create one and put that in there. If you do have one just drop that code in there.

    You can change where the function sends them by replacing the bp_core_redirect( $bp->root_domain ); statement with something of your choosing. I just used that for testing. You can make them end up where ever you want:

    get_bloginfo('siteurl') . '/wp-login.php?redirect_to=' . urlencode( $bp->root_domain )

    I haven’t tested that but I stole that from the admin bar login code. :)

    Lemme know how it works for ya.

    @mspecht

    Participant

    Great! I dreamt about something like the last night but your implementation is nice a simple. I was going to look at adding a much more complex option.

    I will implement when I get back from my run & let you know.

    @mspecht

    Participant

    Just an update it works nicely. Now to integrate it into a ThickBox popup.

    @gpo1

    Participant

    Can you make this has a plugin?

    @enlightenmental1

    Participant

    Awesome Burt!

    thanks for making this

    here’s a quick question

    is there a way to echo ” you must be logged in to view this ” ;

    before redirecting to the home-page/login page

    ?

    something like this?

    echo “You must be Logged-In to view this page”;

    sleep[5];

    bp_core_redirect( $bp->root_domain );

    @enlightenmental1

    Participant

    how would I add additional “Areas” like the /events page that contains the member created events stuff (the bp-events plugins)

    I want that hidden as well….

    @burtadsit

    Participant

    enlightnemental1, to add more restricted areas you just add to the ‘or’ list of url components. If bp-events plugin adds itself to bp as a component then try this:

    [snip]
    if (!is_user_logged_in() &&
    (MEMBERS_SLUG == $bp_unfiltered_uri[0] && !empty( $bp->current_action ) ||
    BP_GROUPS_SLUG == $bp->current_component && !empty( $bp->current_action ) ||
    'events' == $bp->current_component
    [endsnip]

    It all depends on the url of what you want to restrict. The above chunk of code will restrict mysite.org/members, mysite.org/groups, mysite.org/events and not the member or groups directories.

    @burtadsit

    Participant

    gpo1 you just need to create a php file and drop it in /mu-plugins instead of putting the code in bp-custom.php. You can use the plugin header below:

    /*

    Plugin Name: bpRestrict – BuddyPress Plugin

    Plugin URI: http://code.ourcommoninterest.org/

    Description: Restricts non-logged in users from certain areas

    Author: Burt Adsit

    Version: 0.1

    Author URI: http://code.ourcommoninterest.org/

    License: GNU GENERAL PUBLIC LICENSE 3.0 http://www.gnu.org/licenses/gpl.txt

    */

    @enlightenmental1

    Participant

    yes sir,

    that worked great!

    I’ve edited the original code to:

    echo “You must be Logged-In to view this page”; //displays message

    exit(); //stops page from loading

    but I want it to redirect after echoing the above line

    anyone?

    (Thanks again Burt)

    @burtadsit

    Participant

    You probably could put some kind of delay in there before the redirect: sleep(10); for a 10 second delay.

    @enlightenmental1

    Participant

    i did exactly that….. and it doesn’t work

    echo “you must be logged in sucka!”;

    sleep(4);

    bp_core_redirect( $bp->root_domain );

    exit();

    the above echos the text…. but doesn’t seem to complete the redirect

    @burtadsit

    Participant

    hmmm. I’ve gotta take off for awhile here but you might want to investigate something like this to replace the bp_core_redirect() call: http://www.internetofficer.com/seo/html-redirect/

    (from link above)

    The HTML redirect allows to introduce a delay before the redirection is performed. It is sometimes called META refresh redirect.

    That would mean writing your own redirect() fn. Maybe the normal wp redirects have a delay option?

    @mspecht

    Participant

    I took a slightly different approach:

    * redirected them to the register page adding a flag to the query string

    * then in my theme added a some code to catch if the flag was set and if so

    added this to my register page just before the bp_core_signup_do_signup() call.

    jQuery(document).ready(function () {

    setTimeout(function(){ jQuery(“#error”).fadeOut(“slow”); }, 3000);

    });

    You can only view this information if you are a registered user.

    Either login or register to continue.

    @imgoel

    Participant

    @mspecht

    can you explain a bit more on how to use that script

    @mspecht

    Participant

    @Imgoel in my bp-custom.php I put:

    function js_restrict_access(){
    global $bp, $bp_unfiltered_uri;

    if (!is_user_logged_in() && (MEMBERS_SLUG == $bp_unfiltered_uri[0]
    || BP_GROUPS_SLUG == $bp->current_component || BP_BLOGS_SLUG == $bp->current_component)){
    bp_core_redirect( get_option(\\\'home\\\') . \\\"/register?s=1\\\");
    }
    }
    add_action( \\\'wp\\\', \\\'js_restrict_access\\\', 3 );

    Then in my theme I put the following in register.php:

    <?php
    if($_REQUEST[\\\"s\\\"]){?>
    <script type=\\\"text/javascript\\\">
    jQuery(document).ready(function () {
    setTimeout(function(){ jQuery(\\\"#error\\\").fadeOut(\\\"slow\\\"); }, 3000);
    });
    </script>
    <div id=\\\"error\\\" class=\\\"error\\\">
    <p>You can only view this information if you are a registered user. Either login or register to continue.</p>
    </div>
    <?php } ?>
    <?php bp_core_signup_do_signup() ?>

    @adamwiththehair

    Participant

    I have this:

    <?php

    function oci_restrict_access(){
    global $bp, $bp_unfiltered_uri;

    if (!is_user_logged_in() &amp;&amp;
    (MEMBERS_SLUG == $bp_unfiltered_uri[0]
    || BP_GROUPS_SLUG == $bp->current_component
    || 'ask/' == $bp->current_component
    ))
    {

    bp_core_redirect( $bp->root_domain );
    }
    }
    add_action( 'wp', 'oci_restrict_access', 3 );

    ?>

    But it still goes to the ASK page.

    Am I doing something wrong?

    @buddyswe

    Participant

    ?

    @peterverkooijen

    Participant

    Has this been resolved? Is there now a working plugin based on the code above?

    In my site the members and groups sections should definitely be members-only. This is essential stuff that should be a default part of the Buddypress package imho. What’s the point of signing up for a network if everybody has access anyway?

    @peterverkooijen

    Participant

    There’s a member access plugin here, but it has no settings for the members and groups sections in Buddypress.

    This plugin only works for “pages”.

    Is there a way to extend one of these plugins?

    @trcwest

    Participant

    Yes i tried burtadsits code in my bp-custom.php but no joy.. just get a few php errors in my header..

    Warning: Cannot modify header information – headers already sent by (output started at /home/ourbour/spotskenya/wp-content/plugins/buddypress/bp-custom.php:9) in /home/ourbour/spotskenya/wp-content/plugins/wordpress-mobile-plugin/wordpress-mobile.php on line 1658

    Warning: Cannot modify header information – headers already sent by (output started at /home/ourbour/spotskenya/wp-content/plugins/buddypress/bp-custom.php:9) in /home/ourbour/spotskenya/wp-content/plugins/wordpress-mobile-plugin/wordpress-mobile.php on line 1659

    Warning: Cannot modify header information – headers already sent by (output started at /home/ourbour/spotskenya/wp-content/plugins/buddypress/bp-custom.php:9) in /home/ourbour/spotskenya/wp-content/plugins/wordpress-mobile-plugin/wordpress-mobile.php on line 1660

    Is there anything else that could do this.. im sure i ahve come accros a plugin from nicola??

    i also tried Mspecht one in <?php ?> but it didnt work either??

    @burtadsit

    Participant

    NOTE: to people running the latest trunk or anything past rev 1273 the constant MEMBERS_SLUG is no longer valid and the oci_restrict_access() fn will not work. Change MEMBERS_SLUG to BP_MEMBERS_SLUG and it’ll work again. The constants changed.

    @trcwest

    Participant

    This works great for me.. Redirects people who click on yoursite.com/groups/…. to my signup.php (change where you want to go) the directory for the groups will show

    but strangely its is different for the members urls.. even the members directory redirects to my signup.php

    1) can the members directory be visible but not anything after that?? like the groups.

    2) can any one surgest a nice else or other statment that gives a message on the actual page saying something like you have to login or sign up to do this.

    <?php

    function oci_restrict_access(){

    global $bp, $bp_unfiltered_uri;

    if (!is_user_logged_in() &&

    (BP_MEMBERS_SLUG == $bp_unfiltered_uri[0] && !empty( $bp->current_action ) ||

    BP_GROUPS_SLUG == $bp->current_component && !empty( $bp->current_action ))){

    bp_core_redirect(get_bloginfo(‘siteurl’) . ‘/signup.php’);

    //bp_core_redirect(get_bloginfo(‘siteurl’) . ‘/wp-login.php?redirect_to=’ . urlencode( $bp->root_domain ));

    }

    }

    add_action( ‘wp’, ‘oci_restrict_access’, 3 );

    ?>

Viewing 25 replies - 1 through 25 (of 49 total)
  • The topic ‘Securing components from non logged in users’ is closed to new replies.
Skip to toolbar