Securing components from non logged in users
-
I need to be able to limit access to certain components, such as members & groups to only users who have logged in. Other than changing my the themes to do a check on logged in users which I don’t really want to do as this limits what I can display. For example I still want to be able to display the site wide activity widget but if a non-logged in user clicks on a link that takes them to a member or group area they are prompted to log in.
I have had a hunt around but do not see a a hook in Buddypress that does a security check like this. Am I missing something?
Thanks!
-
This works great for me
Que? What works great for you? Is the clue in the previous posts?
OK, I think I get it, I’ve added this as bp-custom.php to mu-plugins:
\'<?
function oci_restrict_access(){
global $bp, $bp_unfiltered_uri;
if (!is_user_logged_in() &&
(BP_MEMBERS_SLUG == $bp_unfiltered_uri[0] ||
BP_GROUPS_SLUG == $bp->current_component )){
bp_core_redirect( $bp->root_domain );
}
}
add_action( \’wp\’, \’oci_restrict_access\’, 3 );
?>\’
It works great for the the groups section, but does nothing for the members section.
It’s also not entirely clear to me how to add the error message. Can someone put the whole thing together?
Peter you have to be running the latest trunk for the change to the members slug to be effective. On anything less it will make the function fail. Recent trunk does not live in /mu-plugins. Leave it like it is on your site.
OK! I now have this in bp-custom.php:
‘<?
function js_restrict_access(){
global $bp, $bp_unfiltered_uri;
if (!is_user_logged_in() &&
(MEMBERS_SLUG == $bp_unfiltered_uri[0] ||
BP_GROUPS_SLUG == $bp->current_component ||
BP_BLOGS_SLUG == $bp->current_component)){
bp_core_redirect( get_option(‘home’) . “/register?s=1” );
}
}
add_action( ‘wp’, ‘js_restrict_access’, 3 );
?>’
And this in register.php:
‘<?php
if($_REQUEST[“s”]){?>
<script type=”text/javascript”>
jQuery(document).ready(function () {
setTimeout(function(){ jQuery(“#error”).fadeOut(“slow”); }, 6000);
});
</script>
<div id=”error” class=”error”>
<h3>The page you were trying to access is for members only. Please login or register to continue.</h3>
</div>
<?php } ?>’
Does exactly what I want. Thanks Burtadsit!
It would be even nicer if the Ajax would first show the message and then replace it with the registration form: ‘<?php bp_core_signup_do_signup() ?>’
I’ll try to figure that out next weekend…
What if I wanna block viewing user profiles and groups, but not limiting access to the directories of each?
I think Burtsadit’s original code did show the directories:
‘MEMBERS_SLUG == $bp_unfiltered_uri[0] && !empty( $bp->current_action ) ||
BP_GROUPS_SLUG == $bp->current_component && !empty( $bp->current_action )’
I took out the ‘&& !empty( $bp->current_action )’ parts. Put them back in and see what happens. Haven’t tried that myself.
i see you have a jquery fade…. looks cool
is this using the deault jquery from wpmu?
mine does not fade…. wondering if I need additional jquery.js script
One problem:
When you try to enter the members section when you\’re not logged in, you\’re forwarded to the registration page with that fancy fade-out error message. In the address bar you\’ll have something like this:
http://mywebsite.com/register?s=1
Unfortunately when you then log in on that page, you\’ll get the error message again while you\’re getting logged in and you\’ll stay on register?s=1 where you\’ll see this message in the page:
You\’re logged in already. No need to register again!
Did I introduce mistakes in my version of the code?
Is it possible to expand this code with an \”if logged in, forward to homepage in 0 seconds\” bit of php magic?:
‘<?php
if($_REQUEST[“s”]){?>
<script type=”text/javascript”>
jQuery(document).ready(function () {
setTimeout(function(){ jQuery(“#error”).fadeOut(“slow”); }, 6000);
});
</script>
<div id=”error” class=”error”>
<h3>The page you were trying to access is for members only. Please login or register to continue.</h3>
</div>
<?php } ?>’
If that code gets too long, it is possible to turn it into an nice include or function, perhaps somehow included in bp-custom.php?
Ahoy!
Do I need to make any changes to make Burt\’s mod work on RC2 ?
And…will this prevent the search engine bots from grabbing member profile information?
oops, the code doesn’t work anymore on rc2.
Burt, please fix this! Please
We seriously need you, Burt!
Will the option to restrict the members, groups and blogs sections to members-only be part of Buddypress 1.0 final?
I wish I were a developer. Right now, all I can do is – knock knock!
anyone listening?
Sorry for double posting in this thread. But can someone please suggest a fix for this? I need it badly
No idea if this will work, but try replacing
MEMBERS_SLUG
with
BP_MEMBERS_SLUG
my original bp-customs.php still works fine for me on RC2… here it is:
<?
function js_restrict_access(){
global $bp, $bp_unfiltered_uri;
if (!is_user_logged_in() &&
(BP_MEMBERS_SLUG == $bp_unfiltered_uri[0] ||
BP_GROUPS_SLUG == $bp->current_component ||
BP_BLOGS_SLUG == $bp->current_component)){
bp_core_redirect( get_option(‘home’) . “/register” );
}
add_action( ‘wp’, ‘js_restrict_access’, 3 );
?>
Is there still no clean version of this functionality, built in version 1.0 or in a proper plugin, including redirects (or working Ajax) with clear ‘restricted area, please login’ messages for the user?
This issue is not resolved imho.
Would it be possible to extend this plugin to work for the members and groups sections in BP?
Peterverkooijen-
This issue is not resolved imho.
Your issue is not what this thread is about. The issue of the OP was resolved and so he marked it as such.
Posting a new request in a one-month old thread marked resolved will not get much attention. See here for more details: https://buddypress.org/forums/topic.php?id=2543
But, to provide some insight into your question, a couple of us are currently working on a full-featured privacy (authorization) component for BuddyPress. It is a ways off from being made available.
I think there was one } missing in Enlightenmental1’s latest version:
<?
function js_restrict_access(){
global $bp, $bp_unfiltered_uri;
if (!is_user_logged_in() &&
(BP_MEMBERS_SLUG == $bp_unfiltered_uri[0] ||
BP_GROUPS_SLUG == $bp->current_component ||
BP_BLOGS_SLUG == $bp->current_component)){
bp_core_redirect( get_option('home') . "/register" );
}
}
add_action( 'wp', 'js_restrict_access', 3 );
?>How can I make this work for a custom page/component? How is BP_GROUPS_SLUG etc. defined?
I’ve tried adding this to the top of my custom page, but that did not do the trick:
/* Define the slug for the component */
if ( !defined( 'BP_EVENTS_SLUG' ) )
define ( 'BP_EVENTS_SLUG', 'events' );This doesn’t work either:
if (!is_user_logged_in() &&
(BP_MEMBERS_SLUG == $bp_unfiltered_uri[0] ||
BP_GROUPS_SLUG == $bp->current_component ||
BP_BLOGS_SLUG == $bp->current_component ||
get_option('home').'/events' == $bp->current_component)){
...How can I apply this to a custom page?
I see the blunt solution is to just add this to the top of a template page:
if (!is_user_logged_in() ){
bp_core_redirect( $bp->root_domain.'/register' );
}I still have no good solution for a ‘restricted access’ message, but hopefully users will get the point…
- The topic ‘Securing components from non logged in users’ is closed to new replies.