Skip to:
Content
Pages
Categories
Search
Top
Bottom

Securing components from non logged in users

  • @mspecht

    Participant

    I need to be able to limit access to certain components, such as members & groups to only users who have logged in. Other than changing my the themes to do a check on logged in users which I don’t really want to do as this limits what I can display. For example I still want to be able to display the site wide activity widget but if a non-logged in user clicks on a link that takes them to a member or group area they are prompted to log in.

    I have had a hunt around but do not see a a hook in Buddypress that does a security check like this. Am I missing something?

    Thanks!

Viewing 24 replies - 26 through 49 (of 49 total)
  • @peterverkooijen

    Participant

    This works great for me

    Que? What works great for you? Is the clue in the previous posts?

    @peterverkooijen

    Participant

    OK, I think I get it, I’ve added this as bp-custom.php to mu-plugins:

    \'<?

    function oci_restrict_access(){

    global $bp, $bp_unfiltered_uri;

    if (!is_user_logged_in() &&

    (BP_MEMBERS_SLUG == $bp_unfiltered_uri[0] ||

    BP_GROUPS_SLUG == $bp->current_component )){

    bp_core_redirect( $bp->root_domain );

    }

    }

    add_action( \’wp\’, \’oci_restrict_access\’, 3 );

    ?>\’

    It works great for the the groups section, but does nothing for the members section.

    It’s also not entirely clear to me how to add the error message. Can someone put the whole thing together?

    @burtadsit

    Participant

    Peter you have to be running the latest trunk for the change to the members slug to be effective. On anything less it will make the function fail. Recent trunk does not live in /mu-plugins. Leave it like it is on your site.

    @peterverkooijen

    Participant

    OK! I now have this in bp-custom.php:

    ‘<?

    function js_restrict_access(){

    global $bp, $bp_unfiltered_uri;

    if (!is_user_logged_in() &&

    (MEMBERS_SLUG == $bp_unfiltered_uri[0] ||

    BP_GROUPS_SLUG == $bp->current_component ||

    BP_BLOGS_SLUG == $bp->current_component)){

    bp_core_redirect( get_option(‘home’) . “/register?s=1” );

    }

    }

    add_action( ‘wp’, ‘js_restrict_access’, 3 );

    ?>’

    And this in register.php:

    ‘<?php

    if($_REQUEST[“s”]){?>

    <script type=”text/javascript”>

    jQuery(document).ready(function () {

    setTimeout(function(){ jQuery(“#error”).fadeOut(“slow”); }, 6000);

    });

    </script>

    <div id=”error” class=”error”>

    <h3>The page you were trying to access is for members only. Please login or register to continue.</h3>

    </div>

    <?php } ?>’

    Does exactly what I want. Thanks Burtadsit! :-)

    It would be even nicer if the Ajax would first show the message and then replace it with the registration form: ‘<?php bp_core_signup_do_signup() ?>’

    I’ll try to figure that out next weekend…

    @trcwest

    Participant

    @Peterverkooijen

    Great stuff i have that implimented nicely on my signup.php page..

    thanks

    @takuya

    Participant

    What if I wanna block viewing user profiles and groups, but not limiting access to the directories of each?

    @peterverkooijen

    Participant

    I think Burtsadit’s original code did show the directories:

    ‘MEMBERS_SLUG == $bp_unfiltered_uri[0] && !empty( $bp->current_action ) ||

    BP_GROUPS_SLUG == $bp->current_component && !empty( $bp->current_action )’

    I took out the ‘&& !empty( $bp->current_action )’ parts. Put them back in and see what happens. Haven’t tried that myself.

    @enlightenmental1

    Participant

    i see you have a jquery fade…. looks cool

    is this using the deault jquery from wpmu?

    mine does not fade…. wondering if I need additional jquery.js script

    @peterverkooijen

    Participant

    One problem:

    When you try to enter the members section when you\’re not logged in, you\’re forwarded to the registration page with that fancy fade-out error message. In the address bar you\’ll have something like this:

    http://mywebsite.com/register?s=1

    Unfortunately when you then log in on that page, you\’ll get the error message again while you\’re getting logged in and you\’ll stay on register?s=1 where you\’ll see this message in the page:

    You\’re logged in already. No need to register again!

    Did I introduce mistakes in my version of the code?

    Is it possible to expand this code with an \”if logged in, forward to homepage in 0 seconds\” bit of php magic?:

    ‘<?php

    if($_REQUEST[“s”]){?>

    <script type=”text/javascript”>

    jQuery(document).ready(function () {

    setTimeout(function(){ jQuery(“#error”).fadeOut(“slow”); }, 6000);

    });

    </script>

    <div id=”error” class=”error”>

    <h3>The page you were trying to access is for members only. Please login or register to continue.</h3>

    </div>

    <?php } ?>’

    If that code gets too long, it is possible to turn it into an nice include or function, perhaps somehow included in bp-custom.php?

    @thebigk

    Participant

    Ahoy!

    Do I need to make any changes to make Burt\’s mod work on RC2 ?

    And…will this prevent the search engine bots from grabbing member profile information?

    @takuya

    Participant

    oops, the code doesn’t work anymore on rc2.

    @thebigk

    Participant

    Burt, please fix this! Please :)

    @thebigk

    Participant

    We seriously need you, Burt!

    @peterverkooijen

    Participant

    Will the option to restrict the members, groups and blogs sections to members-only be part of Buddypress 1.0 final?

    @thebigk

    Participant

    I wish I were a developer. Right now, all I can do is – knock knock!

    anyone listening?

    @thebigk

    Participant

    Sorry for double posting in this thread. But can someone please suggest a fix for this? I need it badly :(

    @apeatling

    Keymaster

    No idea if this will work, but try replacing

    MEMBERS_SLUG

    with

    BP_MEMBERS_SLUG

    @enlightenmental1

    Participant

    my original bp-customs.php still works fine for me on RC2… here it is:

    <?

    function js_restrict_access(){

    global $bp, $bp_unfiltered_uri;

    if (!is_user_logged_in() &&

    (BP_MEMBERS_SLUG == $bp_unfiltered_uri[0] ||

    BP_GROUPS_SLUG == $bp->current_component ||

    BP_BLOGS_SLUG == $bp->current_component)){

    bp_core_redirect( get_option(‘home’) . “/register” );

    }

    add_action( ‘wp’, ‘js_restrict_access’, 3 );

    ?>

    @peterverkooijen

    Participant

    Is there still no clean version of this functionality, built in version 1.0 or in a proper plugin, including redirects (or working Ajax) with clear ‘restricted area, please login’ messages for the user?

    This issue is not resolved imho.

    @peterverkooijen

    Participant

    Would it be possible to extend this plugin to work for the members and groups sections in BP?

    @jeffsayre

    Participant

    Peterverkooijen-

    This issue is not resolved imho.

    Your issue is not what this thread is about. The issue of the OP was resolved and so he marked it as such.

    Posting a new request in a one-month old thread marked resolved will not get much attention. See here for more details: https://buddypress.org/forums/topic.php?id=2543

    But, to provide some insight into your question, a couple of us are currently working on a full-featured privacy (authorization) component for BuddyPress. It is a ways off from being made available.

    @peterverkooijen

    Participant

    I think there was one } missing in Enlightenmental1’s latest version:

    <?
    function js_restrict_access(){
    global $bp, $bp_unfiltered_uri;

    if (!is_user_logged_in() &&
    (BP_MEMBERS_SLUG == $bp_unfiltered_uri[0] ||
    BP_GROUPS_SLUG == $bp->current_component ||
    BP_BLOGS_SLUG == $bp->current_component)){

    bp_core_redirect( get_option('home') . "/register" );

    }
    }
    add_action( 'wp', 'js_restrict_access', 3 );

    ?>

    How can I make this work for a custom page/component? How is BP_GROUPS_SLUG etc. defined?

    I’ve tried adding this to the top of my custom page, but that did not do the trick:

    /* Define the slug for the component */
    if ( !defined( 'BP_EVENTS_SLUG' ) )
    define ( 'BP_EVENTS_SLUG', 'events' );

    This doesn’t work either:

    if (!is_user_logged_in() &&
    (BP_MEMBERS_SLUG == $bp_unfiltered_uri[0] ||
    BP_GROUPS_SLUG == $bp->current_component ||
    BP_BLOGS_SLUG == $bp->current_component ||
    get_option('home').'/events' == $bp->current_component)){
    ...

    @peterverkooijen

    Participant

    How can I apply this to a custom page?

    @peterverkooijen

    Participant

    I see the blunt solution is to just add this to the top of a template page:

    if (!is_user_logged_in() ){
    bp_core_redirect( $bp->root_domain.'/register' );
    }

    I still have no good solution for a ‘restricted access’ message, but hopefully users will get the point…

Viewing 24 replies - 26 through 49 (of 49 total)
  • The topic ‘Securing components from non logged in users’ is closed to new replies.
Skip to toolbar