2014-12-15 22:38:07 +02:00
|
|
|
<?php
|
|
|
|
|
|
2015-01-21 15:05:02 +02:00
|
|
|
/***
|
|
|
|
|
*** @redirect wp-admin for non guests
|
|
|
|
|
***/
|
|
|
|
|
add_action('init','um_block_wpadmin_for_guests');
|
|
|
|
|
function um_block_wpadmin_for_guests() {
|
2015-11-05 19:51:31 +08:00
|
|
|
global $pagenow;
|
2015-11-25 19:27:41 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2015-11-05 19:51:31 +08:00
|
|
|
if ( isset( $_REQUEST['um_panic_key'] ) && $_REQUEST['um_panic_key'] == um_get_option('panic_key') ) {
|
|
|
|
|
exit( wp_redirect( add_query_arg('_verified_key', $_REQUEST['um_panic_key'], wp_login_url() ) ) );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ( !isset( $_REQUEST['_verified_key'] ) || $_REQUEST['_verified_key'] != um_get_option('panic_key') ) {
|
2015-11-25 19:27:41 +08:00
|
|
|
// Logout screen
|
|
|
|
|
if ( isset( $pagenow ) && $pagenow == 'wp-login.php' && is_user_logged_in() && isset( $_REQUEST['action'] ) && $_REQUEST['action'] == 'logout' ) {
|
|
|
|
|
$redirect = um_get_core_page('logout');
|
2015-01-28 17:16:04 +02:00
|
|
|
|
2015-11-25 19:27:41 +08:00
|
|
|
if ( isset( $_REQUEST['redirect_to'] ) && !empty( $_REQUEST['redirect_to'] ) ) {
|
|
|
|
|
$redirect = add_query_arg( 'redirect_to', $_REQUEST['redirect_to'], $redirect );
|
|
|
|
|
}
|
|
|
|
|
exit( wp_redirect( $redirect ) );
|
|
|
|
|
}
|
2015-01-21 15:05:02 +02:00
|
|
|
|
2015-11-25 19:27:41 +08:00
|
|
|
// Login screen
|
|
|
|
|
if ( isset( $pagenow ) && $pagenow == 'wp-login.php' && !is_user_logged_in() && !isset( $_REQUEST['action'] ) ) {
|
|
|
|
|
|
|
|
|
|
$allowed = um_get_option('wpadmin_login');
|
|
|
|
|
$allowed = apply_filters('um_whitelisted_wpadmin_access', $allowed );
|
2015-01-21 15:05:02 +02:00
|
|
|
|
2015-11-25 19:27:41 +08:00
|
|
|
if ( !$allowed ) {
|
|
|
|
|
|
|
|
|
|
$act = um_get_option('wpadmin_login_redirect');
|
|
|
|
|
$custom_url = um_get_option('wpadmin_login_redirect_url');
|
|
|
|
|
|
|
|
|
|
if ( $act == 'um_login_page' || !$custom_url ) {
|
|
|
|
|
$redirect = um_get_core_page('login');
|
|
|
|
|
} else {
|
|
|
|
|
$redirect = $custom_url;
|
|
|
|
|
}
|
|
|
|
|
exit( wp_redirect( $redirect ) );
|
2015-01-21 15:05:02 +02:00
|
|
|
}
|
|
|
|
|
}
|
2015-04-15 16:59:27 +02:00
|
|
|
|
2015-11-25 19:27:41 +08:00
|
|
|
// Register screen
|
|
|
|
|
if ( isset( $pagenow ) && $pagenow == 'wp-login.php' && !is_user_logged_in() && isset( $_REQUEST['action'] ) && $_REQUEST['action'] == 'register' ) {
|
2015-01-21 15:05:02 +02:00
|
|
|
|
2015-11-25 19:27:41 +08:00
|
|
|
$allowed = um_get_option('wpadmin_register');
|
|
|
|
|
$allowed = apply_filters('um_whitelisted_wpadmin_access', $allowed );
|
2015-01-21 15:05:02 +02:00
|
|
|
|
2015-11-25 19:27:41 +08:00
|
|
|
if ( !$allowed ) {
|
|
|
|
|
|
|
|
|
|
$act = um_get_option('wpadmin_register_redirect');
|
|
|
|
|
$custom_url = um_get_option('wpadmin_register_redirect_url');
|
|
|
|
|
|
|
|
|
|
if ( $act == 'um_register_page' || !$custom_url ) {
|
|
|
|
|
$redirect = um_get_core_page('register');
|
|
|
|
|
} else {
|
|
|
|
|
$redirect = $custom_url;
|
|
|
|
|
}
|
|
|
|
|
exit( wp_redirect( $redirect ) );
|
2015-01-21 15:05:02 +02:00
|
|
|
}
|
|
|
|
|
}
|
2015-04-15 16:59:27 +02:00
|
|
|
|
2015-11-25 19:27:41 +08:00
|
|
|
// Lost password page
|
|
|
|
|
if ( isset( $pagenow ) && $pagenow == 'wp-login.php' && isset( $_REQUEST['action'] ) && $_REQUEST['action'] == 'lostpassword' ) {
|
|
|
|
|
exit( wp_redirect( um_get_core_page('password-reset') ) );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Prevention for logged in user
|
|
|
|
|
if ( isset( $pagenow ) && $pagenow == 'wp-login.php' && is_user_logged_in() && isset( $_REQUEST['action'] ) && $_REQUEST['action'] != 'postpass' ) {
|
|
|
|
|
|
|
|
|
|
if ( !um_user('can_access_wpadmin') ) {
|
|
|
|
|
exit( wp_redirect( home_url() ) );
|
|
|
|
|
} else {
|
|
|
|
|
exit( wp_redirect( admin_url() ) );
|
|
|
|
|
}
|
2015-04-15 16:59:27 +02:00
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
2015-01-21 15:05:02 +02:00
|
|
|
|
2015-11-25 19:27:41 +08:00
|
|
|
|
2015-01-21 15:05:02 +02:00
|
|
|
}
|
|
|
|
|
|
2014-12-15 22:38:07 +02:00
|
|
|
/***
|
|
|
|
|
*** @checks if user can access the backend
|
|
|
|
|
***/
|
|
|
|
|
function um_block_wpadmin_by_user_role(){
|
|
|
|
|
global $ultimatemember;
|
2015-02-19 00:49:08 +02:00
|
|
|
if( is_admin() && !defined('DOING_AJAX') && um_user('ID') && !um_user('can_access_wpadmin') && !is_super_admin( um_user('ID') ) ){
|
2015-01-03 15:31:15 +02:00
|
|
|
um_redirect_home();
|
2014-12-15 22:38:07 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
add_action('init','um_block_wpadmin_by_user_role', 99);
|
|
|
|
|
|
|
|
|
|
/***
|
|
|
|
|
*** @hide admin bar appropriately
|
|
|
|
|
***/
|
|
|
|
|
function um_control_admin_bar(){
|
2015-02-01 01:30:04 +02:00
|
|
|
if ( um_user('can_not_see_adminbar') )
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
if( !is_admin() && !um_user('can_access_wpadmin') ) {
|
2014-12-15 22:38:07 +02:00
|
|
|
return false;
|
|
|
|
|
} else {
|
2015-01-27 01:52:11 +02:00
|
|
|
um_fetch_user( get_current_user_id() );
|
2014-12-15 22:38:07 +02:00
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-01-27 01:52:11 +02:00
|
|
|
add_filter( 'show_admin_bar' , 'um_control_admin_bar');
|
|
|
|
|
|
|
|
|
|
/***
|
|
|
|
|
*** @fix permission for admin bar
|
|
|
|
|
***/
|
|
|
|
|
function um_force_admin_bar() {
|
|
|
|
|
um_reset_user();
|
|
|
|
|
}
|
|
|
|
|
add_action( 'wp_footer', 'um_force_admin_bar' );
|
