Today I tried to update Wordpress to the latest version (3.5.1). After doing this, I can't open wp-admin/index.php anymore. It gives me a 404 error. I've looked into the index.php file and it breaks when the function auth_redirect() is called. Here's the code of that function:
function auth_redirect() {
// Checks if a user is logged in, if not redirects them to the login page
$secure = ( is_ssl() || force_ssl_admin() );
$secure = apply_filters('secure_auth_redirect', $secure);
// If https is required and request is http, redirect
if ( $secure && !is_ssl() && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin') ) {
if ( 0 === strpos( $_SERVER['REQUEST_URI'], 'http' ) ) {
wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
exit();
} else {
wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
exit();
}
}
if ( is_user_admin() )
$scheme = 'logged_in';
else
$scheme = apply_filters( 'auth_redirect_scheme', '' );
if ( $user_id = wp_validate_auth_cookie( '', $scheme) ) {
do_action('auth_redirect', $user_id);
// If the user wants ssl but the session is not ssl, redirect.
if ( !$secure && get_user_option('use_ssl', $user_id) && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin') ) {
if ( 0 === strpos( $_SERVER['REQUEST_URI'], 'http' ) ) {
wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
exit();
} else {
wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
exit();
}
}
return; // The cookie is good so we're done
}
// The cookie is no good so force login
nocache_headers();
$redirect = ( strpos( $_SERVER['REQUEST_URI'], '/options.php' ) && wp_get_referer() ) ? wp_get_referer() : set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
$login_url = wp_login_url($redirect, true);
wp_redirect($login_url);
exit();
}
However I can't find the specific part where it breaks, since it's not giving me an error message, it just shows a 404 page, and in Firefox it says it's not redirecting correctly.
Could someone please help me out on this?
Thank you!
Some additional information:
I've found the line where it breaks, it is:
wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
Echoing $_SERVER['HTTP_HOST'] and $_SERVER['REQUEST_URI'] gives me the expected result (www.domain.com/blog). However it just doesn't work :(
I have had similar issues in the past. But it usually involves a new plugin installation... Couple of things:
Try to increase the RAM available. WP has given me hassles in the past similar to this and it was RAM related. You should be able to increase the RAM in your .htaccess file
Is this a production system? If not, perhaps make a note of all the plugins, delete them, try access the system. If that works, then you know the issue was plugin based and not WP itself. You can then systematically add the plugins back one by one and determine which one caused the issue.
Related
I have a custom log-in form on a custom page that handles all logging in/out. The form posts to wp-login.php as required.
<form name="loginform-custom" id="loginform-custom" action="http://localhost/wp-login.php" method="post">
All invalid log-in attempts are handled by this following script in the functions.php file:
/**
* Redirect user on invalid log-in attempts
*/
function login_failed() {
wp_redirect( home_url('/access-denied') );
exit;
}
add_action( 'wp_login_failed', 'login_failed' );
function verify_username_password( $user, $username, $password ) {
if( $username == "" || $password == "" ) {
wp_redirect( home_url('/access-denied') );
exit;
}
}
And I use the following script in my functions.php file to redirect all non-admins away from wp-admin to a 404 page.
function restrict_admin_with_redirect() {
if ( ! current_user_can( 'manage_options' ) && ( ! wp_doing_ajax() ) ) {
wp_redirect( site_url('/404') );
exit;
}
}
add_action( 'admin_init', 'restrict_admin_with_redirect', 1 );
However, here is my problem. When non-users (random visitors) try to access wp-admin, they are taken to the access denied page despite the redirect script to 404. For some reason, whenever anybody tries to access wp-admin, the server treats it as a log-in attempt and when they are (of course) denied log-in, they are redirected to the access denied page.
Is there any way I can force a 404 when wp-admin is accessed by a user? Also, I'd like a true 404 and not a redirect to a 404 page (which is not a true 404).
Thoughts?
Is there a way to force anyone (users and non-users) to a 404 when they try to access wp-admin? In the action script above, even if I redirect non-admins to a 404.php page, non-users still get sent to the standard access d
Consider this solution from Ragu.cz.
https://wordpress.org/support/topic/make-wp-admin-throw-a-404-page-or-something/#post-8565864
add_action( 'init', 'force_404', 1 );
function force_404() {
$requested_uri = $_SERVER["REQUEST_URI"];
do_action('debugger_var_dump', $requested_uri, '$requested_uri', 0, 0);
do_action('debugger_var_dump', strpos( $requested_uri, '/wp-login.php'), 'FOUND?', 0, 0);
if ( strpos( $requested_uri, '/wp-login.php') !== false ) {
do_action('debugger_var_dump', 'REDIRECT', 'REDIRECT', 0, 0);
// The redirect codebase
status_header( 404 );
nocache_headers();
include( get_query_template( '404' ) );
die();
}
if ( strpos( $requested_uri, '/wp-login.php') !== false || strpos( $requested_uri, '/wp-register.php') !== false ) {
do_action('debugger_var_dump', 'REDIRECT', 'REDIRECT', 0, 0);
// The redirect codebase
status_header( 404 );
nocache_headers();
include( get_query_template( '404' ) );
die();
}
if ( strpos( $requested_uri, '/wp-admin') !== false && !is_super_admin() ) {
do_action('debugger_var_dump', 'REDIRECT', 'REDIRECT', 0, 0);
// The redirect codebase
status_header( 404 );
nocache_headers();
include( get_query_template( '404' ) );
die();
}
do_action('debugger_var_dump', 'END', 'END', 0, 0);
}
I have one website www.example.com it has 5 pages lets say
www.example.com
www.example.com/about-us
www.example.com/terms-of-use
www.example.com/privacy-policy
www.example.com/apps
Now in the last page which is www.example.com/apps, I want following code to be executed in apps landing page:
$user_agent = $_SERVER['HTTP_USER_AGENT'];
if(strpos($user_agent, "Win") !== FALSE){
$url = "http://www.example.com";
}elseif(strpos($user_agent, "Mac") !== FALSE){
$url = "https://itunes.apple.com/us/app/exmaple/idwewew?ls=1&mt=8";
}elseif(strpos($user_agent, "Android") !== FALSE){
$url = "https://play.google.com/store/apps/details?id=com.example";
}
wp_redirect($url, 302); exit;
Which means If user access this page from windows device it will redirect user to home page, if user access this page from android device then goes to google play store and similarly for iOS device...
Now when I put this code in edit page, it wont work...I am using PHP Code Widget plugin
Please help...
Try doing something like this (without PHP Code Widget at all):
// functions.php
function my_page_template_redirect()
{
if ( is_page( 'apps' ) )
{
$user_agent = $_SERVER['HTTP_USER_AGENT'];
if ( strpos( $user_agent, "Win" ) !== false ) {
$url = "http://www.example.com";
} elseif ( strpos( $user_agent, "Mac" ) !== false ) {
$url = "https://itunes.apple.com/us/app/exmaple/idwewew?ls=1&mt=8";
} elseif ( strpos( $user_agent, "Android" ) !== false ){
$url = "https://play.google.com/store/apps/details?id=com.example";
}
wp_redirect( $url, 302 );
exit();
}
}
add_action( 'template_redirect', 'my_page_template_redirect' );
P.S. I didn't test this code, so, please let me know how it works for you.
I am using a custom login page in Wordpress, and I installed a script in the functions.php that redirect to a custom "error login" page (adding parameters to the login URL), so it can display the errors in the same page instead of the native login page.
But in some cases, this login page contains some parameters already, when someone is redirected there after trying to access a private page.
For example :
Regular case : They try to access : website.com/login. If there is an error when trying to login, my script redirect to website.com/login?login=empty, and they can try again.
Problematic case : They try to access website.com/protected-page/private, they are automatically redirected to website.com/login?members=%2Fprotected-page%2Fprivate%2. If there is an error when trying to login, my script actualy redirect to website.com/login?login=empty (same as regular case), and what I'm trying to achieve, is to redirect to website.com/login?members=%2Fprotected-page%2Fprivate%2&login=empty, when an error is made.
Keeping this "?members" parameter in the URL allow the form to redirect to the previous page they were trying to access before, after a successful login. Otherwise with the regular case, they are redirected to the general dashboard.
The script that actually manage the redirect when error is this one :
add_action( 'authenticate', 'check_username_password', 1, 3);
function check_username_password( $login, $username, $password ) {
$referrer = $_SERVER['HTTP_REFERER'];
if( !empty( $referrer ) && !strstr( $referrer,'wp-login' ) && !strstr( $referrer,'wp-admin' ) ) {
if( $username == "" || $password == "" ){
wp_redirect( get_permalink( 20 ) . "?login=empty" );
exit;
}
}
So the important part here, that will create the error URL is :
wp_redirect( get_permalink( ID ) . "?login=empty" );
I can get my other UTL parameter with "$_GET["members"]", if I do an "echo $_GET["wlfrom"];" it displays successfully the parameter in the page. But even if it looks so simple, I don't manage to add this parameter to the URL. What I'v tried so far :
#1. wp_redirect( get_permalink( ID ) . "?members=" . $_GET["members"] . "?login=empty" );
#2. wp_redirect( get_permalink( ID ) . "?members=" . echo $_GET["members"] . "?login=empty" );
#3. $param = array('members');
wp_redirect( get_permalink( ID ) . "?members=" . $param . "?login=empty" );
//This one returns website.com/?members=array/?login=empty
#4.$param = $_SERVER["PHP_SELF"];
wp_redirect( $param . "?login=empty" );
// This one I cannot use because it displays the native login URL, not my permalink, that's why I need to use "get_permalink" for the first part of the URL
And various other solutions too. I'm a newbie, so I can't find of other solutions to create this new URL based on the previous one, I'm not sure either if using GET is the way to go also.
What should I fill up "wp_redirect" with in order to use the parameter from the current URL ?
Thank you !
put a hidden field in your wordpress custom login form
<input type="hidden" name="members" value="<?php echo #$_REQUEST['members']; ?>">
and change these
wp_redirect( get_permalink( ID ) . "?login=empty" );
with
<?php
$queryarg='?login=empty';
if(isset($_REQUEST['members']) && $_REQUEST['members']!=''){
$queryarg .='&members='$_REQUEST['members'];
}
wp_redirect( get_permalink( ID ) . $queryarg );
?>
I am not very advanced in php.
I found function that i can use in WP header - then when login from "small green box" in header user stay on page from that he try to login.
Here is my page with WP: http://www.computers-and-control.com/service/manuals/
Now i have other issue, i copied file /wp-login.php to /wp-logincc.php this new file is used for login in my template WP-Download Manager - when click file - that need login before download than is used /wp-logincc.php for function login.
Problem is that after login from wp-logincc.php i am redirected to "Dashboard/Admin Panel" - i would go back to the subpage i come from.
I use different subpages for downloading files with required login and allways need come back to this one i come from.
I try in my wp-logincc.php code:
<?php
/**
* WordPress User Page
*
* Handles authentication, registering, resetting passwords, forgot password,
* and other user handling.
*
* #package WordPress
*/
/** Make sure that the WordPress bootstrap has run before continuing. */
require( dirname(__FILE__) . '/wp-load.php' );
// dankam tu cos ewentualnie zmienic ---- Redirect to https login if forced to use SSL
$dankam_aaa = apply_filters( 'fromwhereyoucame', $fromwhereyoucame );
function fromwhereyoucame( $link ) {
$currenturl = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
if ( !is_user_logged_in() )
$link = str_replace( '">', '?redirect_to=' . urlencode( $currenturl ) . '">', $link );
else
$link = str_replace( '">', '&redirect_to=' . urlencode( $currenturl ) . '">', $link );
return $link;
}
if ( force_ssl_admin() && ! is_ssl() && $dankam_aaa ) {
if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
exit();
} else {
wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
exit();
}
}
But this do nothing in /wp-logincc.php
(But this enclosed function "function fromwhereyoucame" works in "green box")
Please help to modify wp-logincc.php
why you not using plugin for this https://wordpress.org/plugins/theme-my-login/
there is a setting to set after login same page or dashboard redirect..
or
To achieve this redirect after login, add the following code to the functions.php file for your theme:
> if ( (isset($_GET['action']) && $_GET['action'] != 'logout') ||
> (isset($_POST['login_location']) && !empty($_POST['login_location']))
> ) {
> add_filter('login_redirect', 'my_login_redirect', 10, 3);
> function my_login_redirect() {
> $location = $_SERVER['HTTP_REFERER'];
> wp_safe_redirect($location);
> exit();
> } }
another solution to make changes by editing in core
wp-login.php
Line 424 - 426...
} else { $redirect_to = admin_url(); }
Change to...
} else { $redirect_to = $_SERVER[HTTP_REFERER]; }
Suppose I have a function that redirects the page to the given URL (code below). For security reasons, I want to modify it so that it redirects only to the URLs inside my domain.
public static function redirect($num, $url)
{
header($http[$num]);
header ("Location: $url");
}
This is based more like TimWolla's example:
public static function redirect( $num, $url ) {
$host = ( parse_url( $url, PHP_URL_HOST );
if ( !empty( $host ) && $host == $_SERVER[ 'HTTP_HOST' ] ) {
$url = preg_replace( '/[^\w\s\p{L}\d\r?,=#:\/.-]/i', '', urldecode( $url ) );
#header( $http[ $num ] ); //not sure what this is for?
header( "Location: " . $url );
return;
} else return
}
All I have changed is rather than posting an error, the function just returns. Also added a filter to remove characters using a whitelist method.
The concept above is principle to build upon I think.
Use parse_url():
public static function redirect($num, $url)
{
if (parse_url($url, PHP_URL_HOST) != 'example.com') {
trigger_error("Invalid redirection-URL given", E_USER_ERROR);
return;
}
header($http[$num]);
header ("Location: $url");
}
Take a look at http://php.net/manual/en/reserved.variables.server.php.
You can find the host name there and then just do a strpos to ensure that the $url matches
you can find out your current host using $_SERVER['HTTP_HOST'] so you can check if the url contains the host before deciding what to do with it
$pos = strpos($url, $_SERVER['HTTP_HOST']);
if ($pos === false) {
//not on same domain don't redirect
} else {
//on same domain so do redirection
}
I would keep it as simple as possible, using strpos:
if ( strpos( $url, 'yourdomain.com' ) === false )
header('Location: /an/error/page.html');
else
header('Location: '.$url);