WordPress: Denying users access to dashboard but allowing AJAX requests? - wordpress

So, I would like to deny users the ability to access the wordpress dashboard. But, I want to allow users to use Front End PM which uses AJAX for sending messages between users.
How can I allow the PMs but deny all access to the dashboard?
The classic functions.php approach:
add_action( 'init', 'my_custom_dashboard_access_handler');
function my_custom_dashboard_access_handler() {
// Check if the current page is an admin page
// && and ensure that this is not an ajax call
if ( is_admin() && !( defined( 'DOING_AJAX' ) && DOING_AJAX ) ){
//Get all capabilities of the current user
$user = get_userdata( get_current_user_id() );
$caps = ( is_object( $user) ) ? array_keys($user->allcaps) : array();
//All capabilities/roles listed here are not able to see the dashboard
$block_access_to = array('subscriber', 'contributor', 'my-custom-role', 'my-custom-capability');
if(array_intersect($block_access_to, $caps)) {
wp_redirect( home_url() );
exit;
}
}
}
Unfortunately, this will redirect from AJAX... thoughts?
If I use User Role Editor... can users access the dashboard?
Essentially, only allow admins to access the dashboard... without limiting AJAX.

You can use
function sm_restrict_admin_with_redirect() {
if( defined('DOING_AJAX') && DOING_AJAX ) {
//Allow ajax calls
return;
}
if( ! current_user_can( "manage_options" ) ) {
//Redirect to main page if the user has no "manage_options" capability
wp_redirect( get_site_url() );
exit;
}
}
add_action( 'admin_init', 'sm_restrict_admin_with_redirect', 1 );

Related

Redirect User After creating a page

I want to redirect the users of my site to a custom thank you page after they create a page and send it for review.
I found this snippet, but this one is for posts, and it's for publishing, not for pending review. The role that I want to use for this snippet is Tutor Instructor.
Can somebody help me to edit this snippet? It's a WordPress site.
add_action( 'save_post', 'redirect_user_page_list', 10, 3 );
function redirect_user_page_list( $post_ID, $post, $update ) {
if( is_user_logged_in() ) {
$user = wp_get_current_user();
$role = ( array ) $user->roles;
if ( 'user_role' == $role[0] ) {
$url = '';
wp_redirect($url);
exit;
}
}
}
//replace user_role with your actual role the one for which you need to implement this functionality. Also place the proper url in $url.
You can execute this code after your code
window.location.href = 'https://yoursite.com/thank-you';

Correct way to block non logged in users from WordPress

add_action('init','block_non_logged_in_users');
function block_non_logged_in_users(){
if(!is_user_logged_in() && $_SERVER['SCRIPT_URI'] !='https://example.com/wp-login.php'){
die('Not logged in!');
}
}
Is the code above ideal way to turn a WP site into a private company intranet? Where only logged in user can access all pages/full site.
There's more than one way to do this, but I would use the global $pagenow
add_action( 'init', 'block_non_logged_in_users' );
function block_non_logged_in_users() {
global $pagenow;
if ( ! is_user_logged_in() && 'wp-login.php' !== $pagenow ) {
wp_die( __( 'You must be logged in to view this site.', 'textdomain' ), 'Not Logged In' );
}
}

Non logged in user when try to see a product page will get Login page and after login will be redirected to the Product page that user clicked before

I want to give access Woo product single page only for Logged in users.
I have a product listing on the Homepage and Shop page, What I want is: when a logged out user click on a Product, the user will get a Login form and after Logged in user will be redirected to the Product page that he wanted to View.
So the flow will be something like:
Home/Shop-> click to Product X -> Login page -> Redirect to Product X single page
Currently, I am using the regular Woo Login form created by this function
woocommerce_login_form()
I am trying bellow code snippets:
add_filter('login_redirect', 'my_login_redirect', 10, 3);
function my_login_redirect() {
$location = $_SERVER['HTTP_REFERER'];
var_dump($location);
wp_safe_redirect($location);
exit();
}
}
add_action('init','my_login_redirect');
function my_login_redirect() {
$location = $_SERVER['HTTP_REFERER'];
var_dump($location);
//wp_safe_redirect($location);
}
-----------------------
AND ALSO THIS ONE
-----------------------
function redirect_after_login(){
global $wp;
$protocol='http';
if (isset($_SERVER['HTTPS']))
if (strtoupper($_SERVER['HTTPS'])=='ON')
$protocol='https';
if (!is_user_logged_in() && is_product() ){
$redirect = site_url() . "/my-account.php?redirect_to= $protocol://" .
$_SERVER["HTTP_HOST"] . urlencode($_SERVER["REQUEST_URI"]);
wp_redirect( $redirect );
exit;
}
}
add_action( 'wp', 'redirect_after_login', 3 );
In both of cases, the problem is, it always find the Login page as HTTP_REFERER / REQUEST_URI
Because currently, I am using below code to redirect Non-logged-in user who is trying to see the product page to the Login page:
add_action('template_redirect', 'ethis_redirect_for_loggedin_users');
function ethis_redirect_for_loggedin_users() {
if ( !is_user_logged_in() && is_product() ) {
wp_redirect(site_url().'/default-login');
exit;
}
}
You can use the template_redirect filter hook to prevent guest users to access a single product page.
add_action( 'template_redirect', 'wc_redirect_non_logged_to_login_access');
function wc_redirect_non_logged_to_login_access() {
if ( !is_user_logged_in() && is_singular( 'product' ) ) {
global $post;
wp_redirect( get_permalink( get_option('woocommerce_myaccount_page_id')).'?redirect='.get_the_permalink( $post->ID ) );
exit();
}
}
Then after you have to use the woocommerce_login_redirect filter hook for login redirect.
add_filter( 'woocommerce_login_redirect', 'my_login_redirect', 10, 2 );
function my_login_redirect( $redirect, $user ) {
if( isset( $_GET['redirect'] ) && $_GET['redirect'] != '' ){
return $_GET['redirect'];
}
return $redirect;
}
Code will go in your active theme functions.php Tested and Works.

Redirected non-admin users. Now after deleting the code non-admins still can't login

I have used the following code to redirect non-admin users to the home page. Now after deleting the code, the effect is irreversible. non-admins still redirecting after login.
add_action( 'init', 'restrict_wp_dashboard_init' );
function restrict_wp_dashboard_init() {
if ( is_admin() && ! current_user_can( 'administrator' ) &&
!( defined( 'DOING_AJAX' ) && DOING_AJAX ) ) {
wp_redirect( home_url() );
exit;
}
}
Help !!!

WooCommerce WC()->session->get is not getting recognized

We have created a site where a user enters a coupon code and it logs them in by creating a cookie by the name of couponid, then we save that cookie to the WooCommerce session because that cookie actually is the category id from which the products are displayed.
Now sometimes the products get displayed, sometimes not, and whenever our custom cookie is set in the browser and we go to /wp-admin to login, it gives us the following error:
Fatal error: Call to a member function get() on a non-object
The above error on the login screen of WordPress is coming from the following function in our functions.php file:
function gfc_insert_coupon_code_to_session(){
if(
is_user_logged_in()
|| ! array_key_exists( 'couponid', $_COOKIE )
|| WC()->session->get( 'couponid', 0 )
){
return;
}
$couponID = esc_attr( $_COOKIE['couponid'] );
if( $couponID ){
WC()->session->set( 'couponid', $couponID );
}
}
add_action( 'woocommerce_init', 'gfc_insert_coupon_code_to_session' );
Try to use:
WC()->session->set( 'couponid', $couponID );
Before calling:
WC()->session->get( 'couponid', 0 )
Test if your are on Back Office, WC()->session isn't set:
if( !is_admin() ) {
The if( !is_admin() ) { ... } fix
did the job for me. I changed the email template and if I tried to resend the email from the backend I received this error. So the admin fix was good.

Resources