From: Chuck Scott <cscott@gaslightmedia.com>
Date: Wed, 1 Feb 2017 19:48:44 +0000 (-0500)
Subject: Changes related to proper login/out behavior.
X-Git-Tag: v1.0.19^2~1
X-Git-Url: http://cvs2.gaslightmedia.com/gitweb/?a=commitdiff_plain;h=28a18c0fdfd27aaaf0ff0436715fd0eda8fd7f64;p=WP-Plugins%2Fglm-member-db-contacts.git

Changes related to proper login/out behavior.
Main members plugin must also be udated.
Some changes in the theme to remove login/out redirection are also required.
---

diff --git a/index.php b/index.php
index 4e1ad99..22fb96d 100644
--- a/index.php
+++ b/index.php
@@ -204,26 +204,132 @@ require_once GLM_MEMBERS_CONTACTS_PLUGIN_SETUP_PATH.'/permissions.php';
  * Login Checks and Messages
  */
 
-$wpUserID = get_current_user_id();
-/*
-// Message to display on Login page after a forced logout detection
-function glmMembersContactsNoLoginMessage( $message ) {
-        $message .= "
-            <div style=\"border-left:4px solid #dd3d36;background:#fff;box-shadow:0 1px 1px 0 rgba(0,0,0,.1);padding-left: .5em;\">
-                <p><b>NOTE:</b> You are trying to log into a contact account that is for informational purposes only
-                    or has been temporarily dissabled.</p>
-                <p>You are not permitted to log in with that contact account at this time.</p>
-            </div>
-        ";
-        return $message;
+/**
+ * Function Name:   get_members_only_page_url
+ * Added for:       GLM Member DB front-end login redirection
+ * Description:     Checks if not coming from a WordPress login page. If so, checks for
+ *                  a Members Only page ID, If that exists it checks for the Members Only
+ *                  page URL. If we have the URL we return that.
+ *
+ *                  Otherwise return false;
+ **/
+function check_members_only_page_login()
+{
+
+    // Get URL of the page the user is logging in from
+    $referrer = ( isset( $_SERVER['HTTP_REFERER'] ) && $_SERVER['HTTP_REFERER'] ) ? $_SERVER['HTTP_REFERER'] : '';
+
+    // if we have a referrer string and it's not a Wordpress standard login, assume it's a member login page
+    if( !empty( $referrer ) && !strstr( $referrer,'wp-login' ) && !strstr( $referrer,'wp-admin' ) ) {
+
+        // Get Members Only page ID
+        $glmMembersOnlyID = get_option('glm_members_database_option_members_only_id');
+
+        // If we have the page ID
+        if ($glmMembersOnlyID) {
+
+            // Get the Members Only page URL
+            $glmMembersUrl = get_permalink( get_option('glm_members_database_option_members_only_id') );
+
+            // If we have the Members Only page URL - go there now.
+            if ($glmMembersUrl) {
+                return $glmMembersUrl;
+            }
+
+        }
+
+    }
+    return false;
+}
+
+/**
+ * Function Name:   front_end_login_fail.
+ * Added for:       GLM Member DB front-end login failure custom redirection.
+ * Description:     This code hooks into Wordpress on authentication failure. We're using it to
+ *                  send users who tried logging in on the members only login page and failed.
+ *                  We want to send them back to that page rather than have them go to the standard
+ *                  WordPress login page.
+ *
+ *                  The "front_end_blank_credentials" code below handles the situation when the user
+ *                  doesn't enter user or password.
+**/
+add_action( 'wp_login_failed', 'front_end_login_fail', 1, 3);
+function front_end_login_fail( $username ) {
+
+    $glmMembersUrl = check_members_only_page_login();
+
+    if ($glmMembersUrl) {
+        wp_redirect( $glmMembersUrl."?login=empty" );
+        exit;
+    }
+
+    return;
 }
 
-// If login is from user who was logged out due to restriction or being flagged inactive - Display login message
-if (isset($_COOKIE['glmMembersForcedLogout'])) {
-    add_filter('login_message', 'glmMembersContactsNoLoginMessage');
-    setcookie ("glmMembersForcedLogout", "", time() - 3600);
+/**
+ * Function Name:   front_end_blank_credentials.
+ * Added for:       GLM Member DB front-end login blank custom redirection.
+ * Description:     This code hooks into Wordpress on authentication. We're using it to test if
+ *                  the user didn't supply both a user and password. When that is the case and
+ *                  the login was from our members only login page, we want to return them back
+ *                  to that page rather than a standard Wordpress login page.
+ *
+ *                  The "front_end_login_fail" code above handles the situation when the authentication
+ *                  fails.
+**/
+add_action( 'authenticate', 'front_end_blank_credentials', 1, 3);
+function front_end_blank_credentials( $login, $username, $password ) {
+
+    $glmMembersUrl = check_members_only_page_login();
+
+    if ($glmMembersUrl) {
+
+        // If the user didn't submit any login credentials, return them to the members login page
+        if( $username == "" || $password == "" ){
+            wp_redirect( $glmMembersUrl."?login=empty" );
+            exit;
+        }
+
+    }
+
+    return;
 }
-*/
+
+/**
+ * Function Name:   front_end_login_success_checks.
+ * Added for:       GLM Members front-end login success redirection
+ * Description:     If the login was from the Members Only page, then take the user back there
+ *                  regardless of what user logged in.
+**/
+add_action( 'wp_login', 'front_end_login_success_checks', 1, 3);
+function front_end_login_success_checks() {
+
+
+    $glmMembersUrl = check_members_only_page_login();
+
+    if ($glmMembersUrl) {
+        wp_redirect( $glmMembersUrl."?login=empty" );
+        exit;
+    }
+
+    return;
+
+}
+
+/**
+ * Function Name:   glm_members_logout_redirect
+ * Added for:       GLM Members logout redirection
+ * Description:     Redirect ALL logouts to the site front-end
+**/
+add_action( 'wp_logout', 'glm_members_logout_redirect');
+function glm_members_logout_redirect() {
+    wp_redirect(get_site_url());
+    exit;
+}
+
+
+// Determine if user doesn't meet general requirements for being logged in.
+$wpUserID = get_current_user_id();
 if ($wpUserID) {
 
     // Check if user's only role is as a restricted contact
@@ -243,12 +349,12 @@ if ($wpUserID) {
 
 }
 
-
 /*
  * Add filter to redirect user to a particular destination on
  * login based on their roles.
  */
 //
+/*
 function my_login_redirect($redirect_to, $request, $user) {
 
     global $current_user;
@@ -262,38 +368,13 @@ function my_login_redirect($redirect_to, $request, $user) {
         return $redirect_to;
     }
 
-    // If user is administrator send them to the main dashboard
-    if (!in_array('administrator', $current_user->roles)) {
-        $redirect_to = admin_url();
-        return $redirect_to;
-    }
-
-    // If this is not a GLM Associate login or members are not enabled, allow the default (should be profile menu)
-    if (!current_user_can('glm_members_login') || !$config['settings']['enable_members']) {
-
-        return $redirect_to;
-    }
-
-    // If user is an all members manager, send them to the "Members" menu
-    if (current_user_can('glm_members_members')) {
-
-        $redirect_to = get_admin_url() . "admin.php?page=glm-members-admin-menu-members";
-         return $redirect_to;
-    }
-
-    // If user is a member manager, send them to the "Member" menu
-    if (current_user_can('glm_members_member')) {
+}
+add_filter("login_redirect", "my_login_redirect", 10, 3);
+*/
 
-        $redirect_to = get_admin_url() . "admin.php?page=glm-members-admin-menu-member";
-        return $redirect_to;
-    }
 
-    // If there's anything else going on, they go to what was requested
-    return $redirect_to;
 
-}
-// Make sure that
+// Block admin access if logged in as WooCommerce user
 add_filter( 'woocommerce_prevent_admin_access', '__return_false' );
-add_filter("login_redirect", "my_login_redirect", 10, 3);
 
 ?>