[英]Requiring login to access my Wordpress site
I have a Wordpress site and I want to be locked to the public, as in redirects to login, unless you're registering. 我有一个Wordpress网站,我希望锁定公众,如重定向登录,除非您正在注册。 So right now the code I'm using is:
所以现在我正在使用的代码是:
<?php
if ( is_user_logged_in() ) {
} else {
$coolio=curPageURL();
if (strpos($coolio,'register.php') !== false) {
break;
}
else{
echo "<script>window.location = 'http://example.com/wp-login.php'</script>";
break;
}
if (strpos($coolio,'login.php') !== false) {
break;
}
else{
echo "<script>window.location = 'http://example.com/wp-login.php'</script>";
break;
}
}
?>
Seems like it should work, but it creates an infinite loop on any page I go to. 看起来它应该可以工作,但它会在我去的任何页面上创建一个无限循环。 Does anybody know why?
有人知道为什么吗?
Note: curPageUrl
just returns current page url. 注意:
curPageUrl
只返回当前页面url。
The code you posted has some significant security issues: 您发布的代码存在一些重要的安全问题:
?register.php
to the URL to avoid triggering the redirect code. ?register.php
添加到URL即可避免触发重定向代码。 Instead, use a server-side session variable check. 而是使用服务器端会话变量检查。 If a 'logged in' flag is not set within the session, then you redirect to the login page.
如果未在会话中设置“登录”标志,则会重定向到登录页面。
This has 2 massive advantages: 这有两个巨大的优势:
I wouldn't use JavaScript for the redirect, do it with php. 我不会使用JavaScript进行重定向,用php做。
Second do this logic instead: 其次做这个逻辑:
if(!($_SESSION["loggedin"]== 1))
{
if(!(stripos($url,'register.php')))
{
header('Location: http://example.com/wp-login.php', true, 302);
exit;
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.