auth_redirect()
云策文档标注
概述
auth_redirect() 是 WordPress 的核心函数,用于检查用户是否已登录,若未登录则重定向到登录页面,并在登录后返回原访问页面。
关键要点
- 函数核心功能:验证用户登录状态,未登录时重定向至登录页,支持登录后返回原页面。
- 安全处理:支持 SSL 重定向,通过 secure_auth_redirect 过滤器控制安全重定向,并检查用户 SSL 设置。
- 钩子使用:提供 auth_redirect、auth_redirect_scheme 和 secure_auth_redirect 等钩子,允许开发者自定义重定向行为。
- 相关函数:依赖 wp_validate_auth_cookie、wp_login_url、wp_redirect 等函数实现功能。
- 注意事项:用户贡献笔记指出可能存在参数丢失的 bug,需注意重定向后 URL 参数的保留问题。
代码示例
if ( !is_user_logged_in() ) {
auth_redirect();
}
原文内容
Checks if a user is logged in, if not it redirects them to the login page.
Description
When this code is called from a page, it checks to see if the user viewing the page is logged in.
If the user is not logged in, they are redirected to the login page. The user is redirected in such a way that, upon logging in, they will be sent directly to the page they were originally trying to access.
Source
function auth_redirect() {
$secure = ( is_ssl() || force_ssl_admin() );
/**
* Filters whether to use a secure authentication redirect.
*
* @since 3.1.0
*
* @param bool $secure Whether to use a secure authentication redirect. Default false.
*/
$secure = apply_filters( 'secure_auth_redirect', $secure );
// If https is required and request is http, redirect.
if ( $secure && ! is_ssl() && str_contains( $_SERVER['REQUEST_URI'], 'wp-admin' ) ) {
if ( str_starts_with( $_SERVER['REQUEST_URI'], 'http' ) ) {
wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
exit;
} else {
wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
exit;
}
}
/**
* Filters the authentication redirect scheme.
*
* @since 2.9.0
*
* @param string $scheme Authentication redirect scheme. Default empty.
*/
$scheme = apply_filters( 'auth_redirect_scheme', '' );
$user_id = wp_validate_auth_cookie( '', $scheme );
if ( $user_id ) {
/**
* Fires before the authentication redirect.
*
* @since 2.8.0
*
* @param int $user_id User ID.
*/
do_action( 'auth_redirect', $user_id );
// If the user wants ssl but the session is not ssl, redirect.
if ( ! $secure && get_user_option( 'use_ssl', $user_id ) && str_contains( $_SERVER['REQUEST_URI'], 'wp-admin' ) ) {
if ( str_starts_with( $_SERVER['REQUEST_URI'], 'http' ) ) {
wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
exit;
} else {
wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
exit;
}
}
return; // The cookie is good, so we're done.
}
// The cookie is no good, so force login.
nocache_headers();
if ( str_contains( $_SERVER['REQUEST_URI'], '/options.php' ) && wp_get_referer() ) {
$redirect = wp_get_referer();
} else {
$redirect = set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
}
$login_url = wp_login_url( $redirect, true );
wp_redirect( $login_url );
exit;
}
Hooks
- do_action( ‘auth_redirect’, int $user_id )
-
Fires before the authentication redirect.
- apply_filters( ‘auth_redirect_scheme’, string $scheme )
-
Filters the authentication redirect scheme.
- apply_filters( ‘secure_auth_redirect’, bool $secure )
-
Filters whether to use a secure authentication redirect.
Changelog
| Version | Description |
|---|---|
| 1.5.0 | Introduced. |
Skip to note 3 content
Jeroen Rotty
Require a user to log in in order to view a page:
Skip to note 4 content
awayshops
There is a bug with this code. Parameters are not preserved. If the page the user was originally trying to load, required parameters, upon redirect after successful login, the page is loaded WITHOUT the parameters.